From Risk Traditionalist to Risk Strategist: How Internal Audit Must Evolve

The video argues that internal audit functions must evolve from "risk traditionalists"—those clinging to annual, findings‑centric plans—to "risk strategists" who provide real‑time confidence for board‑level decisions. Host Erin Maney and EY’s Jess Rogers explain why the legacy model, built for a linear, slow‑moving risk environment, is misaligned with today’s NAVI (non‑linear, accelerated, volatile, interconnected) landscape. Key insights include three outdated assumptions: the audit plan is the product, findings equal wins, and independence means staying distant. Rogers stresses that the product should be organizational confidence, that value lies in driving change rather than tallying findings, and that true independence requires courageous, timely conversations with leadership. Metrics must shift from count‑based outputs to stakeholder perception, early risk identification, and talent mobility. A concrete illustration follows a new CAE who spent 30 days listening to the C‑suite before redesigning the audit approach. She piloted a rapid risk assessment, delivered concise two‑page insight memos, and built advocacy that unlocked broader transformation. Rogers also notes that traditional reports—often 40 pages—are too slow and opaque for executives needing swift, actionable intelligence. The implication is clear: internal audit must become a strategic navigator, leveraging continuous monitoring, rapid‑cycle assessments, and concise communication to close the latency gap between risk emergence and leadership awareness. Organizations that adopt this mindset will enhance decision velocity, reduce exposure to cascading risks, and position audit as a talent magnet and a trusted advisor rather than a compliance checkpoint.