I watched a webinar by the Institute of Internal Auditors yesterday, and one of the issues they focused on was ensuring that auditors have the skills required to audit each area/process/technology that presents risk to the organization. Given the level of internal and external changes that organizations are exposed to, this means continually identifying and obtaining new skills in the auditor pool. A good example of one area that has grown in importance in recent years is cyber security, and for some organizations things such as AI is also relevant.
So I was thinking of how this might apply to quality auditors. Changes in regulatory requirements and the application fo digital technologies are of course always relevant. But the increase in the recent focus on risk, analytics and culture might indicate the need to develop greater depth in these areas.
In effect, auditor development should be an ongoing process that is part of managing an audit program. As was pointed out in the webinar, not having the skills often means that technology/process/area may not get audited, with a requisite inherent increase in risk.