As more and more organizations undergo digital transformations, internal audit (IA) does not need to be left behind. In fact, it can’t afford to.
The answer? Modernizing your company’s IA function to meet other risk functions, particularly when it comes to implementing digital tools and boosting your IA team’s tech acumen.
There is work to be done. In a recent survey of 60 auditors conducted by PwC at The Institute of Internal Auditors General Audit Management conference in early March, half reported that their organization has pilot-tested analytics and visualization tools to reduce manual testing in certain parts of the audit life cycle.
Yet many IA teams have yet to integrate such technologies throughout the audit life cycle — which is an ideal way to enhance the ability to provide the assurance that stakeholders require and insights that can help inform business strategy.
The ever-changing regulatory environment — along with an unpredictable business climate — is motivating internal auditors to modernize their processes and integrate technology tools and techniques to enhance their ability to identify risk and fine-tune audit scope. The ultimate goal? Delivering greater value to the business.
IA should be looking to move away from a reactive, control-centric approach. Various tech tools can help proactively identify risks and manage the company’s risk exposure. Greater collaboration between the first and second lines will certainly help here. PwC’s most recent Pulse Survey found that half of risk management leaders said they are interacting more with the C-suite.
Making the move to an integrated risk framework with shared risk models in coordination with other lines to provide insights and near real-time audit requires the company as a whole to have robust analytics capabilities, a common risk taxonomy and alignment with the chief risk officer and other compliance functions.
The events of the past year have taught business leaders that identifying risk earlier is key to turning risk into opportunities and allowing for timely focus on risk mitigation strategies. Advanced analytics and automation can allow IA teams to tackle time-consuming data collection tasks so they can take on a broader array of activities and do so with a higher level of precision and provide greater risk coverage.
While many organizations are already using analytics in fieldwork and helping select samples, most IA functions have yet to truly change the way they audit or assess risk. According to the auditors surveyed, the two biggest challenges to adopting a data-driven risk assessment and audit approach were a lack of data and technology, and the ability to upskill existing employees.
Overcoming these challenges requires organizations to evolve both strategically and operationally by:
Incorporating new technology into IA and digitally upskilling IA professionals can be daunting. Transformation takes time. Collaboration across the three lines should be guided by a formal plan that can help your team successfully integrate new tools and processes into business as usual. The world of business is constantly changing. IA should change along with it. The time is now for IA to start its modernization journey.