9 Ways to strengthen Internal Audit’s impact and influence in the organization | Deloitte | Audit has been added to your bookmarks.
Strengthening internal audit’s impact and influence
9 ways to respond to stakeholder’s needs
How can your internal audit function meet stakeholders’ needs to deliver not only assurance, but also to advise and anticipate risk? We’ve outlined nine proven ways to increase the impact and influence of internal audit.
Effectively responding to stakeholder needs
Results from our 2016 Global Chief Audit Executive Survey showed that only 28 percent of chief audit executives (CAEs) believe their functions have strong impact and influence in their organizations. And 16 percent felt that internal audit had little to no impact at all.
So we’ve identified nine proven ways CAEs can effectively respond to stakeholders’ needs. And in doing so, increase internal audit’s impact and influence. These aren’t quick fixes or magical solutions. They require effort and commitment. But they work.
- Develop and launch a brand identity. Your brand is simply what you’re known for. In your organization, what comes to mind when people hear the words “internal audit?” Do they think of an innovative, value-adding team of advisors? Or something else? To change their thinking, change your brand.
- Link advisory activities to assurance work. If you’d like to provide more advisory services, you might start with senior management’s goals and the strategies for reaching them. But that may seem overwhelming, especially if you’re new to advisory services or feel mired in assurance activities. Although you should always seek to understand management’s goals and strategies, there are other entry points to advisory services.
- Provide cyber assurance services. As you’ve no doubt heard, it’s not a matter of if your organization will experience a cyberattack—it’s when. Cyber risks are therefore at the top of board and audit committee agendas. And they’ll likely remain there.
- Audit the end-to-end risk management function. As the third line of defense in risk management, internal audit has a crucial role in providing assurance on the effectiveness of risk management activities performed by the first and second lines of defense. Fragmented, siloed risk management creates costs, gaps, and redundancies and can expose organizations to unanticipated risk consequences.
- Review the strategic planning process. In many organizations, internal audit will be prompting the audit committee to ensure that the board is fully engaged in strategic planning. It’s a key governance and oversight issue, particularly with regard to the data that management relies upon, the models planners use, and the assumptions management makes.
- Adopt analytics. Internal audit can leverage analytics capabilities across the business to the benefit of virtually every area of the organization. Analytics leads directly to cost savings through more targeted, effective, and efficient audits. It also frees up time for the advisory activities that it enables.
- Contemporize internal audit reporting. A lot of internal audit’s work goes unnoticed due to outdated approaches to reporting. The right reporting enhancements will get that work noticed and give stakeholders vivid evidence of change in internal audit.
- Enhance skills and capabilities. We often see skill deficits or shortages as a root cause of internal audit’s limited impact and influence. Given organizations’ evolving needs, internal audit’s skills must evolve for the function to remain relevant.
- Heighten personal impact. Your personal impact as an internal audit leader will set the tone and impact stakeholders’ perceptions of the function. And impact and influence don’t just come from acquiring technical skills. They also result from strong communication, collaboration, leadership, and other interpersonal skills.
The path to greater impact
Impact and influence accrue over time with each improved process, reduced cost, and better-managed risk. Focusing on the areas listed above sets internal audit on a journey up the value chain. Along the way, compliance becomes more efficient; reporting more relevant; and advisory more credible, useful, and supportive.
We’ve repeatedly seen that when internal audit dedicates its best efforts to what matters most, its impact and influence are inevitably enhanced. So align your vision for internal audit with the strategic vision of the organization, your resources with stakeholders’ needs, and your professional approach with stakeholders’ ways of working.
To learn more about unlocking the potential of internal audit, visit our Internal Audit services page.