Evolving Internal Audit to respond to business disruptions

State of the Internal Audit Profession Study, 2017


Disruption, or radical change driven by external factors, is no longer episodic.  In fact, it’s rapid fire, from disruptive innovation that creates a new market, to economic volatility, new regulation or even a catastrophic event.

PwC’s 20th CEO Survey shows CEOs are optimistic amidst uncertainty. They have had to cope with stormy conditions, figure out when disruption is happening to them and have a strategy in place for more than one future. Accordingly, this year’s study identified that Internal Audit’s ability to help stakeholders navigate disruption contributes to a stronger perceived value. Disruption also wreaks havoc on Internal Audit’s ability to execute its audit plan, stay aligned to the company’s top risks and evolve the function to be a more valued contributor.

If disruptions are taking internal audit off course or internal audit is failing to address disruption-related risks, the function will likely fall behind as the business charges ahead managing significant, and sometimes unanticipated, risk.  However, a subset (18%) of the nearly 1,900 respondents to this year’s survey report that their internal audit function plays a valuable role in helping their companies anticipate and respond to business disruption.

Read case study -- Nasdaq: Continuous assurance of applications built on blockchain technology

We call this group of respondents “Agile IA Functions”. 


“Sometime during the past few years, there was recognition around what internal audit can bring to the game, which is very positive.”

—John Baily, Audit Committee Chair, Board MemberEndurance Specialty Insurance (Audit Committee Chair), Golub Capital, BDC and RLI Corporation (Board Member)



Case Study -- Nasdaq: Continuous assurance of applications built on blockchain technology

Blockchain technology has the potential to revolutionize financial services—and many other industries—and there are clear market signals that its momentum is exploding. In financial services, the global exchange and financial technology company Nasdaq is a leader in the use of blockchain technology. Its blockchain-enabled platform, Nasdaq Linq, is designed to manage the full lifecycle of unlisted securities and is the first of its kind.

Nasdaq Linq is essentially a cloud-based market solution to create liquidity for private equity and it is built on blockchain ledger technology. The challenge with mass adoption of technology this new is alleviating stakeholder concerns that the technology is, in fact, working as designed. Assurance functions—audit, tax, legal, compliance—all need transparency into the technology to verify it is doing what it is supposed to do. But with blockchain technology, traditional backward-looking, sample-based audits are not possible. Every new transaction alters the entire historical record and brings it current. So, auditing has to be done in real-time on a continuous basis.

Working with PwC, Nasdaq is solving this complex issue by building an effective, real-time auditing solution for a blockchain instance. Rather than being intimidated by the technology, Nasdaq and PwC seized the opportunity with creativity, an entrepreneurial spirit and the best capabilities of both firms. Together they are solving the blockchain technology assurance challenge, which is critical to Nasdaq’s being able to scale the use of Nasdaq Linq as well as other new blockchain-based market offerings currently under development.

Food for thought

With a wide array of disruptions anticipated over the next three years, now is the time for internal audit functions to take action. Our study provides insight on the differentiated efforts that Agile IA Functions­ are making relative to business disruption that raise their value among stakeholders.

­One effort that distinguishes Agile IA Functions ­is that this group is relevant across many disruptors, including rapidly emerging risk areas, not just those areas traditionally addressed by internal audit or compliance functions.  For example, more than two-thirds are involved in brand and reputation incidents, technology advancements and changes in the business model.  Even more help the company deal with operational disruption and, of course, regulatory changes.


Contact us

Jason Pett
Risk Assurance Leader, PwC US
Tel: +1 (410) 659 3380

Lauren Massey
Internal Audit, Compliance & Risk Management Solutions Principal, PwC US
Tel: +1 (813) 222 5455

Mark Kristall
Partner, Internal Audit, Compliance & Risk Management Solutions
Tel: +1 (617) 530 7592

Terrence Panfil
Director, Internal Audit, Compliance & Risk Management Solutions, PwC US
Tel: +1 (312) 298-2868

Follow us