Internal Audit As A Key Agent of Change
Internal Audit As A Key Agent of Change
White Paper
Internal Audit as
a Key Agent of
Change
2024
This resource was prepared after the ‘Global Internal Audit Standards’ were published in 2024
Level 5, 580 George Street, Sydney NSW 2000 | PO Box A2311, Sydney South NSW 1235
T +61 2 9267 9155 F +61 2 9264 9240 E [email protected] www.iia.org.au
- Why Internal Audit as a Key Agent of Change? 4 An agent of change can be defined as:
- How Does Internal Audit do This? 4 A person or persons from inside or outside an
- What are Key Agent of Change Benefits? 5 organisation who help the organisation transform its
- What are Key Agent of Change Attributes? 6 operations, activities and culture through strategic and
Conclusion 6 people-centric innovation, improvement and focused
development. Also referred to as transformational
- Summary 6
leaders or change agents.
- Conclusion 6
The Institute of Internal Auditors-Australia
Bibliography and References 6
Agent of change can extend to the internal audit
Purpose of White Papers 7
profession because of opportunities internal audit work
Author’s Biography 7 can bring to influence change in their organisation.
About the Institute of Internal Auditors–Australia 7
What are Examples of Agents of Change?
Copyright 7
Disclaimer 7 The term ‘agent of change’ has been in use for some time
– it can apply:
Introduction
Purpose › In a local, national or international context.
The purpose of this White Paper is to discuss why and how › In an organisation or any group of people working
internal audit may progress from a ‘traditional’ internal together for a common purpose.
audit service approach to become a key agent of change › From a strategic or process perspective.
in their organisation.
An agent of change is someone who promotes change
Background such as:
The role of internal audit is to strengthen the organisation’s › A diplomat who negotiates a ceasefire
ability to create, protect and sustain value. They do this
› Consultants
by providing information about current conditions, the
implications of those conditions, and advice about how to › Counsellors
deal with them.
› Innovators
Further, internal audit has an obligation to pursue agreed
› Inventors
actions to ensure they are completed and appropriately
address the conditions identified. › People who challenge the status quo
In this process, internal audit seeks to bring about positive › People who help you jump through hoops
Organisation Change The term ‘key agent of change’ truly belongs to the
internal audit profession which has coverage of the entire
Drivers for change include such things as: organisation – but the term does not necessarily apply to
› Competitive markets and industry sectors. all internal auditors. In the 2021 book ‘Agents of Change
– Internal Auditors in an Era of Disruption’ (Chambers &
› Changing risk environment.
Perez) the authors observe:
› Organisations shifting to knowledge-based
Only 2 in 10 respondents view themselves as agents
operations.
of change who partner with executive management to
› Rapid advances in technology that require continuous drive change that creates value’.
business change and skill development.
Historically, internal auditors have not generally acted,
› Need for enhanced control environment because of or been perceived, as agents of change. Many internal
technology risk. auditors have been content to adopt a ‘this is how we’ve
always done it’ compliance approach without considering
› Workplace cultures focused on teamwork,
the real impact they could make on their organisations.
empowerment and innovation.
Internal audit is in a privileged position to influence change
According to Kotter (2007) in his seminal work in
within their organisation. They are in a position to convince
organisational change management, there are eight
management of the imperative for change and the
necessary stages in the process of making change in an
necessary strategy for making that change. While they will
organisation:
not be the party responsible for implementation, internal
› Create a sense of urgency. audit is in a position to advise on the best approaches and
to monitor implementation progress.
› Build a guiding coalition.
Internal audit is well-placed to be a key agent of change
› Form a strategic vision.
because it:
› Enlist a volunteer army.
› Is situated independently outside the management
› Enable action by removing barriers. structure and can be free of influence and bias from
› Generate short-term wins. management – management are the ones who
put systems in place and are likely to be reluctant
› Sustain acceleration. to change what they themselves designed and
› Institute change. implemented.
These stages exist in all changes whether they are at the › Is objective – an unbiased mental attitude that allows
strategic level or the process level of an organisation. internal auditors to make professional judgments,
Internal audit can have a direct role in each of these fulfill their responsibilities, and achieve the purpose of
stages. internal auditing without compromise
› Clearly building the internal audit plan around the Form a strategic vision – In convincing management that
organisation strategy and strategic risks / objectives change is both necessary and achievable, the internal
and associated risks – instead of an internal audit auditor will present a vision of how the organisation will
plan created directly from an audit universe and work after the change, and how the change will benefit the
based upon ‘we didn’t do that topic last year so we’d organisation and make it better than before.
better do it this year’.
Enlist a volunteer army – This should not be taken too
› Forward-looking internal audit services – rather than a literally – it is about obtaining organisational buy-in.
purely historical-based approach. Things do not happen just because a manager says they
should. In developing recommendations or action plans,
› Delivering real insights to the audit committee and
the internal auditor will have spoken to those who actually
executive management – not just a list of things that
do the work and who will be affected by the change. If
need fixing.
these people see their ideas within the changed process,
› Providing management requested services at the time they will be well-disposed towards it.
they will be really useful – not in the next internal
Enable action by removing barriers – The primary
audit plan when it will be too late.
barrier is often inertia, so continual monitoring or progress
Global Internal Audit Standard 9.2 ‘Internal Audit Strategy’ towards the change is important. It may be necessary to
emphasises that internal audit must have a strategy identify and address specific barriers such as organisation
that supports the strategic objectives and success of the structure / appropriate tools / lacking information
organisation. necessary to do the job. Internal audit monitoring of action
Secondly, Internal Audit must be, and be seen to be, plan implementation must not be a process of simply
competent to deliver necessary services. Individual reporting management’s commentary, it must go further to
internal auditors must hold appropriate qualifications and analysis and assistance.
work to maintain and develop their knowledge, skills and Generate short-term wins – Some recommendations and
experience. Part of the chief audit executive’s obligation in action plans have an extended timeframe for completion.
developing an internal audit strategy is determining what
Benefits from internal auditors being a key agent of change may include:
Benefits Description
For the Organisation
Help Build a Better Organisation › Offer internal audit services that have a real impact on
the organisation and its success.
› Offer forward-looking internal audit services especially
for ‘in flight’ major projects and business initiatives.
› Offer a range of internal audit services with each
one specifically chosen to provide the most optimum
approach and outcome for the individual topic.
› Provide advisory and management requested services
at the time they are needed.
› Drive innovation for new and enhanced ideas and
ways of working.
Move from ‘Problem Finder’ to ‘Problem Solver’ › Apply a solution-oriented lens to everything internal
audit does.
Achieve Engaged Stakeholders › Work in a collaborative partnership with management
for enhanced outcomes.
› Co-ordinate with stakeholders to ensure a shared
understanding and co-ordinated approach.
For Internal Audit
Innovate and Work Smarter › Implement agile approaches to reduce internal audit
service delivery time and impact on the organisation.
› Deploy technology to automate manual auditing
techniques for superior results benefiting internal
audit and the organisation.
Enable Technology › Implement internal audit digital strategy and constantly
evolve to leverage technology for enhanced
assurance.
Become an Internal Audit Employer of Choice › Become an internal audit function with a good
reputation where candidates want to work.
Celebrate Success › Professional bodies recognise internal audit as ‘best
in class’ through invitations to share experiences /
technical publications / awards.
› There is increase in management requests for internal International Internal Auditing Standards Board, 2016.
audit services. International Standards for the Professional Practice of
Internal Auditing. [Online]
› Cost savings and recoveries are identified.
Available at: https://www.theiia.org/en/standards/what-are-
› Internal audit analysis identifies trends. the-standards/mandatory-guidance/standards/
› Systemic issues are identified by internal audit and International Internal Auditing Standards Board, 2024.
remedied by management. Global Internal Audit Standards. [Online]
Available at: https://www.theiia.org/globalassets/site/
› Good practices are shared by internal audit and
standards/globalinternalauditstandards_2024january9_
adopted by management.
printable.pdf
› Percentage of advisory work as part of internal audit
Kotter, J. P., 2001. What Leaders Really Do. Harvard
plan increases year-on-year.
Business Review, 79(11), pp. 85-96.
› Percentage of internal audit plan focused on change
Kotter, J. P., 2007. Leading Change: Why transformational
initiatives increases year-on-year.
efforts fail. Harvard Business Review, Jan, 85(1), pp. 96-103.
This White Paper written by: The IIA sets the bar for Internal Audit integrity and
professionalism around the world with its ‘Global Internal
Andrew Cox MBA, MEC, GradDipSc, GradCertPA, Standards’ and associated professional guidance.
DipBusAdmin, DipPubAdmin, AssDipAcctg, CertSQM,
PFIIA, CIA, CISA, CFE, CGAP, CSQA, MACS Snr, MRMIA The IIA-Australia ensures its members and the profession
as a whole are well-represented with decision-makers and
Andrew Cox is Manager of Technical Services at the influencers, and is extensively represented on a number
IIA-Australia, responsible for technical matters including of global committees and prominent working groups in
contributions to the body of knowledge around Australia and internationally.
governance, risk management and internal audit.
The IIA was established in 1941 and now has more than
He was previously a chief audit executive at significant 230,000 members from 190 countries with hundreds of
organisations. He further developed the internal audit local area Chapters. Generally, members work in internal
external quality assessment process in Australia and has auditing, risk management, governance, internal control,
performed more than 300 of these in corporate and public information technology audit, education, and security.
sector organisations in Australia, Bahrain, Brunei, Kuwait,
Qatar, Saudi Arabia and the United Arab Emirates. Copyright
He has made presentations on internal auditing in forums This White Paper contains a variety of copyright material.
in Australia and internationally and has taught internal Some of this is the intellectual property of the author, some
auditing in Australia and other countries. He co-authored is owned by the Institute of Internal Auditors – Global or
the IIA-Australia publication ‘Internal Audit in Australia’ and the Institute of Internal Auditors – Australia. Some material
co-authored ‘Audit Committees – A Guide to Good Practice, is owned by others which is shown through attribution and
3rd edition’ issued by AICD / AUASB / IIA-Australia. He referencing. Some material is in the public domain. Except
contributed to ‘Sawyer’s Internal Auditing, 7th Edition’. for material which is unambiguously and unarguably in
the public domain, only material owned by the Institute
He is independent chair or member of a number of audit
of Internal Auditors – Global and the Institute of Internal
committees.
Auditors – Australia, and so indicated, may be copied,
Michael Parkinson BSc(Hons), GradDipComp, PFIIA, CIA, provided that textual and graphical content are not altered
CISA, CRMA, CRISC and the source is acknowledged. The Institute of Internal
Auditors – Australia reserves the right to revoke that
Michael is an internal auditor and risk management
permission at any time. Permission is not given for any
consultant in private practice. He has more than 30
commercial use or sale of the material.
years of experience in a range of government and
non-government environments. He has been active Disclaimer
in the development of risk management and internal
auditing standards and guidance for more than 10 years. Whilst the Institute of Internal Auditors – Australia has
Michael has practiced in Australia and South East Asia attempted to ensure the information in this White Paper is
and currently serves on a number of Audit and Risk as accurate as possible, the information is for personal and
Management Committees. educational use only, and is provided in good faith without
any express or implied warranty. There is no guarantee
Michael has been the recipient of the IIA–Australia Bob given to the accuracy or currency of information contained
McDonald Award and the IIA-Global Victor Z Brink Award in this White Paper. The Institute of Internal Auditors –
for services to the profession of internal auditing. Australia does not accept responsibility for any loss or
This White Paper edited by: damage occasioned by use of the information contained in
this White Paper.
Farah George Araj CIA, CPA, CRMA, CFE, PFIIA, QIAL