Chapter 07. Internal Audit Planning and Strategy

07.04. Coordinating with Other Governance Functions

Credit: Photo by fauxels from Pexels, used under the Pexels License.

Key Questions

Briefly reflect on the following before we begin:

  • What is the role of internal audit in the broader organizational governance framework?
  • How can internal audit collaborate effectively with risk management, compliance, and external audit functions?
  • What are the benefits of avoiding duplication of efforts through effective coordination among governance functions?
  • How can internal audit enhance governance outcomes through collaborative efforts?

Effective coordination with other governance functions is essential in internal auditing to optimize resources, minimize duplication of efforts, and enhance overall governance outcomes. This section delves into the role of internal audit within the governance framework and explores strategies for collaboration with risk management, compliance, and external audit functions. At the heart of effective governance lies the integration and coordination of various governance functions, each playing a distinct yet interconnected role in safeguarding organizational integrity and promoting accountability. Internal audit serves as a linchpin within this framework, providing independent and objective assurance on the effectiveness of risk management, control, and governance processes. By aligning internal audit activities with risk management, compliance, and external audit, organizations can leverage synergies and avoid redundancy, maximizing the value of governance activities.

Collaborating with risk management, compliance, and external audit functions enables internal auditors to gain deeper insights into organizational risks, regulatory requirements, and external audit findings. This collaborative approach fosters a holistic view of governance-related issues and facilitates the identification of systemic weaknesses or gaps in controls. Through effective communication strategies and cross-functional integration, internal auditors can become trusted advisors and assessors, providing valuable insights and recommendations to enhance governance and mitigate risks. Building partnerships with other governance functions strengthens the collective governance posture of the organization, ensuring alignment with strategic objectives and regulatory requirements while promoting a culture of transparency and accountability.

Internal Audit in Action

Background

Techian, a rapidly growing technology company, has recently faced challenges managing data privacy and cybersecurity risks. The board recognized the need for better coordination between the internal audit, risk management, and compliance functions to address these challenges more effectively.

Challenge

The primary challenge was establishing an integrated governance framework that facilitated effective coordination and information sharing between internal audit, risk management, and compliance without duplicating efforts or creating inefficiencies.

Action Taken

  • Establishing a Governance Committee: Techian formed a governance committee comprising leaders from internal audit, risk management, compliance, and IT security. The committee’s role was to oversee the integrated governance framework, ensuring alignment and collaboration across functions.
  • Defining Roles and Responsibilities: Clear roles and responsibilities were defined for each function, outlining areas of overlap and interaction to prevent duplication of efforts and ensure comprehensive coverage of governance activities.
  • Shared Risk Assessment Processes: The governance committee implemented a shared risk assessment process, allowing for a unified view of organizational risks and more coordinated risk response strategies.
  • Joint Training and Development Programs: To foster a culture of collaboration, joint training sessions were conducted on topics relevant to all governance functions, such as emerging cybersecurity threats and regulatory changes affecting data privacy.
  • Regular Communication and Reporting: Mechanisms for regular communication and reporting were established, including joint meetings and shared platforms for exchanging information and insights related to governance, risk, and compliance activities.

Outcome

The integrated governance framework significantly improved Techian’s ability to manage risks associated with its rapid growth and technological advancements. Coordination between internal audit, risk management, and compliance functions led to more efficient and effective governance processes, better risk mitigation strategies, and enhanced regulatory compliance. The collaborative approach also fostered a more robust culture of risk awareness and accountability throughout the organization.

Reflection

Techian’s scenario underscores the importance of collaboration and coordination among governance functions within an organization. By establishing an integrated governance framework and fostering a culture of cooperation, organizations can ensure that governance activities are aligned, risks are managed more effectively, and regulatory compliance is enhanced, contributing to overall organizational resilience and success.

The Role of Internal Audit Within the Governance Framework

In understanding the role of internal audit within the governance framework, it’s essential to recognize its position in ensuring effective governance practices within an organization. Internal audit is a critical component of the governance structure, providing independent and objective assurance to the board of directors and senior management regarding the effectiveness of internal controls, risk management, and governance processes.

Internal audit operates independently from management, reporting directly to the board of directors or an audit committee. This independence is crucial for providing unbiased assessments of the organization’s governance practices, ensuring transparency and accountability. Internal audit plays a significant role in assessing and monitoring organizational risks. By evaluating the adequacy of risk management processes and controls, internal audits help identify potential hazards that could impact the achievement of strategic objectives. Internal audit assesses the organization’s adherence to relevant laws, regulations, and internal policies. By conducting compliance audits, internal audits ensure that the organization operates within legal and ethical boundaries, mitigating the risk of non-compliance.

Internal audit also provides recommendations for enhancing governance processes and controls based on its assessments. By identifying weaknesses and inefficiencies, internal audits contribute to continuously improving governance practices, driving organizational effectiveness and efficiency. Moreover, internal audits communicate their findings and recommendations to key stakeholders, including the board of directors, senior management, and other governance functions. This communication fosters transparency and enables informed decision-making regarding governance-related matters. Internal audit establishes and maintains quality assurance processes to ensure the effectiveness and efficiency of its activities. Through periodic assessments and adherence to professional standards, internal audit upholds the integrity of its work, enhancing confidence in its findings and recommendations. Lastly, internal audit serves as an advisor to management, providing insights and recommendations for addressing governance-related challenges and improving organizational performance. By offering objective perspectives, internal audit contributes to achieving strategic objectives and long-term sustainability.

Collaborating with Risk Management, Compliance, and External Audit

Effective collaboration between internal audit, risk management, compliance, and external audit functions is essential for enhancing governance practices and achieving organizational objectives. Internal audit and risk management share a common goal of identifying, assessing, and managing organizational risks. By collaborating closely, internal auditors can leverage risk management’s expertise in risk identification and assessment to align audit activities with the organization’s risk profile. This collaboration ensures that audit efforts are focused on areas of highest risk and contribute to strengthening the organization’s risk management framework. Internal audit and compliance functions work together to ensure the organization complies with relevant laws, regulations, and internal policies. Collaboration involves sharing information and insights to identify compliance gaps and address regulatory requirements effectively. By coordinating with compliance, internal auditors can tailor audit procedures to assess compliance controls and verify adherence to legal and regulatory standards.

Collaboration with external auditors facilitates the exchange of information and ensures a coordinated approach to audit activities. The internal audit function supports external auditors by sharing relevant documentation, enabling access to key personnel, and assisting in resolving audit findings. By collaborating, internal and external auditors minimize duplication of efforts and optimize the audit process, ultimately enhancing the credibility of financial reporting and assurance activities. Collaboration with risk management and compliance functions enables the internal audit function to adopt a risk-based approach to audit planning and execution. By aligning audit activities with the organization’s risk appetite and strategic objectives, internal auditors can prioritize audits based on risk assessment outcomes and focus resources on areas with the highest impact on governance, risk, and compliance.

Effective collaboration requires open communication and information sharing between internal, risk management, compliance, and external audit functions. Regular meetings, joint planning sessions, and shared access to audit findings facilitate collaboration and ensure that efforts are coordinated and complementary. These governance functions can collectively enhance governance outcomes and contribute to organizational success by exchanging insights and best practices. Collaboration also fosters a culture of continuous improvement, where internal audit, risk management, compliance, and external audit functions work together to identify opportunities for enhancing governance practices and addressing emerging risks. By leveraging each other’s expertise and perspectives, these functions can adapt to evolving business environments and proactively mitigate risks, strengthening the organization’s resilience and sustainability.

Avoiding Duplication of Effort Through Effective Coordination

The various governance functions of an organization, such as internal audit, risk management, compliance, and external audit functions, may operate independently. However, effective coordination is essential to avoid duplication of effort and optimize resources. Defining and communicating clear roles and responsibilities for each governance prevents duplication of effort. This clarity ensures that each function understands its mandate and focuses on areas where it can add the most value without encroaching on the responsibilities of others. Effective coordination starts with collaborative planning among governance functions. By aligning their objectives and priorities, functions can identify synergies and opportunities for joint initiatives. This approach minimizes redundancy and efficiently allocates resources to address critical risks and compliance requirements.

Duplication of effort often occurs when governance functions work in silos and fail to share relevant information. Effective coordination involves establishing information-sharing channels like regular meetings, shared databases, and communication platforms. By sharing insights and findings, functions can avoid redundant work and leverage each other’s knowledge and expertise. Adopting a risk-based approach to governance activities helps prioritize efforts and allocate resources effectively. By focusing on areas of highest risk and significance to the organization, governance functions can keep resources manageable and concentrate efforts where they are most needed. Leveraging technology can streamline coordination efforts and reduce duplication of effort. Integrated governance platforms and software solutions enable real-time data sharing, automated workflows, and centralized reporting, facilitating collaboration among functions and enhancing overall efficiency.

Open and regular communication is vital for effective coordination. Governance functions should maintain an ongoing dialogue to ensure alignment of objectives, share updates on activities, and proactively address any overlaps or conflicts. Transparent communication fosters a culture of collaboration and mutual support among functions. Regular monitoring and evaluation of governance activities help identify areas where duplication of effort may occur. By conducting periodic reviews and assessments, organizations can detect inefficiencies, refine processes, and optimize resource allocation to maximize effectiveness across all governance functions. By aligning objectives, sharing information, and adopting a risk-based approach, organizations can enhance collaboration among governance functions and optimize their collective impact on governance outcomes.

Enhancing Governance Outcomes Through Collaborative Auditing

Collaborative auditing, where different governance functions work together toward common objectives, can significantly enhance governance outcomes within an organization. Collaborative auditing starts with establishing shared objectives and priorities across governance functions. By aligning their goals, the internal audit, risk management, compliance, and external audit functions can address critical risks and challenges impacting the organization’s overall governance effectiveness. Conducting a comprehensive, integrated risk assessment involves leveraging the expertise of all governance functions to identify and prioritize risks. By combining insights from internal audit, risk management, and compliance, organizations can gain a holistic view of their risk landscape and allocate resources more effectively to mitigate critical risks. Collaborative auditing involves joint planning and execution of audit activities. This includes coordinating audit scopes, methodologies, and timelines to ensure efficient use of resources and avoid duplication of effort. By working together, governance functions can leverage each other’s expertise and perspectives to conduct more thorough and insightful audits.

Forming cross-functional audit teams composed of members from internal audit, risk management, compliance, and external audit functions can enhance the quality and effectiveness of audits. These diverse teams combine various skills and perspectives, facilitating more comprehensive risk assessments and audit evaluations. Effective communication and information sharing are essential for collaborative auditing. Governance functions should establish clear channels for sharing audit findings, insights, and recommendations. This ensures that relevant stakeholders are informed and can take appropriate action to address identified issues. Collaborative auditing extends to joint reporting and follow-up activities. Governance functions should collaborate on preparing audit reports, consolidating findings, and developing action plans to address identified deficiencies. Organizations can track progress and implement corrective actions by working together on follow-up activities. Lastly, collaborative auditing is a continuous process that requires ongoing evaluation and improvement. Governance functions should regularly assess the effectiveness of their collaboration efforts, identify areas for enhancement, and implement changes as needed to optimize governance outcomes over time.

Communication Strategies for Cross-Functional Integration

Effective communication is crucial for promoting cross-functional integration among governance functions. To facilitate cross-functional integration, it’s essential to establish clear communication channels between internal audit, risk management, compliance, and external audit teams. This includes defining communication protocols, identifying key stakeholders, and establishing regular touchpoints to share information and updates. Leveraging technology can streamline communication and collaboration efforts across governance functions. Implementing collaborative platforms, such as shared document repositories or communication tools, enables real-time information sharing, document collaboration, and task tracking, enhancing overall efficiency and transparency. Furthermore, organizing regular meetings, workshops, or forums provides opportunities for governance functions to come together, exchange insights, and align on critical initiatives. These meetings can include discussions on audit planning, risk assessment findings, compliance updates, and other relevant topics, fostering collaboration and synergy among team members.

Training programs can enhance communication and integration efforts by promoting cross-functional understanding and awareness. By providing training sessions or workshops on the roles, responsibilities, and objectives of each governance function, organizations can foster a shared understanding and appreciation of each other’s contributions to governance effectiveness. Creating a culture of open dialogue and feedback encourages team members from different governance functions to voice their perspectives, concerns, and suggestions openly. This fosters a collaborative environment where individuals feel empowered to contribute ideas, raise issues, and provide constructive feedback, ultimately enhancing cross-functional integration and effectiveness. Forming cross-functional teams or committees composed of internal, risk management, compliance, and external audit representatives can facilitate ongoing communication and collaboration. These teams can be tasked with specific initiatives, projects, or problem-solving efforts, driving cross-functional integration and alignment toward common goals.

Transparency and accountability are essential for effective cross-functional integration. Communicating roles, responsibilities, and expectations ensures that team members understand their contributions to shared objectives and are accountable for their actions. Additionally, transparent reporting of audit findings, risk assessments, and compliance status promotes trust and confidence among governance functions. Effective communication lays the foundation for successful coordination and alignment of efforts toward achieving common goals.

Building Partnerships: Internal Audit’s Role as Advisor and Assessor

By fostering effective governance, the internal audit function acts as both an advisor and an assessor. The internal audit function serves as an advisor by providing valuable insights, recommendations, and best practices to management and other governance functions. By leveraging their expertise in risk management, internal controls, and compliance, internal auditors offer strategic guidance on enhancing organizational processes, mitigating risks, and achieving objectives. Building partnerships involves adopting a collaborative approach with key stakeholders, including management, risk management, compliance, and external audit teams. The internal audit function collaborates closely with these functions to understand their perspectives, align on objectives, and jointly develop strategies for addressing governance challenges and achieving organizational goals. The internal audit team provides risk advisory services by identifying emerging risks, assessing their potential impact on the organization, and recommending proactive measures to mitigate risks. By conducting risk assessments, scenario analyses, and trend analyses, the internal audit function assists management and other governance functions in making informed decisions and managing risks effectively.

Moreover, internal audit identifies opportunities for process improvements by evaluating existing processes, controls, and procedures. Through process mapping, control assessments, and benchmarking exercises, internal audit identifies inefficiencies, gaps, and areas for enhancement, enabling organizations to optimize their operations and strengthen internal controls. Internal audits contribute to building organizational capacity by providing training and knowledge-sharing initiatives. By conducting training sessions, workshops, and awareness programs on governance, risk management, and internal controls, internal audit empowers employees and stakeholders to fulfill their roles effectively and contribute to governance objectives.

As an assessor, an internal auditor evaluates the effectiveness of governance processes, controls, and systems. Through independent assessments, audits, and evaluations, internal auditors assure stakeholders regarding the adequacy and effectiveness of governance practices, helping to enhance accountability, transparency, and stakeholder confidence. Internal auditors foster a culture of continuous improvement and innovation by identifying opportunities for innovation, implementing best practices, and monitoring emerging governance, risk management, and compliance trends. By staying abreast of industry developments and leading practices, internal auditors contribute to organizational agility and resilience. Through collaboration, expertise, and a commitment to excellence, the internal audit function advances the organization’s governance agenda and promotes sustainable growth.

Internal Audit in Action

Background

Caledon Health Partners, a healthcare provider network, recognized that siloed planning within its internal audit, compliance, and risk management functions was leading to duplicated efforts and overlooked areas of risk, particularly in rapidly evolving areas such as patient safety and healthcare regulations.

Challenge

The challenge was to develop a collaborative audit planning process that leveraged each governance function’s unique insights and expertise, optimizing audit coverage and focusing on areas of highest risk and regulatory concern.

Action Taken

  • Cross-Functional Planning Workshops: Caledon Health Partners initiated annual cross-functional planning workshops that jointly brought together internal audit, compliance, and risk management representatives to identify and prioritize audit areas for the upcoming year.
  • Integrated Risk and Compliance Assessment: The team conducted an integrated risk and compliance assessment, pooling data and insights from each function to identify critical areas of concern and emerging risks within the healthcare landscape.
  • Coordinated Audit Agenda: Based on the integrated assessment, a coordinated audit agenda was developed, outlining targeted audits and reviews that addressed the most critical and high-risk areas, ensuring efficient use of resources across the functions.
  • Shared Audit Resources and Expertise: The functions agreed to share resources and expertise where applicable, such as jointly conducting audits on complex issues or sharing subject matter experts to enhance the effectiveness of audit activities.
  • Continuous Communication and Feedback Loop: A continuous communication and feedback loop was established, including regular update meetings and a shared platform for tracking audit findings, recommendations, and follow-up actions.

Outcome

The collaborative audit planning process led to a more strategic and focused audit agenda aligned with Caledon Health Partners’ most significant risks and regulatory requirements. The process eliminated redundant audits, freeing up resources to address new and emerging areas of concern. The approach also enhanced the quality of audit and review activities, providing more comprehensive insights into risk management and compliance issues, ultimately supporting better decision-making and governance practices within the organization.

Reflection

Caledon Health Partners’ experience demonstrates the benefits of a collaborative approach to audit planning among internal audit, compliance, and risk management functions. By working together to identify, prioritize, and address risks and regulatory concerns, organizations can optimize audit coverage, avoid duplication of efforts, and enhance their governance, risk management, and compliance activities, ultimately supporting a more effective and responsive governance framework.

Key Takeaways

Let’s recap the concepts discussed in this section by reviewing these key takeaways:

  • Internal audit is integral within the governance framework, ensuring the effectiveness of governance processes, controls, and risk management through independent assurance and advisory services.
  • Effective coordination with risk management, compliance, and external audits avoids duplication of effort, optimizes resources, and strengthens governance outcomes through collaborative auditing.
  • Internal audit enhances governance by employing clear communication strategies for cross-functional integration and building solid partnerships as an advisor and assessor.

Knowledge Check

Review Questions

  1. Explain the role of internal audit within the governance framework.
  2. How does collaborative auditing enhance governance outcomes?
  3. Discuss the importance of avoiding duplication of effort in governance functions.
  4. How can communication strategies facilitate cross-functional integration?
  5. Explain the internal audit function’s role as advisor and assessor in building partnerships.

Essay Questions

  1. Explain the significance of the internal audit’s role as an advisor and assessor in building partnerships within the governance framework. Provide examples of how internal audits can enhance collaboration and integration among governance functions.
  2. Discuss the challenges associated with avoiding duplication of effort through effective coordination among governance functions. Provide strategies that the internal audit function can employ to overcome these challenges and promote seamless collaboration.

Mini Case Study

Imagine you are the head of the internal audit department in a large corporation. Your organization has recently undergone a significant restructuring, resulting in changes to the roles and responsibilities of various governance functions, including risk management and compliance. As part of the restructuring, the executive leadership has emphasized the importance of enhancing collaboration and coordination among these functions to improve overall governance effectiveness.

Your team has been tasked with developing a plan to facilitate communication and integration among the different governance functions. However, you encounter resistance from some stakeholders who are skeptical about the benefits of collaboration and concerned about potential duplication of efforts.

Required: How would you address the challenges of promoting collaboration and coordination among governance functions in this scenario? Provide specific strategies and tactics that you would employ to overcome resistance and foster a culture of collaboration within the organization.

definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Internal Auditing: A Practical Approach Copyright © 2024 by Amit M. Mehta is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book