Why Are Internal Auditors Still Looking for Love?

0
Internal Auditors
Internal Auditors

By: Edward Ansah

According to Plato and Aristotle, love is the bond between two people who admire one another and choose to support one another over time. This is what internal auditors have been yearning for years in auditees as they navigate governance, risk management, and control processes of organisations. Instead, they have faced hostile relationships, from poor office allocation and denial of adequate staff to wrongful dismissals and denied salary increases. Though they are integral to the success of organisations, they have more often than not found themselves unappreciated, misunderstood, and, frankly, unloved — or even among the most hated people in the organisation.

A Profession Longing to Be Understood

In the ancient Greek language, the word agape describes the highest and most selfless form of love — a love that gives without counting the cost, that persists even when it is not returned. If any professional group in the modern organisation embodies agape in its daily labour, it is the internal auditor.

Internal auditors work tirelessly to protect organisations from fraud, governance failure, financial mismanagement, and reputational collapse. They speak uncomfortable truths to powerful people. They carry risk registers where others carry performance targets. And yet, year after year, survey after survey, the evidence tells a sobering story: internal auditors are not feeling the love. According to the IIA research project, Internal Audit: Vision 2035, 48% of respondents think internal auditors are regarded as the organisation’s police.

This article explores that story — what love means, what internal auditors actually need and deserve, what is being done to them instead, and what the new Global Internal Audit Standards (GIAS, 2024) demand from organisations that host the internal audit function.

What Is Love? A Biblical and Generic Understanding

The Biblical Meaning

The Bible offers the richest and most enduring definition of love. In 1 Corinthians 13:4–7, the Apostle Paul writes that love “is patient, love is kind. It does not envy, it does not boast, it is not proud. It does not dishonour others, it is not self-seeking, it is not easily angered, it keeps no record of wrongs.It always protects, always trusts, always hopes, always perseveres.” The Hebrew Old Testament uses the word hesed — often translated as “loving-kindness” or “steadfast love” — to describe a covenant commitment that is loyal, consistent, and enduring regardless of circumstances. It is love as a duty of care, not merely a feeling. For internal auditors, this biblical framework is instructive. What they seek from their organisations is not affection or flattery — it is hesed: a steadfast, covenant-level commitment to support their work, protect their independence, and honour their findings even when those findings are inconvenient.

The Generic Meaning

Outside theology, love in its broader sense is understood as deep respect, genuine care, and unconditional support for another’s wellbeing and purpose. Psychologist Robert Sternberg’s triangular theory of love identifies three components: intimacy (closeness and connection), passion (energy and commitment), and decision/commitment (choosing to sustain a relationship over time).

Applied to organisations, loving internal audit means being close enough to understand what it does, passionate enough to resource it properly, and committed enough to protect it when management pressure mounts.

The Internal Auditor’s Mandate: A Labour of Love

The 2024 Global Internal Audit Standards (effective 9 January 2025), published by The Institute of Internal Auditors (IIA), describe internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations.” The Standards are organised around five domains:

  1. Purpose of Internal Auditing
  2. Ethics and Professionalism
  3. Governing the Internal Audit Function
  4. Managing the Internal Audit Function
  5. Performing Internal Audit Services

Domain 1 articulates internal audit’s core purpose as helping organisations “accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.”

This is a generous, organisation-centred mandate. The internal auditor does not serve themselves. They serve the board, the audit committee, management, and ultimately the public interest. That is love — agape in professional form.

The Standards further require, under Standard 9.2, that the Chief Audit Executive (CAE) develop and maintain an internal audit strategy aligned with the organisation’s objectives. Under Standard 8.2, the CAE must develop a resource strategy to ensure the function has the people, skills, and tools to fulfil its mandate. These are not bureaucratic requirements — they are expressions of organisational commitment. They ask: Do you love your internal audit function enough to equip it?

What the Evidence Shows: A Profession Under Siege

1. Budget Starvation

The most tangible measure of how an organisation values something is how it funds it. By this measure, many organisations are sending a clear and cold message to their internal audit functions.

According to the 2026 North American Pulse of Internal Audit survey, published by the Internal Audit Foundation and released in March 2026, the percentage of internal audit functions that reported budget cuts rose from 11% in 2024 to 19% in 2025, while those reporting budget increases dropped from 34% to 23%. Less than half of CAEs surveyed — just 45% — said their departments had “mostly or completely sufficient funding,” down from 53% the prior year. Nearly one in three (30%) said funding was “not sufficient.”

As IIA President Anthony Pugliese noted plainly: “Organizations across industries are operating in an environment of constrained budgets and limited staffing. Internal audit is no exception.”

This would be unremarkable if the demands on internal audit were also shrinking. They are not. A 2024 Audit Board survey found that 55% of CFOs and 50% of audit committees and boards are asking internal audit to do more work around risk, even as budgets and headcounts remain flat or decline. The GIAS now require CAEs to develop technology strategies, AI capabilities, and cross-functional assurance plans — but without the resources to do so, these requirements become cruel expectations.

2. Staffing Cuts

Staffing trends in 2025 mirrored the budget story. The percentage of internal audit functions reporting staff cuts rose from 11% to 18% between 2024 and 2025, according to the same Pulse survey. Privately held organisations were hardest hit, with staff cuts rising sharply from 11% to 28% in a single year.

The GIAS, under Standard 8.1, require that the internal audit function have “sufficient resources” — encompassing qualified personnel, appropriate technology, and adequate budget  to fulfil its mandate. When organisations cut audit staff while expanding audit scope, they are in direct breach of the spirit, if not the letter, of this standard.

3. Being Misunderstood and Undervalued

The Internal Audit Foundation’s Vision 2035 global survey found that half of all respondents identified “being misunderstood or undervalued” as the greatest challenge facing the internal audit profession. This is not a technical or resource problem. It is a relational one. It is the auditor equivalent of doing everything right in a relationship and still being taken for granted.

Many internal auditors report that stakeholders do not readily perceive their role as strategic. They are tolerated as a compliance necessity rather than embraced as a strategic asset.

4. Intimidation, Retaliation, and Independence Threats

The GIAS place extraordinary emphasis on independence and objectivity — the very attributes that make internal audit valuable. Standard 2.1 requires that the internal audit function be “free from conditions that threaten its ability to carry out its responsibilities in an unbiased manner.” Standard 2.2 requires individual internal auditors to maintain objectivity and avoid conflicts of interest.

Yet the documented reality is that these standards are routinely violated — not by auditors, but against them. Documented threats to internal auditor independence include:

  • Intimidation threats: Management coerces auditors toward predetermined conclusions, threatens to reduce  budgets, or signals that unfavourable findings will have career consequences.
  • Retaliation: CAEs are removed or sidelined after reporting critical findings to audit committees. As one authoritative analysis notes, “Firing or retaliating against a CAE for reporting unfavorable audit results” is among the most serious impairments to independence an organisation can commit.
  • Structural subordination: Placing internal audit under a member of management whose activities internal audit must review creates an inherent structural conflict. The GIAS, under Standard 7.1, specifically require that the CAE report functionally to the board or audit committee to preserve independence. Where this line of reporting is blocked or bypassed — including where a CEO or CFO refuses to permit the CAE to report critical findings to the audit committee — independence is fatally compromised.
  • Scope obstruction: Management withholds documents, limits access to systems, or refuses to engage with audit findings, effectively nullifying the audit process.

These are not hypothetical scenarios. They represent patterns that the IIA’s own practice guides, academic research, and professional literature have documented extensively across industries and jurisdictions.

5. Doing More with Less in an Era of Permacrisis

The term “permacrisis” — a prolonged state of instability and overlapping threats has become the defining label of the 2020s. For internal audit, this means that the risk universe is constantly expanding: cybersecurity attacks, AI governance failures, geopolitical disruptions, ESG accountability, regulatory shifts, and sovereign debt restructuring all compete for audit attention.

The Risk in Focus 2026 report, based on survey responses from more than 4,000 CAEs and directors in 131 countries, found that cybersecurity remains the top risk priority, with geopolitical uncertainty recording the largest year-on-year increase, and digital disruption (including AI) rising to second place globally. These are complex, fast-moving risk areas that require specialised expertise, sophisticated tools, and adequate time.

Asking internal audit to cover all of these risks with shrinking teams and flat budgets is not just unrealistic — it is a governance failure. It signals that the organisation does not truly value what internal audit is being asked to protect.

What the Global Internal Audit Standards Demand: Love Made Mandatory

The 2024 GIAS represent the most significant overhaul of internal audit professional standards in a generation. They do not merely describe what good internal audit looks like — they define what organisations owe the internal audit function.

Key provisions that speak directly to the “love deficit” described above include:

  • Standard 7.1 — Organisational Independence: The CAE must have direct and unrestricted access to senior management and the board. Anything less compromises the function’s ability to serve its purpose.
  • Standard 7.1 — Freedom from Interference: No person inside the organisation may interfere with the scope of internal audit work, performing engagements and the communication of results.
  • Standard 8.2 — Resource Strategy: The CAE must develop a resource strategy to obtain sufficient resources and inform the board about the impact of insufficient resources and how any shortfall will be addressed. Management and the board must support this strategy — and funding it is not optional.
  • Standard 8.3 — Quality: The function must maintain a quality assurance and improvement programme, including internal quality assessments and external quality assessments at least once every five years. This requires institutional commitment and resources.
  • Standard 9.2 — Internal Audit Strategy: Internal audit must have a long-term strategy aligned with organisational objectives and the expectations of the board, senior management, and other stakeholders — a seat at the strategic planning table, not a footnote to it.

Taken together, these Standards describe a relationship of mutual respect, adequate resourcing, protected independence, and strategic partnership. In short, they describe what love looks like when institutionalised in governance.

The tragedy is the distance between what the Standards demand and what the evidence shows is happening in the real world.

The Killed: When Audit Becomes a Death Sentence

Andile Matshaya’s case is not isolated. The IIA South Africa’s landmark “Plight of Internal Auditors” survey, published in 2019, documented a pattern of killings that should shock every board, every audit committee, and every chief executive on the continent. 

According to that survey, the following internal auditors were killed while investigating corruption: Andile Matshaya — Internal auditor, South Africa’s national Department of Transport. Strangled in his hotel room in 2012 while investigating corruption, after receiving repeated death threats.

Moses Tshake — Head Auditor, Free State Department of Agriculture. Maimed in a hijacking in 2013. He died in a Bloemfontein hospital three months later.

Zweli Duma — Internal auditor, Nongoma Municipality. Shot dead at his home in 2016.

Ignatius Nteso — founding member of IIA Lesotho and Chief Audit Executive of the Lesotho Electricity Corporation. Shot dead in 2017.

In Kenya, James Mania Karanja, chief accountant and internal auditor at Nakumatt Holdings — once East Africa’s largest supermarket chain — was killed in May 2015 as he left the company’s head offices. Court evidence revealed he had been investigating a major fraud being perpetrated by senior staff and suppliers. A police officer was allegedly paid a down payment of Ksh 80,000 to carry out the killing. “The motive of the deceased’s death was due to the fraud investigations he was conducting at Nakumatt Holdings Ltd,” the investigating officer told the court. Nakumatt subsequently collapsed entirely, wiping out thousands of jobs and creditors.

In 2022, the Director of Operation at the Ghana Internal Audit Agency (IAA), Mr. Nathan Yankey revealed that some internal auditors are poisoned and killed for doing their jobs effectively. He recounted that an officer of the agency had his food poisoned and got him killed immediately after eating because he was ensuring that the public funds were protected. “Corruption will fight whoever fights corruption hence, people who risk their lives to fight corruption must be provided with security both personal and job security. 

In Colombia, Luis Alfredo Caicedo, fiscal auditor of the country’s largest health intermediary, was found stabbed to death in his bathtub in 2016, hands and feet tied.

In South Africa again, Mpho Mafole, Head of Forensic Audits at the City of Ekurhuleni, was murdered in July 2025 — adding a new name to a list that grows longer with each passing year.

The IIA South Africa survey found that almost one in five (18%) internal auditors would fear for their lives if they reported “questionable activities,” and that the profession was “becoming increasingly more dangerous.” IIA SA CEO Claudelle von Eck wrote at the time: “What does worry me is the prevalence of intimidation and fear in our country, and in particular the willingness of some to go as far as torture and murder to conceal their evil deeds.”

The Dismissed: When Truth Is a Fireable Offence

You do not have to be killed to be destroyed. Across the world, internal auditors who have done their jobs with integrity have been removed, fired, and blacklisted as a direct consequence of finding and reporting what they were professionally obligated to find.

One of the most egregious documented cases involves Western Washington University in the United States. A CAE was pushed out after an audit of a former university president’s travel expense. The university settled for $216,000. His successor, a woman, was appointed to the same role and fared no better. She was fired shortly after her office completed a contentious audit into the use of “ghost courses” to fraudulently pad students’ credit loads — findings her office had already reported to federal investigators as fraud. A Whatcom County jury subsequently awarded her nearly $3 million in damages for whistleblower retaliation, including $631,442 in back pay, the amount of money she lost from the date she was fired to the beginning of the trial. She also received $867,964 in ‘front pay,’ defined as the earnings she would have received for the rest of her life that she lost as a result of being fired. She was again awarded $1.5 million for emotional harm.

As Richard Chambers, former President of the IIA and one of the profession’s most prominent voices, has documented: among the most serious impairments to internal audit independence are cases where a CEO or CFO fires or retaliates against a CAE for reporting unfavourable audit results, or where management refuses to allow the CAE to report critical findings to the audit committee. These are not theoretical risks — they are recurring patterns.

At WorldCom, Cynthia Cooper — then Vice President of Internal Audit and her team worked in secret, often at night, to uncover $3.8 billion in fraudulent accounting. When she first raised concerns with Arthur Andersen’s partner on the account, he told her he only spoke to the CFO. She was effectively being told to stay in her lane. She did not. She took her findings directly to the chair of the board’s audit committee. The result: WorldCom’s fraudsters were exposed, the company filed for the largest bankruptcy in US history at that time, Congress passed the Sarbanes-Oxley Act, and Cooper was named Time magazine’s Person of the Year for 2002. But the path she walked to get there — blocked, pressured, and working in the shadows of her own organisation — is a portrait of institutional rejection that should never have been necessary.

At Enron, Sherron Watkins wrote a memo to chairman Kenneth Lay in August 2001 warning that the company “might implode in a wave of accounting scandals.” Her warning was noted, then ignored. Enron collapsed months later, destroying the retirement savings of thousands of employees and triggering one of the greatest corporate governance failures in history.

At Bank of Internet(BofI) Holding Inc. (now Axos Bank), internal auditor Charles Matthew Erhart alleged that the bank had engaged in misconduct by failing to disclose subpoenas and engaging in risky lending practices. He was dismissed. He filed a whistleblower suit and awarded $1 million in damages for emotional distress or harm to his reputation and $500,000 for defamatory statements about him. 

The Transferred: Professional Exile

Short of dismissal, organisations have perfected a quieter weapon against inconvenient internal auditors: the transfer. When an auditor uncovers something that powerful people would prefer to remain buried, they are moved to another department, another location, another role that has nothing to do with audit. The message is unmistakeable: your findings were not welcome, and neither are you.

This form of retaliation is harder to litigate and easier to dress in the language of “organisational restructuring” or “talent redeployment.” But its effect on the profession is corrosive. It tells every remaining auditor in the organisation exactly what will happen to them if they are too thorough, too honest, or too brave. And it works. The culture of fear documented by IIA South Africa in its 2019 survey where auditors admitted staying in posts only because they had no alternatives — is partly a product of watching what happened to those who came before them.

Why This Matters Beyond Internal Audit

The treatment of internal auditors is not merely a human resource or professional dignity issue. It is a governance risk of the highest order.

When internal audit is underfunded, its risk coverage becomes spotty. When its independence is compromised, its assurance becomes worthless. When its findings are ignored or suppressed, fraud flourishes, compliance gaps widen, and financial misstatements accumulate. The cases of Enron, WorldCom, and more recent institutional failures all share a common thread: the internal control and audit environment was either weak, captured, or deliberately circumvented.

An organisation that does not love its internal audit function is not merely being unkind to its auditors. It is exposing its stakeholders, its shareholders, its regulators, and the public to risks that a properly supported audit function could have identified and mitigated.

Conclusion: Return the Love

The internal auditor wakes up every morning carrying an organisation’s risks on their shoulders. They walk into rooms where they are not always welcome. They write findings that powerful people would prefer to suppress. They do this not for glory, not for the highest salaries, and certainly not for the thanks — because the thanks rarely come.

What they ask for, in the language of the biblical hesed, is steadfast and faithful treatment: adequate resources, protected independence, a genuine seat at the table, and the assurance that when they speak the truth, the truth will be heard.

The 2024 Global Internal Audit Standards have written this requirement into professional law. What remains is for organisations to write it into their culture.

The internal auditor is not looking for romance. They are looking for something more durable: the kind of love that shows up in a well-funded budget, a structurally independent reporting line, a management that engages constructively with findings, and a board that actively champions the audit function’s mandate.

In the words of 1 Corinthians 13, love “always protects, always trusts, always hopes, always perseveres.” That is precisely what the internal audit function does for every organisation it serves.

The question is: will organisations return the favour?

References

  1. The Institute of Internal Auditors. (2024). Global internal audit standards. Effective January 9, 2025. 
  2. Internal Audit Foundation / IIA. 2026 North American Pulse of Internal Audit. Released March 2026. 
  3. Institute of Internal Auditors South Africa. (2019, May). Plight of internal auditors’ survey report.
  4. Internal Audit Foundation. (2024). Vision 2035 global survey [Cited in Audit Board, 2024].

 

  1. ABC News & University of South Carolina Audit & Advisory Services. Cynthia Cooper and WorldCom case documentation.
  2. AuditBoard. (2024, November). 2025 focus on the future: Inflection point for transformation at mid-decade
  3. CFO Brew. (2026, March 12). Internal auditors had a rough 2025.
  4. Chambers, R. (2024, May). A jury has spoken: Retaliation against internal auditors will cost you big! Audit Beacon.
  5. Chambers, R. (2024, March). Do performance bonuses impair internal auditors’ independence and objectivity? Audit Beacon
  6. Colombia Reports. (2016, March). Auditor of Colombia’s biggest health intermediary found murdered at home.
  7. Daily Dispatch & News 24. (2012–2013). Reports on the murder of Andile Matshaya
  8. Holy Bible. (2011). 1 Corinthians 13:4–7 (New International Version). Zondervan. [Original work published ca. 55–57 CE]
  9. Kaya 959. (2025, July 2). Gauteng police investigate murder of Ekurhuleni’s Head of Forensic Audits.
  10. 3News (2022, August 11)Internal auditors are poisoned and killed for doing their job in fighting corruption – IAA,Ghana
  11. The Standard. (2017). Witness: Police killed Nakumatt auditor after receiving Sh80,000. Court reports.
  12. Time Magazine. (2002, December 30). Persons of the Year 2002: Cynthia Cooper, Sherron Watkins, Coleen Rowley.
  13. von Eck, C. [Quoted in]. (2019, July 3). Times Live.[Kenya]Commentary & Academic

 

By : Edward Ansah

Senior Manager,Governance,Risk Management & Controls

Earthspan Services Consulting

Adenta-Accra

[email protected]

Send your news stories to [email protected] Follow News Ghana on Google News

LEAVE A REPLY

Please enter your comment!
Please enter your name here