Organizations are turning to internal audit (IA) not only to fulfill core assurance responsibilities, but also to be agile and proactive in support of the company’s key strategic initiatives and transactions. Many organizations view risk only as something to be avoided or mitigated; however, some risks, if properly understood, can enable an organization to seize competitive advantage.
Why should IA be engaged during strategic transactions?
IA has a unique ability to view risks from an independent perspective because the assessment of risk has traditionally been part of its mandate. By teaming with the organization on strategic transactions, IA can help identify cost savings and offer guidance on areas where a loss of opportunity has traditionally occurred or increased investment has been required because of missed issues. It can also spot risks that might not have been considered because of a limited view of operations.
Best practice calls for IA to be embedded throughout the transaction life cycle. Though not all such transactions succeed, the integration of IA could determine, earlier in the process, whether the risks are identified and addressed appropriately.
IA should be part of the program management team regardless of the type of strategic transaction so that it can assess and monitor program management activities and provide insights. IA can also review program management office (PMO) activities to assess its oversight. For example, IA objectives could include determining whether the PMO highlights process gaps, assesses project adherence to timelines, obtains appropriate approvals and identifies areas of future improvements.
Strategic transactions usually take months to complete and IA resources are not unlimited. As a result, a risk assessment and well-thought-out audit plan spanning the entire life cycle will enable IA to focus on key points to deliver maximum value.