Bernice Sheridan

Early in your career, you worked on forensic accounting cases during a period of heightened scrutiny around governance and financial controls. How did those experiences shape your approach to governance today?

I was fortunate early in my career to work on complex forensic accounting cases, alongside supporting charities at a time when governance and financial controls were under real scrutiny. Around the time of the financial crisis, I saw first-hand how quickly risk could outpace regulation. Sometimes there were no controls in place at all, but more often the issue was that controls existed without being clearly understood or consistently applied. Oversight was often fragmented, which highlighted how critical strong, coordinated governance is and the consequences when it is not in place. Seeing both sides early on had a lasting impact. It reinforced that it is not just about hitting the numbers, it is about building systems people can rely on. It was eye-opening to see how quickly trust can be lost, the knock-on effects that follow, and how difficult it can be to rebuild. That early exposure still influences how I approach governance today. It has made me more focused on asking why something matters, what risk it addresses, what value it brings, and whether it is genuinely effective in practice.

Your career has developed with a strong focus on internal audit, risk and governance. How have you seen the role of internal audit evolve over the course of your career?

Over time, particularly following the financial crisis and several high-profile governance failures, there was a clear shift. Boards and Audit and Risk Committees began expecting internal audit to focus more on the risks that could genuinely impact strategy, financial stability and reputation. Around the same time, the Institute of Internal Auditors helped drive the move towards risk-based auditing, aligning audit plans more closely with enterprise risk rather than simply processes. More recently, the biggest change has come from the increasing complexity and interconnected nature of organisations. As businesses become more digital, risks no longer sit in isolation. One issue can quickly create a domino effect. Cyber, AI, regulation, digital transformation and data have all reshaped the landscape. Internal audit is now expected to be more dynamic, providing real-time insight and a forward-looking view on emerging risks. That said, it is not one-size-fits-all. Some functions have moved too quickly towards strategic risks without a strong control foundation underneath. The challenge today is getting the balance right, providing robust assurance on core controls while also offering broader insight that genuinely adds value. That can only happen when internal audit not only has a seat at the table, but also has a voice.

What have been the most valuable skills to develop as your responsibilities have grown?

Looking back at the internal audit and GRC roles I have held across different organisations, one of the key skills I developed was understanding that it is never just about what you have found, it is about how and when you escalate it. There is a balance between being independent and being effective. You need to know when something is serious enough to go straight to the audit committee, and when it is better to give management space to respond, strengthen controls and change behaviours before it becomes a formal issue. That is where organisational awareness becomes important. It is about understanding how receptive management is, what the timing of change looks like, and how to position issues so they are acted on rather than simply reported. As I have moved into more advisory and board-facing roles, influencing has become a core skill. It is about shaping conversations with executives and committees and linking risk back to what really matters for the business. Knowing when to push, when to step back, and how to balance assurance with pragmatism is what separates a good auditor from a trusted adviser.

From your experience, what does effective governance look like in practice within an organisation?

For me, effective governance is something that is visibly lived across the organisation. It is not a compliance exercise or something done after the fact. It starts with tone from the top, with leadership consistently demonstrating the behaviours and standards they expect. You see a proactive mindset where risks and long-term implications are considered early, before decisions are locked in. Clear accountability and control frameworks mean people understand what is expected, who owns decisions, and whether risks are within appetite. Good governance also creates alignment. Teams do not operate in silos or chase short-term wins at the expense of longer-term outcomes. A commercial team may focus on closing a deal, but finance, operations and delivery will live with that decision for years. Effective governance brings those perspectives together early, with shared ownership of outcomes.At its best, governance balances opportunity with accountability. It encourages collaboration and constructive challenge, leading to better and more transparent decision-making.

You also contribute at committee level. How does the perspective differ when operating in an audit and risk committee environment?

The perspective definitely shifts. It becomes less about driving performance and more about providing oversight, challenge and assurance. It is not about predicting every risk, but understanding whether management is operating in a transparent, well-controlled and sensible way. From my experience, the quality of what is presented really matters. Are people willing to say it as it is, or does everything come through overly polished? That honesty makes a huge difference at committee level. Committees do not expect management to foresee everything. Risks will happen. The real question is whether the right systems and escalation processes are in place to identify issues early and deal with them effectively. There is a well-known World War II example I often think about. Analysts examined returning planes covered in bullet holes and proposed reinforcing those areas. Statistician Abraham Wald pointed out that the planes that did not return were likely hit in critical spots. The lesson is to look beyond what is visible and focus on what truly matters. That is the mindset required at committee level, seeing the bigger picture and focusing on the risks with the greatest impact. You cannot predict everything, but collectively you can take reasonable steps to strengthen oversight and decision-making.

You’ve undertaken significant professional development in governance and board leadership. What motivated you to pursue this?

I believe being good at anything takes dedication, consistency, experience and continuous learning. My dad used to say you would not go to someone for driving lessons if they could not drive, and that has always stayed with me. The environment we operate in is constantly evolving. Geopolitical shifts, economic uncertainty, regulation and rapid technological change mean there is always something new to learn. You cannot stand still.One of the reasons I pursued further development, particularly with the Institute of Directors, and something I was very grateful to BnM for supporting, was the opportunity to learn from others in the room. It was not just the content, it was the diversity of backgrounds and perspectives that added real value. It challenges your thinking, pushes you outside your comfort zone and ultimately leads to better conversations, stronger challenge and more informed decisions.

For professionals aspiring to contribute at board or committee level, what experience is most important to build?

For me, it comes down to balance. You need a strong grounding in the technical fundamentals, finance, risk, governance and controls, so you can ask the right questions and challenge effectively. At the same time, if you stay too deep in one area, there is a risk of losing sight of the bigger picture. A purely compliance-driven mindset can become disconnected from how the business actually operates and creates value. About 18 months ago, after almost 15 years in Internal Audit, I moved into a business role and it has been a real eye-opener in a positive way. It highlighted the pressures and trade-offs behind decision-making. In reality, you do not always have the luxury of time to follow every step perfectly. Sometimes you have to take a pragmatic view and make the best decision with the information available. That experience broadens your perspective. The real value comes from combining strong governance discipline with commercial awareness, knowing when to challenge, when to dig deeper, and when to step back and look at the wider picture. My advice to someone starting out would be to get as much exposure as possible across the business, including operations, commercial and finance. Internal audit is a fantastic place to build that foundation.