Sculpting the future of internal audit

Understanding a company’s organization, strategy, and purpose is the first place that CAEs should look in evaluating the purpose of the IA function and defining the vision for future success. One of the more common observations we have with CAEs in transition is that they are dealing with the perception that the vision and innovation of internal audit have become stale. For those IA teams in need of a new vision, starting with the purpose and strategy of the company can be a great launch point to develop a clear articulation of the vision for IA.

CAE aha moment:
Purpose will enable us to become more strategic in our approach and better serve our direct stakeholders with what they truly value.

In conversation with CAEs on the topic of risk sensing, we are finding companies are using more data-driven risk assessment methods, engaging their executive relationships to surface more frequent qualitative input on emerging strategic or operational risks, and evaluating market drivers and signals of risks from both inside and outside the company that can create pressure on management. They are also laser-focused on balancing the assessment of risk between both business-as-usual risks and areas of change and transformation.

The most successful CAEs and their teams are highly influential leaders within their organizations and catalysts for positive change. Exactly how they do that can sometimes be a little more of a mystery. Often, the CAE and IA team are so consumed with the required reporting with the CFO, audit committee, and management stakeholders in executing the annual audit plan that there is not enough time devoted to focus on building relationships and buy-in for their IA vision with the broader set of key executive leaders. Demonstrating that the purpose, vision, and focus of the IA team align with the company’s purpose and strategy is a key step that CAEs can take to build broader buy-in and enhance strategic relationships.

It is an important time for CAEs to think strategically about the plans they are putting in place to address technology innovation. As part of the risk assessment process, the IA team needs to surface the right technology risks and opportunities to address. This usually starts with whatever new enterprise IT plans are on the docket for the year, such as cloud migration or enterprise resource planning transformation. That’s plenty to deal with on its own. To get a truly holistic view of how different emerging technologies are impacting a company, it is important to include corporate IT while also expanding focus beyond corporate IT.

A top area of conversation with CAEs is addressing the risk around transformation and how to engage their teams to make a positive, productive impact on the success of these programs. When companies spend big dollars investing in transformation, they often expect a significant change in how business models, processes, and technologies work. IA is also best positioned to advise management on how to be purposeful in making the right decisions on the ownership of responsibilities for key controls as part of the transformation program design.

Given the pace of change in business and associated risk, CAEs can feel pulled in many different directions as they evaluate the myriad choices and trade-offs in how to focus IA team resources and time to address risk. Successful IA teams are willing to challenge the status quo to find efficiencies, maintain effectiveness, and create the time to increase impact by addressing emerging risks, transformation programs, and ad hoc asks for management support or investigation.

In ongoing dialogue with CAEs, there are a variety of tactics that CAEs are employing to address speed to impact like initiatives to modernize compliance programs, testing automation using analytics and AI, reprioritizing the audit plan throughout the year, streamlining reporting and issue follow-up processes, and the adoption of Agile IA audit techniques. CAEs and their teams are becoming increasingly creative in their adoption of these tactics to drive value and increase insights while they expand into newer areas of emerging risk.

At the CAEdge Summit, CAE leaders explored managing a complex talent pool, adapting culture to a hybrid environment, and increasing team agility and the motivation to make an impact and bring the vision to life.

Taken together, new approaches to leading talent—combined with a refreshed purpose, vision, and focus of internal audit—will create new opportunities to drive developmental experiences, create new career paths, and build broader leadership capabilities that will enable IA professionals to achieve greater success in internal audit—and beyond.