The saying, "a jack of all trades is a master of none, but oftentimes better than a master of one," provokes debate between specialists and generalists. This discussion extends to many fields, including internal auditing.
As internal audit's role continues to grow, today's practitioners are asked to do far more than their traditional responsibilities around operational assurance and regulatory compliance. This paradigm shift is particularly evident in The IIA's Pulse of Internal Audit survey. The inaugural 2011 report lists fraud investigations, financial reporting, controls, compliance, and ethics investigations as the top areas of responsibility outside of traditional roles. In contrast, the 2019 report illustrates internal audit's growing involvement in other key areas including cybersecurity enterprise risk management, cost/expense reduction, and third-party risk.
Internal auditors are not only expected to broaden their scope of services, but also deepen them. Most audit functions believe they are falling short technically in key areas, as evidenced by lower competency ratings (scale of 1-5 with 5 as highly competent) in cybersecurity and IT audit (2.9), data analytics (2.9), and technical accounting standards (2.5-2.9) in Protiviti's 2019 Internal Audit Capabilities and Needs Survey.
These seemingly conflicting qualities of depth and breadth raise an important question frequently asked by chief audit executives (CAEs) and practitioners alike: Is it better to specialize or generalize?
First and foremost, the practitioner's interests and career goals should guide any decision on specialization. On one hand, experienced practitioners may become specialists over time, whether intentionally through career planning, mentorship, technical training, and workload, or unintentionally through trial, error, and, ultimately, success within certain disciplines. Alternatively, audit new hires may find generalization appealing as it provides a means to learn various aspects of the business and explore alternate career options, or identify opportunities for future specialization within internal audit.
While audit new hires may be more likely to start their careers as generalists, audit leaders should not deter them from exploring specialization. As academic institutions and continuing professional education providers expand their offerings in highly technical areas such as cybersecurity and data analytics, new hires can enter the audit...