On the Chief Audit Executive's agenda
A pulse on what Chief Audit Executives (CAEs) are focused on, with a lens on top risks being considered.
Signals of change
The business, politics, culture, and economics of the world are changing rapidly and black swan events continue to emerge. Business leaders are being forced to shift from a mindset of simply achieving milestones to becoming a modern enterprise with agile, nimble, and value-added strategies for people and processes. In an environment built on the foundations of trust, internal audit can immediately identify the risk, evaluate solutions, and engage with the business to be an advanced enterprise.
A KPMG survey found that 26 percent of IA functions had already adopted agile-inspired or dynamic approaches to internal auditing, while a further 45 percent are planning to introduce more agile, and data-driven concepts.1 Agile-inspired approaches, and a strong foundation of trust with stakeholders will allow IA to become influential as a strategic risk adviser attuned to go beyond reactive defense. At KPMG, we work with IA functions to enhance and protect organizational value by evolving the approach to audit projects leveraging Agile principles. Learn more about our Agile approach and building trust with stakeholders.
Signals of change
The business, politics, culture, and economics of the world are changing rapidly and black swan events continue to emerge. Business leaders are being forced to shift from a mindset of simply achieving milestones to becoming a modern enterprise with agile, nimble, and value-added strategies for people and processes. In an environment built on the foundations of trust, internal audit can immediately identify the risk, evaluate solutions, and engage with the business to be an advanced enterprise.
A KPMG survey found that 26 percent of IA functions had already adopted agile-inspired or dynamic approaches to internal auditing, while a further 45 percent are planning to introduce more agile, and data-driven concepts.1 Agile-inspired approaches, and a strong foundation of trust with stakeholders will allow IA to become influential as a strategic risk adviser attuned to go beyond reactive defense. At KPMG, we work with IA functions to enhance and protect organizational value by evolving the approach to audit projects leveraging Agile principles. Learn more about our Agile approach and building trust with stakeholders.
Risk considerations
- IA can sometimes find it difficult to adjust priorities and methods in dynamic business conditions. The IA function should prioritize its internal stakeholders, particularly the board, audit committee and executive team. The success of CAEs lies in their ability to develop and maintain strong trust with C-level executives. A CAE must have the depth of relationships to engage in discussions regarding agile strategies for the organization.
- IA tends to be reactive to risks, when instead it should aim to be a hub for effective problem solving. The internal audit function should adjust its approach to focus more on emerging risks and turn the focus away from manual procedures to delivering new business insights.
- With aggressive organizational-level growth strategies, IA will face new risks such as cyber and data security and should be prepared to meet the changing expectations of their stakeholders for successful transformation.
Questions to ask/actions to take
Start by having a frank discussion about the pains and challenges within the department, incorporating feedback from IA leaders and professionals as well as business stakeholders. Here are some questions that you can ask to begin the dialog:
- Does your internal audit function identify and evaluate new and emerging risks on an ongoing basis?
- Do the audit teams regularly convene to brainstorm about critical risk areas?
- Are discussions scheduled to deliberate on areas of continuous monitoring, outside periodic audits?
- Are audit professionals equipped to handle new technology, data, and automation in daily IA functions?
- Is the IA function fully aware of the requirements of its stakeholders? Is enough time being invested to foster a relationship of trust to become a strategic adviser?
