No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Getting More From Internal Audit in the Digital Age

IA Must Undergo a Next-Generation Transformation

by Jim DeLoach
August 24, 2020
in Featured, Internal Audit
virtual display of digital globe with text reading internal audit

With digitization fueling innovation and change, two questions arise: Is internal audit adjusting quickly enough to innovate and embrace underlying technologies, and should executive management and the board care? Protiviti’s Jim DeLoach discusses.

In a world of rapid change on almost every front, in which organizations must adapt and grow – or risk decline and ultimate demise – everybody faces the same reality: either raise the game to contribute sustainable value or be left at the station. These words could have been written a year or two ago. Today, the COVID-19 pandemic and the emergence of social unrest has left leaders and directors exhausted from the intensity of their efforts to align their organizations with evolving market realities.

The chief audit executive (CAE) also faces alignment challenges. As the risks and complexities organizations face change, so do the focus, skill sets and capabilities needed by internal audit.

This is a topic that has been discussed for several years. While there is certainly no one-size-fits-all approach to transforming internal audit, the notion of the function’s digital future is no longer a hypothetical. It is here now, and the tools and capabilities are not only available, but being deployed in creative ways by pioneering CAEs blazing the trail along the cutting edge.

In the digital age, internal audit must commit itself to elevate its value proposition, embrace change and improve continuously. This means innovating and transforming itself to an agile, multi-skilled and technology-enabled function – a so-called next-generation function.

Internal audit must be able to recognize emerging risks and changes to the organization’s risk profile quickly and efficiently enough to incorporate them in a timely manner into the audit plan so they can be addressed in the assurance the function delivers. To deliver stronger assurance and more valuable insights to the business efficiently, a next-generation function embraces a holistic approach focusing on competencies, qualities and components falling into three broad categories:

  • Governance includes the strategic vision, organizational structure and resource management of the function itself.
  • Methodology is the “how” of transformation or the body of methods, rules and procedures guiding the function’s operations from risk assessment to execution to reporting.
  • Enabling technology includes relevant tools of the digital age – process mining, analytics, robotic process automation, machine learning and artificial intelligence (AI) – together with the data essential to fuel these technologies.

Traditional methodologies, long-trusted and embedded point solutions and conventional thinking simply can’t accomplish these tasks efficiently at the speed of change that is occurring. Many CAEs readily see that internal audit tools and techniques are evolving rapidly, creating ample energy and excitement around transformation possibilities and innovation within the function. In polling at various webinars and conference presentations conducted by Protiviti as well as in independent research[1] our firm has conducted, a strong majority of participants consistently indicate that they are undertaking some form of next-generation auditing initiatives.

What Does This Mean, and Why Should the Board Care?

Next-generation internal audit functions have three essential objectives: (1) improve assurance by increasing the focus on key risks, (2) make internal audit more efficient and (3) provide deeper, more valuable and more timely insights from audit activities and processes. These objectives are easy to understand. The mechanisms to implement such changes, however, vary across a range of innovative approaches, tools and governance processes and are intertwined with an innovative culture the CAE tailors to the organization’s needs and his or her vision of what next-generation internal audit looks like.

Our research indicates that three out of five functions are undertaking some form of innovation or transformation effort but that next-generation internal audit capabilities adoption remains in a relatively early stage. In many instances, implementation of the governance mechanisms, agile methodologies and enabling technology that comprise the next-generation internal audit model has so far occurred in an ad hoc manner. The message is clear for the significant number of functions that have yet to begin their next-generation journeys: It’s time to get started.[2]

Common Tech Activities and Tools Implemented in Next-Gen Transformations

  • Ubiquitous data analyses and advanced analytics: These capabilities access a broad swath of data to develop a holistic view of risk and include analysis of full samples, data-driven flow charting and early-warning systems using predetermined risk thresholds. The use of big data, process automation and data analytics offers interactive visualizations and business intelligence capabilities and can play an important role in freeing up time for more strategic analysis and creation of impactful reports.
  • Automated processes: Robotic process automation is a powerful means of eliminating manual-intensive tasks, allowing auditors to sharpen their focus on key business risks and areas requiring exercise of professional judgment. Examples include reviewing large volumes of contracts to identify high-risk terms or clauses requiring further review and advanced monitoring techniques to drive greater audit coverage, efficiencies and early alerts.
  • Process–mining insights: Process-mining technology uses data earlier in the audit cycle to tell the story of how processes are actually performing. It enables auditors to analyze process data quickly to identify risk and potential control breakdowns and inefficiencies, as well as to direct audit focus to those issues and opportunities that truly matter, delivering significant efficiency gains and a more impactful audit process.
  • AI and machine learning: This advanced capability increases the effectiveness and efficiency of complex testing and provides complex analysis in real time. Examples include classification and clustering algorithms designed to identify outlier or otherwise high-risk transactions and to better stratify populations for risk-based analysis; and predictive modeling to provide intelligent continuous process auditing.

These digital activities and tools enable internal auditors to translate an increasingly overwhelming amount of data into meaningful, impactful analysis. Coupled with divergent thinking, these capabilities have the potential to steepen the value-delivery curve significantly for internal auditors.

This is the digital pathway that leads to the observations and recommendations that board members, senior executives and other stakeholders will value and can act on quickly in a digital world. Rarely will an audit plan be executed in its entirety before fresh insights and developments emerge, creating the need for changes to it. The static annual planning process so familiar to executives and directors has become a relic of the past.

In summary, senior management and boards of directors cannot be indifferent to the CAE’s level of awareness of digital techniques and tools that are the imperatives of next-generation audit. As companies move to cloud computing and adopt AI and machine-learning concepts, an agile audit methodology enabled with the right skills, resources and technology helps the CAE sustain internal audit’s relevance by providing assurance to executive management, the board and other stakeholders on the risks that matter in the most efficient manner. In the digital age, CAEs need to rethink how their functions plan, execute and deliver results with an objective of increasing and sustaining the value contributed to the companies they serve. Senior management and the board should accept nothing less.

Questions for Executive Management and Boards

The organization’s leaders and their boards may want to consider the following questions in the context of the nature of the entity’s risks inherent in its operations:

  • Are we satisfied with the scope of internal audit’s activities in view of changes in the business environment and the company’s operations? Are we getting the assurances we need from internal audit in the appropriate areas?
  • Does internal audit have the tools it needs to address the priorities and achieve the coverage set forth in the audit plan? Has internal audit adopted a next-generation strategy that is aligned with the company’s risk profile and stakeholder expectations? For example, does the CAE consider deployment of the data and technology-enabled processes and capabilities that would facilitate delivery of cost-effective assurance? Does the board support the CAE’s transformation efforts in its oversight?

[1] 2020 Internal Audit Needs and Capabilities Survey: Exploring the Next Generation of Internal Auditing, Protiviti, August 2020, available www.protiviti.com/IAsurvey.

[2] Ibid.


Tags: Artificial Intelligence (AI)Robotic Process Automation (RPA)
Previous Post

The Winding Road Ahead: COVID-19-Related Tax Confusion

Next Post

Anti-Money Laundering in Financial Services: A Primer

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

DALL·E 2023-02-16 13.18.43 - magritte style painting of robot looking into mirror

A Bot Isn’t Going to Take Your Place, But AI Will Make Your Job Harder

by Jennifer L. Gaskin
March 8, 2023

OpenAI’s splashy ChatGPT rollout has generated untold amounts of text, both directly and indirectly. While much of what’s been written...

cci top 10 stories collage

Top 10 Compliance Stories of 2022

by Jennifer L. Gaskin
December 7, 2022

The more things change, the more they stay the same. This time last year, we summarized the top 10 ESG...

ai bias_f

Still Racist After All These Datasets: Once Bias Is Baked Into Your AI, It’s Hard to Root Out

by Nigel Cannings
November 9, 2022

Spending on artificial intelligence across all sectors is expected to more than double by 2025, but Nigel Cannings of Intelligent...

ai in hiring

Algorithms Behaving Badly: New NYC Law Tackles Bias in Hiring Technology

by Lofred Madzou
June 2, 2022

From recruitment to retention, technology has long been crucial to effective workforce management. And while companies may be flocking to...

Next Post
AML in wooden blocks with figures standing on coins

Anti-Money Laundering in Financial Services: A Primer

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT