Five Powerful Ways Internal Auditors Can Build Credibility With Key Stakeholders

Credibility is earned. As auditors, our credibility comes from the assurance, insight, and advice we provide, and the trust we create.

Having helped to build a risk and internal audit function from scratch, I know how hard it was to establish trusting relationships in the beginning. At first, our operations were largely manual and we had a lot to learn about the business, but by proactively working with our stakeholders, we matured quickly. I believe our subsequent success came from establishing our credibility.

The release of the Global Internal Audit Standards in January 2024, with its increased focus on relationship building, is timely. As you begin the process of implementation of the updated Standards, I would like to offer five practical focal points to build and enhance your credibility:

• Be proactive.
• Be engaging.
• Be transparent.
• Be relevant.
• Be competent.

By investing in these key building blocks of strong relationships, you’ll set yourself and your audit team up for more engaged clients, higher-quality audits, and a more fulfilling workplace experience for all involved. 

Practice 1: Be proactive

Stakeholder engagement should be deliberate and continuous via a thoughtful, planned, and structured approach. The IIA Standards encourage us to “build relationships and trust with key stakeholders, including the board, senior management, operational management, regulators, and internal and external assurance providers and other consultants.”

Relationships are interpersonal – it seems obvious, but they are between people rather than titles or departments, and are ideally supported by face-to-face interaction, although emails, phone calls, and teleconferencing are great tools. An ad hoc or scattergun approach is inefficient. We should do it at a measured pace and not expect to achieve everything in one 30-minute meeting. It begins by focusing on our brand as a team and as individuals. Every communication – whether digital or in-person – is a chance to shape perceptions.

Practice 2: Be engaging

Internal auditors can have a reputation as professional fault finders who lob criticism from behind closed doors following some mysterious (and perhaps arcane) process. Approachability should be central to our mission and active — listening should be a key skill within our toolkit. 

We must be visible, approachable, and accessible. There are many benefits to be had – we will learn more about the organisation, secure buy-in for our work, get the support and resources needed, and establish a network of advocates. According to the Standards:

“When informal interactions occur consistently, employees gain trust in internal auditors, increasing the likelihood of candid discussions that may not occur in formal meetings. As a part of relationship-building, informal interaction may enhance internal auditors’ comprehensive understanding of the organisation and its control environment.”

We don’t have to focus solely on the negatives — we can celebrate and commend successes. Approachability is contagious too. Word will quickly get around that internal auditors are approachable.

The Three Lines Model reminds us that “independence does not imply isolation” and calls for regular interaction with staff, management, the board and other stakeholders. However, we need to exercise caution that we never create any perceived threats to the independence of the function or the objectivity of auditors. 

Practice 3: Be transparent

If we want credibility, we need to be transparent. To staff and management, our work can appear secretive and remote, perhaps provoking suspicion and even fear. After all, we are the ones that may be exposing the failures and weaknesses of others.

There are many ways to engage formally and informally. For example, internal auditors can have regular “open hours” so staff and managers can drop in for coffee and a chat. Otherwise, you can take the initiative and pick up the phone or invite a key stakeholder to coffee or lunch.

We should be prepared to be open and honest about who we are and what we do. It helps clients if they know our purpose. Why not share and discuss the internal audit charter as part of every engagement kick off? We should exercise a “no surprises” philosophy. We can communicate service level agreement standards so the client knows what to expect and can hold us to account. Continuous discourse throughout a project is so valuable. Findings can be discussed and management responses considered long before we reach the audit report stage of an engagement.

Of course, we need to get this right. The more open we are, the fewer places we can hide. We must lead by example. We must demonstrate an unwavering commitment to ethics and admit when we make mistakes.

Practice 4: Be relevant

We must demonstrate we are here to help management be successful. We are aligned with a common purpose and have solutions to recommend in our advisory capacity. We can take advantage of our unique vantage across the business by sharing a holistic organisational perspective and by commending good practice when we see it.

Holding workshops with our stakeholders is an excellent way to get them involved and communicate our insights and thought leadership. It is a chance to share our expectations of each other, build confidence, and strengthen our brand. A strong relationship is a great basis for conducting meaningful and successful audits. By asking relevant, well-informed questions, we can show we are focused on their needs, objectives, and risks. A “no-surprises” audit will be appreciated by your auditees and will further contribute to the audit function’s credibility.

Practice 5: Be competent

Perhaps the most important step in building credibility is being good at what you do, as individuals and as a function. Nothing succeeds like success. As auditors we should be professionally qualified and committed to continuous development. Our processes must conform with recognised international best practices, especially the IPPF.

Our audit functions must be efficient, effective, and flexible. The client experience should be smooth and user-friendly. Of course, technology can play a major role. We need to lead by example by embracing sophisticated tools and methods. We all know nightmare stories about digital transformation and other change initiatives, so we should learn from experience and avoid the pitfalls.

Look for Quick Wins on Your Journey to Being a Trusted Advisor

Before we can become incredible, we must be credible in the eyes of our clients, targeting key individuals in a planned approach to stakeholder engagement. Look for quick wins while committing to a long-term goal of being the acknowledged trusted advisor.

What does success look like? It will be different for every auditor and every audit team, but ideally internal audit will no longer be seen as the organisational police trying to stop employees from doing what they need to do to hit targets and achieve. Instead, your goal should be to be respected for your insights, regarded as being part of the solution, and sought out for your valuable and valued perspective. The road to recognition for the value you bring starts with building strong relationships — and there’s no better time to start than now!