Three steps to elevating the value of internal audit
In many companies, internal audit is often seen as a necessary evil – a group that other departments will cooperate with because they have to, rather than being seen as a value-add, says ACL’s Chris Stewart-Smith.
Recently, while attending a round-table dinner with eight directors of internal audit from different countries, I asked them to share examples of steps they had taken to be seen as a true partner in their respective businesses – in other words, how their team members had become the most sought-after professionals in their organisations. I heard three common themes:
Step 2: Share and invest in technology
This doesn’t mean use other peoples’ tools: Internal audit must still retain independence and the group I interviewed had a variety of technology solutions at their disposal. They had proudly shown off analytical findings to other departments, including business analysis teams and shared services groups who are supposed to consist of data gurus, but in fact were left in audit’s thrall. Internal audit most certainly belongs in this league too. It is often said that continuous monitoring of transactions is the Holy Grail for audit but it really isn’t. Many departments have already put it into practice and have integrated it into their day-to-day audit management projects.
Step 3: Hire innovators from beyond internal audit
Why did the internal auditor cross the road? Because that’s what last year’s audit plan said he had to do. An old joke, and most internal auditors know it, but audit has really transformed itself in recent years in terms of how it is perceived externally. Having broadened their recruitment strategies, audit functions are now made up of critical thinkers, strategic problem solvers and technophiles who are shaping their organisations’ enterprise risk assessment cycles with their audit management results. A high percentage of leadership in internal audit is recruited from non-audit roles. Although remaining independent, they are continually re-evaluating business risks and opportunities because they can think, act, and perform as stakeholders too.
Constantly looking for ways to compete and improve rather than simply ensuring that they get through their audit plans, the group told me that they are often seen as the benchmark for business assurance in their respective companies.
Chris Stewart-Smith is director of global solutions consulting at ACL, where he works with clients around the world to help them realise the benefits of governance, risk management and compliance (GRC) technology, and bridge the knowledge gap between the IT department and business leaders.