Introduction Internal Audit

 “The internal audit activity adds value to the organization (and its stakeholders) when it provides objective and relevant assurance, and contributes to the effectiveness and efficiency of governance, risk management, and control processes.”—IIA, 2017 Although this definition, taken from The IIA’s International Professional Practice Framework (IPPF), seems to be simple and clear at first glance, the understanding of internal audit’s added value varies widely between internal auditors and organizations. Over a decade ago, Bailey et al. (2003) and Gramling et al. (2004) were the first to inspire a growing academic community as well as practitioners with research focusing on internal audit’s value creation. But even more than 15 years after these first contributions, the central questions regarding the value added by internal audit are still not answered satisfactorily. Internal audit’s perceived value and its standing in the profession itself and among its stakeholders is still often described as hazy and enigmatic (e.g., Anderson, 2009; PWC, 2010, 2013; Lenz, 2013; Lenz and Hahn, 2015; IIA, 2013). Deloitte (2018) finds that only about 40 percent of CAEs believe that their function has strong impact and influence within the organization and only 46 percent think that stakeholders are aware of internal audit’s services. In other words, more than 50% of internal audit’s key stakeholders do not see the added value of their audit functions. Therefore, this study seeks to shed light on the value discussion in order to update practitioners on the current status of this fundamental topic and help them gain a detailed understanding of all aspects of internal audit’s added value. Because the satisfaction of internal audit’s key stakeholders is one of the central challenges in the internal audit profession, it is important to understand the respective stakeholders’ expectations when it comes to internal audit’s valuecreation. In this context, most recent research by Roussy et al. (2020, p. 339) encourages internal auditors “to keep their eyes on the prize (i.e., on internal audit organizational significance)” in order to fight stakeholder disappointment. However, this is easier said than done. The internal audit function is an integral part of the organizational environment and typically serves “two or more masters,”including the audit committee, board, senior management (chief executive officer [CEO], chief financial officer [CFO], etc.), risk management, compliance, the external auditor, and the audit client. Hence, a multitude of stakeholders set their expectations toward the internal audit function, each defining his or her own viewon the value internal audit should create. Furthermore, Lenz and Hahn (2015) show that there is a difference between the value internal auditors think they rendered and what their stakeholders perceive. The authors discuss the micro and macro perspective of internal audit activities and the challenges for CAEs and internal audit functions to satisfy the different stakeholders on the various levels. Our study provides new and unique insights into the current and future-oriented,modern internal audit practices and summarizes that information to improve ourunderstanding of the internal audit function’s added value. Detailed information on applied practices will help practicing internal auditors define, measure, and communicate their own value as well as their function’s value. We furthermore take a quick glance at “what good looks like” by giving a short list of best practices applied, which may give practitioners a role model to consider. Our results are relevant for both internal audit practitioners and academic researchers in the field of internal auditing and corporate governance, and should start afruitful discussion within the profession and among researchers.