Making internal audits business-relevant

Journal article, 2017

Internal management system audits are sometimes seen as policing activities focusing on compliance and documentation rather than something that contributes to improvements. Previous research has focused on what to change in order to make auditing more business-relevant; fewer studies provide focus on how these changes can be operationalised. The purpose of this paper is to understand how internal audits can be carried out in a way that is perceived to add value beyond verifying compliance towards a standard. This study is based on action research in a global company in the consumer electronics sector. The study confirms that internal audits can add value beyond verifying compliance, acting as a generative mechanism for business-relevant improvements. However, this requires both short- and long-term changes in the auditing process; examples of changes are decreased time from audit to report, closer dialogue with management by the establishment of a sponsor role linking management and auditors, and giving up the cyclic audit programme in favour of a programme aligned with business objectives, strategies, and risks.