2019 Internal Audit Capabilities and Needs Survey
Embracing the Next Generation of Internal Auditing
Now is the time to commit to the journey to evolve into a next-generation internal audit function. While this journey will be prolonged and marked with steep challenges, it is absolutely imperative given the intensifying nature of the digital transformation underway in the rest of the organisation and the overall market.
The results of our 2019 Internal Audit Capabilities and Needs Survey, in which we take an in-depth look at the adoption of next-generation internal audit competencies such as agile auditing, artificial intelligence (AI), machine learning (ML), robotic process automation (RPA) and continuous monitoring, among many others, provide a detailed assessment of how internal audit groups are progressing on their next-generation journeys.
It’s positive to see that most internal audit functions have launched innovation and transformation activities, starting their next-generation journeys. However, more substantive progress is needed in a number of areas if early-stage next-generation internal audit models are to mature and fulfill their massive potential. Undertaking this journey requires recognition that transformation consists of more than a collection of discrete activities; becoming a next-generation internal audit function requires a new mindset and a commitment to continual evolution. Some internal audit groups are ahead of the game, including most of those that reside within companies considered “digital experts” and “digital leaders.” Among other practises, digital leaders are far more likely than other organisations to appoint internal audit innovation/transformation champions.
Also, in this year’s study, we take a broad look at overall priorities for internal audit functions, including their top audit plan priorities.
Our Key Findings:
- Three out of four internal audit groups are undertaking some form of innovation or transformation effort — While this finding is expected given what we’ve observed in the market, it also sends a clear message to the significant number of internal audit functions that have yet to begin their next-generation journeys: It’s time to get started.
- Overall, the adoption of next-generation internal audit capabilities is in its early stage — The implementation of the governance mechanisms, methodologies and enabling technologies that comprise the next-generation internal audit model has so far occurred in a predominantly ad hoc manner. Internal audit groups within organisations that are digital leaders have made substantially more progress with their innovation and transformation initiatives.
- Chief audit executives need to take the lead in getting the function’s transformation on the audit committee agenda — Fewer than one in five organisations report that their audit committee is highly interested in the internal audit group’s innovation and transformation activities. It is incumbent on CAEs to convey the internal audit function’s commitment to innovation and transformation to the audit committee members through effective, efficient information-sharing practises and persuasive presentations.
- ERM, cyber security risks, vendor and third-party risk management, and fraud risk management are top audit plan priorities — Internal audit groups are highly focused on these areas in their 2019 audit plans.
Top 10 Audit Plan Priorities for 2019:
- Enterprise risk management
- Cybersecurity risk/threat
- Vendor/third-party risk management
- Fraud risk management
- COSO Internal Control – Integrated Framework
- Agile risk and compliance
- Lease Accounting Standard – Accounting Standards Update (ASU) No. 2016-01, Leases (Topic 842)
- AICPA’s Criteria for Management’s Description of an Entity’s Cybersecurity Risk Management Programme (Exposure Draft)
- Cloud computing
- Revenue Recognition Standard (Financial Accounting Standards Board [FASB] Accounting Standards Update No. 2014-09)