I am sure that most organisations, big or small, would have Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) which are aligned to their mission and goals.
As Internal Auditors, it is imperative to have a deep understanding of business operations, KPIs and KRIs of the company you work for in order to help the board and management achieve the mission. IA will be treasured for their contribution when the work they do helps their organisation grow profitably toward their business goals, and guards the organisation from internal and external threats.
The job of a CAE entails them to work with management and process owners to identify areas in the audit universe that matter to them most, i.e. areas that enhance their performance (KPIs) and ease the threats (KRIs). They would then prioritise it amongst other processes and incorporate in the annual audit workplan.
The key findings and recommendations of these audits would be key to driving performance and reducing threats. We all know that contributions by IA are difficult to measure especially if they are intangible and take time to germinate but we can at least use the KPIs and KRIs as proxies in our self-performance evaluation.
When management sees that IA contributes to the KPIs and ease the KRIs, this would position IA as essential to a company’s value creation and success.