The Evolution of Internal Audit: Uncomfortable Truths and the Path Forward

The internal audit profession has transformed dramatically over the decades. Reflecting back to the 1980s—a time before personal computers were ubiquitous—internal audit was a vastly different practice. Canned audit programs, manual confirmations, and “nth-item” samples from green-bar dot matrix printouts were the norm. Workpapers were meticulously assembled in bulky folders, secured with ACCO fasteners. Fast forward to today, the profession has embraced digitalization, data analytics, and advancements in quality and efficiency. Yet, despite this progress, some underlying challenges remain.

As internal audit professionals, it’s time to face some uncomfortable truths about where we stand in 2024. These truths highlight persistent issues that hinder the profession’s full potential and respect within organizations. While not all functions face these challenges equally, many will find familiar struggles. Here, we explore these truths and provide actionable insights to address them.

1. Internal Auditors Are Not as Important as They Think They Are

Let’s be honest: no one wants to be audited. Despite internal auditors’ best intentions to “help,” the broader organization often views the function as a necessary inconvenience. The elusive “seat at the table” remains a struggle, with limited time on the audit committee’s agenda and sporadic inclusion in high-level discussions. While we may feel undervalued, the reality is that organizations can often operate without us—at least in the short term.

How to Address It:
The key is ensuring everything internal audit does adds tangible value. Align audit objectives with strategic priorities and demonstrate how your insights drive organizational improvement. Delivering actionable recommendations tied to measurable outcomes can shift perceptions of internal audit as a necessary evil to a strategic partner.

2. Internal Audit Is Not as Risk-Based as It Should Be

Despite risk-based planning being a cornerstone of modern internal audit, many functions fall short of addressing the organization’s most critical strategic risks. Risk assessments are often subjective and bottom-up, resulting in audit plans that fail to align with the C-suite’s perspective on risk.

How to Address It:
Elevate risk assessments by incorporating top-down insights from senior leadership. Leverage enterprise risk management (ERM) frameworks to ensure alignment with key strategic and operational risks. Additionally, foster continuous communication with executives to stay attuned to evolving priorities.

3. Conformance with Standards Does Not Guarantee Quality

While adhering to the Institute of Internal Auditors (IIA) Global Standards is essential, it doesn’t necessarily translate to quality or value. An internal audit function can conform to standards yet still fall short of delivering meaningful impact.

How to Address It:
Focus on outcomes, not just compliance. Engage stakeholders to understand their expectations and define quality from their perspective. Use external Quality Assessment Reviews (QARs) not as an end goal but as a tool for continuous improvement.

4. External Auditors Don’t Value Internal Audit Enough

External auditors often leverage internal audit for routine, low-value tasks to reduce audit fees, a practice that undermines internal audit’s strategic contributions. This dynamic is compounded by audit committees that sometimes prioritize external audit over internal audit.

How to Address It:
Advocate for a more collaborative relationship with external auditors. Proactively demonstrate how internal audit can complement external audit efforts by providing insights on operational and strategic risks. Ensure audit committee members understand the opportunity costs of misaligned priorities.

5. Internal Audit Lacks Key Competencies

Modern organizations are complex, and risk-based plans often require expertise that internal audit teams don’t possess. Budget constraints and limited access to quality training exacerbate this competency gap.

How to Address It:
Invest in professional development tailored to emerging risks, such as cybersecurity, data analytics, and ESG. Where in-house expertise is insufficient, consider co-sourcing for specialized audits. Strategic partnerships with external providers can bridge critical skill gaps.

6. Internal Audit Doesn’t Leverage Co-Sourcing Effectively

Co-sourcing can enhance internal audit’s capabilities, but many organizations struggle to use it effectively. Poor vendor selection and inadequate project management often lead to disappointing results.

How to Address It:
Develop a robust co-sourcing strategy. Build relationships with multiple vendors to ensure flexibility and align projects with the right expertise. Establish clear expectations, maintain oversight, and foster transparent communication throughout engagements.

7. Internal Audit Is Still Viewed as an Offshoot of Accounting

The outdated perception of internal audit as an accounting function persists, limiting the profession’s broader potential. Misconceptions about internal audit’s role often stem from its historical ties to financial oversight and regulatory compliance.

How to Address It:
Reframe internal audit’s identity within the organization. Highlight its contributions to operational efficiency, strategic risk management, and organizational resilience. Recruit professionals with diverse backgrounds to demonstrate internal audit’s multidisciplinary value.

8. Internal Audit Is Not Adopting Technology Fast Enough

Technology is transforming industries, yet many internal audit functions lag in adopting advanced tools. Limited budgets, lack of IT support, and resistance to change contribute to this gap.

How to Address It:
Prioritize technology adoption as a strategic imperative. Start small by integrating data analytics into routine audits and expand into areas like automation and continuous monitoring. Partner with IT and other departments to secure resources and expertise.

The Path Forward

Addressing these uncomfortable truths requires a multi-faceted approach. Internal audit leaders must embrace strategic planning, build strong relationships with stakeholders, and continuously adapt to evolving business landscapes. Here are some actionable steps to consider:

  1. Focus on Value: Demonstrate how internal audit insights translate into organizational improvements.
  2. Leverage Technology: Invest in tools that enhance efficiency and effectiveness.
  3. Enhance Competencies: Provide ongoing training and consider co-sourcing for specialized needs.
  4. Communicate Strategically: Align internal audit’s narrative with the organization’s priorities and vision.

As the internal audit profession continues to evolve, it’s crucial to celebrate progress while addressing these challenges head-on. By delivering value, fostering collaboration, and embracing innovation, internal audit can secure its rightful place as a strategic partner in organizational success.

Revolutionize Your Internal Audit Function with Connected Risk Audit Management

Ready to take your internal audit function to the next level? Connected Risk Audit Management empowers organizations to streamline audit processes, enhance risk-based planning, and leverage advanced analytics to deliver actionable insights. With features designed to address today’s most pressing internal audit challenges, Connected Risk ensures your team can focus on adding value where it matters most.

Discover how Connected Risk can transform your audit process. Learn more today!

Like this article?

Email
Share on Facebook
Share on LinkedIn
Share on XING

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.
    Skip to content