The role and focus of internal audit (IA) is ever-evolving. This piece provides quick insights into what IA leaders are currently hearing, considering, doing, and discussing with their stakeholders across the core elements of their CAE agenda.
New topics on the agenda are in bold font. If you are experiencing issues with topics marked with an asterisk (*), contact us for a complementary risk briefing.
The agenda
Strategy and value management
- integration and coordination across three lines of defense
- broadening risk coverage as business model and digitization efforts evolve
- realigning internal audit value to enterprise strategy
Risks and responses
- mobile workforce and work at home policies, monitoring and compliance with work at home policies*
- effective employee onboarding and training in a work anywhere environment
- cost containment
- supply chain*
- ESG initial program assessment*
- culture risk
- common risk taxonomy between three lines
- fraud risks
- system implementations
- supply chain digital risk
- AI and machine learning
- IT resiliency
- ransomware incident response
Operational model
- shift in SOX program support from IA to controllership
- operating with increased agility, especially an agile risk assessment and plan
Modern workforce
- overcoming talent drain and resource needs through hiring and retention
- a need for more specialized or mature capabilities around data analytics and insights
- overall shift in skillsets needed given shifts in IA delivery model
- upskilling IT and enterprise technology acumen
Digital acceleration
- stronger integration of second and third lines on common GRC technologies to improve alignment of processes and data across the audit, risk, and compliance technology ecosystem
- focus on automation
Stakeholder engagement
- increased availability of executive engagement due to less travel
- resourcing needs across the organization