This is one of the most debated topics in boardrooms and within the Internal Audit fraternity. Yet, it remains as complex today as it was many years ago. I have spent nearly 22 years in this profession; more than 10 of them as a partner working with board members, investors, and co-founders. Still, at times, it can be tricky to solve what appears to be an easy puzzle.
To create value, one must ask, listen, and understand their stakeholders. What does “value” mean to different stakeholders? Internal auditors need to consider their environment—whether they operate in an MNC, a domestic company, or a start-up, and understand their reporting structure to investors, the Board, founders, etc.
Internal auditing has evolved from a compliance-focused function to a strategic partner that drives organizational improvement and risk mitigation. To create value, internal auditors must go beyond traditional assurance roles and embrace innovation, collaboration, and proactive risk management. According to the Institute of Internal Auditors (IIA), internal auditing is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.” This definition remains the guiding light for all IA professionals.
From my experience, value creation means different things depending on the type of company and the maturity of the person leading the function (such as the Audit Committee Chair). Below is a simplified categorization of companies and their expectations:
| Companies Category | Expectations from Internal Auditors |
| MNCs | · Alignment of audit objectives with business strategy (<5% companies do this)
· Provide reasonable assurance on the controls framework (Non-negotiable) · Very few MNCs look for cost savings, which is generally a by-product of a thorough internal audit |
| Large domestic companies | · Provide Assurance on control’s framework (Non-negotiable)
· Key focus is to identify cost savings/efficiencies |
| Middle sized domestic companies | · Cost savings as the primary objective
· Limited assurance mainly for statutory purposes · Many view IA as a “tick-in-the-box” requirement |
| Start-ups | · Two key stakeholders dominate the GRC landscape: Investors (PE/VC) and Founders/CFOs
· Investors expect absolute assurance from Internal Auditors · Founders/CFOs look for assurance, cost savings, and support in fixing identified issues. |
Note: These categories are indicative, and expectations may overlap depending on the company’s maturity.
If expectations from stakeholders are clearly aligned, internal auditors can not only meet but exceed expectations in value creation.
Create Boundaries
It is important to clarify what stakeholders should not expect from internal auditors—for example, expecting IA to execute transactions to fix gaps. A reality check between expectations and budgets is also essential. Stakeholders may want extensive coverage or consulting insights, but a poorly funded IA function may only be able to provide reasonable assurance. This must be communicated upfront.
Key Value Drivers in Internal Auditing
Below are some fundamental value additions internal auditors have been trained to deliver:
- Aligning Audit Objectives with Business Strategy
One of the most effective ways to create value is by aligning audit activities with the organization’s strategic goals. This ensures audits focus on areas that matter most to leadership.
For example, an IA function helped a major homegrown company expand internationally by aligning its audits with global business processes. The team implemented strong internal controls and risk frameworks that supported the company’s strategic growth and helped navigate regulatory and operational risks across borders.
- Leveraging Data Analytics and Technology
Modern IA functions use data analytics to identify patterns, anomalies, and emerging risks. This enhances efficiency and provides deeper insights. Many companies now integrate data analytics into their IA processes to monitor transactions in real time, enabling early detection of fraud and compliance issues, reducing financial losses, and improving transparency.
- Enhancing Risk Management Capabilities
Internal auditors add value by proactively identifying and mitigating risks before they escalate.
The collapse of Enron highlighted the consequences of weak internal controls and poor risk oversight. A more empowered and independent internal audit function might have flagged the irregularities that led to one of the biggest corporate scandals in history.
- Building Trust and Transparency
Internal audit fosters trust by promoting ethical behaviour and transparent reporting.
Audit engagements that emphasize transparency and governance boost investor confidence and strengthen an organization’s reputation in global markets.
- Providing Actionable Recommendations
Auditors should provide insights that lead to tangible improvements.
For example, an internal audit team identified gaps in vendor management and recommended automation tools. Their recommendations helped the company achieve a 20% reduction in procurement errors and enhanced vendor relationships.
- Collaborating Across Departments
Cross-functional collaboration helps auditors understand business processes more deeply and tailor their approach. Internal audit teams that work closely with functions like supply chain and IT often uncover interdependencies and systemic risks, leading to more effective controls.
Conclusion
Creating value in internal auditing requires a shift from reactive compliance to proactive strategic engagement based on alignment with stakeholder expectations and IIA’s fundamental principles.
By aligning with business goals, leveraging technology, focusing on efficiencies, enhancing risk management, and promoting transparency, internal auditors can position themselves as indispensable partners in organizational success.
Disclaimer: The views expressed are solely those of the author and do not represent those of the publishing organization
About the author:
Aashish Gupta comes with over 22 years of strong technical experience in Business Advisory Services, Corporate Governance, Business Process Transformation and Risk Consulting. He is contributing to nation building by supporting and advising Invest India (operating arm of Make in India initiative of Indian Government) in various projects from last ~5 years. He is leading Risk services (Forensics, Process risk advisory, IT risk) for cluster of sectors including FMCG, Retail, Pharma, Health-care (Hospitals/Diagnostics chain), Education, Consumer electronics, Hospitality including F&B. He specializes in Enterprise Risk Management, Sarbanes Oxley, Internal Audit, Operating Process Transformation, SOP development and Internal Financial Controls. He is also active speaks at business forums, ICAI webinars and seminars on risk management.