PwC Internal Audit

Enhancing your Internal Audit (IA) capabilities to give you the power to see risk differently and the confidence to move faster in an uncertain world.

A pioneer in the new risk multiverse

As the world enters a risk landscape that’s more complex and connected than ever before, it’s time for Internal Audit (IA) to shine.

IA is at the heart of trust. It gives companies and their stakeholders confidence in their people, processes, systems and data, allowing them to see risk differently, move faster and make better decisions.

IA has a unique combination of risk-mindset, objectivity and organisational reach. At PwC, we believe that—with the right vision, approach and technology—IA can act as a ‘lighthouse’ to help companies navigate risk and see around corners. This both protects value and casts light on new opportunities for value creation. 

IA is the last line of defence, but increasingly the first one called to help.

Playback of this video is not currently available


This is Internal Audit

View Transcript

PwC - Implementing the IIA’s new Global Internal Audit Standards

Use the IIA’s new Global Internal Audit Standards™ to drive transformation and value from your Internal Audit function

Read more

Our experience working with world-leading organisations has demonstrated that solving important problems cannot be undertaken alone. When we combine our capabilities, we multiply our value. 

Modern IA needs to combine skills and capabilities across different areas to address the many risks that companies face.

At PwC, we combine core IA capabilities with other expertise to cover the full risk spectrum, including working with specialists in areas such as cyber security, ESG, regulation and compliance, culture and behaviours, forensics, and tax. We also add industry experts and the latest digital tools to ensure IA is focused on the right areas and delivered efficiently. 

This allows IA to achieve a ‘multiplier effect’—adding up to better risk coverage, greater efficiency, and more valuable insights.

The virtual world is not the real world. Unlocking the true value of IA requires not just technology but our human superpowers too.

At PwC, we have already built advanced technology into our IA services; however, we know that to make it meaningful to you, we need to combine it with specialists that understand your business, culture, values, strategy and people. In today’s hyper-connected world, we cannot afford to have any missing links.

Our IA teams can use or deploy technology to enhance your IA risk assessment, testing and analysis, investigation, and dashboarding and reporting, as well as the end-to-end audit lifecycle. This includes technology for robotic process automation (RPA); data analytics and visualisation; artificial intelligence (AI); enterprise resource planning (ERP) and governance, risk and compliance (GRC); continuous monitoring; and IA management.

This means PwC Internal Audit adds up to more than the sum of its parts and helps you solve your real world issues. This is IA evolved.

What would you like to do differently?

PwC helps companies around the world set up, plan, enhance and deliver leading Internal Audit capabilities. What would you like to do?

I want to...

Set up or transform Internal Audit

Plan, develop and structure IA, so that it is the right fit for your organisation—and fit for the future.

  • IA function set-up
  • IA charter, strategy and vision
  • Policy and plan development
  • Restructuring IA (e.g. due to an IPO or merger)
  • Organisation-wide alignment and integrated assurance across the second and third line

PwC Perspective: A bold IA vision - aligned to other governance functions - helps position IA as a pioneer, reduces duplication, increases collaboration, and ultimately strengthens the ‘risk shield’ around the organisation.

Deliver the Internal Audit plan

Combine modern audit methods, technology, industry knowledge and subject matter expertise to deliver effective IA, anywhere in the world

  • IA co-sourcing and outsourcing, including:
    • Risk assessment (including use of digital risk tools)
    • Planning, scoping, and work programme design
    • Audit execution (including tech-enabled and data-led audits)
    • Global project management, coordination and communication (multi-language)
    • Reporting and stakeholder engagement, including visualisation tools
    • IA management (including taking the Chief Audit Executive or Head of IA role)
  • Full IA managed services—scalable, efficient and effective end-to-end service using PwC's technology and IA teams, and delivery centres across the world
  • Organisation-wide internal controls programmes, such as Sarbanes–Oxley Act (SOX) or equivalent
  • Specialist audits, such as cyber, ESG, M&A, HR and culture, media, and strategy audits
  • Third-party audits, such as vendor compliance and due diligence audits
  • Forensic audits and investigations, including responses to fraud and compliance breaches

PwC perspective: Many IA functions are considering how they tackle strategic risks in an organisation, such as corporate strategy and decision-making, transformation, M&A and cost management. This requires IA to have a clear and conscious plan of how to achieve the right balance in the audit programme so that more ‘traditional’ risk areas receive adequate coverage, and the right tools and talent are available. Effective stakeholder communication is also needed to ensure different expectations are understood.

The diagram below is a simple way of considering how to balance this audit effort:

Internal Audit Table

Implement or use technology in Internal Audit

Deploy, configure and use technology to increase the efficiency and effectiveness of IA, and extract knowledge and insights from data.

  • IA technology strategy
  • System selection, implementation and configuration
  • Design and use data analytics, Robotic Process Automation (RPA), continuous auditing and Artificial Intelligence (AI)
  • Alignment and integration with other technology across the organisation, including risk, compliance, and Enterprise Resource Planning (ERP) tools and data
  • Digital training and upskilling

PwC Perspective: There is an increasing convergence of technology used for IA, risk, compliance, and business operations. This means IA has the opportunity to help digitise governance and assurance across the organisation and benefit from better risk data and automation. A clear IA technology strategy and good communication with first and second line is needed so that investment is not siloed and the whole organisation can benefit.

Develop my people in Internal Audit

Build confidence and develop new skills to unleash the potential of your people and equip them for success.

  • IA talent strategy and framework implementation
  • Design and delivery of in-person and on-line training for:
    • IA and other assurance teams, including those running controls programmes
    • Business teams, including risk and control owners
    • Executive and other management, including upskilling on corporate governance topics
  • Subject matter specialist support on audits where knowledge transfer is important
  • Coaching and mentoring, including IA leadership, Audit Committee members and other management

PwC Perspective: Whilst technology is critical to modern IA, becoming a pioneer and trusted advisor is as much about the human journey. This means having people who can turn data into insight, risk into opportunity, and ideas into action. This requires a holistic and strategic approach to getting the right mix of technical and human skills, such as communication, project management and negotiation.

Assess the maturity and quality of Internal Audit

Evolve your capabilities to meet the promises and potential of ‘next-gen’ IA, and the expectations of your stakeholders.

  • External Quality Assessments (EQAs) and External Strategic Assessments (ESA)
  • Benchmarking and ‘health-checks’ on IA maturity and performance
  • Development and review of IA quality management framework and quality processes
  • IA Key Performance Indicators (KPIs), including alignment to corporate strategy
  • Optimising IA and stakeholder reporting

PwC Perspective: Like any ecosystem, the governance ecosystem benefits from renewal and evolution. There is an opportunity, for example, to relook at what KPIs drive IA excellence, and ensure that these are aligned with corporate strategies and priorities, and properly reflect what stakeholders value. This includes getting the right balance between quantitative, qualitative and ‘inward and outward’ looking KPIs.

Address a particular business problem or risk

Leverage IA’s ‘superpowers’ to understand or quantify problems, provide advice on improvement and remediation, and offer perspectives on blindspots and emerging risks.

Examples of areas that IA can add value to: 

  • Corporate transactions, such as due diligence and post-merger integration
  • Regulatory breaches, including root-cause analysis and remedial monitoring to satisfy regulators
  • Board effectiveness, such as management decision-making and delegation of authority (DoA) processes
  • Local country laws, regulations and risks; for example, as part of a market entry strategy
  • Culture and behaviours, for example, to address workstyle reform or organisational transformation risks

PwC Perspective: Organisations always benefit from an objective viewpoint and IA is well placed to provide this. This does not always require a traditional audit, and can be more effective as a risk position paper, executive update, or simple discussion, for example.

ESG Maturity Assessment

Powered by technology, useful to humans

IA is increasingly including ESG in their audit plans. PwC is able to use its Connected Risk Engine (CRE) technology to help IA assess and benchmark the maturity of ESG processes in their organisation.

Our assessment covers key areas of an effective ESG framework, including governance, culture and reporting. It can be tailored to compare different parts of the organisation or understand the views of different stakeholder groups.

The output can be used to update your ESG strategy, target areas of higher priority, and gauge the success of investment in ESG. In other words, it can give you a blueprint to help navigate complexity, manage risk, and plan for the next stage of maturity in ESG.

PwC’s CRE tool has over 20 other assessment modules, and this is increasing. These include topics like IA effectiveness, cyber security, and compliance management. To find out more, please speak to your PwC team or use the form below.

PwC Global Internal Audit Study 2023

Seeing through walls to find new horizons
Learn more

Combining our experience - explore other areas of PwC 

These are examples of the specialist areas that IA draws on to multiply its value to organisations. Click on the links to explore the capabilities and insights in each:

should ceos think different about risk

Let's change the way we see risk

Risk isn't about responding to change. It's about changing the way we see. Shifting our perspective. Considering different angles. Strong risk and resilience capabilities can be the difference between those that thrive and those that fight to survive.


Connect with us

Contact us

Chris Mills

Chris Mills

Internal Audit, PwC Bermuda