The Eight Attributes: Delivering Internal Audit Excellence as Stakeholders Expect More

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

February 2016

Discussions with stakeholders and CAEs as well as our experience delivering internal audit services have consistently pointed to the importance of eight core attributes  shared by well-regarded internal audit functions, regardless of their mandate, scope of work, or size.

PwC introduced these attributes in 2010 and our research continues to tell us that there is a strong correlation between stakeholders’ perception of value and internal audit’s performance against these attributes. Stakeholders also shared that the highest performing internal audit functions, those adding the greatest value to their organizations, are not only delivering on their core mandate of providing assurance but are aspiring to deliver value as a trusted advisor, a concept introduced by PwC in 2013.

In this paper, we provide more insight into these eight attributes, and how internal audit leaders can think about their own performance in delivering the value stakeholders expect. 

Stakeholder expectations of Internal Audit are rising at the same time Internal Audit’s mandate is becoming more complex. As expectations rise, PwC’s trend data shows that Internal Audit has increased the value it delivers. While this is a positive trend, there is room for improvement as stakeholder perception of Internal Audit performance has remained flat.

The eight attributes

Business alignment

Internal Audit has a clear understanding of the strategic direction of the company and the expectations of its stakeholders. It aligns its scope and resulting audit plan with the business direction in the context of these expectations. The function maintains alignment through strategic planning and coordination with other lines of defense.

Internal Audit incorporates stakeholder expectations into its mission and vision and clearly defines the value it will deliver to the organization. Measurement of progress toward the mission and vision and resulting actions to align with the business are communicated. To deliver on this attribute, Internal Audit routinely stays abreast of business goals, objectives and decisions while keeping a pulse on the company through its regulatory filings, competitor and industry information, and insights gained through participation in strategic discussions.

View more

Risk focus

Internal Audit takes a holistic view of risks that considers internal, external and emerging risk factors. The function has a thorough understanding of the company’s risk culture, the risk appetite of the business, and regulatory and legal requirements. Internal Audit invests the appropriate time to perform a dynamic risk assessment that encompasses top-down, strategic perspectives focused on identifying the most critical risks facing the business today and in the future.

This strategic top-down risk focus is often calibrated with a bottoms-up approach centered on where risks are manifesting themselves in the business today. For certain areas, such as IT risks, a second-tier, more specific risk assessment is performed, leveraging subject matter experts to pinpoint where these risks may materialize. In anticipation of business changes and at regular intervals, the risk assessment is refreshed to keep the audit plan focused on the most critical and value added areas.

View more

Stakeholder management

Internal Audit effectively understands and manages relationships with a broad set of stakeholders. Stakeholder expectations are well understood across the function and communication protocols are in place. The internal audit strategic plan is calibrated to align with these expectations.

A shared definition of value is measured through one-on-one feedback sessions and surveys allowing for timely action on feedback. Internal Audit communicates with impact, leading value-driven conversations. An effective stakeholder management plan often enhances business alignment and elevates Internal Audit’s awareness and resulting focus on critical risks. 

View more

Cost optimization

Internal Audit optimizes cost by delivering efficient and value-added services through robust, well communicated audit methodology and processes. Methodology is regularly evaluated, the use of analytics is embedded throughout, and processes are standardized and simplified to maximize effectiveness while optimizing cost.

Flexible staffing models are inclusive of: internal and external resources; various staff levels; strategically positioned resources (globally, if applicable); and specialized skillsets (such as IT and sector expertise). Processes are in place, such as time reporting, to measure productivity and cost-effectiveness of services. Investments in internal audit infrastructure are aligned to the same metrics used by other service functions within the business.

View more

Talent model

Internal Audit possesses the appropriate mix of core internal audit talent, subject matter expertise, business acumen and position parity to align to its mandate and meet expectations of stakeholders, including regulators. The talent model is flexible, balancing the need for specific industry and risk expertise against the likely utilization of that expertise. The model includes the incorporation of regular training and performance feedback to enhance the department and facilitate growth and individual leadership development.

Talent is managed to include the appropriate balance of technical skills and softer skills such as conflict management, intellectual curiosity, critical thinking, relationship development, and overall leadership. 

View more

Quality and innovation

Internal Audit promotes quality and innovation through well-defined standards that align to overall IIA standards (and any sector specific regulatory or domain standards). The function performs formal quality and promotes a culture that rewards innovation and continuous improvement of core processes. The audit plan aligns with the company’s risk profile and changes as risks change.

The form and message of internal audit reports and communications are based on facts, support the achievement of Internal Audit’s mission and strategic objectives and influence stakeholders to take action. A function that consistently delivers a quality service and product is also focused on the strategic imperatives of the business. Data analytics, reporting and visualization tools are consistently used to deliver on the core mandate and innovate

View more

Technology

Internal Audit leverages technology effectively in the execution of the entire lifecycle of the audit process. Robust audit management systems are either interfacing with or embedded into enterprise wide governance, risk and compliance (GRC) tools. Data analytics are designed and deployed enabling focus on the right risk areas and business issues as well as generating efficiencies throughout the audit process. Analytics and visualization tools are used to enhance the understanding and evaluation of risks and to identify business process and control breakdowns.

Continuous auditing techniques are leveraged to increase coverage or provide early warning of risk indicators to the business. To deliver on this attribute, the internal audit team must understand the complexities of their company’s systems architecture and innovate by using technology to drive audit efficiency.

View more

Service culture

Internal Audit serves its many stakeholders, while maintaining objectivity, by having a well-defined mandate (mission, vision and scope) and clear reporting lines. The internal audit team and the organization can succinctly articulate Internal Audit’s mandate and brand. A client service plan is in place that drives purposeful engagement with the business, anticipates needs, drives timeliness and responsiveness, and focuses on bringing valuable insight to inform business decisions. Regular feedback is solicited from stakeholders, and the department measures results and develops improvement actions as needed.

View more

Contact us

Michelle  Hubble

Michelle Hubble

SOX Solutions Leader and Workiva Alliance Leader, PwC US

Rachael  Person

Rachael Person

Partner, Internal Audit Services, PwC US

Follow us