Redefining internal audit with risk-based strategies and data-driven insights

Changing stakeholder expectations and a novel view of risk management are prompting a significant shift in the role of Internal Audit (IA) in several organisations. New demands from the board, senior organisational leaders, and regulators are requiring internal audit groups to refocus their efforts beyond regulatory compliance issues.

At CFO India, we recently had the opportunity to sit down with Deepti Nagpal, Head of Internal Audit – Luminous Power Technologies (a subsidiary of Schneider Electric), to discuss this evolution. Deepti shared her insights on transitioning to a risk-based approach, the importance of data analytics, and the challenges of staying ahead in an ever-changing environment. 

Below are the edited excerpts:

Q. How has your internal audit team transitioned from a traditional compliance-based approach to a risk-based approach? What challenges did you face during this transition, and how did you address them?

Deepti: The transition to a risk-based approach required a clear vision aligned with the company’s strategy. Risk profiles evolve alongside business strategies, and as a leader, you must immerse yourself in the business to truly understand its operations and emerging risks. This shift involved enabling the team to comprehend these dynamics by conducting regular sessions to discuss company priorities and strategies.

Challenges included overcoming a siloed mindset, fostering business partnerships, and uplifting the team’s competencies. We had to ensure they appreciated the criticality of managing the right risks rather than sticking to routine tasks. Constant communication and skill-building were essential. Leadership played a pivotal role in inspiring the team to align with this forward-looking, risk-centric methodology.

Q. How do you stay attuned to the company’s changing risk profile, recognizing how dramatically the business and risk landscape is changing and have a “healthy concern” about any claims of a static risk and internal control environment?

Deepti: It starts with passion for your function and a commitment to collaboration. Information rarely lands on your desk uninvited. As a leader, you must actively seek insights by engaging with colleagues, understanding business changes, and aligning functional goals with organisational objectives.

A mindset focused on impact and value creation is crucial. When you approach your role with curiosity and purpose, you naturally identify ways to connect, gather information, and anticipate risks. This proactive engagement ensures alignment with the company’s evolving risk landscape.

Q. Data analytics plays a significant role in modern auditing practices. How does your team integrate data analytical techniques into your audits, and how has it enhanced your ability to identify risks or provide deeper insights?

Deepti: Data analytics is fundamental, providing the foundation for impactful insights. It’s not just about analysing numbers; it’s about storytelling—connecting the dots to reveal trends, risks, and opportunities. Without a narrative behind the data, it’s merely a collection of numbers.

By embedding data analytics in our audits, we’ve become proactive, identifying red flags and trends before they escalate. This capability has elevated us from being mere auditors to strategic business partners. It has also enhanced our ability to deliver solutions and align closely with business goals.

Q. What process do you follow to evaluate whether risk mitigation strategies are both adequately designed and effectively implemented? How do you ensure that these strategies align with the organisation’s risk appetite and tolerance?

Deepti: The evaluation process is deeply intertwined with understanding the business and aligning with its objectives. Risk assessment begins with analysing each function against the company’s strategic direction, leveraging data analytics for insights.

Periodic reviews and audits are then planned based on these risk assessments. The focus is on areas critical to the organisation’s risk appetite and tolerance. This structured approach ensures our strategies are relevant, dynamic, and impactful.

Q. How does your team ensure it stays updated with the latest auditing standards? What measures are in place to address gaps in knowledge or methodology compliance among internal auditors?

Deepti: Continuous learning is at the heart of our approach. We stay informed through updates from industry bodies, professional forums, and peer networks. Personally, I contribute to and attend knowledge-sharing sessions, which provide valuable insights.

Equally important is uplifting the team’s capabilities. This includes not just technical skills but also softer aspects like emotional intelligence, negotiation, and self-ownership. I run regular sessions and coaching initiatives to nurture these skills, ensuring the team is future-ready.

Q. Finally, how do you foster a sense of ownership and growth within your team?

Deepti: It begins with leading by example—demonstrating passion and commitment. Ownership cannot be imposed; it must be inspired. I prioritise creating an environment where team members feel empowered and supported to take charge of their roles.

Regular engagement, tailored development sessions, and coaching play a significant role. I also encourage a culture of continuous feedback and recognition, which motivates individuals to grow and excel. Ultimately, the goal is to build a team that is not only competent but also confident in navigating challenges and contributing value.