Skip to main content

Strategic Planning: A Roadmap for Internal Auditors

Internal Audit
Internal audit strategy
6 min read
Rick Wright
Director of Internal Audit and Enterprise Risk Management
Published: May 31, 2022
Last Updated: November 7, 2023

The strategic planning process is an activity that has existed for centuries. Businesses rely on strategic plans to ensure growth, connection with customers, value creation for stakeholders, and a future of sustainable success. But while strategic planning is a vital business discipline, it is sometimes overlooked as a tool for internal auditing functions to ensure their own mission is successful.

In my experience, strategic planning is a topic that is underappreciated and undervalued within the internal auditing profession. There could be many reasons for this. Internal auditing professional standards focus primarily on governance and methodology principles rather than strategic planning practices. Also, strategic planning is not frequently mentioned as a core competency of internal auditors. 

What is strategic planning?

Tech Target defines strategic planning as, “a process in which an organization's leaders define their vision for the future and identify their organization's goals and objectives.” To describe further, the strategic planning process includes establishing the exact sequence and format in which those goals should be executed so that the organization can reach its vision as it is written in the vision statement.

Why is strategic planning important?

Like businesses, internal audit teams need direction and organizational goals to work toward, and it's the strategic plan which offers that type of guidance and then gets distributed through the entire organization. In essence, a strategic plan serves as the main roadmap that explains how our internal auditing team’s efforts will achieve our defined business goals. Without such guidance, there is no way to tell whether our internal audit team (and the larger team) is on track to reach its defined goals.

Check out the next two posts in this blog series:

Most chief audit executive job descriptions make no mention of strategic planning as an essential job responsibility. Internal auditors who have risen to the rank of CAE and other audit leadership roles likely have not been exposed to strategic planning processes (at least not from a practical standpoint). This experience gap can result in a mindset that creates hesitancy in pursuing strategic planning for future internal audits. After all, strategic planning is a challenging endeavor even for those with experience. Without experience or an internal audit roadmap (or funding to hire a consultant), strategic planning can be an intimidating pursuit. Plus, we follow our strategic planning professional standards and have our internal audit plan to guide us. That should be enough, right? So we feel justified in putting strategic planning off until next year, or so it seems.

In this blog series, I’ll share a strategic planning roadmap that I’ve used to develop a strategic plan for my internal auditing function. It’s intended to be practical and simple to follow so that any CAE can use it as an internal audit management template for creating their own strategic plan. Some of this roadmap is textbook stuff, like having a vision and mission statement. But most of it is tailored specifically for internal auditing functions. 

I believe every strategic plan should begin by articulating your vision and the mission you’re attempting to achieve as it relates to the internal audit process. These statements provide the North Star for your strategic journey. It’s so easy to get distracted in your pursuits, and having an anchor to align your strategic intent with can help keep your internal audit plan on target. Any pursuit that does not align with your vision and mission should be challenged.

Investopedia describes a vision and mission statement as a message that is used by a company to explain, in simple and concise terms, its purpose for being. Typically, a mission statement explains a company's culture, values, and ethics and it’s usually only a sentence or short paragraph. A vision statement outlines the company's long-term goals and aspirations for the future in terms of its long-term growth and impact on the world.

Mission and vision statements serve several purposes, including motivating employees and reassuring investors of the company's future. The International Internal Audit (IIA) commision describes the mission or purpose of an internal auditor, “to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight” which can translate into the “why” for your internal audit process.

I’ve crafted numerous vision statements for my internal auditing teams. I view a vision statement as a dream. It is something to be pursued and attained in the future.

I tend to dream big, and some of my earlier vision statements for internal auditors were too broad and verbose. I’ve since come to appreciate concision and simplicity in vision statements. My preference is that vision statements be a single sentence and contain no more than four key descriptors that focus the dream on what is most important for audit management.

For example, the current vision statement for my audit team is:
We are indispensable business partners, with a brand focused on innovation and excellence.

The concision and simplicity of this vision statement ensure that everyone on my internal audit team knows what’s most important to us. On top of that, internal auditors can easily articulate our strategic intent to anyone. It is also easy to memorize. Notice the words in bold. These descriptors provide the essence of what we want to become. This is our dream! We, as internal auditors, are in pursuit of indispensability, innovation, and excellence.

Your mission statement articulates what your internal audit team delivers to your organization and stakeholders. It’s a statement describing the type of service you provide and how you might provide it. In addition, I‘ve made the textbook description of mission statements to include a value proposition. After all, the internal auditing service you provide lacks relevance unless there is value behind it. The value proposition helps to articulate why your mission is essential.

Here is the current version of my internal audit team's mission statement and value proposition:

We support the strategic success of management through risk-based assurance engagements, consulting services, and risk-specific agile audits.

Value Proposition:

  • Provide independent visibility to risk management performance
  • Provide collaborative consulting services, including identification of root causes and potential sustainable solutions
  • Maximize and continuously improve audit/risk coverage through the strategic use of technology and innovation
  • Provide a talent pipeline by recruiting and developing a staff that possess relevant skills and competencies that are valuable to the business

To summarize, the mission statement describes the service our internal audit team provides. The value proposition further articulates how our mission will be conducted to ensure value to the organization and stakeholders. The bold items in the value proposition above identify attributes of how our audit management team executes our mission and drives value.

Notice how the mission and value proposition themes align with the vision statement above. The mission is intended to be executed with the vision in mind. It includes attributes that support our dreams of indispensability (independent, collaborative, solution-focused, talent pipeline), innovation (agile auditing and strategic use of technology), and excellence (continuous improvement of audit/risk coverage).

Now that we’ve covered vision and mission statements, it's time to dive into part two—establishing guiding principles. After that, be sure to check out part three of this blog series—finding and defining your strategic intent. Enjoy!

About the Author
Rick Wright headshot
Rick Wright

Director of Internal Audit and Enterprise Risk Management

Rick A. Wright Jr., CIA, is Director of Internal Audit and Enterprise Risk Management for Yellow Corp. He has more than 25 years of experience in internal audit practice and training. His career has included roles with various organizations, including The Institute of Internal Auditors, Kansas City Southern Railway, H&R Block, and Resources Global Professionals. He has been an adjunct professor teaching accounting, finance, fraud, and strategic management courses. He is also founder of Resonate Training and Assurance Services, LLC, where he continues to pursue his passion for adult learning as an author, speaker, and training facilitator. Wright is an active member of The IIA’s Kansas City Chapter. He holds a bachelor’s degree in accounting from Missouri State University and an MBA from DeVry University Keller Graduate School of Management.

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at