Unlock business value with internal audit

The time has come for boards, audit committees and management teams to rethink and stop seeing internal audit as a compliance burden, but instead as an invaluable tool that can both protect and create value if used optimally. 

The truth is internal audit fundamentally supports organisational growth and strategic decision-making, and seeks to protect the intrinsic value and resilience of a business. It involves proactively identifying current and emerging risks and opportunities, offering pragmatic advice to the business on how to mitigate risk and capitalise on opportunity. 

A value-add internal audit mechanism (in house, co-sourced or outsourced) assesses governance, risk and control (GRC) structures that support day-to-day business. It also assesses in real-time change programmes, digital transformation and potential target acquisitions through that GRC lens. Few businesses, however, are fully realising the bankable value internal audit expertise can bring to the table.

The role of internal audit continues to become more multifaceted given the dynamic risk landscape, the scale of technological change and the need to keep pace with regulatory and compliance changes across sectors.

Internal audit no longer to be feared

Outdated perceptions still linger

The old-school view of internal audit as a necessary evil – instilling fear, acting as the controls police, and ‘hanging people out to dry’ – is not as commonplace as it was, but it remains inherent in the culture of many organisations. 

Cost of inaction outweighs cost of audit

Organisations need to eliminate this archaic view of internal audit if they want to fully exploit its value and save management time and business funds fire-fighting, dealing with the aftermath of risk events and facing the disappointment of lost opportunities. We still see large businesses spending as much as 10 times the cost of an internal audit service every year on such scenarios. 

Rather than expending hundreds of thousands of euro to address significant problems down the line when a risk event crystallises, companies can and should engage an internal audit service to support and enable management in their strategic agenda. Risk and strategy are not mutually exclusive – a business cannot deliver a strategy optimally without actively managing and mitigating risks.

Trust culture enables growth

More forward-thinking organisations see the genuine value of internal audit. They appreciate how it can improve the efficiency and resilience of an organisation’s operations, helping it navigate complex risk landscapes and improve its governance, risk management and control processes.

Embracing a new approach to internal audit involves a cultural shift fundamentally centred on trust – trust between the board and the executive, and between the executive and the business, to allow people to feel safe in saying they have a problem or they need help. This takes the fear out of it and can help businesses to scale much faster as a result. 

It’s the alternative to a culture where people constantly try to cover up problems, meaning they don’t get dealt with and the consequences of poor GRC practices then come to the fore. This hampers growth because the business can’t exploit opportunities and deliver as robustly as it wants.

Becoming invaluable strategic advisors

Internal audit is transitioning from its traditional, process-driven role to becoming a more strategic function – a shift reflected in the revised Institute of Internal Auditor standards. 

Strong internal auditors act as trusted independent advisors, sharing what ‘good looks like’ across people, processes, and systems, as much as they are ‘assurers’ who assess how well a business is set up and functioning from a governance, risk management and control perspective.

Senior leaders and executives should trust and use internal audit as a key business partner. They can then benefit from the in-depth understanding internal audit has of their business and get to see risk exposures before they cause a loss of talent, customers, knowledge or strategic opportunity.

As large organisations are undergoing significant cultural change anyway, with rapid technological advancement and associated transformation, it’s an ideal opportunity to embrace internal audit as an enabler and supporter of business growth.

An asset for businesses across all sectors

Internal audit isn’t just relevant for regulated businesses such as banks – a common misconception. All sorts of businesses across sectors can unlock value from a thorough internal audit, whether they are private, public, multinational or not-for-profit.

Some of our best success stories in internal audit have been with companies that were originally family businesses in Ireland. Often they have grown at pace, trying to manage without all the necessary knowledge inside the four walls and have ended up crying out for help. Being able to engage external expertise by means of internal audit is a cost-effective way of gaining, sharing and using risk expertise and insights.

Regardless of the business involved, senior leaders can’t be expert across financial control, outsourcing, business continuity, supply chain, data protection, cybersecurity and countless other specialist areas. Internal audit can show what good looks like in all respects, identify opportunities to improve and create an environment in which open conversations can be had safely and advice shared. 

Respond to more stringent regulations

Across sectors such as technology, energy, pharma, construction and manufacturing, the regulatory context continues to become more onerous and transparent. 

When it comes to key thematic risks such as market demands, product quality, health and safety standards and the general complexity of global business, one regulator tends to mirror another from a best practice perspective. Internal audit plays a critical role in ensuring compliance with complex regulatory requirements and industry standards. 

Not only are all sectors becoming more regulated, consumers, suppliers, third parties and the public have greater expectations of how businesses govern and manage risk, especially around increasingly emotive topics such as the use of AI, sustainability initiatives, supply chain practices or human capital management.

Internal audit: our approach

The internal audit process depends entirely on the risk maturity of the business, whether it’s an advisory or assurance need and on multiple other factors. Grant Thornton takes a tailored approach, rather than trying to force a one-size-fits-all model on a myriad of clients.

We see internal audit plans evolving to include a blend of audits, advisory reviews and programme assurance requirements reflected to cater for the risk maturity levels across different areas of a business. 

We also provide regular assurance to boards and audit and risk committees on change and transformation programmes to ensure they’re designed and being deployed optimally so they deliver the intended ROI.  

Data analytics, automation and other technology is increasingly key to improving the efficiency and effectiveness of internal audit work, and that will only grow, helping to interrogate larger volumes of data and improve the value of the advice we give. 

An invaluable internal audit partner

It’s time for businesses to truly exploit what internal audit can bring to the table in driving future success. At Grant Thornton, we understand the new reality of internal audit and continue to make use of our tools, experience and insights deliver a best-in-class internal audit service to every client at every stage of their journey, regardless of their size, sector or risk maturity.

Discover how internal audit can protect and sustain your organisation. Talk to us today.

Contact us

Learn how our Internal Audit solutions can help you

Visit our Internal Audit page