As new technologies emerge, Internal Audit functions must stay ahead of disruption and maintain trust within their organization.
In today’s business environment, transformation and trust go together. Companies are rightly capitalizing on the rise of disruptive technologies to transform – harnessing the power of data, reinventing their systems and processes and developing new business models. To be successful, given the breadth of impact and wide range of stakeholders affected by these transformations, including investors, customers, employers, suppliers, regulators and the public at large, the key foundational element must be trust.
As an independent assurance function, Internal Audit (IA) naturally plays a key role in enabling organizations to build a brand of trust as they move along their transformational journeys.
However, as complexity and disruption increase in the business, Internal Audit will need to have a much bigger advisory role to sustain stakeholder trust in organizations. It will need to provide broader insights on all the risks that an organization faces. These are not just the preventable downside risks that have traditionally fallen within its remit, but also the upside risks that management should be exploring such as innovation, and the outside risks that are on the horizon, such as demographic shifts, climate change and globalization.
In the future, the word “assurance” will take on a new meaning. It will not just be about providing comfort around financial and operational risks. Instead, management will expect that Internal Audit provide assurance over the management of risks that the function was never asked to consider in the past. So how does Internal Audit keep pace with this business transformation and maintain its position as trust custodian?
The answer to that question is that Internal Audit can no longer transform itself in minor increments the way it has done in the past. It needs to go through a holistic and planned transformation – one that positively disrupts the entire life cycle of Internal Audit and its surrounding operating environment. Functions must become more data-driven, make more use of emerging technologies, have more dynamic processes and draw on a more flexible people model. Throughout the phases of the transformation journey, strategies for talent, processes and technology should be challenged concurrently to design a disruption that makes sense for the entire environment.
Of course, it is unrealistic to expect the holistic change in one big bang – but even getting started has been a challenge for many companies. The key, however, is to create a long-term plan for transformation while targeting the low-hanging fruit that can be used as a basis for generating quick wins. These quick wins can then be used to demonstrate early success in the transformation; thereby, creating appetite to adopt some of the more complex and strategic items. Transformation is made up of individual adjustments to behavior coupled with advances in technology and can be small and targeted, large and strategic, or both.
So, what should organizations consider to get started with their IA transformation?
- Technology/operating model: Companies could start with technology, its use and impact within the Internal Audit operating model. One key question to ask is this: how can technology better enable the current function, for example, increase the flexibility of the process, replace repetitive tasks, increase coverage or drive insights?
Technology offers numerous opportunities to enhance the entire Internal Audit life cycle from risk assessment and audit planning to execution and reporting. It’s not just about doing manual audits in a more agile fashion. Look for opportunities to leverage analytics, robotics and optical character recognition tools for control testing and continuous monitoring. Explore the use of collaboration tools that provide opportunities to quickly gather information and organize output to enable a continuous risk assessment process. Enhance reporting through digitization. For longer-term or heavier lifts, such as AI and process mining, consider teaming with the business to enhance your business insight but also provide a path to increase your trusted relationships.
- Talent: As people are core to Internal Audit, they are also core to the transformation of the function. It’s important to ask if the skillsets you have now will be the same ones needed in the future. In our increasingly globalized, fast-paced world, it is no longer enough for Internal Audit to consist of a team of people with fixed skillsets sitting together in one office. Organizations need to have a flexible people model where they draw on a diverse and mobile workforce with a broad range of skills. Functions could start with quick actions like expanding hiring sources, implementing a rotational staffing model with the business, partnering with third-party providers for complementary skills and developing tailored learning and experience curriculums to develop soft and technical skills.
It’s not just about doing manual audits in a more agile fashion. Look for opportunities to leverage analytics, robotics and optical character recognition tools for control testing and continuous monitoring.
The definition of the future will continue to evolve as new technologies emerge and many Internal Audit functions begin their journey to get ahead of the disruption and maintain trust within their organization. No two transformations will be the same, and now, more than ever, organizational alignment should be at the heart of each decision.
To continue maintaining a culture of trust in their companies, now is the time for Internal Audit functions to start the process of designing their own disruption.