By Colette Devey, Director, Internal Audit, EY.
Internal auditors are facing technological upheaval, while their organisations go through equally dramatic change. In this blog we set out five key areas that will help the internal audit function remain ahead of the challenges of disruption.
The impact of technology on an organisation cannot be underestimated, but internal audit faces a double impact – not only does it need to keep ahead of the risks its organisation faces when adapting to new disruptive realities, it also faces similar challenges to its own way of working.
The first challenge is to understand new technologies and their impact on the organisation, whether that is artificial intelligence or intelligent automation. Equally important is having the capability to access and analyse the data that is increasingly used to guide or automate decisions.
Second, is to be close enough to those parts of the business to identify where disruption is taking place – this could be anywhere in the organisation, from production, to sales or finance.
Third, is to identify the risks in these changed processes: How reliable is the data on which key decisions are based? Who is providing the software that analyses the data? How secure is the technology, and where are the vulnerabilities? And does the function have the skills and capability to address these challenges?
Fourth, the life cycle of internal audit processes used to be relatively straightforward – an annual plan would be presented to the audit committee, agreed then implemented. The challenge today is that the highly standardised approach isn’t able to anticipate and react quickly enough to provide assurance at the pace of change or on the type of risks an organisation faces today.
The assurance delivered via a 30-page report that takes a month to deliver, is now considered a month too late. Static reports are now being replaced with dynamic tools that allow key stakeholders to view evolving risks, and take steps in real time to mitigate or prevent those risks.
We pose five key questions that heads of internal audit need to consider and that audit committee chairs and their boards should be asking of their internal audit functions:
1. Analytics – do you have the capability to process and analyse the vast volumes of both financial and non-financial data, draw conclusions and derive insight and assurance?
2. Skills – can you move to a more balanced skillset between technology, data and traditional finance and business process?
3. Agility – do you have the flexibility to allow the audit process to pivot and rapidly respond to risks wherever and whenever they arise?
4. Technology – are you utilising automated solutions that enable internal audit work to be more dynamic, as well as more relevant and insightful to other stakeholders?
5. Reporting – are you thinking differently about how your internal audit reports are delivered, how quickly they are reported, and to whom they are reported to?
Heads of internal audit have the opportunity to drive their own ‘digital agenda’. As their existing capabilities are augmented with new technologies which will allow for smaller, more agile teams, this will help ensure internal audit remains relevant not just for today, but for tomorrow as well.
Colette Devey is a Director of Internal Audit at EY