As internal and external performance audit functions mature, a significant shift is underway. The traditional focus on simply providing assurance is expanding to embrace a more proactive role in adding value. A recent example is the 2025 IIA Global Internal Audit Standards, which position internal audit as a strategic partner dedicated to delivering insight, foresight, and oversight—a powerful evolution beyond simply providing assurance.

Ensuring accountability and driving positive change are how we commonly think of audit impact. But there's a third avenue for adding value: organizational capacity development. This involves providing departmental staff with knowledge and tools that go beyond the immediate impact of individual audit engagements.

Each profession possesses a distinctive perspective. Auditors, through their rigorous methodologies of risk assessment, control evaluation, and evidence-based analysis, gain a holistic understanding of organizational processes, identifying vulnerabilities and opportunities that staff and oversight bodies might miss. This unique lens isn't just valuable for pinpointing audit findings: when shared, it can significantly enhance an organization's overall capacity to avoid problems before they show up in an audit report.

We can think of this broad approach as how auditors can aid the organization:

• Arming users with information they can use to hold those with delegated responsibility accountable
• Directly driving improvement by identifying problems and recommending solutions.
• Beyond individual audits, developing the organization’s capacity to apply audit knowledge.

Practical Tools for Knowledge Transfer

So, how can internal and external audit functions effectively transfer this valuable knowledge? Here are several practical approaches that can be integrated into existing audit practices:

• Transfer Tools and Data Sets: Auditors often develop sophisticated tools and analyze extensive data sets during engagements. These resources, when appropriately anonymized or generalized, can be incredibly valuable to program staff. For instance, a data analysis model used to identify anomalies in procurement could be adapted for ongoing monitoring by the procurement team. During my time with the Commissioner of the Environment and Sustainable Development, we built process models such as climate change modelling, which the auditee was grateful to use after the audit. Sharing these tools equips staff with powerful analytical capabilities.
• Develop Self-Assessment Tools: Creating user-friendly self-assessment tools derived from audit methodologies can strengthen an organization's second line of defence (management oversight and internal controls). These tools allow departmental staff to periodically evaluate their own processes, identify control gaps, and address issues proactively. This proactive approach helps maintain internal audit's position as the third line of defense, and external audit as the fourth line, by reinforcing controls at an earlier stage.
• Jointly Staff Audit Engagements: Involving program staff in advisory work or joint projects within audits, such as co-analyzing data sets, fosters a deeper understanding of audit objectives and methodologies. This hands-on experience demystifies the audit process and builds trust and collaboration between auditors and auditees. Agile and Lean auditing methodologies particularly lend themselves to this approach. There is much untapped opportunity for joint audit work that does not compromise audit independence and objectivity, particularly with the increasing use of data analytics, where internal staff have in-depth knowledge.
• Provide opportunities for Assignments or Secondments: In periods of austerity, as the governments now face, welcoming staff from other areas into audit teams for temporary assignments or secondments can be a powerful knowledge transfer mechanism. These individuals gain insights into audit principles and practices, making them internal champions for stronger controls and risk management. Similarly, secondment of audit staff to business functions or projects can facilitate two-way knowledge exchange between auditor and auditee. While such an arrangement is normally aimed at enriching the auditor’s experience, it also presents an opportunity for staff to experience the auditor’s perspective. Appropriate safeguards to preserve audit independence should be applied when planning subsequent audits of the same function or project.
• Hold Lessons Learned Sessions: After an audit, don't limit the dissemination of findings to the audited entity. Conduct informal "lessons learned" sessions for other programs or sectors that were not directly scoped into the audit or had minimal coverage. Highlight common pitfalls, effective controls observed elsewhere, and general best practices. My team conducted a series of regulatory audits using the same basic audit approach. After the first one, the responsible assistant deputy minister invited us to brief the other program managers, and a number of problems were resolved before the subsequent audits.
• Conduct Informal Workshops on Risk and Controls: Offer informal workshops for departmental staff on fundamental audit concepts, such as how to identify risks and design effective controls. Actual audit results, presented as anonymized case studies, can provide compelling and relatable examples, making the concepts tangible and practical. This is a great way for auditors to partner with departmental comptrollership staff in enhancing controls.
• Let Staff Shadow the Auditors: We often worry about losing independence if auditee staff “shadow” the audit by observing audit work. But it has its place. Allowing staff to shadow auditors during walkthroughs or testing phases offers a unique, immersive learning experience. This direct exposure helps demystify audit procedures, allowing staff to observe firsthand how auditors assess risks, gather evidence, and draw conclusions. This in turn fosters transparency and builds a greater appreciation for the audit function.

The evolution of audit demands that we look beyond individual engagements to make a broader impact. By actively engaging in knowledge development and empowering auditees to embrace an "audit mindset," we not only enhance the value of our own work but also contribute significantly to the overall strength and strategic capabilities of the organizations we audit. It is much like the lesson from international development—you can give people fish, but far better to teach them how to fish!

About the Author

Neil Maxwell

An Assistant Auditor General from 2007 until his retirement in 2015, Mr. Maxwell was the Product Leader for Office of the Auditor General of Canada's Performance Audit Practice, providing leadership and oversight of the Office's performance audits. The practice he led conducted audits of all federal departments (including the work of the Commissioner of the Environment and Sustainable Development) and the three territorial governments, at an annual expenditure exceeding $40 million. While serving as Product Leader, he was also appointed as Commissioner of the Environment and Sustainable Development on an interim basis, from April 2013 until March 2014.
Mr. Maxwell joined the Office in 1982 and became a Principal in 1996. From 1993 until 1995, Mr. Maxwell worked on Executive Interchange at Citizenship and Immigration Canada as the Director of Business Immigration Compliance and the Entrepreneur Program.
Prior to joining the Office, he established and co-managed an international software development and consulting firm.
Mr. Maxwell received Master of Public Administration and Bachelor of Arts (Honours, Geography) degrees from Queen's University.

Contact the author at:

neilrjmwell@gmail.com