Deloitte: Shining a Spotlight on Strategic Internal Audit

Internal audit leaders need to be “vocal” with their CFOs about the skills and capabilities of their teams, Deloitte’s Mike Schor said.

Team of business people discuss data analytics in a conference room. Getty Images

The idea of internal audit as the “gotcha” or “no” function is a dated one: in today’s era, where finance broadly is beginning to take on more of a strategic role, “there should be open dialogue,” between internal audit, the CFO and other key functions, Mike Schor, US internal audit market offering leader at Deloitte, said. “There should be coordination as well.”

“Of course, we need to maintain independence and objectivity in all the work that we do, but there is a way for everyone to work together for that greater good of the enterprise,” Schor told CFO Dive in an interview.

The internal audit rebrand

Schor has spent his 24 years at the Big Four firm as part of its internal audit practice. He now champions Deloitte’s U.S. internal audit operations and serves as the firm’s global innovation leader for the function. Internal audit teams focus on evaluating internal controls, governance and risk‑management frameworks of their businesses. With both of those hats, he spends much of his time thinking about “what ‘good’ looks like in terms of a modern internal audit function,” he said.

As organizations lean further on their CFOs and the rest of the finance team to provide strategic insight, internal audit needs to follow along the same path. Today’s internal audit teams need to go beyond providing “assurance for the sake of assurance,” Schor said — rather, they need to focus on anticipating key risks and becoming a trusted business advisor alongside the finance chief.

“We believe internal audit can be a change agent and actually help organizations adapt more quickly than they otherwise would,” he said.

As such, internal audit must become more “vocal with the rest of the enterprise about who they are, what their method is, why they’re doing it and how they can help promote our organization,” Schor said.

That requires conducting almost “a marketing campaign, a branding effort, if you will, and going to the CFO and saying, ‘here’s what I have on my team, here’s the skills and capabilities, here’s the things we’re focused on,’” he said.

A seat at the AI table

Another large‑scale shift impacting audit leaders is the technology that is beginning to seep further into the function, Schor said.

As organizations become more competent with new tools and the data they enable, “it’s imperative that internal audit functions upskill so that we know how to use those capabilities in order to better get our objectives done at the end of the day,” Schor said.

When it comes to AI, internal audit needs to keep a careful focus both on how the technology could change day‑to‑day processes and on the risks it could potentially introduce. It’s important for the function to have a front‑row seat regarding how their organizations are thinking about or deploying AI across the business.

“When there is an AI Governance Committee, when there is some sort of technical group in management that is leading the charge around these things, internal audit should have a seat at that table,” he said. That doesn’t mean they are voting members or making decisions about company direction, but they can have a real‑time look at what’s happening and provide insight and guidance.

“Internal audit usually has the benefit of being able to see across the entire enterprise, so they might hear something in that room, and they can connect a dot with something another team is doing,” Schor said. “I think that is a critical positioning for an internal audit function at this point.”