According to a recent IIA Research Foundation report, Driving Success in a Changing World: 10 Imperatives for Internal Audit, “only about half of survey respondents (57%) say their departments are either fully or mostly aligned with the strategic plan of their business.”
To my mind, this illustrates that this key company department still has some way to go to transform from an assurance provider, as it was until now, to the trusted business partner that it’s expected to become.
And keep in mind that this expectation is from all levels of the organization – from the top management, of course, but also from the business owners and the internal audit team itself, because it will be a much more rewarding role.
So how can the audit department achieve this transformation? I’d like to suggest a few ideas.
Get input from the business about their concerns
The creation and update of the audit plan is of course the prerogative of audit, and rightfully so. Nevertheless, by incorporating some of the inputs from executives and business owners, the audit department will be able to address the business’ concerns and might even be able to provide solutions.
This can be done when drafting the audit program for the year, but could also be done regularly by incorporating feedback from all participants to an audit – not only regarding improvements in the audit process but also concerning suggestions on next focus areas.
Be more flexible and reactive to change
We’ve all heard this I suppose… But I actually think that it’s key in being a true partner to the business. Context changes rapidly as market demand shifts, key suppliers disappear, and so on. A yearly audit program can no longer suffice to reflect these changes, in my opinion.
By leveraging technology, audit departments can quickly review their audits based on the latest risk information and reschedule their resources accordingly.
Also, this technology will help audit teams communicate more easily with all the auditees to follow the action plans, collect progress on recommendations, and so on.
Be proactive and on top of emerging risks
The board is like most of us and reacts to new threats. For instance, due to many recent data breaches, board members are now often asking for reports on the state of cybersecurity. This isn’t a new risk and has been under scrutiny from IT and audit departments for quite some time now.
But audit departments that regularly notify their boards on emerging risks and the status of preparedness of the company are often perceived as being corporate advisers. Such an approach can be done formally during regular audit committees. However, audit teams might also want to consider publishing bulletins or alerts as an informal update to board members.
Share best practices and identify talents
With its global reach, internal audit is able to benchmark approaches and identify best practices across the entire group. As a result, it can have a crucial role in sharing these best practices so that they can quickly be adopted by all.
Furthermore, and this might not be the primary function of audit departments, but who better to train – or at least raise awareness – on key issues the company faces and how to best circumvent them?
Identifying fraudulent patterns and reporting them, having a secure approach to information to avoid data breaches, and protecting the company’s reputation. Each individual employee can contribute to this, provided they’re aware of it and know how to proceed. Here’s where internal audit can help – by offering some training on these topics.
Finally, since internal audit interacts with a variety of stakeholders in the company, one of the great roles that it can play is in discovering top talents. Additionally, should the audit team need new members, wouldn’t it be ideal to onboard a top talent it just discovered?
The question for most companies isn’t whether to adopt new digital business models alongside their legacy businesses. It’s how to survive the transition. Learn more in Digital Disruption: When to Cook The Golden Goose.