Four imperatives for greater impact of your Internal Audit function

Key messages

Resistance to bureaucracy

platform for learning and growth

The right reporting level

The author of this articleJean-Marie Bequevort - Expert Practice Leader
Last year, after a few audit projects at the same client, a senior executive of the company asked me a very direct question: ‘How strong is our internal audit function compared to the audit function at your other clients’? To gain some time to organize my thoughts, I replied: ‘Does it add value to you?’ He answered that the internal audit was working very hard but somehow had a limited impact at his level. Working hard for no impact: that is certainly not a good situation to be in. Auditing companies in various sectors and geographies through the years, I have progressively formed an opinion on what makes a successful internal audit function. The signs of a respected audit organization are easy to spot: executives provide inputs and participate in exit meetings, audit reports are read, agreed action plans are put in place on time, and auditors are respected contributors to the success of the company. But how do you get there? What are the core ingredients for this to happen?

Based on what I saw in organizations all over the world, the most successful audit organizations share 4 characteristics:

A focus on what matters

First, the audit activities are focused on what matters to the board and the executive team. Audits are conducted to evaluate the control against the biggest risks. The scope of activities is significantly beyond financial reporting and compliance. It looks at strategy, the organization structure, the process of decision making, and new risks such as social media and data privacy.

More importantly, I have observed that strong audit organizations adopt a more flexible audit plan, with fewer audits on the schedule. They don’t operate with a fixed schedule. Items enter and leave the audit plan as priorities change and new risks emerge.

As the chief audit executive of a large US multinational recently told me ‘we only do 7-8 audits a year here’. It was a distinctive statement. Usually, audit managers brag about the 25+ audits executed each year by the audit team.

A platform for learning and growth

Second, the audit department is a platform to learn and grow in the company. Not only for young professionals or high potentials, but it’s also applicable for more senior professionals.

As an example, a large Belgian company has put an interesting program in place. Mid-career professionals with 15 years of experience start in internal audit for a fixed period of 3 years. Then, they automatically move into a business management position. The idea is to provide them with a platform to explore the inner workings of the company, build a network, and understand the core business drivers. In return, the audit team benefits from their subject matter experience and perspective.

Resistance to bureaucracy

Third, their audits are administered efficiently. Kick-off meetings, testing sheets, narratives, and documentation are kept short. Auditors are not using technical jargon or unnecessary audit terms, they write concise reports with the goal to be understood by all recipients.

A good illustration is a company with which we did 2 audits in a lapse of 3 years:
In the first audit assignment, only a few executives provided responses to the draft report and participated in the formal closing meeting. In the 2nd audit, most executives attended the meeting and the report was the subject of a good discussion.

The main difference was the recruitment of a new audit manager who quickly introduced new instructions for the preparation of the audit report: maximum of 2 pages and more focus on recommendations than on the description of control failures.

The right reporting level

Fourth, the audit leader reports to the CEO or the strategy office. (S)he does not report to the CFO. The aim is to prevent that the audit function is seen as just another finance intrusion into other business areas.

A good reason put forward by an audit director at a conference was that ‘it ensures that the organizational position matches the mandate received’. One of the most revealing statistics on the subject is the fact that internal audit functions that work administratively for the CFO dedicate in excess of 60 percent more resources to strict compliance than their counterparts in the profession who report administratively to other executives. In those cases, the internal audit function has a narrower focus and mostly works for CFO related priorities.

These are some of the ingredients observed through my recent client activity. Some will argue that there are nuances as some sectors face stronger regulatory scrutiny or administrative obligations than others. True – however, the role of internal audit is too important for the audit organization to keep on working hard for no impact.

I welcome your comments and opinions.

Our other sites

The author of this articleJean-Marie Bequevort - Expert Practice Leader

Grow your career

Come join us

Expand your business

Let's work together

Sign up for the latest industry insights
Set preferences