1. Evaluating existing controls
Internal auditor’s need to assess the tone and risk management culture of the organization as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.
Internal Audit
Internal Audit remains one of the cornerstones of an organization’s corporate governance as it is uniquely positioned to provide global assurance to the audit committee an senior management regarding the effectiveness of internal governance controls and risk processes. Furthermore, internal auditors are well-placed to fulfill an advisory role on assurance coordination, effective ways of improving existing processes, and assisting management in implementing recommended improvements.
However, in order for Internal Audit functions to serve in this valuable capacity they themselves must be innovative. How can auditors manage the controls around new technology implementations and technology- driven processes without acquiring new technology skill sets, taking new audit approaches and using innovative technologies for extracting data, testing and reporting?
How can Internal Audit cast a wider lens over risks without building the department’s efficiency through collaboration tools, analytics, and other technologies? In other words, innovation-driven organizations need innovation-driven internal audit functions, or Internal Audit’s value will diminish.
Fortunately, the age of automation has arrived and is accompanied by opportunities for integrating advanced technologies into Internal Audit functions as the third line of defense. Internal Audit departments, large and small, have already begun their journey into the world of automation by expanding their use of traditional analytics to include predictive models, robotic process automation (RPA), and cognitive intelligence (CI). This is leading to quality enhancements, risk reductions and time savings as well as increased risk intelligence. With automation technologies advancing swiftly and early adopters demonstrating their effectiveness, now is the time for Internal Audit to understand and prioritize opportunities for automation and take the necessary steps to prepare for successful deployment.
START YOUR INTELLIGENT AUTOMATION JOURNEY TODAY
Book an appointment with one of our representatives.
A GLIMPSE INTO THE INTERNAL AUDIT WORLD
The Role of Internal Auditors:
Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. As the third line of defense, it helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The following activities typically form part of internal auditor’s roles and responsibilities:
2. Evaluating potential risks
Internal auditors need to identify key activities and relevant risk factors, while assessing their significance. The manner in which risks are assessed is often affected by changing trends and conditions on a business/economic scale. As a result, the techniques of Internal Audit have changed from a reactive and control-based approach to a more proactive and risk-based one. This enables internal auditors to anticipate possible future concerns and opportunities as well as identifying current issues.
3. Analyzing operations and confirming information
Internal auditors need to work closely with line managers to review operations and report their findings. Therefore, internal auditors must be well versed in the strategic objectives of the organization in order to have a clear understanding of how the operations of any given part of the organization fit into the bigger picture.
4. Reviewing compliance
Compliance review ensures that the organization is adhering to rules, regulations, laws, codes of practice, guidelines and principles as they apply individually and collectively to all parts of their organization.
Internal Audit Mandate:
-Check internal controls
-Error handling
-Provide objectivity
-Add value back to business
THE PERSISTENCE OF AUDIT CHALLENGES
The world is reaching a technology inflection point where powerful and accessible emerging technologies give organisations the opportunity to make leaps in productivity and market growth, while creating new products, services, and markets not yet imagined. However, in reflecting the changes around it, Internal Audit soon will not be auditing the way it has in the past by using today’s skills.
1. The rise of disruptive technologies:
Today Internal Audit may only have exposure to a limited number of technologies, such as enterprise resource planning (ERP), cloud, big data, and analytics. However, the list of technologies
that auditors must understand is growing rapidly, including the risks that will have to be covered, and the frequency of technological change that will have to be addressed that makes today’s
foundational tools obsolete. To play a valuable role in the organization, Internal Audit must enlist innovative tools, skills, and methods for providing assurance.
2. A shift in the audit methodology:
With the adoption of these emerging technologies, gaps are created in audit frameworks and procedures that must be applied consistently. To adapt, Internal Audit departments must shift their underlying methodologies to more-ongoing, continuous, or real-time modes of audit, while the organizations must make significant investments in training, resources, tools and standardization.
3. The barriers in data extraction:
Internal auditors face constant challenges regarding independent access to data required for conducting audits. In order to become more self-sufficient, internal auditors must be able to extract data directly from operational and financial systems, use tools as governance, risk, and compliance technology, use optical character recognition, and adopt security tools to access the data needed.
4. A growing knowledge gap:
Very few Internal Audit functions are rated as advanced in their use of this emerging group of technologies. However, as organizations embrace intelligent automation in products and services, Internal Audit will need to be knowledgeable about these technologies well in advance of applying them within the department. It will make Internal Audit a much more attractive profession in the future and can create differentiation for organizations when competing for scarce skill sets and technology savvy resources.
5. The change in audit skillsets:
The pace and scale of technology innovation demand that Internal Audit no longer structure its team with individualized skillsets as it has in the past. The legacy approach requires too many individuals and is sure to be cost prohibitive. Therefore, a technology understanding at a level well beyond basic IT general controls must be part of everyone’s core skills. Internal Audit needs risk professionals who are technology curious and have mindsets and abilities to routinely retool, based on emerging technologies and changing enterprise risks.
The Daily Barriers of Internal Audit
-Lack of independent connection to data sources required for audits
-Poor data quality, usually due to human error
-Normalisation of data for analysis due to the receival of exceptions in various formats
-Management of a vast amount of exceptions on application such as MS Excel
Spectrum of Automation within Organisations
“There is no way to talk about a financial institution without considering
technology. Therefore, the internal audit functions of these institutions must
know technology and make intense use of it in their
work. I believe that in the next five years, technology will make internal audit
functions fast, relevant, and timely and offer greater coverage and lower
costs.”
- Fabio Adriano Da Silva, Internal Audit Manager,
Banco do Brasil SA
BASIC CONSIDERATIONS FOR AUTOMATION
The way to begin an automation road map is to conduct a process scan and opportunity assessment to identify processes and activities with the highest potential return on automation investment. Activities appropriate for RPA generally have certain characteristics.
It must be a highly manual, repetitive and high-volume process
It must be a rule based process
Must have low variation between processes
Inputs must be electronic or machine readable
The process and their application must be stable
The processes are already being performed by large teams
THE KEY PROCESSES SUITABLE FOR AUTOMATION IN INTERNAL AUDIT
CONSIDERATIONS FOR AUTOMATION
A great starting point if considering RPA is by automating basic processes such as invoice data entry
and cash applications. These are best suited to carry out proof-of-concept studies before beginning
the RPA journey. You can follow this with other processes such as billing and invoicing, as well as
customer and vendor data setups.
The general accounting processes are, however, often fragmented as they are generated from
periodic and event-driven activities. Therefore, the best way to automate these processes is to adopt
a more agile and iterative approach to ensure that the most value is attained.
In addition, processes that incorporate activities such as manual journal entries should rather
implement attended rather than unattended automation. The reasoning behind this is that these
processes could require the need for expert judgement or a customized computation specific to the
event or scenario.
INTERNAL AUDIT’S ROLE IN INTELLIGENT AUTOMATION
In an environment that is constantly changing, internal auditors play an increasingly important role. With the vast uncertainties presented by the rise of disruptive technologies, the Internal Audit function must keep pace to help the organization understand and manage the associated risks, achieve expected results from automation, and continue to innovate to add value. Key opportunities for Internal Audit within intelligent automation initiatives include the following:
Role 1:
Internal Audit can help to integrate governance, risk, and controls considerations
throughout the automation program life cycle as an organization establishes and implements
its programme.
Role 2:
Internal Audit can help the organization identify opportunities to embed automationenabled control activities within the impacted business processes and functions.
Role 3:
The Internal Audit organization can capitalize on intelligent automation innovations to increase the efficiency and effectiveness of its own activities
“RPA and AI are the next big technologies. It will be important for
Internal Audit to understand these technologies and be able to push
the business in how they implement new solutions in the future.
With new technology comes new security risk, and this should be a
concern of boards going forward.”
- Alvin Bledsoe, Audit Committee Chair, SunCoke Energy
@TangentSolutions
@TangentSolutions
@TangentSolutions
@TangentZA