Identifying Key Stakeholders for Annual Plan.
The who, what, where, when and why of Internal Audit Annual Planning Stakeholders Annual Planning can be a long process,…
The who, what, where, when and why of Internal Audit Annual Planning Stakeholders
Annual Planning can be a long process, particularly when there are a number of stakeholders which we must engage with throughout the process. But there is no need for annual planning to be long or tedious. There are things we can do as an audit team to make our engagement with key stakeholders quick, easy, meaningful and even developmental, for everyone involved. In this post, we are going to discuss:
- Who you should engage with during the Annual Planning Process and why;
- When to engage with them;
- What we need from them; and
- How we can engage with them.
Who you should engage with during the Annual Planning Process
Everyone probably has an opinion on what audit should and should not look at and many of these opinions will be driven by personal objectives, however audit only has limited resources, so we need to be careful about who we talk to. Below is a list of recommended stakeholders audit should engage with and why:
- CEO / COO – These people set the strategy and direction of the business. Understanding the businesses future plans is important if audit is to be aware of risk areas may lie and what should be on our audit radar for the next five years.
- Department Leads (i.e. CFO, CIO, etc) – Those directly under the CEO / COO are responsible for implementing the strategy and objectives of the organisation. They are also the ones which see the challenges with implementing the strategy. The CFO understands the company’s financial position, what areas are performing (or under performing) and what the results of the strategy are. The CIO understands the technical constraints being faced by teams as they aim to offer customer services or undertake projects to support the strategy. Each of these departmental leads is aware of the risks and challenges being faced in implementing the strategy and therefore, are integral to the business.
- Audit Committee – Understanding the expectations of the audit committee and in particular, the Committee Chair, will help set priorities for the next year. What is the committee concerned about, what are the future risks they are thinking of, etc.
- Risk Directors – Risk Directors should have oversight of the entire organisation and emerging risks. Additionally, they should be aware of any new laws or regulations due to come into effect which will impact the business. These people are critical in ensuring we develop a risk based plan.
Other stakeholders you may want to consider include:
- Known Hot Spots – There are often areas of the business which regularly flag on audit’s radar. Meet with the Directors / Leaders of these areas where there are known issues to determine if things have either improved or (hopefully not), become worse.
- Big 4 Auditors / Networks – Our friends still working in practice often have a lot of knowledge about emerging risks or oversight about what is happening at some of their clients. Pick their brains to understand what is happening elsewhere and whether or not we should be concerned about it. Additionally, talk to auditors from other businesses. Again, this will help to see what they are thinking about.
Once we have identified our audit stakeholders, we should really note them down. We have built a handy template which will help you to list all your relevant stakeholders and maintain a log of who you have spoken to, who you still need to speak with, and where the minutes are documented. You can view the template here.