The interim manager was commissioned by an engineering service provider at short notice to set up an internal audit department in line with international standards and establish it within the company. The company had grown to 8,000 employees and a turnover of one billion euros within 30 years. The structures for governance, risk management and compliance (GRC) had not kept pace with this growth. In conjunction with the expansion of other GRC functions, the internal audit department that was to be set up was to help the company to better ensure the control and integrity of the structures that had grown and to scrutinize them in a targeted manner. The management - in particular the Chairman as project sponsor - was very interested in setting up and establishing the internal audit function within the company.
After a month of intensive discussions with the management, executives and related departments, the interim manager developed a target vision. The project plan envisaged setting up the internal audit department within four months.
Internal audit charter and mission agreed - audit processes defined
As a basis, the interim manager first drew up an internal audit charter with the mission, structure, responsibilities, rights and duties of the audit department. In doing so, he closely followed the requirements of international standards, the specific corporate governance and the individual character of the organization. In consultation with the management and the Chairman of the Supervisory Board, Internal Audit was positioned as a trusted partner and third line of defense in the company.
In the next step, the interim manager defined the audit processes for planning, auditing and action tracking. He coordinated the processes and integrated them into the relevant tools. In addition, a manual for the audit work was created under the guidance of the interim manager, in which the core functions of the audit work from information collection to employee development were described as a control loop.
Risk-oriented derivation of an audit program
The next major block was the risk-oriented derivation of an audit program for the next 18 months. This work began with an intensive analysis of the business processes. From targeted interviews and evaluations of documents - from the corporate strategy to the IT architecture - the interim manager derived an audit program that was unanimously approved by the management.
The establishment of the internal audit department was accompanied by targeted positioning and extensive communication. One-to-one discussions, presentations in management circles, works council meetings, management meetings, intranet articles and the creation of a dedicated intranet section made a significant contribution to anchoring Internal Audit as a new part of the corporate structure among all those involved.
Supporting the selection process for the permanent head of Internal Audit
At the same time as the development work, the interim manager supported the selection process for the permanent head of Internal Audit. The vacancy was filled after four months. The interim manager trained the new head and handed over responsibility for a fully established audit to the line function after five months, as planned. This transition was also very successful thanks to the systematic preparation and good positioning of the audit function.
Leading audit reviews - addressing risks and planning measures
The interim manager then accompanied two audit reviews as audit manager. In doing so, he was able to help address further risks and agree measures with those responsible. In the further course of the mandate, he was responsible for monitoring the new processes until these risks had been sufficiently reduced by implementing the measures.
