Build a stronger audit function through external quality assessment

Why conduct an external quality assessment every five years?

The Institute of Internal Auditors’ (IIA) audit standards (PDF) [ 5760 kb ] call for an EQA of your internal audit (IA) function every five years – so yes, in terms of compliance, it’s a must. 

But an EQA is also a way to protect your credibility as an organisation. It shows that rather than relying on policing yourself, you’re willing to open your processes, practices and controls to third-party scrutiny. 

What’s more, the feedback and fresh perspective an EQA brings to the table can help to ratify an IA strategy and articulate the functions value and effectiveness to the business, Audit Committee and Board. It enhances the departments standing in the business and gives stakeholder additional confidence, laying the groundwork for future success.

Raise your assurance credibility

An EQA boosts your credibility with boards, regulators and investors. There’s no better way to show your transparency and commitment to improvement than to welcome and share an independent opinion of your IA function. 

Stakeholders feel more confident when they see there’s nothing to hide, and that IA is aligned with professional standards and benchmarks, beyond its own internal KPIs. It gives them a holistic view of the function, and is a way to display its effectiveness in delivering value and assurance to stakeholders.

Align with IIA standards

As outlined in our new audit standards guide, the IIA continues to require EQAs every five years. As before, a self-assessment with independent validation (SAIV) is an alternative – but if that’s the path you choose, the new standards say you need to explain to your board why you’re performing an SAIV instead. 

This suggests an EQA as the preferred option – which makes sense, as the EQA offers up the opportunity for external subject matter expertise to benchmark and offer up new perspectives to enhance your operations. This is the where true added value can be gained from having an EQA.

Discover improvement opportunities

The EQA is your chance to bring fresh eyes to your IA function, reviewing your positioning, people, processes and methodology in light of the new IIA standards. 

The assessor also brings experience of best practices and innovations from both across your industry and other functions, so they’re able to offer alternatives you may never have considered. For heads of internal audit who are looking for different perspectives, or who are under pressure to innovate, these new ideas are vital.

Benefit from consistency

Conforming with IIA standards through an EQA will drive consistency across operations, streamlining your workflows. This consistency makes communication across borders and business units easier and clearer. With a full understanding of how you measure up to industry standards, you’ll be able to benchmark against your competitors more effectively.

Grant Thornton’s ‘Four Ps’ assessment framework

Grant Thornton has the expertise and resources to provide high-quality audit engagements.

Working as a trusted partner to IA teams, we offer a complete view of their audit strength through proven EQA methodology. This approach, aligned with the IIA standards and Code of Ethics, focuses on performance, people, planning and positioning for a robust EQA engagement.

Performance

Your audit methodology determines your IA performance. In reviewing your ways of working, we focus on the quality of your:

• critical evaluation
• management information
• reports and recommendations
• compliance
• QA practices and performance monitoring.

We can then provide KPI dashboards tailored to your organisation to help you:

• set and achieve IA goals
• strategically align your communication with senior leadership
• prove the value that your audit function delivers.

People

The structure and quality of your team is fundamental to the effectiveness of your IA function. On top of having the relevant training and experience, your auditors must truly understand your business.

We review and give feedback on the fundamentals to your team’s success:

• staffing strategy, including the appropriate use of external resources
• training, subject matter expertise and skills alignment
• strong communication and innovative thinking skills
• robust leadership and performance management.

We also work closely with you to ensure you have clear conflict-of-interest safeguards in place, and help you lock in your leadership succession planning.

Learn more about building a strong risk culture in our audit governance and culture insight.

Planning

Your IA team depends on a robust planning process. Your plans must align with your organisation’s risk priorities and risk appetite, and yet offer the flexibility to respond to shifting business and regulatory landscapes.

We assess your functions practices and tools to ensure effective risk-based planning, execution and oversight of audit activities. Our support includes:

• risk-focused scoping, ensuring your efforts are directed proportionately to your organisation's highest-risk areas
• best-practice benchmarking, measuring your planning approaches against industry standards
• code-of-ethics compliance testing, checking your team’s conduct and behaviour always remain within your organisation’s values, industry ethics and legal parameters.

Positioning

Our EQA experience has shown us time and again how an IA team’s reporting style and board-level access influence its impact.

We evaluate your function’s profile and standing, along with its independence and objectivity, by answering key questions: 

• Are you considered credible?
• Are you treated as a full business partner?
• Do you have your stakeholders’ confidence?
• How strong is your relationship with the CEO?
• Are existing financial budgets adequate to support your mission?

Working from these answers, Grant Thornton’s EQA team helps you strengthen your IA function’s reputation and impact.

Preparing for your assessment

Cut the stress and accelerate your fieldwork in advance of your EQA. Here’s Grant Thornton’s readiness roadmap, helping you prepare for your assessment step by step.

Set your kick-off meeting agenda

Get started on the right foot with a meeting that demonstrates to your team that the EQA process is designed to add real value and is easily managed, with a thoughtful approach. Circulate an agenda so people come prepared.

Review your documentation and KPIs

Don’t wait until the reviewers arrive to look for the documents they need. You’ll feel less pressure and can take a more orderly approach by proactively flagging the audit-plan files, working-paper standards and dashboard evidence that reviewers expect.

Take a ‘Stakeholder Satisfaction Pulse’

Check in on your internal stakeholders’ understanding of what’s ahead, so you can manage their expectations before they’re drawn into the process. Create a short survey to capture perception gaps before external interviews, allowing yourself time to sit down and talk through any issues before the audit begins.

Turning findings into action

The completion of the EQA is only the start of your team’s journey. You need to be ready to turn insight into impact once the audit report lands.

Dig into root-cause analysis 

To draw up a practical and effective post-audit action plan, you’ll need to map each issue to its root cause. Armed with this understanding, you can launch a plan where each issue is assigned an owner, prioritised and given a target date. 

Set a professional-development roadmap

The audit may reveal skill gaps in your team. As well as arranging the necessary training, explore internal opportunities for upskilling through formal mentoring arrangements and subject-matter expert secondments. 

To keep the required professional development on track – even as schedules fill and attention turns to other priorities – set out a clear roadmap of team and individual commitments, and include updates in your regular team and 1:1 meeting agendas.

Launch a continuous improvement cycle

To get the most out of an EQA, it’s vital that you see it as a tool for continuous improvement rather than a snag list. Quarterly progress checks can confirm that the issues you’ve prioritised and assigned to owners are being addressed – and that your team is applying those learnings to new work. Adding best-practice refresh sessions will ingrain improved ways of working.

Your stronger audit function starts here

Grant Thornton has deep experience delivering external quality assessments of Internal Audit functions in line with the IIA International Professional Practices Framework as well as industry best practice. 

We approach our work as trusted partners who ensure your compliance while driving your business performance.

Are you a chief audit executive (CAE) or audit committee chair? Book a no-cost discovery call us. Together, we can map your EQA scope, timeline and resource needs within 30 minutes. Book a call today.

Strengthen your controls

Enhance resilience with Internal Audit solutions

Explore Internal Audit services