May 7, 2019
May 7, 2019
With digitization fueling innovation and change, two questions arise: Is internal audit adjusting quickly enough to innovate and embrace available and emerging technologies, and should the board care?
In a world of rapid change, everybody faces the same reality: organizations must adapt and grow or risk decline and their ultimate demise. The chief audit executive (CAE) is no exception. As the risks and complexities that companies face change, so do the focus, skill sets, and capabilities needed by internal audit.
In the digital age, internal audit must innovate and transform itself to an agile, multiskilled, and technology-enabled function. It must be able to recognize emerging and evolving risks quickly and efficiently enough to incorporate them into the audit plan, which then leads to confidence that internal audit will be able to address these needs at the speed of change.
Traditional methodologies; long-trusted, stand-alone point solutions that address specific needs; and conventional thinking simply can’t accomplish these tasks at the speed of change that is occurring. A next-generation function is able to address quickly evolving risks by embracing a holistic approach that focuses on the CAE’s governance of the function itself, adopting agile methodologies that guide the function’s operations from risk assessment to execution to reporting, and is enabled by relevant tools of the digital age. Many CAEs see that internal audit tools and techniques are evolving rapidly, stirring excitement about transformation possibilities and innovation within the function.
What does this mean, and why should the board care? Next-generation internal audit functions have three essential objectives:
These objectives are easy to understand. But the mechanisms to implement such changes vary across a range of innovative approaches, tools, governance processes, organizations’ needs, and CAEs’ visions of what next-generation internal audit looks like.
Our research indicates that three out of four functions are undertaking some form of transformation effort, but also that the adoption of next-generation capabilities is in a relatively early stage. In many instances, implementation of the governance mechanisms, agile methodologies, and enabling technologies that comprise the next-generation internal audit model has so far occurred in an ad hoc manner. The message is clear for the significant number of functions that have yet to begin their next-generation journeys: It’s time to get started.
Common innovations implemented include:
These digital activities and tools enable internal auditors to translate an increasingly overwhelming amount of data into meaningful analysis. Coupled with divergent and critical thinking, these capabilities have the potential to steepen the value-delivery curve significantly for internal auditors.
The annual audit planning process so familiar to directors has become a relic of the past. Rarely will an audit plan be executed in its entirety before fresh insights and developments emerge, creating the need for changes to it. The above digital pathway will lead to the observations and recommendations that board members, senior executives, and other stakeholders will value and can quickly act upon in the digital age.
Directors cannot be indifferent to the CAE’s level of awareness of digital techniques and tools available for next-generation audit. The reality is that companies are moving to cloud computing and adopting AI, machine learning, and other digital practices to perform business at the speed of innovation. As they do so, an agile methodology enabled with the right skills, resources, and technology helps the CAE sustain internal audit’s relevance by providing assurance to the board and other stakeholders on the risks that matter most in the most efficient manner. The board should accept nothing less.
Jim DeLoach is managing director at Protiviti.