Migrating to an Agile Internal Audit Model

    Not since The Institute of Internal Auditors (The IIA) was established in 1941 has the role of the internal auditor been more crucial. Increased and complex regulations, coupled with emerging risks and the feverish need to identify and deal with any risk that could disrupt an organization from achieving its strategic goals, have brought the role of the internal auditor into the spotlight. As such, internal auditors must be ready for their heightened relevance. How so? They must be agile.  

    The concept of an agile internal audit function seems relatively simple and perhaps it’s not even that new of an idea.  However, only 55% of responding chief audit executives in the 2015 Common Body of Knowledge (CBOK) research paper, Benchmarking Internal Audit Maturity, responded that their internal audit functions were fully (19%) or partially (36%) aligned with the strategic plan of their organization.  

    When comparing these results to the CBOK 2010 IIA Global Internal Audit Survey, What’s Next for Internal Auditing, it’s evident that internal auditors did not meet their own expectations over the past five years with respect to aligning with the strategic plans of their respective organizations, and that progress still needs to be made. In the 2010 survey, of the 13,500 internal auditors who were asked if internal audit has an advisory role in strategy development, 47% responded that it “applies now,” and 63% responded that it will “apply in five years.” 

    Moving to an Agile Delivery Model Is the Answer

    Moving an internal audit function to an agile delivery model is a process of transformation in practice and perception. It should start with a baseline assessment focused on the agility of an organization’s internal audit function.  The assessment should include an open dialogue with various stakeholders about the evolving role of internal audit, soliciting their feedback on their perceptions of the company’s internal audit function related to value and areas of improvement.  

    Just like any assessment internal audit performs, an agility assessment requires identifying the right attributes to assess.  Although there are many common attributes among agile internal audit functions, the six focus areas below should be considered when performing a thorough assessment and transforming the internal audit function.

    Forward Thinking. Does your IA function have the ability to predictively think about emerging risks?  The nature of traditional internal audit work requires a retrospective look when performing the work.  However, the ability to assess and prioritize an organization’s future risks is a sign of agility and is invaluable to any organization meeting their strategic objectives.   

    Collaboration. How well does your IA function collaborate with other functions within your organization?  Agile auditors are welcomed participants in regular conversations of risks, controls, and compliance across departmental lines and are sought out for their expertise and opinions.  Additionally, collaboration goes beyond the walls of your organization. Agile auditors network with industry experts, attend formal training, and actively participate in professional services organizations, such as the IIA.  Collaboration and interaction with other professionals increases the ability to draw on the experiences of others and benefits an organization by helping to achieve set goals. 

    Skills, Talent, and Knowledge. Does your IA function have access to the right skillsets with the right experiences to address current and future risks, provide vision, and deliver value to your stakeholders? Under an agile audit delivery model, there is continuous inventory of accessible skills, knowledge, and experiences, while and comparing it to what is needed going forward.  The results of this assessment could be the most important part of the agile assessment effort.  Risk management/internal audit talent is in high demand, and internal audit budgets are typically tight.  These two facts will force the agile auditor to be flexible, prioritize their efforts, and have appropriate discussions regarding spend on needed skillsets.  

    Efficiency. How efficient is your internal audit function?  Agile internal audit functions are always on a quest to reduce time within the audit process and present issues, identify causes, and provide recommendations quicker, while embracing technology in this effort.  Additionally, are your internal auditors impacting the efficiency of the function or process they are auditing?  This is a common complaint of auditees, and its bad press that moves the perception of an internal audit function further away from its goal of being agile.  Agile internal auditors seek ways to maximize their reliance on data that can be gathered independently whenever possible, rather than requested from auditees, to facilitate portions of their audit process.

    Flexibility. Does an ad hoc request from your organization wreak havoc on your internal audit plan?  Truth is, many ad hoc requests from your organization are a priority, directly connected to your organization’s strategies, and are high-profile.  There is no better chance for your internal audit function to demonstrate the skills they bring to the table.  An agile audit function is prepared to prioritize these requests and accepts that ad hoc needs will occur during any given year.  Therefore, it is important to build in some a level of flexibility into your internal plan – one that will provide flexibility when needed.  

    Marketing. Are your stakeholders aware of the value that your internal audit function is already bringing to the table beyond that of traditional internal audit activities?  As mentioned above, transforming to an agile delivery model is not just about practice; it is also about perception.  Once your assessment is complete, share it with your stakeholders and discuss the agility strengths of the internal audit function and your plans to increase the agility of the function.  Gaining the support of stakeholders through this process is crucial to its success.


    Organizations must be prepared to better predict and react to future risks in order to avoid disruptions and remain competitive. The internal audit function should be part of the solution.  The internal audit profession will evolve to meet the needs of an organization and its stakeholders. Migrating to an agile delivery model is part of that evolution.  


    CohnReznick Advisory’s internal audit services are built on an agile delivery platform. For more information on how we can assist your organization with improving its internal audit functions – whether in migrating to an agile internal audit delivery model, or co-sourced specialty internal audit services to supplement your internal audit function –  please contact George Gallinger, principal, at 973-871-4060.

    Subject matter expertise

    • Contact George George+Gallinger george.gallinger@cohnreznick.com
      George Gallinger

      CIA, CFE, Principal, Risk Advisory, Global Consulting Solutions

    • Close


      Let’s start a conversation about your company’s strategic goals and vision for the future.

      Please fill all required fields*

      Please verify your information and check to see if all require fields have been filled in.

      Please select job function
      Please select job level
      Please select country
      Please select state
      Please select industry
      Please select topic

    CohnReznick and Nexia International Unveil Results of Global Cybersecurity Survey

    Revenue Recognition Resource Center

    Risk Management 

    This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.