Internal Auditors have for decades been labelled as the compliance enforcers that arrive after decisions have been made. While there are elements of truth in this, the perception is outdated and represents the past. In the current business environment characterized by volatility, uncertainty, complexity, and ambiguity, organizations need Internal Audit to do more than look backward. They need it to shape the future.
According to the Global Internal Audit Standards, Internal Audit at its core exists to provide independent assurance. However, assurance provides limited value when narrowly interpreted as retrospective verification. Businesses today face disruption, technological and strategic risks that will not be managed through traditional audit cycles alone. Cyber threats, digital transformation failures, ESG missteps, and fragile supply chains demand more than an ‘old school’ audit cycle plan. These risks are inherent in both day to day and periodic strategic decisions. Internal audit not being at the centre for these conversations means organizations are effectively navigating blind.
The transformation from compliance to business catalyst must start from redefining the audit mandate. Internal Audit must shift and move upstream, engage early in strategic planning, major investment decisions, and transformation initiatives. While some might argue that this would effectively compromise independence, the counterargument is that this will provide insights before risks crystallize. Auditors being part of strategic discussions brings with it a structural understanding of risk, control, and governance. This helps organizations avoid costly missteps and identify opportunities that might otherwise be overlooked.
Consider digital transformation projects. Businesses have invested heavily in new technologies with the objectives and expectation of gains in either efficiency or competitive advantage. However, research has shown that a significant number of these initiatives do not deliver value. According to a study by McKinsey & Company, up to 70% of digital transformation programs fall short of their stated objectives.
Most times, the reasons are far from technical. They are governance related with unclear accountability in the projects, weaknesses in data quality, and misaligned incentives as the key issues. By virtue of internal audit having cross-functional visibility across the organization, it is uniquely positioned to identify these risks since they are organization-wide. By engaging proactively, auditors can help ensure that transformation efforts are not only innovative but also disciplined and sustainable.
Equally important is the role of internal audit in fostering a risk-aware culture. While strategy remains a high-level discussion, execution is by people across the organization. Weaknesses in risk awareness at operational levels will render even the best crafted strategies weak. Internal Audit will then act as a bridge to translate strategic risks into practical controls and behaviours.
There are several steps in Internal Audit providing strategic support. Firstly, the evolution requires a mind-set change within Internal Audit. Auditors must start by providing keen insights and foresights within audit findings that will support decision making. This will provide comfort to management not only on the auditors’ abilities but also the strategic mindset.
Secondly, internal auditors must develop new skills. These include data analytics, strategic thinking, and an understanding of emerging risks. Strategic thinking is key as it will enable auditors to communicate insights in a way that resonates with executives and boards. Not as operational, technical findings, but clearly bring out the strategic implications.
Thirdly, leadership must play a critical role. Chief Audit Executives must communicate, expose and position their functions as trusted advisors. This requires deep understanding of the business by all internal auditors and building relationships to enable them to challenge the status quo. It further requires courage because shaping strategy often means asking difficult questions and confronting uncomfortable truths.
Ultimately, the question is not whether internal audit should shape strategy, but whether organizations can afford for it not to. In an increasingly uncertain world, the cost of reactive assurance is simply too high. Organizations need foresight, not hindsight. They need assurance that informs decisions, not just validate them.
This Internal Audit month, it is critical to point out that Internal Audit has the tools, the perspective, and the mandate to play a strategic role. The challenge now is to embrace it.
Red Also: List Of 40 Digital Lenders Under Audit After 1030 Complaints Against Them
By Denish Osodo, the Group Director, Internal Audit, Safaricom PLC