Practical Insights from Internal Audit Leaders
The insights on leading practices shared by CAEs are by turns familiar and fascinating when these leaders open up about how their internal audit functions work with management and the board to address three specific areas of strategic risk for their organizations: cybersecurity, IT projects, and capital projects.
The familiarity stems from the risk-based approach of audit leaders for these strategic risk areas, as well as what they say about the underlying enablers of effective “strategic auditing” – an activity that more board members, CEOs, CFOs, and other C-suite executives are encouraging internal audit to perform. CAEs consistently point to the value of internal audit’s early involvement in strategic initiatives, its risk-based auditing approach, internal audit’s credibility in the eyes of business partners, and the function’s capacity to thrive in an advisory manner. These critical building blocks have existed within top-performing audit functions for some time.
Two other takeaways emerged from this dialogue, as well, that are more unexpected. First, internal audit functions are making significant progress in how they audit and address strategic risks by leveraging a broad range of approaches (as we review in the cybersecurity, IT projects, and capital projects sections). Second, leading
internal audit functions work diligently, and inventively, to validate their seat at the decision-making table, their function’s credibility, and their advisory role through specific enablers (which are summarized in the final part of this report).
The interviews conducted served a dual purpose: by describing how they address strategic risks, leading audit executives highlighted ways they nurture the function’s role as a strategic partner to the business, without jeopardizing, first and foremost, their focus on compliance and assurance responsibilities.
Download CBOK Stakeholder Report - Auditing Strategic Risks: Practical Insights from Internal Audit Leaders
The Global Internal Audit Common Body of Knowledge (CBOK) is the world’s largest ongoing study of the internal audit profession. The current CBOK study has two major components: practitioner and stakeholder. The practitioner study encompasses reports that explore a variety of internal audit practices. To complement this information, the stakeholder study seeks out perspectives from stakeholders about internal audit performance. Surveys, interviews, and data analysis for the stakeholder project were conducted by Protiviti in partnership with IIA institutes around the world. Stakeholder reports focus on identifying leading practices that can improve internal audit effectiveness.