On the Frontlines: Audit’s Role as ‘Immune System’
Blogs Jonathan J. Arnold, CIA, FCA, FCCA CPA Nov 12, 2025
From audit managers and directors to team members on the ground, internal auditing demands far more than technical skill. It calls for insight, partnership, and a proactive mindset. Each engagement is an opportunity to build value, create positive change, and help the organization respond to an increasingly complex risk environment.
Much like a healthy immune system, a well-integrated internal audit function quietly underpins the resilience and integrity of the system in which it operates. When effectively executed, internal audit is not only vital in times of crisis — it serves as a consistent partner in growth and sustainable success. By identifying efficiencies, reinforcing governance, and strengthening risk management, we directly support the organization’s ability to grow with confidence.
Diagnosing Risk
Internal audit excels when we identify issues before they escalate. We serve not as fault-finders but as proactive early warning systems.
For one client, I helped overhaul their anti-money laundering and counter-terrorism financing systems. While the business demonstrated commendable intentions, there was a noticeable misalignment between policy frameworks, control mechanisms, and frontline execution.
There were inconsistencies in risk assessments and gaps in client onboarding procedures. While no immediate non-compliance was evident, these subtle issues suggested a slow-building threat, akin to a fever preceding a full-blown infection.
By collaborating with compliance and operations, we were able to redesign the anti-money laundering and counter-terrorism financing control environment, ensuring stronger governance, clearer accountability, and real-time monitoring. This initiative aimed not only at regulatory compliance but also at safeguarding the organization's reputation, avoiding potential fines, and fostering a culture of ethical awareness. We transformed a reactive, siloed approach into a proactive, integrated defense.
Building Organizational Memory
I've learned that our true strength is in asking the right questions, offering informed perspectives, and providing actionable recommendations.
Just as an immune system remembers how to fight past threats, audit teams can help organizations build “organizational memory.” Every engagement leaves behind lessons about governance and risk, behavior that if captured can help prevent repeated mistakes.
For example, after the anti-money laundering revamp, I led a post-engagement session to document key takeaways and root causes. This knowledge was shared across departments which reduced duplicated effort and raised awareness far beyond the audit team. We weren’t just closing issues; we were improving resilience.
By tracking past audits, identifying patterns, and addressing root causes, we enable smarter planning, stronger recommendations, and fewer repeated missteps. It’s not just follow-up, it’s future-forward progress.
Maintaining Balance
A healthy immune system knows when to act and when to observe and internal audit requires the same equilibrium. Excessive control can stifle innovation, while lax oversight leaves organizations exposed. Achieving balance goes beyond frameworks. It demands judgment, empathy, and trust-based relationships.
A recurring challenge is helping leadership view internal audit as an enabler, not an obstacle. This requires being visible, accessible, and consistent, not just during audits, but throughout the governance process. When internal audit is seen as a strategic advisor rather than a “compliance cop,” meaningful change follows.
Beyond the Annual Check-up
Medical doctors may periodically check the vital signs, but the immune system operates continuously. Likewise, internal audit must be embedded with consistent responsiveness in evaluating evolving risks, the effectiveness of controls, regulatory compliance, and leadership’s demonstration of transparency and accountability. In this way, internal audit is a vital enabler of sustainable, risk-aware growth.
Just as a healthy body relies on an active immune system, a stable organization depends on internal audit. Even in calm periods, we reinforce governance, advise on improvements, uncover emerging risks, and support informed decision-making. Our steady presence fosters a culture of accountability and preparedness, strengthening the organization not just for today, but for future challenges.
The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of The Institute of Internal Auditors (The IIA). The IIA does not guarantee the accuracy or originality of the content, nor should it be considered professional advice or authoritative guidance. The content is provided for informational purposes only.