‍What are you doing to get your next promotion? 

For many ambitious senior Internal Auditors, their answer is putting their heads down and absolutely killing it at work. They’re testing controls faster than their peers. They’re documenting their workpapers better. They’re even coaching up seniors, staff, and entry-level auditors. They figure, the faster I run and the harder I push, the more quickly I’ll get promoted.

Unfortunately, many of them are likely to look up someday and realize that — to quote a classic business bestseller — someone moved their cheese/promotion. 

Meaning, someone else got the promotion they’d been working toward.  

Even though this auditor is amazing at what they do, staying in their well-worn path cost them their cheese. They actually cemented the business case for NOT promoting them.

Here’s their manager's basic thought process: They’re such a fantastic senior — I can’t afford to move them out of that role! They’ve helped our team set such a high standard. Performance would plummet. Quality would take a nosedive. I guess I have to promote someone else…

Sure, any ambitious Internal Auditor needs to excel in their role. But they also need to focus on promotable activities — value-producing work that proves they are meant to be a leader. 

I write about career advancement strategies quite a bit. I do it because there are still too many Internal Auditors out there who can benefit from hearing this message. 

When it comes to helping Internal Auditors advance in their careers, I want to be the most helpful broken record you know. 

In that spirit: What are some promotable activities for Internal Auditors that can help them better position themselves for a promotion within the next 6–12 months? 

Promotable Activities to Help You Get Your Cheese

Before we dive in, what is a promotable activity exactly? 

I introduced “promotable activities” in a previous newsletter that also focused on developing promotion plans and getting in the right mindset. Basically, promotable activities (as defined by Kendall Berg, aka That Career Coach) are those that add measurable value beyond routine job expectations to demonstrate leadership, strategic thinking, and a commitment to improving the organization. 

These seven example promotable activities fall into five buckets. Hopefully they jumpstart your thinking, helping you think of other ways you can deliver value your organization needs. 

Leveling Up Your Team

1. Help Your Team Improve Their Audit Skills 

Real leaders focus not only on improving their own skills, but on improving the skills of their entire team. 

Maybe you hoped that the best practice you developed would help you hoard the limelight. You’ll actually get more credit — and drive more value for your organization — by sharing it, teaching it, and helping your team build upon it.  

What can you do that will level up your team’s performance? For example, perhaps you’ve figured out a faster way to draft your audit report, or a new data analytic approach you’re using to take better samples faster. Maybe you’ve identified gaps in conforming with the Global Internal Audit Standards and you have ideas for fixing them. 

As opposed to keeping your good ideas to yourself, share them. 

The person who’ll be up for the promotion is the one who’s built a reputation for continuously sharing their best practices and ideas.

Whatever your idea is, make sure it’s relevant, targeted, and aligned with strategy.

Leveling Up Your Technology

2. Identify and Lead Technology Selection/Implementation

Another critical way you can add value is by pushing for (and taking charge of) implementation efforts aimed at adopting or broadening technology usage across your team. 

What technologies could help your team make its day-to-day work more efficient, effective, and valuable to the business? 

Maybe another department uses a technology that you want to implement in Internal Audit or SOX. Or maybe your team doesn’t yet use a purpose-built GRC technology, but your CAE or SOX leader has signaled they’re open to it. Why not volunteer to do the due diligence, build the business case, lead implementation, and oversee use of the new technology on the CAE’s behalf? 

I've seen a lot of Internal Audit seniors get promoted to managers — and managers to leaders — because of their drive to help their Internal Audit team use technology better.

3. Lead an Initiative to Enhance Technology Use

If your team already uses a purpose-built GRC, data analytics, or other application, can you lead a self-assessment of — or manage the technology’s quality assurance process — to improve how the technology is being used in your organization? 

For some teams, it may just mean ensuring that more Internal Auditors are using the tool as intended or to its fullest capabilities. For others, it may mean expanding the use of the technology to control owners or audit customers. Work with your CAE or SOX leader to determine the right scope and timeline. 

4. Lead AI Implementation Efforts

Already using your purpose-built GRC or data analytics technology to its fullest capability? No problem, as the breakneck development and proliferation of AI mean that every organization can use help identifying, implementing, and governing generative AI technologies and best practices. 

How can you begin to implement and share generative AI best practices across your SOX and Internal Audit programs? Do you have prompts that help you do better research to create audit programs, perform more extensive testing, or automate creation of draft audit reports? Share them with others and ask for feedback in the spirit of continuous improvement. Has your team created a prompt library? If not, start one ASAP. 

Driving Connected Risk

5. Assist With or Lead Connected Risk Projects 

I call it connected risk. Others call it aligned assurance. Whatever you call it, every organization needs more of it. It’s the key to helping our organizations be more effective in identifying, monitoring, and managing existing, emerging, and unseen risks in the age of permacrisis.

Connected risk and aligned assurance share the same basic objectives: (1) enabling a collaborative and cross-functional approach to managing risk across the enterprise, and (2) giving stakeholders a common view of enterprise-wide risks and issues. To keep it simple, I’ll just call it connected risk. 

If your organization hasn’t gotten started with connected risk, you can help lay the foundations.

• Start by better organizing, connecting, and aligning the GRC data your team is responsible for. For example, can you consolidate all the different risks and controls across your audit programs and SOX work, and align those risk and control activities to enterprise-level risks? Or consolidate all the processes your organization uses to manage issue identification, remediation, and resolution?
• Once you’ve addressed the data under your purview, expand efforts across all your organization’s GRC teams. For example, can you collaborate with your organization’s Information Security, Risk, and Compliance teams to better connect and align all teams’ GRC data, activities, people, processes, and technology? These efforts can be instrumental in getting teams speaking the same language (including using consistent definitions), connecting data across applications, and sharing information across teams. Improving alignment and collaboration in this way goes a long way toward helping organizations be more effective in understanding and managing their key business risks.  

For more detailed guidance — as well as fuel for your business case — I authored this AuditBoard report outlining several foundational projects for connected risk. My esteemed colleague Richard Chambers also wrote a fantastic book on the topic. 

Leveling Up Yourself

6. Develop Soft Skills and Leadership Chops Through Non-Work Experience

Even as technology proliferates, “soft skills” will never go out of style. What can you do outside of your day-to-day work to level up your own skills or capabilities?

In your own organization, can you take on a leadership role in an employee resource group? Or do some part-time work helping a leader outside Internal Audit with a special project? 

You can also seek opportunities externally. For example, can you volunteer for a board of director role at a local charitable organization? Leading and managing volunteers is generally more challenging than managing people who are paid to carry out their responsibilities, and the skills and practices learned in these situations are generally very transferable to Internal Audit and SOX work. 

These experiences can be invaluable in helping you develop your skills in areas like team-building, problem-solving, advocacy, networking, and effective leadership and communication. 

They can also help you develop a reputation as a leader — not just an individual practitioner. 

Building Your Network

7. Expand and Strengthen Your Network — and Your Reputation Within It

People can't advocate for you if they don't know who you are and what you can do.

That’s why deliberate efforts to develop your professional network totally qualify as promotable activities. Building and strengthening your network has also become the #1 way to find a new role. 

To use networking to increase your chances of getting promoted, the key is connecting with a handful of people who have credibility and clout within the business. 

Kendall Berg gives a great example. She was one of two people in a 100+ organization who earned a five-star rating (the highest possible). And the feedback she heard from the calibration meeting where she received the rating was that she got the five because so many people went to bat for her. 

These were people she’d directly interacted or worked with. When they said she was great, they all spoke from first-hand experience. 

When it comes to getting promoted, having some of those first-hand opinions in the room can make all the difference in the world.

For high-performing employees with very well-developed networks, internal promotion calibration meetings are likely to go well. The more people singing your praises, the easier the consensus — and the more likely the promotion. 

Today, through professional organizations and publications, LinkedIn, and other social media, those voices and opinions can also come from outside your organization. Your online presence and public activities can have a big impact.

(Shameless plug alert: The Internal Audit Collective is always looking for top-notch practitioners to share their knowledge as webinar panelists, channel leaders, and roundtable participants.)

The Old Way of Getting Promoted Is a Relic

Nowadays, to get promoted in Internal Audit, it’s not enough to be high-performing in your job. That’s the old way.

The new way of getting promoted requires being strategic about what you’re doing elsewhere, beyond your day-to-day activities. 

Sure, people get promoted all the time. But could they have been promoted faster, without open opportunities based on company needs? 

The new way of getting promoted means professionals can get promoted as a direct result not just of their performance, but because they pushed to enable positive change that upskilled their teams, themselves, and their organizations as a whole. 

And here’s the most promising thing about all of this: It’s within your power to take on at least one of the activities in this list. 

You don’t need buy-in to get started. 

You only need the baseline knowledge, initiative, and discipline to get the ball rolling and see it through. So get going, and get that cheese. It could be yours for the taking. 

And if you’re looking for more inspiration, guidance, and ideas to take that next step in your career, join the Internal Audit Collective — a community of 425+ high-performing SOX and Internal Audit professionals.

Start here 👉https://www.internalauditcollective.com/the-internal-audit-collective