by: John Verver, Strategic Advisor to ACL
Over the past decade, the role of internal audit has evolved considerably. The first catalyst for change was Sarbanes-Oxley, which introduced the challenge of juggling a requirement for ongoing, in-depth financial controls testing while still providing assurance around operational processes and controls. Up to that point, there had been little pressure to change the ways that audits were performed and the nature of the contributions that auditors provided to their organizations.
Auditors had to rethink where and how resources were applied. The need to do things differently became more apparent, particularly in terms of making dramatic changes in efficiency and effectiveness. But change did not stop there. Fast forward to today and the internal audit function of many organizations is currently in the process of significant transformation. In addition to its assurance functions, the internal audit team is now expected to be heavily involved in the assessment of the risk management function while also serving as valuable advisors across the organization.
Although the new expectations are undoubtedly challenging, the opportunity to contribute to an organization’s overall success is more exciting than ever before. The internal auditor is in a unique position, with a mandate that provides access to an incredibly broad and varied range of people, processes, systems and data.
Progressive internal audit departments often express interest in having “a seat at the table,” to be taken more seriously by the C-suite and to be recognized for the value they can contribute.
Why shouldn’t internal audit be a critical component of the governance, risk and compliance structure — a component that makes a real difference? No reason at all, except that in practice, very few internal audit departments are enabled to function as critical contributors.
In any core operational area of an organization, it’s likely that during the past five years there has been a significant investment in technology designed to transform the efficiency and competitiveness of processes. In the case of internal audit, nearly every survey and report from The Big Four highlights technology as playing a critical role in the future of internal audit. It is considered to be one of the top priorities for the Chief Audit Executive (CAE) and senior-level audit management.
And yet there is a sizable disconnect between how CAEs expect technology to be used in internal audit and how technology is actually used. A recent PwC report shows that only 40 percent of CAEs consider internal audit to be leveraging technology well. Senior management’s view was even less favorable; only 35 percent rated internal audit as using technology effectively.
Overcoming the Technology Performance Gap
Despite the tremendous opportunity facing internal audit today, it seems that there is a real issue with how technology is being utilized. The solution requires a shift in thinking and approach.
The objective is to use technology to transform the efficiency and effectiveness of the internal audit process while also making sure that a technology silo isn’t being developed, duplicating information and systems that exist in other functional areas.
What is Wrong with Internal Audit’s Current Approach to Technology Usage?
It depends on the history and approach of each distinct internal audit department. Chances are, the use of audit technology is still built around the traditional processes of audit management and working paper documentation.
But what if the time has come for a complete overhaul in approach that would maximize efficiency and effectiveness? Technology has enabled global business transformation in recent years. Arguably, it is now time for internal audit to follow suit and demonstrate to the C-Suite that it really deserves a “seat at the table.”
Successfully Leveraging Technology in Internal Audit Management
There are a number of areas to address in order to achieve a successful transformation:
- The place to start is at the top. Leadership needs to declare the critical role of technology as a strategic enabler for internal audit and to ensure that it is treated as such.
- Management must provide direction with regard to implementation of technology in the same way that is done for any critical project: set clear goals and timelines, provide the necessary resources and strictly manage project processes.
- Ensure a seamless end-to-end internal audit process by looking at all the key components of the process and considering how they should ideally fit together.
- Avoid silos. Internal audit needs to be an objective and independent function, but this does not mean that its systems cannot integrate seamlessly and securely with those of risk and control management and compliance.
- Integrate data analysis and automated testing closely into audit processes, from initial risk assessment and audit planning, through detailed control testing and continuous auditing, to exception management and quantified reports. Data analysis can be applied effectively as part of a transformed audit process, but it can also play a significant role in quantified risk assessment and continuous monitoring.
Internal auditors have never had this particular opportunity to be recognized as highly valuable professionals who are sought after throughout the organization, but successful harnessing of technology is critical to enacting industry-wide transformation.