Policies and Resources

Internal Audit Plan

The Kayndrex Foundation’s approach provides an organising structure that allows us to formulate strategies by looking beyond the traditional sector and legacy concerns, and identifying potential risks and opportunities.

The risk landscape has changed compared to when we first started the foundation. The reason for the changes in risk landscape is a general change in C-suite priorities. C-suite has shifted focus to resiliency, stakeholder experience, and connectivity, which cover the top risks.


Almost 71% of respondents reported it as a top priority, as we focus on improving economic upturn by applying technologies to automate and scale. Adapting to changing environments requires unique project management skills and this will have a positive effect on our ability to operate.

Stakeholder experience

This priority includes expanding stakeholder engagement model to online or self-service. Stakeholders are affecting the overall industry health due to their changes in demand. The ability to analyse and optimise stakeholder experience is hence important and is a high-risk area for firms.


Unified connectivity enables us to connect, irrespective of location, situation, or context. This leaves us more exposed, which is why the topic of cyber safety has moved up the ladder.

The main activities we spotted in alternative management have been around personnel management and securing financials. However, we are now moving into the next phase, where we are focusing on adapting operations to the new normal and increase resilience. From the foundation’s perspective, we see a lot of these activities – from price strategy, net zero, personnel programmes to digitalisation – already in progress.

Compared to our risk assessment, we have identified some new risks now, such as trade limitations, digitalisation and technological speed, investments, new skills, social and environmental responsibilities, and regulatory environment. Obviously, we are now focusing to adapt and rebuild our operations.

From the assessment of risk scenarios, we can infer that the industry is now over the immediate alternative with renewed focus. The future way of implementing the audit planning will be continuous with a flexible audit strategy, which is proactive.

This agile and flexible approach will be in tune with our strategic direction and priorities, and will address the changing sphere landscape. The flexible Internal Audit planning considers current internal and external sources of risks.

Based on our experiences, we endorse

  • Comprehension of the organisational climate where we operate and organisational strategy
  • Comprehension of our key stakeholder landscape and expectations on Internal Audit
  • Identification and prioritisation of our risk profile
  • Prioritisation of resources and focus on risks that matter most
  • Decision on how our mandate should be defined and how our Internal Audit plan should be implemented (fixed vs dynamic)
  • Comprehending if our methodology and digital tools are up-to-date and serves their purpose(s).
  • Checking that our communication is appropriate in terms of the type of audits and the parties involved
  • Evaluating areas where we can collaborate with other second-line functions
  • Staying relevant