Protiviti's 2020 internal audit capabilities and needs survey

Exploring the Next Generation of Internal Auditing

In recent years, mammoth waves of disruption have both buffeted and ignited organisations in their drive to change and stay relevant. Not surprisingly, internal audit functions have seen the effects. It’s now time for internal audit leaders and their teams to take the initiative, stand up and ride their own wave of transformation and innovation.

Becoming a next-generation internal audit function shares more than a few similarities with big-wave surfing. Both require overcoming trepidation and committing completely. There are also different forms of knowledge to acquire, unfamiliar challenges to navigate, and new skills and competencies to develop.

To build and manage a next-generation function, internal audit leaders and teams have a host of their own governance, methodology and enabling technology competencies to hone. The results of our latest Internal Audit Capabilities and Needs Survey show that most audit functions need to quickly improve their acquisition and development of next-generation auditing skills.

In fact, in rating their competency levels for different areas of next-generation internal audit governance, methodology and enabling technology, chief audit executives (CAEs) and internal audit professionals provided scores that are among the lowest levels in our entire survey.

These findings should serve as a wake-up call for internal audit leadership. Next-generation auditing capabilities, processes and tools — from strategic vision, agile auditing and dynamic risk assessment to artificial intelligence (AI), machine learning and process mining, among others — should be pressing priorities for the internal audit function to build and grow as their organisations continue to transform and stakeholder expectations for these capabilities rise. Our results show that audit committees certainly hold this to be true. At present, too many internal audit teams are not adequately prepared to commit to difficult but necessary transformation.

Our Key Findings:

  1. Next-generation internal audit competencies need to be prioritised rather than marginalized — especially enabling technologies.
  2. Fewer internal audit groups are undertaking some form of innovation or transformation, but the maturity of these capabilities has increased.
  3. Audit committees want CAEs to communicate how their transformation and innovation efforts are resulting in more coverage of risks and deeper audit reviews.
  4. In addition to next-generation internal audit competencies, top audit plan priorities include cyber threats, enterprise risk management, fraud and third-party risks.