A Line Drawn in the Sand
There is an incident from the early days of my career that, even years later, remains a vivid memory.
I started my career in a Big Four firm’s risk advisory services function, and one of my first engagements involved working with a foreign bank’s internal audit function to update its audit methodology. The client’s local presence was small, with two internal audit staff supporting the branch.
Every day at noon, the office would come alive as staff gathered for the catered lunches provided by the bank. Colleagues from different departments sat together, chatting over their meals. The only exception was the two internal auditors. More often than not, they ate quietly at their desks. On the rare occasions they joined the dining area, they would sit alone at a small table, set apart from the lively groups. It was as if an invisible line had been drawn, quietly separating them from everyone else.
Over the two months I spent at the client’s premises, the pattern persisted. Subtle comments from staff across departments revealed the same sentiment – the internal auditors were not seen as colleagues, but as outsiders. I came to realise this perception was not unique to that bank.
Shifts in the Internal Audit Industry
In recent years, there has been a growing push for internal auditors to elevate our role and be seen as trusted advisors to the First and Second Lines, without compromising independence as the Third Line. No longer should we be perceived merely as “assurance providers” or “policemen” pointing out mistakes, but as partners offering independent, objective assurance and advice to help the organisation achieve its goals.
This shift is clearly reflected in the updated Global Internal Audit Standards (GIAS). A quick search of the word “collaborate” (and its variations) yields 26 results – more than half of which call on internal auditors or the Chief Audit Executive to work closely with senior management and business units. Collaboration is even codified in Standard 11.1 – Building Relationships and Communicating with Stakeholders. By contrast, the previous International Professional Practices Framework (IPPF) framework did not contain the word at all.
The message is clear: the Third Line should work with the First and Second Lines, not against them, as we all share the same objective – adding value to the organisation.
Changing Perceptions
When I joined my current organisation, it was no secret that the internal audit function was often viewed as “nitpicky”, “not understanding the business”, or even worse – “not adding value”. This created friction during audits, and reporting often became a painful back-and-forth. We knew this had to change. The updated GIAS, with its strong emphasis on collaboration, served as a timely wake-up call to rethink how we engaged our stakeholders.
What We Did Differently
- We started with ourselves.
To change perceptions, we first had to change our own mindset and approach. We reviewed our audit methodology from end to end – from risk assessment to reporting. The goal was to move away from “checkbox auditing” and focus instead on risks that truly mattered. This shift was championed by our Head of Audit, who had previously led a business unit and could provide both perspectives. - We made communication more transparent.
Once the refreshed methodology was ready, we engaged Senior Management and Heads of Department to explain its key elements and, importantly, the rationale behind them. By highlighting the why – not just the what and how – we encouraged greater understanding and buy-in. These reminders also became part of every audit opening meeting. - We built relationships outside of audits.
Our Head of Audit spearheaded outreach activities to break down barriers. Business units were invited to visit the Internal Audit department for lunches and informal gatherings. Internal auditors also joined colleagues for meals and after-work get-togethers. These interactions created a sense of familiarity, making future conversations smoother and more constructive.
One Year Later
The results have been encouraging.
Since this transformation, perceptions of the internal audit function have shifted noticeably. Stakeholders – from the Audit Committee and Senior Management to auditees themselves – welcomed our more collaborative approach. Many began consulting us proactively on risk and controls or inviting us as observers in working groups. Feedback, both formal and informal, has shown greater appreciation for internal audit as a strategic partner supporting the First and Second Lines, while still maintaining our independent Third Line role.
By encouraging simple, human interactions, we have blurred that line in the sand. Today, internal auditors and auditees work together on our shared commitment to improving the organisation – fulfilling our mandate as “an independent, objective assurance and advisory service designed to add value and improve an organisation’s operations.”
Isabelle Pong is a Certified Internal Auditor who is passionate about finding better ways to get things done.
