Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Staying in sync with internal audit and the chief audit executive

Staying attuned to the company’s changing risk profile has put a premium on internal audit being in sync with the audit committee.

Understanding a company’s strategic and operational risks in an increasingly complex  business environment is both a top priority and a top challenge—and internal audit has a vital role to play. Staying attuned to the company’s changing risk profile—including its control environment, culture, and crisis readiness—has put a premium on internal audit being in sync with the audit committee.

This year alone, major shifts in the regulatory and business landscape are demanding more agility from internal audit. New cybersecurity disclosure rules for public companies have arrived, and final climate disclosure rules and proposed human capital management disclosure rules could follow shortly. The use and experimentation with artificial intelligence is becoming pervasive as well.

The chief audit executive (CAE) can help audit committees monitor these trends, understand what’s happening at every level of the company (as the committee’s eyes and ears), and connect the dots.

As panel members suggested during the KPMG Audit Committee Leadership Forum in June, keys to the CAE’s value-add to the audit committee include the following:

  • Recognizing how dramatically the business and risk landscape is changing and having a “healthy concern” about any claims of a static risk and internal control environment
  • Understanding the importance of a robust, disciplined, process-oriented risk assessment that is not adversarial as the basis for the audit plan
  • Developing an audit plan that is risk-based, adapts to the changing operating environment, and aligns with the organization’s strategy and risk profile
  • Being objective, process-oriented, and disciplined
  • Maintaining robust two-way communication with the audit committee and making executive sessions regular and structured

“Internal control is a team sport,” said one audit committee chair at a recent KPMG-sponsored event. “As an audit committee, you have to have a CAE whom you can rely on, who is agile, and who can adjust to changes in both reporting expectations and the risk environment.”

Given the increasingly complex risk environment and the intense focus of regulators, investors, and other stakeholders, the audit committee should closely monitor internal audit’s risk assessment process and its development of the audit plan. The committee should ask, for example, the following questions:

  • To what extent does the CAE and internal audit participate in management committees responsible for the company’s various strategic initiatives, including the identification and management of risks and related controls associated with those initiatives? How does internal audit interact with the company’s risk management and compliance functions?
  • As the company prepares to comply with new regulatory disclosure requirements for climate, cybersecurity, human capital management, and sustainability, does internal audit have a seat at the table? Does internal audit participate as a member of management’s disclosure committee?
  • Does internal audit have the talent, resources, and expertise to conduct a robust risk assessment and to develop and execute an audit plan that aligns with the company’s risks?

Currently, CAEs view cyber, information technology, and sustainability risks at opposite ends of the risk spectrum in terms of the time and attention that internal audit devotes to them. According to the 2023 North American Pulse of Internal Audit, from the Institute of Internal Auditors, 78 percent of internal audit professionals viewed cybersecurity as a high or very high risk, with 57 percent responding the same for broader technology issues. By comparison, only 9 percent said the risk level for the range of sustainability risks was high or very high.

While climate and sustainability may be a long-tail or distant risk for some companies (and nearer for others), new regulatory mandates for climate disclosures both in the United States and globally—as well cybersecurity, human capital management, and other sustainability disclosures—will require an increased focus by internal audit.

“The chief audit executive needs to be comfortable with a risk environment that is rapidly changing,” said another audit committee chair. “When significant shifts are needed in the audit plan—for example, with new disclosure requirements—flexibility is key .”

This article originally appeared in the Fall 2023 issue of NACD Directorship magazine.

Meet our team

Image of Stephen L. Brown
Stephen L. Brown
Senior Advisor, KPMG Board Leadership Center, KPMG US
Image of Michael A. Smith
Michael A. Smith
Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

Receive the latest insights from the Board Leadership Center

Sign up to receive Board Leadership Weekly and Directors Quarterly

Thank you

Thank you for subscribing. We're excited to welcome you to our community. You can now look forward to the latest news, trends, upcoming events, and thought leadership delivered directly to your inbox.

Subscribe to insights from KPMG Board Leadership Center

Board Leadership Weekly - A weekly email providing the latest news, trends, upcoming events, and thought leadership focused on the board and C‑suite from KPMG, the BLC, and other leading sources. 

Directors Quarterly - A compilation of articles, insights, and upcoming events.

Select publications you want to receive and any topics of interest below. Select all that apply.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.