On the CAE agenda: Q3 2021

Insights on mobile workforce, GRC technology integration, and stakeholder engagement for the IA function.

Michael A. Smith

Michael A. Smith

Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

+1 214-840-6019

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393


The role and focus of internal audit (IA) is ever-evolving. This piece provides quick insights into what IA leaders are currently hearing, considering, doing, and discussing with their stakeholders across the core elements of their CAE agenda.

New topics on the agenda are in bold font. If you are experiencing issues with topics marked with an asterisk (*), contact us for a complementary risk briefing. 

On the CAE agenda: Q3 2021
Download a copy of this article.

The agenda

Strategy and value management

  • integration and coordination across three lines of defense
  • broadening risk coverage as business model and digitization efforts evolve
  • realigning internal audit value to enterprise strategy


Risks and responses

  • mobile workforce and work at home policies, monitoring and compliance with work at home policies*
  • effective employee onboarding and training in a work anywhere environment
  • cost containment
  • supply chain*
  • ESG initial program assessment*
  • culture risk
  • common risk taxonomy between three lines
  • fraud risks
  • system implementations
  • supply chain digital risk
  • AI and machine learning
  • IT resiliency
  • ransomware incident response

Operational model

  • shift in SOX program support from IA to controllership
  • operating with increased agility, especially an agile risk assessment and plan

Modern workforce

  • overcoming talent drain and resource needs through hiring and retention
  • a need for more specialized or mature capabilities around data analytics and insights
  • overall shift in skillsets needed given shifts in IA delivery model
  • upskilling IT and enterprise technology acumen

Digital acceleration

  • stronger integration of second and third lines on common GRC technologies to improve alignment of processes and data across the audit, risk, and compliance technology ecosystem
  • focus on automation

Stakeholder engagement

  • increased availability of executive engagement due to less travel
  • resourcing needs across the organization