Each year about this time, I reflect back on the year and the blogs I have written. Having authored more than 530 blog posts over the past 12 years, I have come to believe their readership is a good litmus test of contemporary internal auditors’ priorities and concerns. So, as I did in past years, I have identified the 10 most-read blogs in 2021 to re-share with you – in case you missed some.

Identifying the most popular blogs this year was bit more challenging than in the past, because I transitioned my blog series from The IIA to my own website after I stepped down as The IIA’s President and CEO in March. In all, my 50 blog posts so far in 2021 have been read more than 150,000 times by practitioners in 146 countries and territories. The top 10 reveal [MOU1] a lot about the state of the profession.

Three key themes emerge: (1) how to assess risks in a disruptive environment; (2) how to enhance internal audit’s stature; and (3) how to best communicate with internal audit’s stakeholders.

“Risk in Focus” – New Report Focuses on Internal Audit Priorities in 2022 and Beyond. Colleagues in the European Confederation of Institutes of Internal Auditing (ECIIA) collaborate on a “Risk in Focus” report every year to assist internal auditors as they undertake their own risk assessments as part of their audit planning process. My blog provides an overview of the 2022 report, and was posted the same day as its release. It was my most read blog of the year, by far, and reinforced that internal auditors are scanning the horizon to assess risks.

Should Internal Audit Change Its Name? One of my first blogs after leaving The IIA was also one of the most popular. Following an informal survey on LinkedIn, I shared perspectives from the profession about whether internal audit should change its name, and the most popular alternatives to our traditional branding.

Whose Risk Is It Anyway? When Management Says “No” to Internal Audit. This blog was posted barely a month ago, but it has quickly logged some of the most impressive readership statistics of the year. Interest in the topic, coupled with comments I received, are proof once again that internal auditors often struggle with intransigent management officials who push back on internal audit results.

For Some Audit Reports: It’s Better Never Than Late. The speed at which risks are emerging and destroying organizational value in the 2020s dictate that internal auditors should have zero tolerance for slow reporting processes. Delivering an outdated final report following a long and inefficient audit process is not an option. In the blog, I share advice for more timely audit reports.

How Do You Answer, “What Do Internal Auditors Do? One of the last blogs I published at The IIA was also one of my most popular this year. Many internal auditors struggle to provide a crisp answer when asked what their job is. The blog offers eight tips for delivering a strong, crisp elevator pitch on what internal auditors do, and re-shares “the internal auditors’ creed” that I first published in 2019.

Internal Auditors: It’s What You Say AND How You Say It. As the old saying goes: “It’s not what you say, it’s how you say it.” Well, in internal auditing, it’s a combination of both. In this blog, I revisit a topic that I have written on several times over the years. It includes five words that I banished from internal audit reports when I was a CAE.

Why Is Internal Audit Still Assessing Risks Like It’s 1999? The velocity and volatility of risks have accelerated dramatically in the past 20 years. Yet, many internal audit functions continue to employ the same risk assessment methodologies made popular in the late 1990s. In this blog, I emphasize the need to look to the horizon to also identify emerging risks. It includes a list of emerging risk indicators.  

Why Do They Think Internal Auditors Are Looking for Problems? I suspect this blog was as popular for the licensed artwork I used (a Dilbert cartoon strip) as the content. The modern internal audit profession has been around for only about 100 years. Yet, it is amazing how many myths and misperceptions have evolved about the profession in such a relatively short period of time. In the blog, I share five popular myths about internal audit, and asked whether we do things that reinforce the negative stereotypes.

The 7 C’s That Should Be on the Risk Radars of Boards (and Internal Auditors) in 2021. My blogs dealing with risks seem to be magnets for readers. In this midyear one, I note seven key risks that organizations face all begin with the letter “C.” They are COVID, change velocity, crisis management, cybersecurity, compliance, culture, and climate change.

Internal Auditors Can’t Be Change Agents if They Are Secret Agents. In March, I published my fourth book: “Agents of Change: Internal Auditors in an Era of Disruption.” The next month, I explored a key message in the book in my blog. I assert that, if our value is not fully appreciated and our potential is unknown, we risk being a well-kept secret in our organizations. The blog explores how articulating our value and creating awareness will keep us from being “secret agents.”

It has been a busy year for me. Aside from the blogs I have authored for my website, I also have been crafting blogs and articles for AuditBoard. I invite you to check out these five, which also have generated significant readership:

Critical Risk Areas for Audit Efforts in 2022 and Beyond

Is There an Unsustainable Gap in Internal Audit’s Focus on ESG Risks?

How Do We Rate? Assigning Ratings and Opinions on the Basis of Audit Results

5 Ways COVID Has Changed Internal Audit Forever

7 Resources for Auditing 2021’s Top 7 Risks

Despite the disruptions and uncertainties of 2021 and more changes that most assuredly are on the way, I look forward to seeing what the next year brings and continuing to share my views with you, my loyal readers.