Under the Sarbanes-Oxley Act (SOX), internal auditors play a crucial role, ensuring effective risk management, governance, and internal control processes. Exploring best practices for auditors, they provide oversight beyond financial implications, examining operations, reputation, employee treatment, and environmental impact. In an open and collaborative environment, auditors identify problem areas and offer strategic insights to propel the organisation forward
In many organisations, open collaboration is lacking, creating a disconnect between the internal audit function and the business. Explore best practices for auditors, bridging gaps in visibility, involvement in decisions, and accessing essential data for reporting and recommendations. Embracing these practices transforms auditors into strategic partners rather than irritations within the organisation
Five best practices for auditors to close the gap:
1. Build alignment with stakeholders across the business
Nearly half of poll respondents cited ongoing communication as the main barrier to aligning internal audit with business functions (45%), followed by mistrust of internal audit (22%) and a lack of clear process ownership (21%).
In many organisations, unclear roles and limited collaboration result in miscommunication and duplicated labor across departments.
Some auditors address issues creatively, hosting events like pizza parties to bring everyone together.
In this informal gathering, they discuss audit roles and openly communicate to solve problems together. The successful pizza party can become a quarterly event to address day-to-day operational issues. This simple party could see increased cohesion among staff, and audits may begin to run faster and more smoothly.
While not always feasible, seek opportunities to bring dispersed teams together in a casual roundtable setting. Host an online workshop with a guest speaker discussing a current regulatory issue of interest to your team. Use your intranet or knowledge-sharing tool for ongoing cross-departmental questions and discussions. Foster a collaborative culture across process teams to share insights and enhance the audit process for all.
2. Evolve the three lines of defence (3LoD) model through new audit tools
In today’s regulatory environment, auditors should collaborate early with risk management and compliance teams to assess and manage business risk. However, it’s often a challenge for auditors to have their voices heard.
The solution comes down to creativity. In a case study, credit risk review officer Scott aimed to showcase his division’s value and improve understanding of the auditing process across teams. To do so, he convinced leadership to have all new loan officers spend their first 30 days working on credit risk review. This helped them see what the audit team did and how they did it and gave them a new perspective on the business function. He also spearheaded educational content, including quarterly workshops and a bimonthly newsletter. Increasing visibility and engagement, the newsletter transformed the perception of the credit risk review function within the commercial lending team.”
Auditors can look for new opportunities to present their information through newsletters, workshops, videos, graphic presentations, or even interactive websites. Offering various content channels enhances the audit team’s relevance and appeal to the organisation.
3. Deepen analytics to get more timely insights into risk
In-depth analytics are critical for auditors. They can help us better understand processes and data flow, create better audit programs, and enhance the internal audit’s value proposition to the organisation. But business functions are often reluctant to share their data with the audit team.
However, by making an effort to be of value to business functions, auditors can expand their access to data. Dan cites the example of Stephanie, a senior auditor with exceptional Excel and PowerPoint skills. When a business function manager had to give a presentation to the board but didn’t know how to drill down into the data to get the information she needed or how to present it effectively, Stephanie offered to help her, working after hours to collaborate on the presentation.
On the presentation day, the manager called Stephanie into the board meeting to recognise her contributions and thank her for her work. From that point, Stephanie could ensure access to the data she needed for her work on the auditing team.
To gain access to data from other business functions, look at how you can use your skills to help them and build trust between teams. The better collaboration will help you get access to the information you need to make both teams successful.
4. Communicate more effectively with the c-suite
Many auditors find that the C-suite doesn’t recognise the value of the internal audit team. They tend to think auditors are just there to check controls and want the audit team to keep doing things the way they’ve always done them. In many cases, the team hasn’t communicated how they add value or has struggled to find ways to add value. All of this results in low engagement between leadership and the audit teams.
How do we get around this? Focus on better education about what you do and open the lines of communication. Dan knows one auditor who began sending the C-suite a regular audit “snap”: a one-pager that included the status of the audit plan, a success story where a business function had implemented the audit’s suggestions with positive results, and an opinion piece on policy, risk, and controls. The auditor began to receive regular feedback from the board and senior management and invitations to board meetings and sessions where her feedback was solicited. By providing thought leadership in your field, you can prove your value and become part of the conversation with your C-suite.
5. Become a strategic partner by offering data-driven information
Finally, one of the best ways that you can enhance an internal audit’s brand is by serving as a strategic consulting partner to lines of business. Doing so can help you highlight your team’s skills, demonstrate the audit’s work in a more collaborative light, give business units a reason to reach out to audit, and provide more ways for audit to add value. For instance, as COVID-19 began and businesses were forced to reshape their operations radically, some audit teams could take on additional responsibilities in risk assessment, offering strategic recommendations around introducing new protocols.
Ensure that your audit team can do what’s needed to help, even if it falls outside traditional job descriptions. Audit teams can also support business units with ongoing advisory and consulting services. They use their skill sets as auditors to help business teams with strategic support instead of focusing only on compliance. For instance, an audit team initiated a consulting practice for data risk management, offering recommendations and an action plan to the business unit. Due to the successful approach, the management team requested further consulting, saving R500,000 in external fees using internal expertise. The audit function often suffers from a lack of communication with other lines of business. Efforts to foster cross-team collaboration and showcase value can elevate the audit’s respect and authority within the organisation.
By ensuring the audit team’s active involvement, enhance risk analyses and audits, improving overall organisational performance. To improve their collaboration and communication, auditors can implement best practices that position them as strategic partners. The audit team can enhance their contributions and boost organisational performance by aligning their processes, updating their audit tools, using advanced analytics, communicating effectively, and providing data-driven insights. These efforts will also help the team gain recognition for their valuable work.
Contact us today to book a demo.
