Top Priorities for Internal Audit in Financial Services Organisations
Meeting the Data Analytics Challenge
Data analytics, cybersecurity and technology-related issues dominate the financial services responses to Protiviti’s 2018 Internal Audit Capabilities and Needs Survey
Emerging technology is changing the internal audit function at financial services firms. The growth of data analytics in internal audit presents a specific challenge and significant opportunity for auditors in particular. The digitalisation revolution is well underway and financial institutions are competing with disruptors in the financial technology, or fintech, sector. Machine learning and robotic process automation (RPA) are among the many emerging technologies and innovations that internal audit functions need to embrace and employ if they are going to deliver deeper insights in a more efficient and effective manner. Increasingly, the ability to use big data and powerful analytics tools to manage operations and execute strategic plans more effectively will become a competitive advantage.
The cybersecurity threat remains a top priority for internal audit plans for 2018. Annual regulatory requirements are a constant pressure for financial services firms. At the same time, compliance pressures remain, with requirements such as model risk management, stress testing (the Dodd-Frank Act stress tests, or DFAST, and Comprehensive Capital Analysis and Review, or CCAR) and capital planning.
This executive summary details the areas of focus cited by financial services respondents to Protiviti’s 2018 global Internal Audit Capabilities and Needs Survey.
Executive Summary of Key Financial Services Industry Results from the 2018 Internal Audit Capabilities and Needs Survey: Our Notable Findings
- The use of analytics in auditing remains in the early stages — Many financial services industry (FSI) audit functions have piloted some programmes, although few have embedded more advanced analytics into their audit processes.
- Fraud, cybersecurity threats, third-party risk and enterprise risk management (ERM) are top audit plan priorities — Organisations are focused most on these areas in their 2018 audit plans. Internal audit functions should determine how to transition to analytics to improve their coverage of these areas.
- Robotic process automation (RPA), among the top areas in need of improvement, is drawing significant interest from chief audit executives (CAEs) and internal audit leaders are seeking to learn more about how to use it from a business improvement standpoint, as well as how to audit RPA in the organisation.
- Stress testing and Comprehensive Capital Analysis and Review (CCAR) remain top of mind for financial services auditors — Model risk-related issues, such as stress testing and CCAR, are foremost concerns, as are new accounting standards for current expected credit loss (CECL).
- Third-party risk management remains a standout priority for financial services firms. This has become an even greater issue as more firms seek partnerships with technology companies. Financial services internal auditors need to ensure their organisations have robust vendor management processes in place.
- The need for greater efficiency and the move to digital are driving the requirement for enhanced cloud computing knowledge, while big data remains an ever-present issue. More than half of all CAE respondents confirm that cloud and big data are included in their 2018 audit plans.