The idea of internal audit as the “gotcha” or “no” function is a dated one: in today’s era, where finance broadly is beginning to take on more of a strategic role, “there should be open dialogue,” between internal audit, the CFO and other key functions, Mike Schor, US internal audit market offering leader at Deloitte said. “There should be coordination as well.”

“Of course, we need to maintain independence and objectivity in all the work that we do, but there is a way for everyone to work together for that greater good of the enterprise,” Schor told CFO Dive in an interview.

The internal audit rebrand

Schor has spent his 24 years at the Big Four firm as part of its internal audit practice, he said, now serving both in his current role championing its U.S. internal audit operations as well as serving as its global innovation leader for the function, he said. Internal audit teams focus on evaluating the internal controls, governance and risk management frameworks of their businesses, according to one breakdown. With both of those hats, he spends much of his time thinking about “what ‘good’ looks like in terms of a modern internal audit function,” he said.   

As organizations lean further on their CFOs and the rest of the finance team to provide strategic insight, internal audit needs to follow along the same path. Today’s internal audit teams need to go beyond providing “assurance for the sake of assurance,” Schor said — rather, they need to focus on anticipating key risks and becoming a trusted business advisor alongside the finance chief.

“We believe internal audit can be a change agent and actually help organizations adapt more quickly than they otherwise would,” he said.

As such, internal audit must become more “vocal with the rest of the enterprise about who they are, what their method is, why they're doing it and how they can help promote our organization,” Schor said.

 That requires conducting almost “a marketing campaign, a branding effort, if you will, and going to the CFO and saying, ‘here's what I have on my team, here's the skills and capabilities, here's the things we're focused on,’” he said.

A seat at the AI table

Another large-scale shift impacting audit leaders is the technology that is beginning to seep further into the function, Schor said.

As organizations become more competent with the new tools and the data they enable, “it's imperative that internal audit functions upskill so that we know how to use those capabilities in order to better get our objectives done at the end of the day,” Schor said.

When it comes to AI, internal audit needs to keep a careful focus both on how the technology could change their day-to-day processes, as well as on the risks it could potentially introduce, he said.  As such, it’s important for the function to have a front-row seat in regards to how their organizations are thinking about or deploying AI across the business, he said.

“When there is an AI Governance Committee, when there is some sort of technical group in management that is leading the charge around these things, internal audit should have a seat at that table,” he said. That doesn’t mean they are serving as voting members or making decisions about company direction, but they are able to have a real-time look a what’s happening and to provide insight and guidance, he said.

“Internal audit usually has the benefit of being able to see across the entire enterprise, so they might hear something in that room, and they can connect a dot with something another team is doing,” Schor said. “I think that that is a critical positioning for an internal audit function at this point.”