What are the hallmarks of a “relevant” internal audit function? And how can chief audit executives (CAEs) know that the business views their team as both insightful and value-adding?
- The profiles of leading internal audit organizations featured in Protiviti’s latest edition of Internal Auditing Around the World® help to answer these questions. They also underscore just how much the internal audit profession has evolved since we first introduced this publication nearly two decades ago.
The bottom line: Our 19th volume of Internal Auditing Around the World explores the theme of relevance in an internal audit context. What we gleaned from our interviews with CAEs across the globe is this:
- For internal audit, relevance is a destination as well as an ongoing journey, and there are multiple paths that internal audit leaders and their teams can take to achieve it.
Go deeper: Read our insights below.
We learned that internal audit functions seen as relevant typically do all or most of the following:
They don’t overlook the basics.
This trait may not be that compelling on the surface. But with everything internal audit organizations must stay attuned to in today’s dynamic business environment — from AI, cyber and broader IT risks to environmental, social and governance (ESG) issues — it’s easy for them to lose focus on the basics that drive results for the business.
Internal audit functions that are relevant understand the strategy and priorities of the business, the risks that could derail them, and the competitive landscape the company is operating in. Importantly, auditors can have meaningful discussions about these topics with business owners and management.
As one audit leader explained in this year’s Internal Auditing Around the World, “For our team, relevance is knowing the business and its pain points and responding effectively to risks that exist — but not forgetting about the basics of auditing that we have to follow.” Another CAE we spoke with noted that “executing well and demonstrating our deep knowledge of business and global operations” was a core factor in his department’s ability to earn “a seat at the table.”
They are firmly focused on expanding and deepening their skills bench.
Relevant internal audit functions are proactive and deliberate about evolving their auditors’ skills through training and professional development programs to make them more effective today — and also prepare them for the future of work. For example, one internal audit function profiled in Internal Auditing Around the World continually upskills and reskills its staff so they can be well-versed in new and emerging areas of risk like ESG and cybersecurity.
Another organization featured in this year’s book is squarely focused on increasing data literacy across the entire internal audit team, and its CAE has outlined a three-year development road map toward that end. That leader also aims to build a center of excellence for internal audit that’s designed to advance auditors’ use of advanced analytics and help raise the function’s technology maturity.
They are data-driven — or intend to become so soon.
One CAE underscored to us that the use of data analytics presents a “huge opportunity” for every auditing team by making them “more resourceful and valuable to the business.” Today, a trait of leading internal audit functions is that they not only use data analytics but also are investing in more advanced tools powered by artificial intelligence (AI) and machine learning.
Indeed, every CAE we interviewed for this year’s Internal Auditing Around the World has either already equipped their team with data analytics capabilities or has plans to bring them into the function very soon. We learned about one function that is so focused on using data analytics to increase internal audit’s impact at the company that the group maintains a dedicated analytics and advisory practice that is improving efficiency in the department and providing the business with self-monitoring capabilities.
They recognize the importance of building the function’s “brand.”
A notable trend among the leading internal audit organizations in our latest edition of Internal Auditing Around the World is an emphasis on elevating the function’s “brand” as a way to help business owners understand and appreciate the full breadth of the function’s capabilities and potential to serve as an independent, objective and strategic adviser to the business vs. simply a checker of controls and compliance with policies.
One leader whose team prioritizes image building for internal audit said, “We are constantly working on our relevance — and with that, the branding and perception of our team.” And the aforementioned CAE who is driving digital literacy across his team is also actively promoting internal audit’s “brand promise” within the company. That promise — referred to as the “AAA” brand (assure, advise and anticipate) — is a way to make internal audit seem more approachable and relevant by “translating what we do as a function into language that auditees can digest,” the CAE explained.
They think about going beyond providing traditional assurance.
Protiviti’s 2023 Next-Generation Internal Audit Survey, separate research we released earlier this year, also focused on the theme of achieving audit relevance. From this global survey, we learned that one of the top priorities for internal audit groups over the next 12 months is to evolve how the function coordinates and aligns with other assurance functions.
The aim of achieving “aligned assurance” is to drive increased coordination and communication as well as correlate risk, controls and a broader view of risk management practices and the control environment across the three lines. Several of the internal audit leaders we interviewed for this year’s Internal Auditing Around the World expressed that they are thinking about how they can do more when it comes to risk management and create more synergy with other functions focused on assurance activities, such as risk management and compliance.
We spoke with one leader who is particularly intent on increasing the interdependency between internal audit and risk management and sees combining internal audit and risk management as “an impeccable opportunity to impact the entire risk cycle from identification to remediation.” He said, “I really believe it’s about going beyond assurance.”
To learn more about the various paths that leading internal audit functions are taking to increase their relevance and to discover best practices that can help your team do the same, download your complimentary copy of Volume 19 of Internal Auditing Around the World. (You can access all previous editions of this annual publication on the same page.)
Add comment