The time to transform internal audit is now

Technology as a driver for transformation

At a time when technology is taking a front seat, the business environment is changing. The focus of customers and shareholders remains on quality, relationships and price. But they have added expectations around trust, integrity and privacy.

Regulators are looking into new areas, such as privacy and operational resilience. They are uncovering risks and behaviours that may impact customers. Communities and advocacy groups are becoming new stakeholders and watchdogs, identifying potential issues before they become clear to the business.

Business partners are integral to businesses, helping to extend an organisation's functions and capabilities. At the same time, employees are embracing the opportunities provided by technology.

All these changes have an impact on risks. They present opportunities to innovate and change the way IA operates in an organisation.

Imagine a world in which IA and other risk management functions stop using traditional approaches to audit or monitor a business area. Taking a sample-sized approach is a thing of the past. Instead, internal auditors leverage data and digital capabilities to audit process areas, uncovering trends and patterns that before would have been impossible to find. 

This transformation means that IA can answer an essential business question: “Can you tell me something I don’t know?”

Internal Audit teams are transforming now

IA teams operating in a connected way can help transform businesses. They can work together to achieve real results. 

• One team can detect anomalies and correlations that wouldn’t otherwise be found
• Another can identify high-risk transactions with business partners in real time to define the scope and approach of audits
• A third can integrate with business strategy to be able to pivot its audit plan, at a moment’s notice, to focus on strategic issues or new service launches
• Another IA team can create risk indicators and data analysis tools, creating other lines of defence for continuous monitoring of controls
• Another can host digital upskilling sessions to ensure functions across the business can adjust to the changing technology and risk landscape

What does the NextGen internal auditor look like?

Digital upskilling is at the heart of IA’s transformation. It’s a new world that requires IA acumen, digital and data acumen as well as business acumen. IA teams need people who can use technology effectively and who have the knowledge to audit business operations that use new technologies. Not all internal auditors need to be data scientists, but they do need to understand data sources to assess data quality and to know what insights can be drawn from data. Teams also need a high degree of business acumen to facilitate better conversations with business leaders.

What does a transformed Internal Audit function look like?

IA is evolving by:

• Moving away from point in time assessments, toward continuous risk sensing using external and internal data 
• Building a more flexible operating model with collaboration across the three lines of defence
• Shifting from a one-size-fits-all approach to expand the IA spectrum
• Diversifying the nature of IA activities, including issues-based reviews, audit insight workshops and more
• Changing execution from traditional sample and controls to higher precision audits that leverage technology such as neural networks and AI
• Using data and behavioural science to identify underlying behavioural patterns and root causes. 

With powerful data and technology in hand, IA can understand a greater array of business risks and provide assurance that those risks are being managed and mastered. 

A transformed IA function has the ability to:

• Identify previously unidentifiable blind spots
• Collaborate with other lines of defence to create a consolidated view of risks and use a common risk language
• Provide greater coverage without increasing audit resources
• Conduct audits with precision
• Uncover human behavioural patterns through machine learning and regression
• Influence the strengthening of first- and second-line defences through digital collaboration and continuous monitoring

How does a transformed Internal Audit function work with other lines of defence?

The IA’s stakeholder group has expanded and expectations are heightened. Change is fast and risks are complex and interconnected. As it transforms, Internal Audit can collaborate with first- and second-line functions in data-driven ways not previously possible. In doing so, it can reduce the likelihood of blind spots or significant issues materialising.

The three lines of defence can identify common sources of data and synergise data retrieval and analysis, so that each group is working efficiently. IA teams can share other tools that can become real-time monitoring capabilities for the first and second line of defence.

How to get started?

Some areas to consider before starting your journey:

• Assemble a strong team ready and excited to get started
• Discover new capabilities and ideas for the IA to drive value like never before
• Pick the ideas that would drive immediate impact with limited or no additional budget
• Explore alternative models for sourcing talent and technology and run some pilots
• Socialise and celebrate your successes. Every small win helps build momentum!
• Develop a roadmap for a people-led, data-driven transformation

We are here to help you

As you develop your digitalisation strategy and continue to integrate technology in your business, we are ready to talk to you about how to transform your IA function. Contact us today.