ADNOC: A case study in Internal Audit transformation

The Internal Audit (IA) function of the Abu Dhabi National Oil Company (ADNOC) is in the fifth year of an ongoing and ambitious transformation programme. In that time, the ADNOC IA function has changed fundamentally from a fragmented set of Internal Audit departments in each of the group’s operating companies to a centrally led function with standardised processes and an integrated vision of risk assurance. Along the way it has made big strides in digitising—and automating—audit operations. 

In addition to new efficiencies, the transformation has given IA capabilities it did not previously possess. These include the conduct of rapid-fire audit reviews and the use of data analytics to systematically deliver risk-related insights to group management. As a result, according to Ahmed Abujarad, the Senior Vice President for Audit & Assurance, IA now enjoys an elevated status in ADNOC as a trusted adviser to the business.


The journey

The transformation began in late 2016 and the challenge IA faced was formidable. “It was perceived as a satellite organisation distant from the business and its realities,”said Ahmed Abujarad, ADNOC’s Senior Vice President for Audit & Assurance. “Its value proposition was either unknown or misconceived. There were no synergies across the group’s companies, and no mandate to create a common view of risk assurance.” 

The transformation had to proceed, moreover, amidst a rapidly evolving risk environment. Shifting energy business models and in recent times the global pandemic has required vigilant and proactive assurance from IA while it’s undergone fundamental change.

The steps taken to date have helped ADNOC to accelerate audit cycle time and turn agile auditing from concept to reality. Employing a dynamic, in-out approach, IA is now able, says Mr Abujarad, to conduct quick, laser-focused reviews and deliver prompt audit advisories across its six major risk pillars (strategic, financial, operational, IT, standards and regulatory, monitoring and reporting). 

Whether quick or in-depth, the audit reviews provide more insight to senior management than had previously been the case, says Mr Abujarad. This is thanks in part to the full application since 2019 of data analytics to reviews. “Our audit reports now include analytical insights to help internal clients take proactive as well as corrective actions”, he says. “Our findings and recommendations include ‘hindsight’, ‘insight’ and ‘foresight’ perspectives.”


Challenges and lessons

Aside from the predictable difficulties associated with new technology deployment, ADNOC IA has had to grapple with two major challenges during the course of its transformation. The toughest of these, according to Mr Abujarad, has been building staff engagement in the project across the group. ADNOC has taken several measures to address this, including establishment of a Group IA Transformation Office as well as a Group Audit Council, consisting of IA leaders from all group companies. “Change Champions” have also been nominated to explain and advocate for the changes in their respective teams. 

The experience of COVID-19 has provided an additional audit lesson relating to talent.  The crisis demonstrated the importance of employing what Mr Abujarad terms “soft controls”: monitoring employee wellbeing and morale in IA and the entire company. 

The other significant transformation challenge was the absence of any mechanism to measure the value of audit delivery and IA’s overall impact in ADNOC. Now assisted by improved data visibility and analytics capabilities, Mr Abujarad’s team has applied the concept of “Measurable Value of Audit” (MVA) to identify hard monetary values for the modernised IA’s impact across the business. These are agreed with the group’s senior management and then reported to them on a regular basis. “This not only demonstrates our contribution to the organisation’s bottom line”, he says, “but it strengthens the perception of IA as a trusted advisor to the business.”

PwC’s perspective
ADNOC’s transformation of the Internal Audit function and the multitude of benefits they have already reaped is a great inspiration for considering a review and complete transformation of your own organisation’s Internal Audit function.

Every Internal Audit function can move forward in the transformation journey. Some may go all in with a full transformation, while others may adopt a more iterative approach depending on industry regulations, the complexity and needs of their business, and how quickly the larger enterprise is changing.

Some areas to consider before starting your journey:

  • Assemble a strong team that's ready and excited to get started on your journey
  • Discover new capabilities and ideas for internal audit to drive value like never before
  • Choose ideas that would drive immediate impact with limited/no additional budget
  • Explore alternative models for sourcing talent and technology – run some pilots
  • Develop a roadmap for people-led, data-driven transformation
  • Share and celebrate your successes. Every small win builds momentum!

Transformation does take time and should be guided by a formal transformation plan and road map that provides direction, purpose, and key tangible building blocks.

However, a transformed internal audit function can become a catalyst for achieving deeper levels of insight, provide more effective assurance for the management team and vastly improve the organisation's broader risk capabilities.

Contact us

Adnan Zaidi

Adnan Zaidi

UAE Risk Leader and Middle East Assurance Clients & Markets Leader, PwC Middle East

Tel: ​+971 56 682 0630

John Saead

John Saead

Partner, Internal Audit & GRC Leader, PwC Middle East

Tel: +966 56 007 9699

Follow us