If you randomly asked your stakeholders—either on campus or on the board—about internal audit, what would they say? There might be some misconceptions about internal audit’s role on your campus and even some confusion about internal audit’s influence and impact on the institution. Gone are the days that internal audit is only functioning by testing controls and reporting findings. Internal audit is positioned to gain, maintain, and share institutional knowledge and can become a strategic partner to the institution’s stakeholders. As a strategic partner, internal audit can help shed light on the institution’s emerging risks and provide advisory assistance related to organizational risk management. The transformation will not happen overnight, and it will require effort and commitment. Here are a few tips to begin the transformation journey.
Tip 1: Brand Identity
What does the internal audit function want to be known for? The branding of the internal audit function sets the tone for how others will perceive it. Foundational pieces to building the brand include the internal audit charter and the department mission and vision statement. Build awareness of internal audit’s role by creating a newsletter that incorporates relevant topics for the campus and consider doing an “Ask the Auditor” section.
Tip 2: Risk Assessments & Awareness
Facilitate periodic risk assessments. There are many forms of risk assessments: enterprisewide, IT only, project specific, etc. Not only does facilitating these discussions help internal audit generate an internal audit plan, but it also provides internal audit the opportunity to better understand leadership’s risk philosophy. The time spent with your stakeholders is imperative to building relationships, being seen as a strategic partner, and raising your brand awareness.
Tip 3: Strategic Plan & COSO Framework
The institution’s strategic plan is not only a road map of goals and objectives but prompts internal audit’s strategic thinking about potential risks related to those goals and objectives. That information can start to build the institution’s risk profile and be a starting point for risk discussions. Understanding the Committee of Sponsoring Organizations (COSO) enterprise risk management framework can assist with building a risk assessment process for the institution and potentially have a positive impact on the institution’s awareness of risk and risk culture. Doing so builds on the foundational pieces from Tip 1 and continues to enhance the credibility of the internal audit function and its value-add.
Tip 4: End-to-End Audits
Connecting the dots of siloed processes can provide internal audit with institutional knowledge to be shared with other stakeholders. Siloed views of processes and the associated risks can negatively impact the way an institution responds to risk and further expose the institution to uncertainties and surprises.
Tip 5: Credibility
This might be the most important aspect of internal audit and its brand. Without credibility, all the hard work and deliverables will go unnoticed. The aforementioned tips all contribute to building credibility by adding value and being viewed as a partner. Internal auditors cannot operate in a “gotcha” mode but instead need to focus on management’s biggest areas of concern and help identify risks that may not even be on their radar. Internal auditors can help enhance this themselves through unbiased, objective, and independent work; personal and professional integrity; and staying informed on stakeholder concerns. By continuing to build upon the foundational pieces, your internal audit function can be transformed into a highly valued and credible function.
If you have questions or need assistance, please reach out to a professional at Forvis Mazars or use the Contact Us form below.