Why are internal auditors motivated to modernise now?

Which of the following options best describes IA’s experience of implementing continuous monitoring techniques?

Internal audit functions are modernising their processes and integrating technology tools and techniques. They are motivated to do this so they can enhance their ability to identify risk and fine-tune the scope of the audit. This is being driven by an ever-changing regulatory environment and stakeholder expectations, as well as the unpredictable economic climate and the need to deliver greater value to the business. 

IA should be looking to move away from a reactive, control-centric approach. Various tech tools can help proactively identify risks and manage the company’s risk exposure. Greater collaboration between the first and second lines will certainly help here.

Making the move to an integrated risk framework with shared risk models in coordination with other lines to provide insights and near real-time audit requires the company as a whole to have robust analytics capabilities, a common risk taxonomy and alignment with the Chief Risk Officer (CRO) and other compliance functions.

Technology and upskilling don’t have to be barriers to modernisation

The events of the past year have taught business leaders that identifying risk earlier is key to turning risk into opportunities and allowing for timely focus on risk mitigation strategies. Advanced analytics and automation can allow IA teams to tackle time-consuming data collection tasks. It allows them to take on a broader array of activities with a higher level of precision and provide greater risk coverage.

While many organisations are already using analytics in fieldwork and helping select samples, most IA functions have yet to truly change the way they audit or assess risk. According to the auditors we surveyed, the two biggest challenges to adopting a data-driven risk assessment and audit approach were a lack of data and technology, and the ability to upskill existing employees.

The five key actions to consider now

Overcoming these challenges requires organisations to evolve both strategically and operationally by:    

Thinking dynamically

It’s important to thoroughly assess your organisation’s risks and rank them in order of importance. That way you can dedicate technology and resources to mitigating risks that could have a greater impact on your operations. Regardless of how far along an organisation’s transformation has progressed, they should take a proactive risk focus. By embedding a continuous risk-sensing process across all three lines of defence or even just the most critical risks can help accelerate your transformation.

Taking advantage of a broader investment in data and technology

Organisations have spent the past few years investing in data analytics and other technology platforms. But they have often failed to expand the use of those capabilities across functions. IA can interrupt this trend by identifying and taking advantage of common sources of data, tools, infrastructure and analysis capabilities across the three lines of defence. For instance, IA can leverage data sources and key risk indicators identified by the cybersecurity function to help enhance risk monitoring activities in that space.

Diversifying your talent model

In the digital age, not all auditors must be data scientists. You can start to digitally upskill your IA staff by hosting learning sessions on the skills that need a deeper understanding. The next-gen auditor should have deep auditing skills, industry and regulatory knowledge, and a basic understanding of data sources and data quality. Auditors should be given the opportunity to develop skills around cybersecurity, cloud computing and automations. Embrace a culture of digital learning, explain to your people why you are all going on this journey together, and recognise that upskilling a large, global organisation will take time.

Executing differently

Identify risks proactively through the use of data and scope audits to find ways to pinpoint risk or eliminate traditional audit procedures. Think about moving toward continuous risk monitoring and shifting resources to the risks that matter most. Unlock value for all stakeholders by using data, knowledge of process and discussions with management to drive insights.

Incorporating new technology into IA and digitally upskilling IA professionals can be daunting

Transformation takes time. Collaboration across the three lines of defence should be guided by a formal plan that can help your team successfully integrate new tools and processes into business as usual. The world of business is constantly changing. IA should change along with it. The time is now for IA to start its modernisation journey.

We are here to help you

As you develop your digitalisation strategy and continue to integrate technology in your business, we are ready to talk to you about how to transform your IA function. Contact us today.