In today’s data-driven enterprises, Chief Data Officers (CDOs) carry the monumental responsibility of ensuring that data is governed, reliable, and used ethically and effectively. Yet, despite the importance of Data Governance, many CDOs find themselves without the formal authority to enforce their frameworks across business lines. This is where Internal Audit — often perceived as a watchdog — can become an unexpected but invaluable ally.

Why audit and CDOs are natural allies

Internal Audit and the Chief Data Office are uniquely positioned to reinforce each other’s missions. Audit brings the organizational independence and authority needed to drive accountability — particularly in areas like data governance that often lack direct enforcement power. While the CDO is responsible for designing and promoting the data governance framework, Audit plays a critical role in evaluating its adoption and effectiveness across the enterprise.

By auditing how well business lines manage data risks and comply with data governance standards, Audit helps elevate the importance of data governance and embed it into the broader risk and control environment. When business units fail to conform to the established framework, audit findings can be issued — providing a tangible mechanism to drive adherence and push accountability where it belongs: to the lines of business.

At the same time, Audit relies on the CDO organization for visibility into the data risk landscape — understanding key risks, governance practices, and areas of concern. This collaboration ensures that audits are focused, relevant, and aligned with the most critical data-related issues facing the enterprise.

How to build and sustain the partnership

Like any effective collaboration, the relationship between Audit and the CDO organization must be built on trust and transparency — not just during audits, but continuously over time. Here are three critical ways to build and sustain the partnership:

1. Start with trust

Trust is the foundation of any strong partnership, and it doesn’t happen by chance — it must be intentionally built. For Audit and the CDO organization to collaborate effectively, both sides need to engage in open and honest conversations, and invest time in understanding each other’s processes, priorities, and working styles.

This mutual understanding creates the basis for a more effective partnership: Audit gains insight into how the CDO organization operates and where its pain points lie, while the CDO team becomes more familiar with audit objectives and expectations.

When both parties align on how they work, it becomes much easier to identify practical, collaborative ways to integrate governance into the business and audit processes — reducing friction and promoting shared success.

2. Be transparent throughout the audit lifecycle

• Before the audit: Hold regular touch points to share information about the upcoming audits and any organizational or strategic changes within the CDO function. This allows both teams to align priorities and prevent surprises.
• During the audit: Maintain close collaboration. Frequent one-on-one sessions with the CDO team to discuss scope areas, testing strategies, and stakeholder involvement are essential. This helps define realistic expectations and resource commitments, allowing the CDO team to anticipate workload and incorporate audit participation into their regular planning process.
• After the audit: Conduct a retrospective session to evaluate what worked and what didn’t. This reflection is vital for both improving future engagement models and audit experiences.

3. Think iteratively

This isn’t a one-time exercise. Like trust in any relationship, it requires constant efforts from both sides. Regular engagement fosters a culture of continuous improvement — where successes are reinforced and pain points are addressed collaboratively.

Final thoughts

When executed with trust, transparency, and mutual respect, the Audit-CDO relationship can be a powerful force multiplier. Audit provides the independence and influence to elevate data governance, while the CDO provides the knowledge and strategy to make governance real and impactful. Together, they ensure that data is not only well-managed but also well-audited — protecting the organization and enabling smarter decisions at every level.

About the Author:

Xin (Cindy) Tu has over 17.5 years of experience in the IT and Data Audit field. She has established IT and Data Audit Frameworks for Fortune 500 Financial Services Companies. Currently, she is an IT Audit Director at Discover Financial Services, managing IT and Data audit portfolios. Before joining Discover, Tu worked at Fannie Mae and Sallie Mae, accumulating a total of 10 years in the Financial Services Industry. She holds several certifications including CPA, CISA, CISSP, CDMC, and AWS Solutions Architect Associate.

Tu possesses a Master’s degree in Accounting from the University of North Carolina at Chapel Hill, a Master’s degree in Computer Science from the University of Alberta, and a Bachelor’s degree in Computer Science from Jiangxi Normal University.

Additionally, Tu participates actively in industry groups. She serves on the editorial board of CDO Magazine and AI Advisory Board of HotTopics and contributes to Data Governance and AI Governance Framework development by participating in CDMC Working Group and AI, Data & Analytics Capabilities Working Group at EDM Council and American Bankers Association.