On the CAE Agenda Q4-2022

The role and focus of internal audit (IA) is ever-evolving. This installment of the KPMG On the CAE Agenda series provides quick insights into what IA leaders are currently hearing, considering, doing, and discussing with their stakeholders across the core elements of their CAE agenda.

The latest trends in internal audit for Q4, 2022

Strategy and value management

• Consideration around the balance between assurance and consulting projects to better ​
  partner with the business​
• Providing perspective on diversity, equity, and inclusion (DEI) initiatives and strategies​
• The role of internal audit (IA) in emerging topics such as ESG, cyber threats, disruptive ​
  events, new technology/evolving delivery model (e.g. AI/ML, DevOps, Zero Trust, infrastructure as code)​
• Broadening risk coverage as business model and digitization efforts evolve​

Digital acceleration

• Greater upside for application risk management and GRC technology enablement​
• IA's role in data quality and governance​
• Quantifying the value of investment IA is making in technology / analytics / automation​
• Data-driven enterprise & IA risk assessment​
• Focus on automation in IA to do more with less​
• IA partnering with second line on continuous monitoring​

Operational model

• Resourcing in a virtual and high demand environment (e.g. internal vs. external)​
• Creating more concise, impactful reporting​
• More flexibility on timing based on competing priorities ​
  for audit stakeholders​
• Responding quickly, timely, and efficiently to stakeholder/business trigger events​
• Real-time Agile risk assessments and continuous monitoring ​
  (e.g. impact from global events)​

Modern workforce

• Overall shift in competencies and skill sets needed given shifts in IA delivery model (e.g. enterprise acumen and cultural and behavioral awareness)​
• Defining career paths and staffing strategy for the department​
• Overcoming talent drain and resource needs through hiring, retention, and employee experience​
• Become a talent engine for the enterprise (e.g. rotational programs, guest auditors, career pathing)​

Stakeholder engagement

• Improving the IA brand to become a trusted advisor vs. a compliance shop​
• Strategic relationship matrix to build business connectivity​
• Collaboration with stakeholders throughout the audit process (e.g., ERM efforts, audit plan, risk assessment, field reporting)​
• Enabling a robust and coordinated effort with regulators/external audit​
• Value based engagement driven through use of technology and focusing on emerging, proactive risk management​

Hot topics in internal audit and key focus areas

• Business transformation support (e.g. ERP or EPM implementation, digitization)​
• Financial crimes (e.g. AML, OFAC, anti-bribery and corruption)​
• Mergers and acquisitions​
• Auditing digital platforms and artificial intelligence​
• Economical and geopolitical uncertainties (e.g. supply chain)​
• Upskilling vs. outsourcing subject matter professional talent  (e.g., IT, cyber, technology, data analytics and insights)​
• Regulation ready​
• Climate change impact on the business​
• Fraud risk management
• Cybersecurity (e.g., ransomware incident response, phishing, hacking, data theft)​
• Change governance​
• IT resiliency (e.g. data governance, data and asset management, ​
  IT talent)​
• ESG strategy and reporting​

*Bold indicates newly added topics since the last agenda