Skip to main content

Strategic Planning: A Roadmap for Internal Auditors

Internal Audit
Internal audit strategy
5 min read
Rick Wright
Director of Internal Audit and Enterprise Risk Management
Published: 31 May 2022
Last Updated: 15 September 2023

Strategic planning is an activity that has existed for centuries. Businesses rely on strategic plans to ensure growth, connection with customers, value creation for stakeholders, and a future of sustainable success. But while strategic planning is a vital business discipline, it is sometimes overlooked as a tool for internal auditing functions to ensure their own mission is successful.

In my experience, strategic planning is a topic that is under appreciated and undervalued within the internal auditing profession. There could be many reasons for this. Professional standards focus primarily on governance and methodology principles rather than strategic planning practices. Also, strategic planning is not frequently mentioned as a core competency of internal auditors. 

Most chief audit executive job descriptions make no mention of strategic planning as an essential job responsibility. Career auditors who have risen to the rank of CAE and other audit leadership roles likely have not been exposed to strategic planning processes (at least not from a practical standpoint). This experience gap can result in a mindset that creates hesitancy in pursuing strategic planning. After all, strategic planning is a challenging endeavour even for those with experience. Without experience or a roadmap (or funding to hire a consultant), strategic planning can be an intimidating pursuit. Plus, we follow our professional standards and have our audit plan to guide us. That should be enough, right? So we feel justified in putting strategic planning off until next year, or so it seems.

In this blog series, I’ll share a roadmap that I’ve used to develop a strategic plan for my internal auditing function. It’s intended to be practical and simple to follow so that any CAE can use it as a template for creating their own strategic plan. Some of this roadmap is textbook stuff, like having a vision and mission statement. But most of it is tailored specifically for internal auditing functions. I hope you find it helpful or at least thought-provoking.

I believe every strategic plan should begin by articulating your vision and the mission you’re attempting to achieve. These statements provide the North Star for your strategic journey. It’s so easy to get distracted in your pursuits, and having an anchor to align your strategic intent with can help keep you on target. Any pursuit that does not align with your vision and mission should be challenged.

I’ve crafted numerous vision statements for my internal auditing teams. I view a vision statement as a dream. It is something to be pursued and attained in the future. 

I tend to dream big, and some of my earlier vision statements were too broad and verbose. I’ve since come to appreciate concision and simplicity in vision statements. My preference is that vision statements be a single sentence and contain no more than four key descriptors that focus the dream on what is most important. 

For example, the current vision statement for my team is:
We are indispensable business partners, with a brand focused on innovation and excellence.

The concision and simplicity of this vision statement ensure that everyone on my team knows what’s most important to us. On top of that, they can easily articulate our strategic intent to anyone. It is also easy to memorise. Notice the words in bold. These descriptors provide the essence of what we want to become. This is our dream! We are in pursuit of indispensability, innovation, and excellence.

Your mission statement articulates what you deliver to your organisation and stakeholders. It’s a statement describing the type of service you provide and how you might provide it. In addition, I‘ve made the textbook description of mission statements to include a value proposition. After all, the service you provide lacks relevance unless there is value behind it. The value proposition helps to articulate why your mission is essential. 

Here is the current version of my team's mission statement and value proposition:

We support the strategic success of management through risk-based assurance engagements, consulting services, and risk-specific agile audits.

Value Proposition:
· Provide independent visibility to risk management performance
· Provide collaborative consulting services, including identification of root causes and potential sustainable solutions
· Maximise and continuously improve audit/risk coverage through the strategic use of technology and innovation
· Provide a talent pipeline by recruiting and developing a staff that possess relevant skills and competencies that are valuable to the business

To summarise, the mission statement describes the service we provide. The value proposition further articulates how our mission will be conducted to ensure value to the organisation and stakeholders. The bold items in the value proposition above identify attributes of how we execute our mission that drives value.

Notice how the mission and value proposition themes align with the vision statement above. The mission is intended to be executed with the vision in mind. It includes attributes that support our dreams of indispensability (independent, collaborative, solution-focused, talent pipeline), innovation (agile auditing and strategic use of technology), and excellence (continuous improvement of audit/risk coverage).

Now that we’ve covered vision and mission statements, next week we'll dive into the guiding principles of your strategic planning roadmap. The final blog will cover finding and defining your strategic intent. See you then! 

Take a break from reading about strategic planning and join the discussion virtually at Amplify 2023 on Sept. 21st. Access 13 sessions, and get the chance to earn up to 8 CPE credits! Register now.


About the Author
Rick Wright headshot
Rick Wright

Director of Internal Audit and Enterprise Risk Management

Rick A. Wright Jr., CIA, is Director of Internal Audit and Enterprise Risk Management for Yellow Corp. He has more than 25 years of experience in internal audit practice and training. His career has included roles with various organizations, including The Institute of Internal Auditors, Kansas City Southern Railway, H&R Block, and Resources Global Professionals. He has been an adjunct professor teaching accounting, finance, fraud, and strategic management courses. He is also founder of Resonate Training and Assurance Services, LLC, where he continues to pursue his passion for adult learning as an author, speaker, and training facilitator. Wright is an active member of The IIA’s Kansas City Chapter. He holds a bachelor’s degree in accounting from Missouri State University and an MBA from DeVry University Keller Graduate School of Management.

Online registration is currently unavailable.

Please email events@workiva to register for this event.

Our forms are currently down.

Please contact us at

Our forms are currently down.

Please contact us at