The role and focus of internal audit (IA) is ever-evolving. This piece provides quick insights into what IA leaders are currently hearing, considering, doing, and discussing with their stakeholders across the core elements of their CAE agenda.
The agenda
Strategy and value management:
- aligning as a proactive and more strategic partner over being a watchdog
- blurring within the three lines; rebalancing situations where the third line has gone too far to be independent and not involved enough in solving problems over finding them
- evolving the IA brand especially how to walk the halls in a virtual setting.
Business risks impacting the audit plan:
- environmental, social, and governance (ESG)
- new products and innovative revenue models
- cybersecurity, especially ransomware incident response
- transformation initiatives and large projects
- mergers and acquisitions and integration activity
- mobile workforce
- cloud-based applications and governance
- digitization, direct to consumer and connected commerce channels
- supply chain
- trust and safety (employees, customers, etc.)
- shifting macroeconomic environment
- Sarbanes Oxley program.
Workforce and capabilities:
- maturing data analytics capabilities
- shifting skill sets needed given shifts in IA delivery model
- talent management, development, team morale, and knowledge sharing in a virtual setting
- geographic distribution of team and access to talent in light of more virtual working practices.
Audit operations:
- operating with increased agility, and adapting the IA risk assessment and plan accordingly
- adopting new tools and techniques for relationship building, auditing, and reporting, and redeployment of time gained from these techniques
- constraining or alternative resourcing due to funding and doing more with less
- increasing alignment and work with second-line roles to avoid duplication of efforts.