Avoiding change is not an option for Internal Audit (IA) functions. At this time of rapid digital evolution, businesses need their IA function to transform. It’s crucial to IA’s contribution to the organisation, not to mention its continuing relevance.
Every aspect of IA can evolve as part of the transformation journey. Some may go “all in”, while others may adopt a more iterative approach. How change happens depends on factors like industry regulations, the complexity and needs of the business and how quickly the larger enterprise is changing.
At a time when technology is taking a front seat, the business environment is changing. The focus of customers and shareholders remains on quality, relationships and price. But they have added expectations around trust, integrity and privacy.
Regulators are looking into new areas, such as privacy and operational resilience. They are uncovering risks and behaviours that may impact customers. Communities and advocacy groups are becoming new stakeholders and watchdogs, identifying potential issues before they become clear to the business.
Business partners are integral to businesses, helping to extend an organisation's functions and capabilities. At the same time, employees are embracing the opportunities provided by technology.
All these changes have an impact on risks. They present opportunities to innovate and change the way IA operates in an organisation.
Imagine a world in which IA and other risk management functions stop using traditional approaches to audit or monitor a business area. Taking a sample-sized approach is a thing of the past. Instead, internal auditors leverage data and digital capabilities to audit process areas, uncovering trends and patterns that before would have been impossible to find.
This transformation means that IA can answer an essential business question: “Can you tell me something I don’t know?”
IA teams operating in a connected way can help transform businesses. They can work together to achieve real results.
Digital upskilling is at the heart of IA’s transformation. It’s a new world that requires IA acumen, digital and data acumen as well as business acumen. IA teams need people who can use technology effectively and who have the knowledge to audit business operations that use new technologies. Not all internal auditors need to be data scientists, but they do need to understand data sources to assess data quality and to know what insights can be drawn from data. Teams also need a high degree of business acumen to facilitate better conversations with business leaders.
IA is evolving by:
With powerful data and technology in hand, IA can understand a greater array of business risks and provide assurance that those risks are being managed and mastered.
A transformed IA function has the ability to:
The IA’s stakeholder group has expanded and expectations are heightened. Change is fast and risks are complex and interconnected. As it transforms, Internal Audit can collaborate with first- and second-line functions in data-driven ways not previously possible. In doing so, it can reduce the likelihood of blind spots or significant issues materialising.
The three lines of defence can identify common sources of data and synergise data retrieval and analysis, so that each group is working efficiently. IA teams can share other tools that can become real-time monitoring capabilities for the first and second line of defence.
Some areas to consider before starting your journey:
As you develop your digitalisation strategy and continue to integrate technology in your business, we are ready to talk to you about how to transform your IA function. Contact us today.