On the CAE agenda: Q1 2021

Explore Chief Audit Executive priorities around internal audit strategy and value management, business risks, workforce, and IA operations.

Michael A. Smith

Michael A. Smith

Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

+1 214-840-6019

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393


The role and focus of internal audit (IA) is ever-evolving. This piece provides quick insights into what IA leaders are currently hearing, considering, doing, and discussing with their stakeholders across the core elements of their CAE agenda.


On the CAE agenda: Q1 2021
Download a copy of this article.


The agenda

Strategy and value management:

  • aligning as a proactive and more strategic partner over being a watchdog
  • blurring within the three lines; rebalancing situations where the third line has gone too far to be independent and not involved enough in solving problems over finding them
  • evolving the IA brand especially how to walk the halls in a virtual setting.


Business risks impacting the audit plan:

  • environmental, social, and governance (ESG)
  • new products and innovative revenue models
  • cybersecurity, especially ransomware incident response
  • transformation initiatives and large projects
  • mergers and acquisitions and integration activity
  • mobile workforce
  • cloud-based applications and governance
  • digitization, direct to consumer and connected commerce channels
  • supply chain
  • trust and safety (employees, customers, etc.)
  • shifting macroeconomic environment
  • Sarbanes Oxley program.


Workforce and capabilities:

  • maturing data analytics capabilities
  • shifting skill sets needed given shifts in IA delivery model
  • talent management, development, team morale, and knowledge sharing in a virtual setting
  • geographic distribution of team and access to talent in light of more virtual working practices.


Audit operations:

  • operating with increased agility, and adapting the IA risk assessment and plan accordingly
  • adopting new tools and techniques for relationship building, auditing, and reporting, and redeployment of time gained from these techniques
  • constraining or alternative resourcing due to funding and doing more with less
  • increasing alignment and work with second-line roles to avoid duplication of efforts.