For many Internal Audit leaders—especially those who are new, managing smaller teams, or focused heavily on SOX and compliance—the process of building an audit plan often follows a familiar pattern:

• Once or twice a year, the CAE and leadership team meet with executives to discuss perceived key risks.
• They conduct an internal audit risk assessment, evaluating the likelihood and impact of known company risks.
• They select 8–10 projects targeting high-risk areas.
• They incorporate 2–3 requests from management.
• They add 1–2 mandatory audit projects.
• And just like that, their audit plan is ready for presentation.

The resulting audit plan might look something like this:

• Cybersecurity Audit
• ESG Advisory Review
• Accounts Payable Audit
• Human Resources Audit
• Inventory Management Audit
• Travel & Entertainment Expenses Audit
• Etc.

This approach has been the norm for decades, and on the surface, it works. The plan covers critical business operations, aligns with widely recognized industry risks, and includes some areas where leadership has requested Internal Audit’s involvement.

But here’s the problem: it often misses the company’s most pressing and emerging challenges—the issues executives actually care about.

The outcome? An audit plan that can feel disconnected, leading executives to ask the dreaded questions: “So what?” or “Why does this matter to me?” Worse, it can limit the CAE’s and their team’s ability to truly understand the business and build credibility as strategic partners.

However, mature and high-performing Internal Audit teams take a different approach. And the good news? It’s a simple shift that any Internal Audit leader can implement—regardless of team size.

The Key to a More Impactful Internal Audit Plan: Ongoing Conversations with Management

What separates highly effective Internal Audit leaders from the rest? They dedicate time to ongoing, structured conversations with a broader group of business leaders.

This isn’t groundbreaking, yet many CAEs unintentionally sideline this critical activity. They overcommit to executing audits, leaving little time for research, relationship-building, and deep analysis. Even when CAEs do engage in these conversations, they often don’t extend this responsibility to their direct reports—limiting their team’s exposure to key business insights.

Successful Internal Audit teams, however, take a different approach. They allocate approximately 10% of their leadership team's time throughout the year to researching, meeting with business leaders, and synthesizing insights.

Let’s put that into perspective:

• A leadership team of 3 dedicates 600 hours annually to these activities. 
• A team of 5 commits 900 hours per year.
• A team of 10 allocates 1,800 hours per year.
• A team of 15 invests 2,700 hours annually.

Now, ask yourself: Is your Internal Audit Leadership team spending 900–2,700 hours a year uncovering and validating significant business problems? Are you actively socializing insights and iterating on your risk understanding?

If not, consider this: A single audit may take 600 hundred of hours to execute. By reallocating time for one audit to maintaining a more consistent and relevant dialog with management, the audits you do conduct—whether five or fifty—will be exponentially more relevant and impactful.

Where to Start

Who to Talk To

These conversations don’t need to start at the C-Suite level. In fact, for the most valuable insights, focus on leaders one to two levels below the executives.

While Finance, IT, and Compliance leaders are natural starting points, true business insights often come from:

• Sales
• Marketing
• Engineering
• Product Development
• Customer Success

These functions are closest to the customer and the company’s strategic initiatives, making them valuable sources of risk intelligence.

How to Approach the Conversations

Once you’ve identified who to engage with, assess your current relationship with each leader:

• If they already know you, it’s easy—set up a meeting and dive in.
• If they don’t know you well, introduce Internal Audit’s role and the purpose of these discussions.
• If they’re skeptical of Internal Audit, find ways to provide value upfront to encourage an open dialogue.

Make It Simple and Conversational

Start small. Grab a coffee (even virtually) with a stakeholder and just chat.

• Share updates on what Internal Audit is working on.
• Ask what they’re focused on and where they see challenges.
• Identify where Internal Audit’s work might intersect with their priorities.

At the end of the meeting, ask if they’d be open to another conversation. Commit to bringing additional context next time based on their insights—and schedule the follow-up.

Most importantly, don’t rush the process. Avoid the classic trap of jumping straight into “What’s keeping you up at night?” Let these relationships develop naturally, backed by strong research and strategic questioning.

Transforming Insights into a More Targeted Audit Plan

As your Internal Audit team gathers intelligence, formalize a process for capturing and analyzing insights. This can be as simple as a “business risk and opportunity intake form” to track emerging issues.

With this richer understanding of business risks, your audit plan will shift from generic topics to high-impact, highly relevant audits:

• Instead of a “Human Resources” audit, you might focus on contingent worker onboarding in Romania.
• Instead of a “Supply Chain” audit, you could assess a new materials procurement of a key contract manufacturer.
• Instead of another “Accounts Payable” audit, Internal Audit might deliver more value by reviewing a new product GTM rollout or advising on an F100 Account-Based Marketing strategy.

What’s more, the traditional risk assessment exercise—assigning likelihood and impact scores—will become a validation step rather than the primary driver of your audit plan. You’ll already have a strong pulse on the business’s most pressing challenges.

The Long-Term Impact: Internal Audit as a Strategic Partner

By making these ongoing conversations a priority, your Internal Audit team will come closer to gaining a seat at the table for key risk and strategy discussions. They will be sought after for advice on new processes and initiatives, developing stronger business relationships that make their work more effective. Over time, this approach fosters a high-performance culture, reducing attrition of top talent and reinforcing Internal Audit's reputation as an incubator for high-performing, future business leaders.

This is the flywheel effect in action: The more time spent engaging with the business, the more relevant Internal Audit’s work becomes. The more relevant the work, the more the business values Internal Audit. And the more the business values Internal Audit, the greater the team’s impact and influence.

All of this starts with one simple change: prioritizing ongoing conversations with the business.

Make the shift today, and you’ll fundamentally transform how Internal Audit is perceived, valued, and integrated into your company’s success. And you'll be more likely to Enable Positive Change with the resources allocated to your Internal Audit team.