Internal Audit Faces a Daunting Challenge
It’s time to start thinking differently. Now.
“The world we have created is a product of our thinking; it cannot be changed without changing our thinking.”
Businesses are changing as they embrace the innovation economy. Well- documented advances in new technologies and the drive for innovation and digital transformation are upending industries and increasingly are challenging internal audit functions to remain relevant.
Change is being driven by advances in technology and the use of data, as well as the broader economy in which knowledge, entrepreneurship, innovation, technology and collaboration are fueling growth. Innovation changes the business model and, as a result, the organisation’s risks, as evidenced in the top global risks for board members and C-suite executives (see table on page 2). Internal audit not only must respond to these changes, but also must be prepared to assess if the business is undertaking its innovation and transformation initiatives in the best possible manner. In order to accomplish this, internal audit must innovate itself.
Compounding internal audit’s challenge is the risk of inaction. Internal audit needs to respond to these organisational changes in order to ensure it can help manage risk and drive value in the new paradigm. As transformational changes ripple through different departments and business units, chief audit executives (CAEs) and other business leaders face a make-or-break choice: disrupt or be disrupted.
Internal auditors must adapt, evolve and transform before becoming irrelevant. They need to ready themselves for changes and new thinking – now.
This comes at a critical juncture for internal audit groups. Since the global financial crisis, many organisations, particularly those in the financial services industry, have undergone changes in which they have continually added internal audit resources in response to increased regulatory changes globally. In addition to heightened regulatory expectations and the need to maintain necessary levels of governance and control, many of these organisations are also undertaking initiatives to modernise and transform decades-old systems, processes and practises, all of which introduce risk and opportunity to the business and all of which internal audit needs to be positioned and capable to address.
This is not about simply utilising new technology to execute internal audit work in the same manner. Rather, internal audit functions need to rethink how they perform their work in a more agile manner and how they can leverage the proliferation of data and technology to deliver on their objective to provide effective risk management more efficiently. This requires balancing new internal audit models with the right technology, resources and methodologies, as well as governance and infrastructure, to create value.
The ultimate objective is clear: It is time for internal audit leaders to build what we term the next-generation internal audit function.
Consider these questions:
- Are you positioned to respond to changing risks associated with your business, and especially associated with digital transformation initiatives?
- Are you able to leverage enterprise data to conduct your risk assessments, audits and continuous monitoring more efficiently and effectively?
- Have you added resources and skill sets, as well as updated hiring practises, to address increased expectations from internal and external stakeholders?
- Have you started to use data and/or technology to enhance the internal audit function but still rely on the same methodologies and resources?
- Are you still relying primarily on point-in-time risk assessments?
- Are you still performing audits and reviews in the same way as in years past?