Constantly assess and understand the skills internal audit has, the skills it needs and what it needs to do to fill the gaps.
Critical enablers are the primary levers an internal audit function has in day-to-day execution.
The appropriate resources, a suitable level of risk coordination and innovation are crucial for ongoing success.
Assessing skills and managing talent
In addition to internal audit knowledge, stakeholders expect internal auditors to have the ability to team with management and business units on relevant business issues. They also expect internal audit resources to have deep sector knowledge and business acumen.
When we asked survey respondents the areas for which their internal audit function has defined competency plans for staff development:
- 58% indicated that they have a plan for technical internal audit skills
- 54% have a plan for business or industry acumen
- 47% have a plan for business management and leadership
Surprisingly, 8% indicated that they have no defined competency plan at all.
It is important that internal audit understands the skills it has, the skills it needs and where the gaps are in each competency area. Here are two approaches internal audit can take to attract the right capabilities:
- Auditor rotation program. This program provides opportunities for auditors to rotate though other positions within other business units or functions in other parts of the organization.
- Guest auditor program. This program provides an opportunity for high-performing employees from other parts of the business to gain internal audit experience, providing the function with specialized skills that may reside in other functions or business units.
Continuous risk coordination
As an organization changes and grows, its risk, control and compliance activities often become fragmented, siloed, independent and misaligned. This has an impact on both the governance oversight and the business itself.
In addition to generating cost savings and reducing fatigue on the business, coordinating among risk functions can improve key risk coverage and drive valuable strategic insights. Reporting on risk through a coordinated lens enables the board to gain a broader perspective into the health of the organization and its risk management strategy.
Stakeholders indicated they are seeking significantly higher risk coordination in the next two to three years.
While coordination with other risk functions is beneficial, internal audit needs to balance that coordination with the need to maintain a level of objectivity and independence.
Employing innovation throughout the audit cycle
In our survey, 80% of respondents indicated that they use data analytics for risk assessments, 73% use them for audit execution, and 70% use them for audit reporting. Yet, in many cases it is used on an ad hoc basis, without the additional capabilities of data warehousing, benchmarking or continuous auditing.
Internal audit should consider developing a comprehensive data analytics program that can be embedded into the entire audit life cycle. Using analytics can produce more focused risk assessments, more efficient execution, increased risk coverage and more effective reporting.
<< Previous | Next >>