Mary Rose Vilchez-Mariano did not begin her career in government or internal audit. She started in the private IT sector—writing user manuals and documenting systems.
But that foundation would later shape how she sees internal controls today.
“My journey began in the private IT sector… where I developed user manuals and documentation for IT systems,” she says.
What followed was a transition into public service, where she steadily moved from administrative roles into internal audit leadership. Over the past decade, she rose to become Director of the Internal Audit Service, leading transformation efforts across one of the country’s most complex bureaucracies.
Today, she is not just auditing systems—she is redesigning how internal audit functions operate.
From Compliance Checker to Strategic Partner
For Vilchez-Mariano, the biggest shift in internal audit is not technical—it is philosophical.
“Now, as Director of Internal Audit Service, I am transitioning the function from a compliance checker to a strategic partner for good governance,” she explains.
Traditionally, internal audit has been viewed as a control mechanism—focused on identifying gaps, enforcing compliance, and ensuring adherence to standards.
But in a more complex and fast-moving environment, that approach is no longer enough.
Her goal is to position internal audit as a value-adding function—one that not only detects risks, but also improves systems, enhances efficiency, and supports decision-making at the highest level.
This shift reflects a broader trend in both the public and private sectors: moving from reactive oversight to proactive governance.
Building Systems, Not Just Reports
One of Vilchez-Mariano’s defining strengths is her ability to think in systems.
Her background in IT, combined with deep experience in public administration, allows her to approach internal controls as interconnected processes rather than isolated checks.
“I approach auditing as systemic improvement,” she says.
This mindset has driven several key innovations, including the development of digital audit systems and structured evaluation frameworks.
Her initiative, “IAS goes D.I.G.I.T.A.L.”, transformed audit processes from manual workflows into cloud-based systems—earning recognition as the Best Internal Audit Practice and Innovation in the Philippine Public Sector at the 2025 AGIA National Convention.
The result is not just efficiency, but better insight—allowing auditors to move from retrospective checking to real-time monitoring.
Why the Future of Audit Is Digital and Data-Driven
Vilchez-Mariano believes the future of internal audit lies in three key areas: agility, digitalization, and data.
“The future is Agile, Digital, and Data-Driven,” she says.
Her team has already implemented remote auditing, cloud-based documentation, and integrated systems that reduce manual effort and improve responsiveness.
But more importantly, they are now moving toward data analytics and artificial intelligence—tools that allow auditors to anticipate risks instead of simply reacting to them.
This evolution changes the role of the auditor.
Instead of reviewing past transactions, auditors are increasingly expected to provide forward-looking insights—helping organizations navigate uncertainty in real time.
Turning Controls Into Measurable Impact
For Vilchez-Mariano, internal controls are not just about compliance—they must deliver results.
One example is a high-impact audit of fire truck procurement, where her team’s findings contributed to reducing costs from ₱15 million to ₱13 million per unit in subsequent purchases.
In another case, audit recommendations improved the operations of Hajj pilgrimage services, leading to fewer complaints and higher satisfaction among participants.
These outcomes highlight a critical shift: stakeholders no longer ask whether processes are compliant—they ask whether they are effective.
To address this, Vilchez-Mariano introduced evaluation tools based on the “4Es” framework—Effectiveness, Efficiency, Economy, and Ethics, ensuring that audit findings translate into measurable improvements.
Leadership Through Capacity Building
As a leader, Vilchez-Mariano focuses on developing people—not just enforcing standards.
“My leadership is defined by capacity building and empowerment,” she says.
She implemented structured learning programs, mentorship initiatives, and certification pathways that helped her team gain professional credentials and expand their capabilities.
Her approach reflects a key belief: internal auditors must evolve from compliance checkers into strategic advisors.
That transformation requires more than technical skills—it requires confidence, communication, and a deep understanding of organizational goals.
Balancing Control and Collaboration
Despite the technical nature of internal audit, Vilchez-Mariano emphasizes the importance of collaboration.
“I view internal audit as a partnership,” she explains.
Rather than positioning audit as an external enforcer, she works closely with departments to frame findings as opportunities for improvement.
She also introduced mechanisms such as feedback systems and performance metrics that align audit recommendations with organizational goals.
One key move was integrating compliance with audit recommendations into performance evaluation systems—turning audit outcomes into shared accountability.
Credibility Through Certification
To strengthen her expertise and lead by example, Vilchez-Mariano pursued certification with The Institute for Internal Controls, earning the Certified Internal Control Auditor (CICA) designation.
Her motivation was clear: to benchmark her skills against global standards and elevate the credibility of her office.
“Certification is an investment in your authority,” she says.
The impact has been significant.
The credential enhanced her standing as a subject matter expert, expanded her role as a resource person across government agencies, and strengthened trust in the audit frameworks she implements.
More importantly, it allowed her to lead innovation with confidence—knowing that her approach is grounded in globally recognized principles.
From Auditor to Change Leader
For Vilchez-Mariano, internal audit is no longer just about identifying gaps.
It is about driving change.
Through digital transformation, structured frameworks, and a strong focus on leadership development, she is redefining what internal audit can achieve in the public sector.
Her message to professionals considering the same path is both practical and aspirational.
“Certification empowers you to innovate,” she says.
Because in a world of increasing complexity, organizations need more than compliance.
They need leaders who can turn controls into strategy—and risk into opportunity.
