May is Internal Audit Awareness Month. On the off chance that didn’t make it onto your calendar, I’d like to make the case that rethinking internal audit’s potential is time well spent.
While traditional internal assurance remains important, a modernized, agile internal audit function stands to add significant value to your organization. The pace of doing business shows no sign of slowing—whether it’s one of many forms of disruption, increasingly vocal and varied stakeholders, or the speed at which news (good or bad) spreads. An internal audit function aligned with and focused on these realities can make all the difference.
To illustrate, consider the role of the chief information officer. New capabilities, cost pressures, privacy concerns and an emphasis on innovation translate to high expectations. To meet these demands effectively while managing risk, CIOs are increasingly turning to IT internal audit. Relying on internal audit for help identifying risks early, strategic guidance, and substantive expertise has proven a valuable tool for many CIOs as they navigate an increasingly complex and unpredictable environment.
This strategic role for internal audit can extend well beyond IT, benefiting multiple functions. Whether the challenge is financial, digital, or an issue of organizational culture, we have found that more extensive, proactive involvement correlates with more effective management of disruption. It boils down to a simple equation:
Prepared + Adaptive = Agile
More specifically,
• Preparedness means thinking ahead. Disruption is the new normal, so finding ways to anticipate the unexpected adds great value. Audit has traditionally looked back at past performance, but agile internal audit requires auditors to face forward, plan strategically and then share their perspective with other departments and the C-suite. Working across the organization to build in flexibility and enable faster reactions are all part of preparedness.
• Adaptiveness is enabled by all that preparation. Agile internal audit functions are sufficiently flexible that they can shift their audit plan development, audit planning, fieldwork and reporting as circumstances change. They are savvy enough to know that one size need not fit all. For example, agile internal audit functions assess areas where controls are not yet developed or fully operational by using health-checks, maturity/progress assessments or even sitting as part of a steering committee. Reorganization and redirection of resources are routine.
All of this requires the right skills. The ability to acquire top talent through hiring, training, retaining and co-sourcing is one of the hallmarks of internal audit agility. As PwC discussed in our recent report,
Given how hard it is to find top talent, it’s essential for organizations to acquire audit talent that will match their risk areas. Too often, internal audit functions focus solely on financial and IT talent. While these skills are almost always necessary for a successful internal audit group, they may not be sufficient. Diversifying internal audit to include nontraditional backgrounds like engineers, supply chain professionals or regulatory specialists may be a critical step toward helping your organization manage the risks and realize the opportunities when those disruptive curveballs get thrown your way.
In our recent study,
Innovation, disruption and speed define the way we do business. By aligning internal audit with these realities, organizations can gain important strategic advice and improve risk management. Prepared, adaptive, agile. Happy Internal Audit Awareness Month to all!