Internal audit: from control body to value driver

As part of our study, we examined current developments in internal auditing with regard to current value drivers such as ESG, integrated governance, digitalisation and audit culture.

Climate change, geopolitical crises, increasing regulation and digital transformation: the level of risk and the complexity of external, in part disruptive influences and uncertainties continue to increase for companies. It is therefore all the more important that in volatile times, internal audit also takes these points into account in audit planning and implementation.

In order to be able to act efficiently and economically in the future, an expanded understanding of the role of internal auditing is needed. It should not only keep a closer eye on ESH risks, but also deal more intensively with external influences and develop from a pure monitoring function to a trustworthy and networked partner of the management.

The topic of value contribution plays a central role in this. Internal audit is changing from a pure audit partner to a sparring partner for the business units. It is close to the topics of transformation and digitalisation and helps to drive them.

"Today, internal audit should see itself as a trusted advisor - the value contribution is greater than just identifying deviations from a target state," says Luisa Esterházy v. Galantha, Partner, Risk & Compliance Services at KPMG.

For our study "Internal Audit in the Spotlight", we surveyed audit managers across Germany with regard to current value drivers such as ESG, trusted advisor, integrated governance, digitalisation and audit culture. The results show what is important to companies with regard to internal auditing, which transformation processes have already been initiated and where there is still a need for action.

IT and compliance issues, such as cyber security, play the biggest role in annual risk assessment planning at 59 per cent. This is followed by resource scarcity with 50 per cent and pandemics and natural disasters with 43 per cent. External risks such as conflicts and embargoes play a minor role with up to 15 per cent.

57 per cent of respondents consider ESG risks as part of audit planning. But in only 20 per cent of the cases does the internal audit carry out system audits that also assess the ESG maturity level and ESG requirements of the company. Here, it is important to further expand ESG competence in one's own company and in internal auditing.

Increasing amounts of data from ERP systems are available as a basis for data analytics tools. Nevertheless, such tools are used by only 28 per cent of respondents in more than half of their audits.

Download the entire study with all results and expert interviews here and find out, among other things, what role ESG, integrated governance, digitalisation and audit culture play for internal auditing.