Goldman Sachs highlights internal audit as a gateway to broad exposure

Goldman Sachs is signaling that Internal Audit is a control function with real reach, not a silo tucked away from the business. The group sits in the firm’s “third line of defense,” assessing governance, controls, risk management, capital, and anti-financial crime frameworks while helping management strengthen the way the firm runs. For people coming from risk, compliance, or accounting, that makes it one of the clearest routes to broad franchise exposure without leaving the control side of the house.

What internal audit actually covers

Goldman’s careers material says Internal Audit exists to help maintain effective controls by assessing the reliability of financial reports, monitoring compliance with laws and regulations, and advising management on control solutions. That is a much wider remit than simple box-checking. It means auditors are expected to understand how the firm books, controls, and explains risk across a business that spans securities, investment banking, consumer activities, and investment activities.

The team’s structure reinforces that breadth. Goldman says Internal Audit is organized into global teams that include business auditors and technology auditors, and that it draws talent from chartered accountants, developers, risk management professionals, cybersecurity professionals, and data scientists. In other words, the job is not only for people with a traditional accounting background. It increasingly rewards professionals who can understand systems, data, and process design, then translate that into a credible challenge to the business.

That mix matters on the ground. Internal auditors need strong risk-and-control judgment, analytical ability, and professional skepticism, which usually translates into detailed testing, issue writing, remediation follow-up, and constant interaction with business owners, finance teams, and technology partners. The function also says it has unique insight into the financial industry and its products and operations, which makes it especially useful for employees who want to understand how Goldman actually works behind the scenes.

Why the role carries weight inside Goldman

This is not just a career page pitch. Goldman’s 2025 annual report shows a firm that is growing while trying to run more efficiently and with less balance-sheet drag. Net revenues rose 9% to $58.3 billion, earnings per share climbed 27% to $51.32, and return on equity improved to 15.0%. At the same time, historical principal investments fell by more than 90% from roughly $64 billion to $6 billion since 2020, and the firm said its stress capital buffer was lowered by a cumulative 320 basis points over the same period.

That shift helps explain why internal controls are so central. As Goldman leans more heavily into capital-light, durable businesses, control failures can quickly become strategic failures. The firm’s annual report also says it is expanding its internal operating model around six workstreams: client onboarding and KYC, vendor management, regulatory reporting, lending, enterprise risk management, and sales enablement. Those are exactly the kinds of processes where internal audit can spot weak links, pressure-test assumptions, and push remediation before issues become expensive.

The regulatory backdrop matters too. Goldman’s annual report shows it files under Sarbanes-Oxley Section 404(b) with external auditor attestation on the effectiveness of internal control over financial reporting. That means internal audit is operating in a formal, audited environment, not a loose internal advisory role. For employees, the message is clear: control work is baked into the way Goldman proves discipline to regulators, investors, and the market.

Who fits, and what the job can do for your career

For someone coming from accounting, internal audit can feel like a natural extension of technical fluency. For people in risk or compliance, it can be a faster way to see the full operating model rather than a single slice of it. Because the function covers all businesses and functions, the job can build credibility with stakeholders across finance, technology, operations, and the front office, which is valuable if you want to move into broader control leadership later.

That broad exposure is the main career selling point, but it is also the trade-off. Internal audit is an operator track, not a front-office P&L track, so it is usually narrower than roles that sit directly on client flow, deal execution, or trading revenue. If your goal is bonus upside tied to revenue generation, the compensation profile will generally be less explosive than the highest-paid front-office seats, though the work can offer steadier hours and a more predictable cadence than the 80-hour weeks that often define junior banking or trading roles.

At the same time, the role can still carry real prestige inside a firm like Goldman. It gives visibility into how senior leaders think about governance, and it creates a vantage point on the firm that many employees never get. The broader the remit, the more useful the experience becomes for later moves into enterprise risk, controls, governance, or operations roles.

What Goldman is really saying about control culture

Goldman’s leadership structure underlines that Internal Audit sits close to the center of oversight. The firm’s public leadership page says Kathy Connolly is global director of Internal Audit and reports directly to the Goldman Sachs Audit Committee, which places the function squarely in the Board of Directors’ oversight chain. That reporting line matters because it shows Internal Audit is there to challenge management, not simply support it.

Taken together, the page and the annual report send a consistent signal: Goldman wants control talent that can operate across businesses, technology, and regulation, and it wants that talent to be broad enough to understand the franchise but skeptical enough to challenge it. For workers deciding whether Internal Audit is a stepping stone or a destination, the answer is both. It is a strong gateway to wide exposure, but it is also a specialized path for people who want to build authority in controls, governance, and risk discipline over time.