Agile IA Functions think ahead about potential disruptions and prepare accordingly. They are enabled by a planning process that is forward-looking in identifying emerging disruptions and associated business needs, and by knowledge sharing inside and outside the organization. They work with other lines of defense in a unified and integrated manner and make decisions mutually supported by others in the organization. In comparing Agile IA Functions to others, the differences highlight actions internal audit can take to boost preparedness.
It’s impossible to identify all potential business disruptions, but one can be fairly certain that at least some disruption will occur during the course of each year. Agile IA Functions plan for disruption to occur and create flexibility in their planning and resource allocation, which enables them to address disruptive events when they happen. In addition, nearly half (49%) have increased or shifted internal audit budget to enable greater participation in areas of business disruption compared to just 27% of less adaptive functions.
“For disruptive events, management wants a quick response but the deliberate nature of our work slows things down. We are looking to increase the consult vs. risk-based audit mix to give a more timely response. In operations’ minds it’s a 72-hour turnaround time, and we wouldn’t have our work planned in that amount of time.”
Collaboration across the lines of defense has been discussed for some time and most internal audit functions are working toward that. But, there is a difference between collaborating and being truly unified. Internal audit functions that are unified work cross-functionally with the other lines of defense to address disruption as no one team can address the volume and pace of disruption alone. This goes beyond knowledge sharing such as what’s in each function’s plan and what findings is each team discovering.
Agile IA functions know disruption when they see it. They have a command of their business strategies, risks, and the wider economic and competitive landscape. They have sufficient business acumen to identify when things are changing, and they can analyze the impact of those disruptive changes.
As just one example, a group of CAEs in one healthcare industry sub-sector maintains a network that gathers annually to discuss topics of common interest, including emerging and disruptive risks. They use this forum to invite subject matter specialists, audit committee members, and other expert speakers to lead discussions that help them better understand the external environment.
76% of Agile IA Functions cohesively partner with other risk management and compliance functions to address disruption (vs. 40% of peers)
Global agribusiness and food company Bunge takes several steps to maintain its business and technical IQ. A rigorous training program is in place which originates from a competency self-assessment required for all team members. Key themes are incorporated into individual development plans and a global training week. Structured Centers of Excellence have been established to deepen the knowledge of business areas and technologies and to more effectively align with key stakeholders. As a talent development platform for the company, internal audit also heavily leverages guest auditor and rotational programs to complement the audit teams and raise overall business acumen; an average of 60% of audit projects utilize guest auditors.
“We have a triumvirate between risk, compliance and audit functions. For us to all do our jobs, our functions need to be joined at the hip, meeting every two weeks to catch up on everything going on. That keeps us focused and coordinates the plan so we minimize any overlap or underlap.”
The last in our trilogy - PwC's 2017 State of Internal Audit Study looks at how Internal Audit can build the resiliency to evolve and increase its organizational value amidst the influences disrupting organizations today.
Partner, Internal Audit, Compliance & Risk Management Solutions
Tel: +1 (617) 530 7592