Audit Organizations Should Improve Their Visibility into Change but They Should Also Strive to Deploy Audit Resources Faster
Stamford, CT (August 4, 2021) – A February 2021 survey of 200 audit business partners revealed that over half (56%) of respondents said they were facing more changes in the last two years, and a large majority agreed these changes were both bigger (81%) and faster (74%), according to Gartner, Inc. The pace of change is set to continue with 65% of executives expecting significant transformation in their industry over the next 2 years.
“For audit leaders, the real problem is not the change itself,” said Ian Beale, vice president, advisory at Gartner. “The problem, according to 95% of 135 chief audit executive (CAEs) we polled in February of this year, is that implementing a project or process change regularly leads to control gaps.”
Many audit business partners agree that such changes can result in significant or even extremely negative outcomes (see Figure 1).
“High levels of change are creating control gaps that in turn are creating significant organizational risks,” said Beale. “Audit leaders must firstly improve their visibility into changes happening in their organization and secondly develop the capability to deploy audit resources faster when changes arise.”
Improve Visibility into Change
Most internal audit functions are already on a journey to improve visibility into areas undergoing changes, according to Beale. Three years ago, many functions pursued real-time assurance and sought to better leverage data to get a more comprehensive and real-time view of risk.
A year ago, audit leaders were focused on attracting more information from business partners about changes to enable foresight and also by equipping their auditors to better articulate how audit can help management avoid problems and when to ask.
Today, audit leaders are being more proactive, actively seeking more conversation with other assurance functions, better access to senior management, the board, executive and steering committees, by liaising with other assurance teams.
“This is all about getting earlier knowledge of changes, so that there is more time to make necessary audit resource adjustments and avoid control gaps,” said Beale. “However, visibility alone doesn’t solve challenges that arise from resource allocation problems. Improving the speed of audit deployment is also an important part of mitigating control gaps.”
Enable Faster Audit Resource Deployment
There are several reasons why visibility doesn’t lead to faster audit deployment. Often audit’s resources are already full allocated, requiring auditors to stop or hold one thing to take on another. Audit engagements are designed for end-to-end execution, and this tends to limit the movement of auditors until their current engagement is complete.
The audit plan – rigorously developed and agreed with stakeholders – can have a lot of inertia that is hard to stop or change once it is in motion, and therefore it can hamper audit’s response in the face of change.
“To respond more effectively to the levels of change that organizations are experiencing, audit leaders must look beyond improving visibility into changes and aim for what Gartner calls ‘real-time resourcing’ of their engagements,” said Beale.
Real-Time Resourcing
There are some simple steps that many CAEs don’t take which can significantly improve audit’s ability to deploy faster and therefore close control gaps arising from process or project changes. For example, just 30% of the 135 CAEs surveyed this year said they broke audit engagements into individual tasks that can be executed separately. Just 16% said they brought staff into audit engagements as needed rather than a full engagement on each occasion.
“Audit leaders have traditionally focused on getting earlier visibility into control gaps arising from process or project changes,” said Beale. “But in doing so they have tended to overlook small adjustments to how audit resources are deployed that will also have a significant impact on audit getting to control gaps on time.”
This topic was covered in detail at Gartner’s virtual annual executive retreat for audit leaders this year. Gartner clients can learn more in: How Audit Can Arrive On Time to Control Gaps and Real-Time Assurance: Accelerating Deployment of Audit Coverage
About the Gartner Audit & Risk Practice
The Gartner Audit & Risk practice equips Audit & Risk leaders and their teams with insights, advice, and tools to better navigate high-risk growth decisions. Additional information is available at https://www.gartner.com/en/audit-risk.
About Gartner
Gartner, Inc. (NYSE: IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful organizations of tomorrow.
Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and objective resource for more than 15,000 organizations in more than 100 countries — across all major functions, in every industry and enterprise size.
To learn more about how we help decision makers fuel the future of business, visit gartner.com.
