Endless touchpoints: the stakeholder landscape
Why does it sometimes feel so complex to handle – in an appropriate manner! – all those many business relationships we have in internal audit? It´s due to two main reasons: our stakeholders come in large numbers, and the variety of touchpoints with all of them is massive, providing ample opportunity for challenges. It´s that octopus feeling – you are juggling in all directions, but you easily could do with another set of eight arms.
When trying to list all possible stakeholders for internal audit, it helps to have a simple definition. ChatGPT did a nice job when asked to define a stakeholder in less than eight words: “interested party in a project or an organization”.
Internal stakeholders galore: Start at the top! Your board, audit committee, or whatever is your set-up, is one of the most important stakeholders you may ever have. Be it through reporting lines, one-to-ones, committee meetings, interview partners for your quality assessment, or your client in a culture audit – there are lots of important touchpoints with the governing body. Look further around in your organization. Virtually everyone at some point could become an “interested party” during one of your audits, regardless of hierarchy or role.
On the first line of defense, next to your possible reporting line to someone in the C-suite, the entire management team, central or local, in fact, all the “do´ers”, be it executives or operations, typically could be your client. Also, the entire second line – for example, Legal, Compliance, Risk, Controlling, or IT – might get “interested party” status in providing you with information, could become your client, might work with you on some project or other, or interact with you on Board reporting, to name but a few possibilities.
But don´t forget all the other people in your organization! You might work with them during an audit at some point, but even if that´s never happening, these are still people whom you see day-in, day-out, with whom you may have conversations around the water cooler or go running during lunch time, who are interested in what internal audit does, and who are often great sources of valuable information. And last, but certainly not least, is the audit team. Be it through hierarchy or as an audit colleague, no one is a closer stakeholder than your team.
External stakeholders: From regulators to external auditors, from investors to analysts, from customers to suppliers – all of them at some point may become your stakeholder. This might be through direct touchpoints (reporting to a regulator, regular meetings with external auditors, supporting operations when a client exercises audit rights…), or indirectly: for example, investors will be interested in understanding internal audit´s role in the company´s governance when analyzing the annual report. Add to the list insurers and banks, external counsel and investigators, or anyone else you will start interacting with where the situation requires so (think cyber experts in case of a data breach or a court where you are called for witness), and you may find yourself facing new communication fronts from one day to the next.