PwC Internal Audit

Enhancing your Internal Audit (IA) capabilities to give you the power to see risk differently and the confidence to move faster in an uncertain world.

Implementing the IIA’s new Global Internal Audit Standards

Use the IIA’s new Global Internal Audit Standards™ to drive transformation and value from your Internal Audit function

Learn more

ESG for Internal Audit: Maturity Assessment image

Internal Audit can help organisations navigate the new risk multiverse

How can Internal Audit’s superpowers help organisations ‘see through walls’ to avoid hazards, remove complexity, and find new opportunities? Find out in PwC’s Global Internal Audit Study.

Read the report 

Playback of this video is not currently available


View Transcript

PwC Global Internal Audit Study: Real-time Benchmarking

Our benchmarking tool allows you to answer a subset of questions from this year’s survey and compare your responses against the global data

Benchmark yourself now 

A pioneer in the new risk multiverse

As the world enters a risk landscape that’s more complex and connected than ever before, it’s time for Internal Audit (IA) to shine.

IA is at the heart of trust. It gives companies and their stakeholders confidence in their people, processes, systems and data, allowing them to see risk differently, move faster and make better decisions.

IA has a unique combination of risk-mindset, objectivity and organisational reach. At PwC, we believe that—with the right vision, approach and technology—IA can act as a ‘lighthouse’ to help companies navigate risk and see around corners. This both protects value and casts light on new opportunities for value creation. 

IA is the last line of defence, but increasingly the first one called to help.

Playback of this video is not currently available


View Transcript

Our experience working with world-leading organisations has demonstrated that solving important problems cannot be undertaken alone. When we combine our capabilities, we multiply our value. 

Modern IA needs to combine skills and capabilities across different areas to address the many risks that companies face.

At PwC, we combine core IA capabilities with other expertise to cover the full risk spectrum, including working with specialists in areas such as cyber security, ESG, regulation and compliance, culture and behaviours, forensics, and tax. We also add industry experts and the latest digital tools to ensure IA is focused on the right areas and delivered efficiently. 

This allows IA to achieve a ‘multiplier effect’—adding up to better risk coverage, greater efficiency, and more valuable insights.

The virtual world is not the real world. Unlocking the true value of IA requires not just technology but our human superpowers too.

At PwC, we have already built advanced technology into our IA services; however, we know that to make it meaningful to you, we need to combine it with specialists that understand your business, culture, values, strategy and people. In today’s hyper-connected world, we cannot afford to have any missing links.

Our IA teams can use or deploy technology to enhance your IA risk assessment, testing and analysis, investigation, and dashboarding and reporting, as well as the end-to-end audit lifecycle. This includes technology for robotic process automation (RPA); data analytics and visualisation; artificial intelligence (AI); enterprise resource planning (ERP) and governance, risk and compliance (GRC); continuous monitoring; and IA management.

This means PwC Internal Audit adds up to more than the sum of its parts and helps you solve your real world issues. This is IA evolved.

What would you like to do differently?

PwC helps companies around the world set up, plan, enhance and deliver leading Internal Audit capabilities. What would you like to do?

I want to...

Set up or transform Internal Audit

Plan, develop and structure IA, so that it is the right fit for your organisation—and fit for the future.

  • IA function set-up
  • IA charter, strategy and vision
  • Policy and plan development
  • Restructuring IA (e.g. due to an IPO or merger)
  • Organisation-wide alignment and integrated assurance across the second and third line

PwC Perspective: A bold IA vision - aligned to other governance functions - helps position IA as a pioneer, reduces duplication, increases collaboration, and ultimately strengthens the ‘risk shield’ around the organisation.

Deliver the Internal Audit plan

Combine modern audit methods, technology, industry knowledge and subject matter expertise to deliver effective IA, anywhere in the world

  • IA co-sourcing and outsourcing, including:
    • Risk assessment (including use of digital risk tools)
    • Planning, scoping, and work programme design
    • Audit execution (including tech-enabled and data-led audits)
    • Global project management, coordination and communication (multi-language)
    • Reporting and stakeholder engagement, including visualisation tools
    • IA management (including taking the Chief Audit Executive or Head of IA role)
  • Full IA managed services—scalable, efficient and effective end-to-end service using PwC's technology and IA teams, and delivery centres across the world
  • Organisation-wide internal controls programmes, such as Sarbanes–Oxley Act (SOX) or equivalent
  • Specialist audits, such as cyber, ESG, M&A, HR and culture, media, and strategy audits
  • Third-party audits, such as vendor compliance and due diligence audits
  • Forensic audits and investigations, including responses to fraud and compliance breaches

PwC perspective: Many IA functions are considering how they tackle strategic risks in an organisation, such as corporate strategy and decision-making, transformation, M&A and cost management. This requires IA to have a clear and conscious plan of how to achieve the right balance in the audit programme so that more ‘traditional’ risk areas receive adequate coverage, and the right tools and talent are available. Effective stakeholder communication is also needed to ensure different expectations are understood.

The diagram below is a simple way of considering how to balance this audit effort:

Internal Audit Table

Implement or use technology in Internal Audit

Deploy, configure and use technology to increase the efficiency and effectiveness of IA, and extract knowledge and insights from data.

  • IA technology strategy
  • System selection, implementation and configuration
  • Design and use data analytics, Robotic Process Automation (RPA), continuous auditing and Artificial Intelligence (AI)
  • Alignment and integration with other technology across the organisation, including risk, compliance, and Enterprise Resource Planning (ERP) tools and data
  • Digital training and upskilling

PwC Perspective: There is an increasing convergence of technology used for IA, risk, compliance, and business operations. This means IA has the opportunity to help digitise governance and assurance across the organisation and benefit from better risk data and automation. A clear IA technology strategy and good communication with first and second line is needed so that investment is not siloed and the whole organisation can benefit.

Develop my people in Internal Audit

Build confidence and develop new skills to unleash the potential of your people and equip them for success.

  • IA talent strategy and framework implementation
  • Design and delivery of in-person and on-line training for:
    • IA and other assurance teams, including those running controls programmes
    • Business teams, including risk and control owners
    • Executive and other management, including upskilling on corporate governance topics
  • Subject matter specialist support on audits where knowledge transfer is important
  • Coaching and mentoring, including IA leadership, Audit Committee members and other management

PwC Perspective: Whilst technology is critical to modern IA, becoming a pioneer and trusted advisor is as much about the human journey. This means having people who can turn data into insight, risk into opportunity, and ideas into action. This requires a holistic and strategic approach to getting the right mix of technical and human skills, such as communication, project management and negotiation.

Assess the maturity and quality of Internal Audit

Evolve your capabilities to meet the promises and potential of ‘next-gen’ IA, and the expectations of your stakeholders.

  • External Quality Assessments (EQAs) and External Strategic Assessments (ESA)
  • Benchmarking and ‘health-checks’ on IA maturity and performance
  • Development and review of IA quality management framework and quality processes
  • IA Key Performance Indicators (KPIs), including alignment to corporate strategy
  • Optimising IA and stakeholder reporting

PwC Perspective: Like any ecosystem, the governance ecosystem benefits from renewal and evolution. There is an opportunity, for example, to relook at what KPIs drive IA excellence, and ensure that these are aligned with corporate strategies and priorities, and properly reflect what stakeholders value. This includes getting the right balance between quantitative, qualitative and ‘inward and outward’ looking KPIs.

Address a particular business problem or risk

Leverage IA’s ‘superpowers’ to understand or quantify problems, provide advice on improvement and remediation, and offer perspectives on blindspots and emerging risks.

Examples of areas that IA can add value to: 

  • Corporate transactions, such as due diligence and post-merger integration
  • Regulatory breaches, including root-cause analysis and remedial monitoring to satisfy regulators
  • Board effectiveness, such as management decision-making and delegation of authority (DoA) processes
  • Local country laws, regulations and risks; for example, as part of a market entry strategy
  • Culture and behaviours, for example, to address workstyle reform or organisational transformation risks

PwC Perspective: Organisations always benefit from an objective viewpoint and IA is well placed to provide this. This does not always require a traditional audit, and can be more effective as a risk position paper, executive update, or simple discussion, for example.

ESG for Internal Audit: Maturity Assessment

Benchmark the maturity of the ESG control environment and processes in your organisation.

Learn more

ESG for Internal Audit: Maturity Assessment image

From threat to opportunity: PwC’s Global Risk Survey 2023

Find out how technology is changing the way leading organisations see risk, creating new value and building resilience.

Read the report

From threat to opportunity: PwC’s Global Risk Survey 2023

Combining our experience - explore other areas of PwC 

These are examples of the specialist areas that IA draws on to multiply its value to organisations. Click on the links to explore the capabilities and insights in each:


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

IA x You - Careers with PwC

PwC IA is growing and our IA teams around the world are hiring. We gain strength from diversity and value a wide range of skills, backgrounds and experience. These are our 'superpowers' and combining them is how we help our clients solve important problems.

If this sounds exciting, please explore our career opprtunities.View opportunities

Let's talk

We have Internal Audit teams globally who are ready to talk to you. You can directly contact those listed below or complete this form and we will put you in touch with the right person locally.

Shaun Willcocks

Global Risk Markets Leader, Global Internal Audit Leader, Partner, PwC Japan

+81 (0)90 6478 6991


Mike Maali

US Internal Audit Leader, Partner, PwC United States

+1 (630) 209 6384


Richard Thomas

EMEA Internal Audit Leader, Partner, PwC Switzerland

+41 79 816 27 00


Justin Martin

UK Internal Audit Leader, Partner, PwC United Kingdom

+44 (0) 7881 802 336


Sophie Langshaw

Australia Internal Audit Leader, Partner, PwC Australia

+61 41 052 0548


Eric Yeung

China and Hong Kong Internal Audit Leader, Partner, PwC Hong Kong

+852 2289 1953


Kathrin Kersten

Germany Internal Audit Leader, Partner, PwC Germany

+49 69 9585 1201


Carlie Persson

Canada Internal Audit Leader, Partner, PwC Canada

+1 780-441-6700


should ceos think different about risk

Let's change the way we see risk

Risk isn't about responding to change. It's about changing the way we see. Shifting our perspective. Considering different angles. Strong risk and resilience capabilities can be the difference between those that thrive and those that fight to survive.


Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.