1. Evaluating existing controls
Internal auditor’s need to assess the tone and risk management culture of the organization as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.
Internal Audit remains one of the cornerstones of an organization’s corporate governance as it is uniquely positioned to provide global assurance to the audit committee an senior management regarding the effectiveness of internal governance controls and risk processes. Furthermore, internal auditors are well-placed to fulfill an advisory role on assurance coordination, effective ways of improving existing processes, and assisting management in implementing recommended improvements.
However, in order for Internal Audit functions to serve in this valuable capacity they themselves must be innovative. How can auditors manage the controls around new technology implementations and technology- driven processes without acquiring new technology skill sets, taking new audit approaches and using innovative technologies for extracting data, testing and reporting?
How can Internal Audit cast a wider lens over risks without building the department’s efficiency through collaboration tools, analytics, and other technologies? In other words, innovation-driven organizations need innovation-driven internal audit functions, or Internal Audit’s value will diminish.
Fortunately, the age of automation has arrived and is accompanied by opportunities for integrating advanced technologies into Internal Audit functions as the third line of defense. Internal Audit departments, large and small, have already begun their journey into the world of automation by expanding their use of traditional analytics to include predictive models, robotic process automation (RPA), and cognitive intelligence (CI). This is leading to quality enhancements, risk reductions and time savings as well as increased risk intelligence. With automation technologies advancing swiftly and early adopters demonstrating their effectiveness, now is the time for Internal Audit to understand and prioritize opportunities for automation and take the necessary steps to prepare for successful deployment.
The Role of Internal Auditors:
Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. As the third line of defense, it helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The following activities typically form part of internal auditor’s roles and responsibilities:
Internal auditor’s need to assess the tone and risk management culture of the organization as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.
Internal auditors need to identify key activities and relevant risk factors, while assessing their significance. The manner in which risks are assessed is often affected by changing trends and conditions on a business/economic scale. As a result, the techniques of Internal Audit have changed from a reactive and control-based approach to a more proactive and risk-based one. This enables internal auditors to anticipate possible future concerns and opportunities as well as identifying current issues.
Internal auditors need to work closely with line managers to review operations and report their findings. Therefore, internal auditors must be well versed in the strategic objectives of the organization in order to have a clear understanding of how the operations of any given part of the organization fit into the bigger picture.
Compliance review ensures that the organization is adhering to rules, regulations, laws, codes of practice, guidelines and principles as they apply individually and collectively to all parts of their organization.
Internal Audit Mandate:
-Check internal controls
-Error handling
-Provide objectivity
-Add value back to business
The world is reaching a technology inflection point where powerful and accessible emerging technologies give organisations the opportunity to make leaps in productivity and market growth, while creating new products, services, and markets not yet imagined. However, in reflecting the changes around it, Internal Audit soon will not be auditing the way it has in the past by using today’s skills.
Today Internal Audit may only have exposure to a limited number of technologies, such as enterprise resource planning (ERP), cloud, big data, and analytics. However, the list of technologies
that auditors must understand is growing rapidly, including the risks that will have to be covered, and the frequency of technological change that will have to be addressed that makes today’s
foundational tools obsolete. To play a valuable role in the organization, Internal Audit must enlist innovative tools, skills, and methods for providing assurance.
With the adoption of these emerging technologies, gaps are created in audit frameworks and procedures that must be applied consistently. To adapt, Internal Audit departments must shift their underlying methodologies to more-ongoing, continuous, or real-time modes of audit, while the organizations must make significant investments in training, resources, tools and standardization.
Internal auditors face constant challenges regarding independent access to data required for conducting audits. In order to become more self-sufficient, internal auditors must be able to extract data directly from operational and financial systems, use tools as governance, risk, and compliance technology, use optical character recognition, and adopt security tools to access the data needed.
Very few Internal Audit functions are rated as advanced in their use of this emerging group of technologies. However, as organizations embrace intelligent automation in products and services, Internal Audit will need to be knowledgeable about these technologies well in advance of applying them within the department. It will make Internal Audit a much more attractive profession in the future and can create differentiation for organizations when competing for scarce skill sets and technology savvy resources.
The Daily Barriers of Internal Audit
-Lack of independent connection to data sources required for audits
-Poor data quality, usually due to human error
-Normalisation of data for analysis due to the receival of exceptions in various formats
-Management of a vast amount of exceptions on application such as MS Excel
“There is no way to talk about a financial institution without considering
technology. Therefore, the internal audit functions of these institutions must
know technology and make intense use of it in their
work. I believe that in the next five years, technology will make internal audit
functions fast, relevant, and timely and offer greater coverage and lower
costs.”
- Fabio Adriano Da Silva, Internal Audit Manager,
Banco do Brasil SA
The way to begin an automation road map is to conduct a process scan and opportunity assessment to identify processes and activities with the highest potential return on automation investment. Activities appropriate for RPA generally have certain characteristics.
A great starting point if considering RPA is by automating basic processes such as invoice data entry
and cash applications. These are best suited to carry out proof-of-concept studies before beginning
the RPA journey. You can follow this with other processes such as billing and invoicing, as well as
customer and vendor data setups.
The general accounting processes are, however, often fragmented as they are generated from
periodic and event-driven activities. Therefore, the best way to automate these processes is to adopt
a more agile and iterative approach to ensure that the most value is attained.
In addition, processes that incorporate activities such as manual journal entries should rather
implement attended rather than unattended automation. The reasoning behind this is that these
processes could require the need for expert judgement or a customized computation specific to the
event or scenario.
In an environment that is constantly changing, internal auditors play an increasingly important role. With the vast uncertainties presented by the rise of disruptive technologies, the Internal Audit function must keep pace to help the organization understand and manage the associated risks, achieve expected results from automation, and continue to innovate to add value. Key opportunities for Internal Audit within intelligent automation initiatives include the following:
Internal Audit can help to integrate governance, risk, and controls considerations
throughout the automation program life cycle as an organization establishes and implements
its programme.
Internal Audit can help the organization identify opportunities to embed automationenabled control activities within the impacted business processes and functions.
The Internal Audit organization can capitalize on intelligent automation innovations to increase the efficiency and effectiveness of its own activities
“RPA and AI are the next big technologies. It will be important for
Internal Audit to understand these technologies and be able to push
the business in how they implement new solutions in the future.
With new technology comes new security risk, and this should be a
concern of boards going forward.”
- Alvin Bledsoe, Audit Committee Chair, SunCoke Energy