Strengthening the Relationship Between Internal Audit and the Board: Strategies for Effective Communication

A strong relationship between internal audit leaders, the board, and the audit committee is essential for an effective internal audit function. Internal audit provides independent assurance on the quality and effectiveness of internal controls, risk management, and governance systems. However, many internal audit leaders do not proactively work to improve their communication with the board or cultivate strong relationships with directors. This can weaken the function’s ability to add value and fulfill its critical oversight role.

According to the Basel Committee on Banking Supervision, an effective internal audit function provides the board and senior management with assurance that governance structures and processes are functioning as intended. This insight enables leadership to make informed decisions and protect the organization’s reputation. Yet, in many organizations, communication gaps between internal audit and the board persist, leading to misaligned expectations and missed opportunities for strengthening oversight.

To bridge this gap, chief audit executives (CAEs) should prioritize establishing clear communication channels with the audit committee and the full board. They should set expectations, facilitate regular engagement, and provide transparent and concise reporting. Below are several key strategies to enhance communication between internal audit leaders and the board.

1. Setting Expectations with the Board and Audit Committee

One of the most important steps in strengthening relationships is establishing clear expectations regarding the nature, frequency, and format of communication between internal audit and the board. This can be done through both formal and informal interactions.

  • Internal audit should work with the audit committee to define the scope of their role, key reporting metrics, and preferred communication methods.
  • Informal discussions outside of scheduled meetings can provide opportunities for CAEs to address concerns proactively and build trust with board members.
  • The internal audit charter should be reviewed regularly to ensure alignment with organizational needs and industry best practices.

2. Establishing a Regular Meeting Cadence

Regular, structured meetings between internal audit and the audit committee ensure ongoing dialogue and help prevent surprises. The industry standard is quarterly meetings, with additional off-cycle discussions as needed.

  • Quarterly meetings should include updates on internal controls, key risks, and governance issues.
  • The audit committee should also meet with the CAE in camera (without management) to discuss sensitive matters candidly.
  • Internal audit plans should be updated more frequently than in the past, with many organizations shifting to continuous risk assessment models to adapt to evolving risk landscapes.

According to the Institute of Internal Auditors (IIA) Standard 11.3, CAEs must communicate audit results to the board and senior management both periodically and on an engagement-specific basis. Additionally, IIA Standard 15.1 requires internal auditors to develop final communications outlining the scope, recommendations, and management action plans.

3. Providing Clear and Concise Reporting

Board members are often inundated with complex data, making it crucial for internal audit to present information concisely and effectively.

  • Reports should include executive summaries with high-level insights, while appendices can contain more detailed findings.
  • Visual aids such as dashboards, charts, and graphs should be used to simplify complex data.
  • Communication should be direct and free of unnecessary jargon.
  • The CAE should be candid about challenges and risks, ensuring transparency even when executive management may have differing viewpoints.

The goal is to provide information that enables the board to make well-informed decisions without being overwhelmed by excessive detail.

4. Encouraging Open Engagement and Interaction

Strong relationships are built on open dialogue. The CAE should create opportunities for discussion and feedback.

  • Allocate time in meetings for board members to ask questions and provide input on audit findings.
  • Encourage constructive debate to ensure directors fully understand the implications of key risks.
  • Seek feedback on internal audit’s communication approach and make adjustments as needed to improve clarity and relevance.
  • Build a strong working relationship with the board chair and audit committee chair through regular one-on-one discussions.

5. Keeping the Board Updated on Compliance and Governance

Internal audit should proactively inform the board and audit committee about regulatory changes and governance risks.

  • Regulatory updates should be provided on a scheduled basis, with emphasis on how new laws or standards impact the organization.
  • Cybersecurity remains a top concern. According to the IIA’s 2023 Pulse Survey, cybersecurity is one of the primary risks facing publicly traded companies. Internal audit should assess and report on the effectiveness of cybersecurity controls.
  • The new SEC rules require boards to oversee cybersecurity risk management processes, making it even more critical for internal audit to provide insights in this area.

6. Leveraging Technology for More Effective Communication

Advancements in technology can enhance the effectiveness of internal audit reporting.

  • Advanced analytics and artificial intelligence (AI) can help auditors identify trends and risks more efficiently.
  • Audit management tools can streamline reporting and reduce manual efforts.
  • Cloud-based board portal software allows for timely distribution of reports and meeting materials, ensuring that board members have adequate time to review them before meetings.

7. Ensuring Documentation and Follow-Up

Proper documentation of board interactions and follow-up on action items demonstrates accountability and reinforces trust.

  • Board and audit committee meetings should be documented, with minutes distributed promptly.
  • Action items should be tracked, with progress updates provided at subsequent meetings.
  • Pre-read materials should be made available at least two weeks before meetings to allow directors ample time for review.
  • Standardized report formats help board members quickly identify key takeaways and issues requiring attention.

Strengthening the “Dotted Line” Relationship

Meetings and interactions with the board and audit committee can be high-stakes moments for internal audit leaders, but they don’t have to be intimidating. With a proactive approach, CAEs can build relationships that facilitate open communication and trust.

In recent years, the “dotted line” reporting relationship between internal audit and the audit committee has become more solid, with committee chairs relying more on CAEs for an unfiltered view of organizational risks. By implementing the strategies outlined above, internal audit leaders can maintain open lines of communication, align expectations, and ultimately enhance their department’s value to the organization.

By strengthening these relationships, internal audit can reinforce its role as a key strategic advisor, helping the board and audit committee navigate today’s complex and evolving risk landscape with confidence.

Take the Next Step with Connected Risk

Effective internal audit management requires more than just strong communication—it demands the right tools to streamline processes, track risks, and provide real-time insights. Connected Risk by Empowered offers a comprehensive solution for managing internal audit functions, risk assessments, and compliance initiatives.

Discover how Connected Risk can help your organization enhance audit transparency, improve governance, and strengthen board engagement. Learn more today and take your internal audit management to the next level.

Like this article?

Email
Share on Facebook
Share on LinkedIn
Share on XING

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.
    Skip to content