New product alert: Learn about RegComply!

Customers
Login
Auditboard's logo
Get Started

April 10, 2024 5 min read

Aaron Gagnon of McKinsey & Co Dreams Bigger When It Comes to Audit Strategy

To the Audit Committee, Success Looks Like Having More Requests for Advisory Work Than Capacity
Playbook for Internal Audit Transformation: Get Your House in Order and Start Building Relationships
“Dream a Little Bigger, Darling”: Leaning Into Strategy to Level Up Your Audit Team

Join Richard Chambers for a new episode of his Agents of Change video series, featuring conversations with internal audit leaders from some of the world’s most prominent organizations about innovation in the profession.

In this episode, Richard sits down with Aaron Gagnon, Chief Audit Officer of McKinsey & Company and former CAE at Apple and Abercrombie & Fitch, to discuss why his playbook for building forward-looking internal audit functions always starts with getting his house in order and cultivating relationships of trust across the organization, including:

  • If you receive a blank check from the Audit Committee and a mandate to transform internal audit — what are your next steps?
  • To build stronger relationships across the org, start by sharing with others — even as far as your quarterly audit report to the Board — and they’ll be more likely to share with you.
  • Dreaming a little bigger: why getting to the next level isn’t about how many audits you complete, but about how you elevate your team, improve your technology use, and impact the company. 

Watch the full conversation, and read the can’t-miss highlights below.

Aaron Gagnon of McKinsey & Company reflects on internal audit transformation at McKinsey, Apple, and Abercrombie & Fitch.

To the Audit Committee, Success Looks Like Having More Requests for Advisory Work Than Capacity

Richard Chambers: Aaron, I wrote the book Agents of Change about internal auditors who are catalysts for transformation that helps to create value for the organizations they serve. Most people don’t think of internal auditors as being value creators or enhancers, they just think of them as being value protectors. But what’s your view? Is it appropriate for internal auditors to help the organization grow and achieve success other than just protecting the assets?

Aaron Gagnon: Absolutely. I think a lot of us talk about the assurance side and the advisory side. In my experience working with a couple different Boards, they more and more want us to do that. Obviously, they’re always trying to be careful to make sure we do our core responsibilities — there’s a strong need for that. I worked formerly at Apple, and I remember we had an audit committee presentation at one point when we were having more people ask for advisory work than we had capability, and we were trying to balance that with the amount of assurance. I remember one of the audit committee members said to me, “This is how I know that you’ve been successful here. You’ve got more people asking for your help than you can provide.”

Richard Chambers: It’s interesting because that’s a performance metric that I think is underutilized. There’s a lot of debate — even at a conference that I attended recently — by internal auditors saying “How should we measure our performance?” There tends to be a lot of focus on outputs. How many audits did I do last year? What percent of the audit plan did that complete? But what you’re talking about, one way of measuring your success might be how often the phone rings or you get a text message or an email asking for help.

Aaron Gagnon: Yeah, part of that conversation was to say, “Here’s all the requests on the advisory side. Here’s what I’m going to do, and here’s what I’m not doing.” It becomes a conversation about the things we won’t do on an advisory side, not because we can’t, but because we have limited capacity — and here’s how I’ve prioritized it.

Playbook for Internal Audit Transformation: Get Your House in Order and Start Building Relationships

Richard Chambers: You know, when I talk about agents of change in internal audit, I talk about the fact that if you want to be an agent of change, you’ve got to start at home. That is within internal audit itself. Now, I know that you’ve been a transformational agent in the internal audit functions that you’ve led. Can you share any perspectives, insights, or stories about how you might have been that change agent when you took over an internal audit function?

Aaron Gagnon: Yeah, actually at Abercrombie and Fitch, then at Apple, and then at McKinsey — all three came with a mandate that we want something different. At this point, I feel like I kind of have a bit of a playbook on how to do this. Where you come in and say, where are we today? You meet with all the key stakeholders and say, “What is it that you want?”I joke a little bit and say “do you want chocolate, vanilla, or strawberry? It’s all ice cream and it all tastes good, but which version do you want?” So, figuring that piece of it out and then coming up with a strategic plan for how we get there. Where are the gaps and where do we want to be? Putting that roadmap out there.

Richard Chambers: Are there any speed bumps that you hit as you were trying to come into these new organizations and get everybody to rethink internal audit?

Aaron Gagnon: At Apple, they had an internal audit team that had pretty much done SOX work and fraud work — and to be quite fair they were really good at it, it’s probably the best SOX program I’ve ever seen, even my time at Ernst and Young and other places. Two new board members came in and said that’s great, but that’s not internal audit and we really need an internal audit function… I actually ended up going for a 45-minute meeting with one of these Audit Committee members, and we talked for two hours. At the end, this audit committee member said, “Listen, we’re going to give you a blank piece of paper and a blank check. Don’t be shy. They have $260 billion in cash.” Now, the CFO didn’t agree with that, as you can imagine, but the Audit Committee member basically said, “You’re going to come back in six months and tell us what this organization needs to look like and how much management needs to write the check for — and you’re going to do this at the largest market cap company in the world.” I thought that’s the best sales pitch I’ve ever heard in my life. Sign me up!

“Dream a Little Bigger, Darling”: Leaning Into Strategy to Level Up Your Audit Team

Richard Chambers: You’ve described these roles that you came into and your first order of business was this transformational change, but then once you were there, was there a need for a strategic plan? Because I know the new IIA Standard, Standard 9.2, requires the CAE to develop a strategic plan and lead the organization by that strategic plan. What’s your experience been with that?

Aaron Gagnon: When I was at Apple at the beginning it was just, “How do we build?” We’re building the foundation of a house. How do we put that down? A couple years into it we came back with our strategic plan: what does this look like down the road? I think sometimes as CAEs we get a little bit lost in the one-year plan, and it’s very limited as to where you’re trying to go. I’m just trying to deliver what I’ve got to deliver.

Check out more audit leader interviews with Richard Chambers on our Agents of Change video series channel.

You may also like to read

Healthcare Audit
Internal Audit

Healthcare Audit: Ensuring Compliance and Improving Patient Care

LEARN MORE
Cybersecurity Audit Essentials
Internal Audit

Cybersecurity Audit Essentials: Roles & Responsibilities, Steps, and Best Practices

LEARN MORE
Featured image
Internal Audit

Navigating Internal Audit Challenges in Retail: A Strategic Approach to Risk and Compliance

LEARN MORE

Discover why industry leaders choose AuditBoard

SCHEDULE A DEMO
upward trending chart
confident business professional