On the CAE Agenda: Q3 2022

The latest trends affecting the role of internal audit

The role and focus of internal audit (IA) is ever-evolving. This installment of the KPMG On the CAE Agenda series provides quick insights into what IA leaders are currently hearing, considering, doing, and discussing with their stakeholders across the core elements of their CAE agenda.



The latest trends in internal audit for Q3, 2022

Strategy and value management

  • Resetting and communicating the value of IA to the business
  • Resourcing in a virtual and high demand environment (e.g., internal vs. external)
  • The role of internal audit (IA) in emerging topics such as ESG, cyber threats, and disruptive events (e.g., transactions, transformations, etc.)
  • Broadening risk coverage as business model and digitization efforts evolve
  • Integration and coordination across three lines of defense (particularly the second and third lines)

Digital acceleration

Operational model

  • Need for more SMPs
  • Greater need for GRC integration
  • Operating with increased agility, especially an agile risk assessment and plan (e.g., impact from global events)
  • Staying close to the business in a virtual environment

Modern workforce

  • Become a talent engine for the enterprise
  • Overall shift in skill sets needed given shifts in IA delivery model (e.g., ESG)
  • Overcoming talent drain and resource needs through hiring, retention, and employee experience
  • Need for more specialized or mature capabilities around data analytics and insights
  • Upskilling IT and enterprise technology acumen

Stakeholder engagement

  • Value based engagement
  • Improving the IA brand
  • More SMP expertise in IA especially when working with first and second line
  • Resourcing needs across the organization
  • Improving AC chair connectivity

Hot topics in internal audit and key focus areas

  • Change governance
  • Fraud risks
  • IA support for finance transformation (e.g., ERP or EPM implementations)
  • IT resiliency (e.g., data governance, data and asset management, IT talent)
  • Cybersecurity (e.g., ransomware incident response, phishing, hacking, data theft)
  • Workforce (e.g., culture, contingent workforce, upskilling and reskilling talent, distributed tax implications)
  • Global pressures and geopolitical risks (e.g., climate change, supply chain issues)
  • Third party risk management
  • ESG initial program assessment
  • Supply chain and operational resiliency
  • Continuous risk assessment
  • Regulatory compliance (e.g., more regulated environment, expanded role for IT)


*Bold indicates newly added topics since the last agenda

Contact us

Michael A. Smith

Michael A. Smith

Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

+1 214-840-6019
Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393