Skip to main content

An Internal Auditor's Guide to Proving Value and Staying Agile

Risk Assessment
Risk Management
Internal Controls
6 min read
Robert Schmollinger
Published: July 15, 2020
Last Updated: April 25, 2023

This is a guest post from Robert Schmollinger, former chief audit executive and principal at RCS II Consulting, LLC.

Fifty dollars per hour. In the whole scheme of things, that's chump change.

But that was the fee gap between my former team (at $185 per hour) and the external team we were ultimately outsourced to (at $135 per hour).

The world of business today looks nothing like it did even as recently as January 2020. Companies are slashing costs to cover all the red ink on their income statements. No role is safe, including internal audit.

I'm preaching to the choir here. You already know the dire situation of many businesses. And, you already know the importance and value internal audit can bring to an organization.

What you might not know is how to prove that value.

I can't rewind time and un-outsource my team, but I can give you some pointers on how to prove your value to executives who see risk as a cost rather than a benefit.

Phase One: Measure what matters

Start from the beginning: know where you are and how you're perceived in the organization.

If budget is the determining factor for the future stability of your team, it's up to you to learn it front and back—what's on each line item, why it's there, and how it rolls up to the success of the organization.

  • Do you have a handle on your controllable costs? (As in, the stuff that isn't keeping the lights on and payroll.) Are you giving them the scrutiny needed, and can you account for higher-than-average expenses?
  • Have you compared your costs to GAIN information from The IIA or other industry market surveys?
  • Are you including everything—even the non-controllable costs—in the scope of the overall cost of your program? (Some of these facets may be out of your control, but it's best to include all aspects at this evaluation stage. Is your rent expense going to be counted against you? Outsourced resources do not incur rent expense.)

Aside from the purely quantitative information gathering—scouring line items, as you did in the previous step—qualitative measurement from colleagues who interact with your team is critical. 

Why? Stakeholders who think you're doing a good job provide evidence of the value that your team is providing. And, for those folks where you're missing the mark, you want to be the one who finds out first that you have some issues to address, not your CFO or audit committee chair.  

  • Are you conducting end-of-engagement surveys? Even a short poll (e.g., "How did we do, and what could we have done better?") allows the people you are auditing to chime in.
  • Are you providing the same feedback mechanisms to stakeholders who are not audited, including the audit committee?
  • Are you making pivots based on feedback? 
  • (This one's the biggie.) Are you communicating the positive things your team is doing? When I let people know that my team and I were outsourced, I got a lot of surprised reactions—people enjoyed working with my team. That kind of enthusiastic feedback needed to be conveyed to leadership, by me, and by others.

So how, exactly, do you turn feedback into action, and action into proof?

Phase Two: Adjust and improve

When it comes to acting on feedback, I'm reminded of Henry Ford's (historically dubious) quote—“If I had asked people what they wanted, they would have said faster horses.”

If you ask your audit committee what they want, they want a stronger, faster audit function, but they aren't really familiar with the full scope of potential. It's up to you to show them. 

First, account for the feedback gathered in the first phase, especially the qualitative feedback. Analyze your surveys, discern the trends, and make substantive change. But this is the "faster horse" part—we must be proactive to anticipate organizational needs.

Start by "upskilling" your team with valuable skills that not only increase team engagement but also raise individual’s profiles within the company:

  • For the more tech-savvy members of your team, encourage learning new programming languages and tools. Even a basic comprehension of data analytics or programming tools, such as Python, can prove incredibly valuable to the whole department.
  • Other members of the team may benefit from fortifying their softer communication skills, such as healthy skepticism and curiosity, which are critical. 

While we're looking at skills, investigate the roots of your audit engagement process and risk assessment process. The best way to handle this, in my experience, is by calling everyone into the conference room and conducting an afternoon "Stop, Start, or Continue" exercise.

The premise is simple and is an easy way to check in with your team and your projects:

  • What’s working? Do more of that.
  • What’s not working? Do less of that.
  • What’s somewhere in the middle? Let’s discuss.

Here's the rub: I've talked to loads of other audit leaders who have conducted this exercise, and every one brings technology up as "not working." If you don't have the right tools for the job, you're destined to fail. Read that last sentence again.

We were using Excel® and Word®, and keeping all that documentation in a SharePoint® directory. In a word, the process was cumbersome. It wasn't purpose-built, and it didn't account for our processes, which sucked time, energy, and resources from my team.

Here are the technology features audit professionals should look for in a tool:

  • All information in one location. Critical audit documentation, narrative, and data in one spot. No more shared drives.
  • Scalable across teams. When your SOX and SEC reporting team use that same central location, reporting and compliance becomes that much easier.
  • Real-time reporting and dashboards. See the up-to-the-second status of your audits, and create instant audit reports.
  • Full audit trail. Wondering who updated what and when? Make it simple to find out.

Focusing on technology provides rapid impact—such as issuing audit reports in as little as 14 days— and its benefits only expand year over year.

Creating incredible efficiencies and finding new ways to move the needle aren't only important.

They may be the only thing keeping that $50 gap at bay.

Bonus: IIA executives speak out

Clearly, COVID-19 and the new normal of remote work has thrown a wrench in the day to day of internal audit work.

Download this infographic of advice from the executive leadership of The IIA to learn what they're doing to cope with today's evolving business climate.

Word, Excel, and SharePoint are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.


About the Author
Robert Schmollinger


Robert has worked in the areas of enterprise risk management, internal controls evaluation, and business strategy for over 25 years. Formerly, Robert served as the Chief Audit Executive (CAE) at MedImmune, Alegco Scotsman (now WillScot), and most recently, MicroStrategy, Inc. While at MicroStrategy, Robert and his team introduced time-saving data analytic tools to the audit process and led an evolution of the ERM process from a subjective intuition-based process to a more objective data-driven exercise. Robert is the founder and Principal at RCS II Consulting, LLC, where he serves clients of all sizes as they seek to align risk evaluation, controls, and strategic objectives for maximum profits.

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at