A strong relationship between internal audit leaders, the board, and the audit committee is critical to enabling internal audit departments to fulfill their objectives and provide strategic value to the organization. Despite this importance, many internal audit leaders fail to prioritize or improve communication with the board or work to build robust relationships with directors.
The Basel Committee on Banking Supervision highlights the necessity of an effective internal audit function. To achieve this, internal audit must provide independent assurance to the board and senior management regarding the quality and effectiveness of internal control, risk management, and governance systems. This relationship not only strengthens the organization’s defenses but also protects its reputation.
To foster accountability, transparency, and informed decision-making, corporate governance experts universally recommend that chief audit executives (CAEs) establish regular communication with the audit committee and agree on clear expectations for the internal audit function. The Wiley Handbook of Board Governance points out that a weak internal audit function often results from audit committees failing to clarify their expectations or neglecting their oversight responsibilities, leaving these tasks to management.
Strategies for Enhancing Communication
Internal audit leaders play a pivotal role in bridging the gap between their function and the board. The following strategies are crucial for building effective communication and relationships with the board and audit committee.
1. Set Clear Expectations
The foundation of a strong relationship lies in setting clear expectations about the nature, mode, and frequency of communication. Informal discussions with board or audit committee members, alongside formal meetings, can help establish clarity.
2. Establish a Communication Cadence
A regular schedule of meetings ensures consistent updates and alignment. Quarterly meetings are common, with additional sessions as needed. Key updates should include:
- Audit Plans: Presented annually, with updates to reflect changing risks and priorities.
- Risk Landscape: Reports on strategic and emerging risks.
- Control Evaluations: Annual opinions on organizational controls.
- Budget Updates: Yearly or as agreed.
- Conflict Reporting: Immediate disclosure of conflicts affecting audit activities.
- Metrics and Oversight: Quarterly updates on internal audit performance and coordination across risk and compliance functions.
The CAE should also arrange “in-camera” sessions with the audit committee to discuss sensitive matters without management present, fostering an open dialogue.
3. Provide Clear and Concise Reporting
Reports should be concise, actionable, and visually supported. An executive summary with dashboards, graphs, and charts helps distill complex information into digestible insights. Overloading board members with excessive detail can dilute key messages.
Internal auditors should adopt a transparent tone, candidly discussing challenges and risks, even if management disagrees. According to IIA Standards 11.2, internal audit communication must be accurate, objective, and timely.
4. Encourage Open Engagement
Effective communication is a two-way street. CAEs should foster open dialogue during meetings, schedule time for questions, and actively seek feedback to refine future interactions. Establishing a close working relationship with the board and audit committee chair ensures consistent communication and mutual trust.
5. Report on Compliance and Governance Updates
Internal audit must keep the board informed about compliance and governance risks, including regulatory changes. For example, the IIA’s 2023 Pulse Survey identified cybersecurity as a top risk for public companies, and new SEC regulations now require boards to oversee cybersecurity risk management. CAEs should report on control effectiveness and areas needing improvement to keep the board well-prepared.
6. Leverage Technology
Advanced analytics and AI tools can transform data presentation, offering precise, predictive insights that are easier for board members to interpret. For instance:
- AI-Driven Insights: Use artificial intelligence to provide deeper data analysis and trend forecasting.
- Audit Management Tools: Streamline reporting processes and ensure data accuracy and consistency.
These tools help CAEs deliver valuable information efficiently and enhance the overall effectiveness of their communications.
7. Maintain Comprehensive Documentation
Detailed records of meetings, action items, and decisions are essential for accountability. Minutes should be prepared promptly and distributed through a secure portal for board review. Pre-read materials, uploaded at least two weeks in advance, give board members ample time to prepare.
Strengthening the Dotted Line
The evolving role of the CAE has turned the once “dotted line” reporting relationship with the audit committee into a more solid, strategic partnership. Audit committee chairs increasingly rely on CAEs for unfiltered insights into organizational risks and controls.
By implementing these strategies, internal audit leaders can cultivate meaningful relationships with the board and audit committee, paving the way for effective communication and collaboration. These efforts ensure that internal audit’s voice is heard, its value is recognized, and its contributions drive organizational success.
Building strong relationships between internal audit leaders and the board is not an overnight process but an ongoing commitment. With clear expectations, regular engagement, concise reporting, and strategic use of technology, CAEs can foster a robust partnership that elevates governance, enhances transparency, and safeguards organizational integrity.
Enhance Your Internal Audit Communications with Connected Risk
Strong communication between internal audit leaders, the board, and the audit committee is essential for driving accountability, transparency, and strategic decision-making. Connected Risk Internal Audit Management empowers chief audit executives (CAEs) to build robust relationships with stakeholders, ensuring your internal audit function delivers maximum value to your organization.
With Connected Risk, you can:
- Streamline Reporting: Use intuitive dashboards, visual analytics, and AI-driven insights to present clear, concise, and actionable information to your board and audit committee.
- Optimize Communication Cadence: Schedule and track regular in-camera sessions, quarterly updates, and ad hoc meetings, ensuring alignment on key risks and controls.
- Simplify Documentation: Maintain comprehensive records of meetings, pre-read materials, and follow-up action items, all securely stored in a centralized system.
- Adapt to Dynamic Risks: Update audit plans more frequently with real-time data to reflect emerging risks and rapidly changing environments.
- Demonstrate Value: Provide transparent updates on compliance, governance, and internal control effectiveness to build trust and credibility with stakeholders.
Don’t let communication gaps undermine your internal audit function. With Connected Risk, you have the tools to foster stronger relationships and deliver results that protect and grow your organization.