A new report issued jointly by The Internal Audit Foundation, Baker Tilly and Wolters Kluwer TeamMate examines the evolution of risk management activities and their impact on roles and boundaries, highlighting the importance of strategic collaboration without sacrificing independence. Drawing on The IIA’s Risk Research survey insights, the report identifies opportunities to enhance efficiency and strengthen enterprise-wide governance.
“As risk grows more complex and expectations for strong governance rise, effective coordination between internal audit and risk management is increasingly essential,” said Anthony Pugliese, President and CEO of The IIA. “The IIA’s Three Lines Model has served as a longstanding framework for that integration, reinforcing that independence does not imply isolation. As internal audit responsibilities expand and lines between functions evolve, the model guides organizations in strengthening collaboration while maintaining the safeguards necessary to preserve objectivity.”
The Expanding Activities of Internal Audit
According to survey responses, roughly 32% of internal audit leaders have at least some second-line involvement, with the most common areas including enterprise risk management (ERM) (57%), internal control (43%) and compliance (39%).
This 32% is consistent with insights from The IIA’s North American Pulse of Internal Audit research, which show that the percentage of CAEs responsible for ERM in addition to internal audit increased from 27% to 34% between 2021 and 2025, reflecting steady year-over-year growth.
Looking ahead, synergy between risk management and internal audit is expected to continue to grow, with 60% of respondents from the Risk Research survey reporting that they expect further integration in the next five years.
Recommended Articles
The Benefits of Strategic Collaboration
Research consistently shows that intentional collaboration between second and third-line functions can deliver measurable benefits. In fact, roughly 90% of survey respondents reported positive outcomes from coordination. The top benefits of that coordination include improved risk coverage (28%), reduced duplication of effort (26%), stronger organizational alignment (20%), enhanced board communication (11%) and more efficient reporting (6%).
The data suggest that barriers to collaboration are driven less by intent and more by structure. Limited resources or competing priorities were cited most frequently (40%), followed by differences in objectives or perspectives (34%), the absence of unified platforms including separate IT systems (32%) and siloed processes (31%).
“When collaboration is thoughtfully designed, it can significantly improve the quality and consistency of information reaching leadership and the board,” said Jim Pelletier, Lead Product Manager, Wolters Kluwer TeamMate. “This research highlights a path forward, where organizations strengthen coordination across the lines while reinforcing the structures and safeguards that protect internal audit’s independence and credibility.”
Ensuring Independence
Broadly speaking, the Risk Research findings suggest that concerns about threats to internal audit independence remain theoretical. In fact, 80% of respondents report no shared responsibilities between the second and third lines that pose a risk to internal audit independence.
However, as functional boundaries continue to evolve in an increasingly complex risk landscape, ensuring that collaboration is deliberate and well-structured and that independence safeguards are implemented is essential.
“This research highlights that collaboration and independence are not competing priorities when they are intentionally designed into the operating model. With clear role definitions, disciplined governance, and transparency around decision-making, internal audit can engage closely with second-line functions while maintaining the objectivity that underpins stakeholder trust and audit committee confidence,” said John Romano, Principal, Internal Audit & ERM Service Leader, Baker Tilly. “Done well, this model strengthens risk oversight across the organization and allows internal audit to deliver deeper insight to management and the board.”
Modern risk management is progressing towards a more integrated, enterprise-wide approach that reduces duplication, increases operational efficiency and more effectively integrates risk considerations into organizational strategy. In this shifting landscape, intentional, structured collaboration between internal audit and risk management is no longer optional, but foundational to effective governance and organizational resilience.
Download the full report.
The IIA, Baker Tilly, and Wolters Kluwer TeamMate will host a webinar examining the evolving implementation of the Three Lines Model on May 19, 2026. Those interested are encouraged to register here: https://www.theiia.org/en/products/learning-solutions/webinar/where-the-3-lines-meet-collaboration-activities-and-responsibilities/
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
Tags: Accounting, audit, baker tilley, risk, Risk Management
