Skip to content Skip to footer

Loading Results

Take the next steps in your internal audit modernization

Mike Maali Partner, Risk and Regulatory, PwC US April 26, 2021

Four ways to help ease the adoption of a technology enabled and data-driven approach

As more and more organizations undergo digital transformations, internal audit (IA) does not need to be left behind. In fact, it can’t afford to.

The answer? Modernizing your company’s IA function to meet other risk functions, particularly when it comes to implementing digital tools and boosting your IA team’s tech acumen.

There is work to be done. In a recent survey of 60 auditors conducted by PwC at The Institute of Internal Auditors General Audit Management conference in early March, half reported that their organization has pilot-tested analytics and visualization tools to reduce manual testing in certain parts of the audit life cycle.

Yet many IA teams have yet to integrate such technologies throughout the audit life cycle — which is an ideal way to enhance the ability to provide the assurance that stakeholders require and insights that can help inform business strategy.

Which of the following options best describes IA’s experience of implementing continuous monitoring techniques? (Select all that apply)


IA has piloted analytics and visualization within a select area of the organization, which are used to reduce manual testing in select areas
%
IA has not implemented data-driven process risk models to support audit origination
%
IA has a data-driven risk assessment using analytics and key risk indicators (KRIs) at a transactional level to complement audit identification and used to help scope and execute audits
%
IA has established continuous monitoring on a broader scale across the organization. These routines provide monitoring of exception data that triggers potential control exceptions and provides early warning of risk indicators.
%
Company has an integrated risk framework with shared risk models in coordination with other Lines of Defense to provide insights and near real-time audit
%

Source: PwC survey: The Institute of Internal Auditors General Audit Management conference
March 16-18, 2021: 60 responses

The ever-changing regulatory environment — along with an unpredictable business climate — is motivating internal auditors to modernize their processes and integrate technology tools and techniques to enhance their ability to identify risk and fine-tune audit scope. The ultimate goal? Delivering greater value to the business.

IA should be looking to move away from a reactive, control-centric approach. Various tech tools can help proactively identify risks and manage the company’s risk exposure. Greater collaboration between the first and second lines will certainly help here. PwC’s most recent Pulse Survey found that half of risk management leaders said they are interacting more with the C-suite.

Making the move to an integrated risk framework with shared risk models in coordination with other lines to provide insights and near real-time audit requires the company as a whole to have robust analytics capabilities, a common risk taxonomy and alignment with the chief risk officer and other compliance functions.

Technology and upskilling don’t have to be barriers to modernization

The events of the past year have taught business leaders that identifying risk earlier is key to turning risk into opportunities and allowing for timely focus on risk mitigation strategies. Advanced analytics and automation can allow IA teams to tackle time-consuming data collection tasks so they can take on a broader array of activities and do so with a higher level of precision and provide greater risk coverage.

While many organizations are already using analytics in fieldwork and helping select samples,  most IA functions have yet to truly change the way they audit or assess risk. According to the auditors surveyed, the two biggest challenges to adopting a data-driven risk assessment and audit approach were a lack of data and technology, and the ability to upskill existing employees.

What’s your biggest challenge in adopting a data-insights-driven risk assessment and audit approach? (Select all that apply)


Upskilling resources to be digitally enabled
%
Lack of data and technology to monitor risks
%
Development of strategic roadmap
%
Adjusting your audit life cycle to allow for data insights
%
None of the above
%

Source: PwC survey: The Institute of Internal Auditors General Audit Management conference
March 16-18, 2021: 60 responses

Overcoming these challenges requires organizations to evolve both strategically and operationally by:

  • Thinking dynamically. It’s important to thoroughly assess your organization’s risks and rank them in order of importance so you can dedicate technology and resources to mitigating risks that could have a greater impact on your operations. Regardless of how far along an organization’s transformation has progressed, taking a proactive risk focus by embedding a continuous risk sensing process across all three lines or even just the most critical risks can help accelerate your transformation.
  • Taking advantage of a broader investment in data and technology. Organizations have spent the past few years investing in data analytics and other technology platforms, but have often failed to expand the use of those capabilities across functions. IA can interrupt this trend by identifying and taking advantage of common sources of data, tools, infrastructure and analysis capabilities across the three lines. For instance, IA can leverage data sources and key risk indicators identified by the cybersecurity function to help enhance risk monitoring activities in that space.
  • Diversifying your talent model. In the digital age, not all auditors must be data scientists. You can start to digitally upskill your audit staff by hosting learning sessions on the skills that need a deeper understanding. The next-gen auditor should have deep auditing skills, industry and regulatory knowledge, and a basic understanding of data sources and data quality. Auditors should be given the opportunity to develop skills around cybersecurity, cloud computing and automations. Embrace a culture of digital learning, explain to your people why you are all going on this journey together, and recognize that upskilling a large, global organization will take time.
  • Executing differently. Identify risks proactively through the use of data and scope audits to find ways to pinpoint risk or eliminate traditional audit procedures. Think about moving toward continuous risk monitoring and shifting resources to the risks that matter most. Unlock value for all stakeholders by using data, knowledge of process and discussions with management to drive insights.

Incorporating new technology into IA and digitally upskilling IA professionals can be daunting. Transformation takes time. Collaboration across the three lines should be guided by a formal plan that can help your team successfully integrate new tools and processes into business as usual. The world of business is constantly changing. IA should change along with it. The time is now for IA to start its modernization journey.