A new era of IA: Paving the way for meaningful impact in 2024

By connecting its own raison d'être with the broader organization’s purpose, internal audit has an opportunity to maximize its impact.

If the internal audit function fails to articulate its purpose or value to the broader organization clearly, lacks employee engagement, follows the same working practices that everybody else uses, and stays stuck on the status quo, it risks losing the opportunity to deliver new revenue streams, grow faster, and enhance its ability to attract and retain talent.

Internal audit has a largely untapped opportunity to accelerate engagement around purpose. By aligning its role and remit with the organization’s purpose, internal audit can maximize its impact by working in a more intentional way to support specific, purpose-driven organizational outcomes; attracting top talent who, research has shown, would prefer to work for purpose-driven organizations and teams; and ensuring innovation efforts are purpose-driven.

As more and more businesses go bust on trust, internal audit is a natural fit for building it back and accelerating a strategic trust agenda.

Today's stakeholders expect organizations to do the right things and do them well. These expectations run the gamut, from safeguarding customers’ private data to taking a strong stance on ESG issues; and from providing safe working conditions to being transparent about vulnerabilities and risks. Meeting these stakeholder expectations consistently—by displaying capability, reliability, transparency, and humanity—engenders trust. Failing to meet them poses risks to the organization. Like any other performance-related attribute, trust indicators need to be monitored for gaps, analyzed for risks and opportunities, and ultimately assured. Considering these factors, along with its broad enterprise view, internal audit is a natural fit for advising on trust and accelerating a trust agenda.

Created by design, not by accident, resilience is the outcome of multiple risk-and-control disciplines done well and in coordination with each other.

While great cost-efficiencies can potentially be gained, management should consider if a centralized strategy eliminates diversity and redundancy that might be useful, inadvertently creating a major point of potential failure. The COVID-19 pandemic exposed the downside of costing out diversity and redundancy in the relentless pursuit of efficiency. After experiencing critical supply shortages, resilience was suddenly on the tip of everyone’s tongues and at the top of many priority lists. Unlike business continuity, disaster recovery, or information security, resilience is not a risk-and-control discipline; it is an outcome of executing risk-and-control disciplines well and in concert with one another. Resilience requires alignment of language, definitions, and goals. Internal audit functions can help organizations shift gears.

Is the disruptive potential of GenAI the real deal or a deep fake? Internal audit can help companies decide.

Mature disruptive technologies, such as cloud applications and infrastructure, are becoming increasingly sophisticated—often by embedding generative AI (GenAI) and machine learning (ML) into their solutions—even as companies seek to cost-optimize their cloud portfolios and align them with enterprise strategy. Such developments also point to the potential for elevated risks.

Internal audit has a key role to play in creating and protecting value by assuring, advising, anticipating, and accelerating the organization’s ability to both manage the related risks and take advantage of the opportunities posed by disruptive technologies. For instance, internal audit can help the board and management understand which GenAI and other disruptive technologies are leveraged in the organization and what risks they present. The challenge for auditors will be how to keep pace with the shifting risk landscape to deliver insightful assurance and valuable advice.

Do not bend over backward. Get a spine.

Many internal audit functions have started their digital journeys by leveraging analytics capabilities. Yet, most still use these digital tools in a limited way, such as for inquiries or data sampling. To date, few functions view digital broadly enough to systematically move toward building a digital backbone—a spine capable of automating processes and driving efficiencies and insights across the entire audit life cycle.

Disparate platforms used for risk assessment, planning, audit execution, issue remediation, and continuous monitoring can indicate the lack of a formal architecture for building a digital backbone. Therefore, now is the time to get on the road to seamless connectivity by ensuring that the technologies you are acquiring fit together. Only through an intentional approach to embracing digital will you be able to architect an integrated platform capable of carrying your internal audit function forward into a real-time, continuous future.

Beyond assurance, controls modernization gives internal audit an opportunity to catalyze and advise.

Modernizing the control environment and achieving greater levels of efficiency and effectiveness requires both greater automation and a recognition by the organization that internal audit can advise management and anticipate risks, in addition to providing traditional assurance.

New and pending ESG reporting requirements add a splash of color to ESG risks.

As the pressure increases for companies to demonstrate environmental responsibility, social consciousness, and governance effectiveness, so does the temptation to be less-than-forthcoming about how ESG targets are set and whether they are being attained on schedule. The ever-evolving business vernacular can barely keep up with the expanding range of ESG-related risks. Enter green washing, making a company’s products and activities seem more environmentally friendly or less environmentally damaging than they really are; blue washing, overstating a company’s commitment to socially responsible practices; and pink washing, or using an LGBTQ+-friendly marketing approach, while masking other negative actions. Such deceptive practices comprise an entire color palette of risks.

Uniquely positioned to help an organization anticipate such risks, internal audit should incorporate ESG into their audit plans and serve as a trusted business advisor to management. Internal audit can accelerate change by evaluating and strengthening data, processes, and internal controls over sustainability information.

In a future of work without boundaries, internal audit can help leaders get their bearings.

As described in the Deloitte Human Capital Trends 2023 report, many of the boundaries that used to provide the structure of work have been dismantled. Digital advances have redefined the concept of work as a physical space. Talent shortages are prompting companies to experiment using skills, not jobs, as the baseline for workforce decisions. And employee demands for more meaningful work, flexible workplace models, and more personalized career paths are pushing companies to focus more on the “S” in ESG.

Internal audit has a key part to play in helping management and those charged with governance to get their bearings on where the organization stands in this boundaryless world and how it can get to where it needs to be. And, like the flexible jobs of the future, internal audit’s role in human capital management (HCM) can be as broad or as narrow as the organization desires. The question is not whether internal auditors will help shape the future of work; it is only to what degree.