Internal Audit remains one of the cornerstones of an organisation’s corporate governance, as you are uniquely positioned to provide global assurance to the audit committee and senior management regarding the effectiveness of internal governance controls and risk processes. Furthermore, internal auditors are well-placed to fulfill an advisory role on assurance coordination, effective ways of improving existing processes, and assisting management in implementing recommended improvements. However, for Internal Audit functions to serve in this valuable capacity they, themselves, must be innovative.
This article explores and answers the questions around; how can you, as auditors, manage the controls around new technology implementations and technology-driven processes without acquiring new technology skill sets, taking new audit approaches, and using innovative technologies for extracting data, testing, and reporting?
The Role of Internal Auditors
Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. As the third line of defense, it helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The following activities typically form part of your internal auditor’s roles and responsibilities:
- Evaluating existing controls
Internal auditors need to assess the tone and risk management culture of the organization as well as evaluate and report on the effectiveness and efficiency of the implementation of management policies.
- Evaluating potential risks
The method by which risks are assessed is often affected by changing trends and conditions on a business or economic scale. As a result, the techniques of Internal Audit have changed from a reactive and control-based approach to a more proactive and risk-based one. This enables internal auditors to anticipate possible future concerns and opportunities as well as identifying current issues.
- Analyzing operations and confirming information
Internal auditors must be well versed in the strategic objectives of the organization to have a clear understanding of how the operations of any given part of the business fit into the bigger picture.
- Reviewing compliance
Compliance review ensures that the organization is adhering to rules, regulations, laws, codes of practice, guidelines, and principles as they apply individually and collectively to all parts of their organization.
The Persistence of Internal Audit Challenges
The world is reaching a technology inflection point where powerful and accessible emerging technologies give organizations the opportunity to make leaps in productivity and market growth while creating new products, services, and markets not yet imagined. However, in reflecting on the changes around it, Internal Audit soon will not be auditing the way it has in the past by using today’s skills.
The rise of disruptive technologies: today Internal Audit may only have exposure to a limited number of technologies, such as enterprise resource planning (ERP), cloud, big data, and analytics. However, the list of technologies that auditors must understand is growing rapidly. As a result, Internal Auditors must enlist innovative tools, skills, and methods for providing assurance.
A shift in audit methodology: with the adoption of these emerging technologies, gaps are created in audit frameworks and procedures that must be applied consistently. To adapt, Internal Audit departments must shift their underlying methodologies to more-ongoing, continuous, or real-time modes of audit, while the organizations must make significant investments in training, resources, tools, and standardization.
Barriers in data extraction: internal auditors face constant challenges regarding independent access to data required for conducting audits. In order to become more self-sufficient, internal auditors must be able to extract data directly from operational and financial systems, use tools as governance, risk, and compliance technology, use optical character recognition and adopt security tools to access the data needed.
A growing knowledge gap: as organizations begin to embrace intelligent automation in products and services, Internal Auditors will need to become more knowledgeable about these technologies well in advance of applying them within the department. It will make Internal Audit a much more attractive profession in the future and can create differentiation for organizations when competing for scarce skill sets and technology savvy resources.
Changes in Audit skill sets: A technological understanding at a level well beyond basic IT general controls must be part of everyone’s core skills. Internal Audit needs risk professionals who are technology-curious and have mindsets and abilities to routinely retool, based on emerging technologies and changing enterprise risks.
The Rise of Robotic Process Automation: typically, the natural adoption curve for Internal Audit functions has been towards greater use of long-standing tools and less towards more-advanced ones. For example, certain technologies that have been thought of as revolutionary in the recent past are now considered fundamental tools for Internal Audit functions that seek to resolve complex issues and maintain their value in a technology-driven future. This includes technologies from dashboards and self-service data extraction to advanced analytics.
However, some Internal Audit functions have started moving across the continuum by leaning right into the technology-driven future. They are already advising in areas such as risks and controls over Robotic Process Automation (RPA) and the application of Artificial Intelligence (AI) in their organization.
The Spectrum of Automation
Level 1 represents organizations that have not adopted any sort of automation within their business and nor have it within their strategy. This is indicative of companies conducting manual work with a high rate of human error.
Level 2 identifies with organizations that have started dipping their toes to get a feel for automation. They have some basic processes automated, which require human intervention at some point within the process.
Level 3 is where businesses are now moving towards a more intermediate level of automation A majority of their standardized processes are automated, requiring minimal human intervention, with independent access to data sources.
Level 4 organisations have got full automation implemented within various departments. It requires minimal human intervention, has independent access to the data source, and has complete coverage of all processes.
The Benefits of Creating a Digital Workforce
The investment in automation technologies can yield many positive returns such as:
1. Better use of scarce resources
By replacing manual activities, automation can free up capacity for teams, allowing personnel to focus on higher-value activities, such as quality assurance reviews, exception management, process improvement, and interpersonal interactions. In turn, this shift toward value-added activities can improve operating effectiveness, allowing the Internal Audit organization to keep pace with business changes and the associated impact.
2. Increased efficiency and reduced costs
RPA can operate and execute audit tasks around the clock at an accelerated pace. A reduction of time-consuming manual activities can lead to significant cost savings.
3. Higher Quality output
RPA enables tasks to be performed more uniformly and efficiently. In addition, the results are highly traceable and auditable. With inherent process standardization, fewer manual errors are likely to occur, which improves the accuracy and quality of audits.
4. Greater business value
RPA technology can enable organizations to increase the frequency of testing and, in many cases, to transition to a continuous auditing model for providing more timely insights to the business. As technologies evolve, the business value is expected to increase in tandem, enabling proactive insights and analysis in reporting.
5. Greater coverage
a. Having Robotic Automation manage and drive the full analytics allows Internal Audit professionals to get greater coverage across the organization (more data, transactions, etc.) achieve greater assurance, while not increasing the time or resources needed to analyze large data populations.
Improved on-demand visibility into department performance
Using automation in reporting and project tracking allows for on-demand visibility into departmental performance. Dashboards and workflow tools execute timely and efficient internal audit functions while simplifying the sharing of information and collaboration with risk functions.
Key Processes suitable for Internal Automation in Internal Audit
The following audit phases are examples of processes that are primed for automation and can have positive and lasting implications for your business model
1. Risk Assessment
a. Compliance risk assessment and visualization.
b. Continuous business operations monitoring
2. Audit Planning
a. Automation of text-heavy documents.
b. Profile business operations.
c. Exploratory analytics and “what-if?” analysis.
a. 100% population testing
b. Detection of suspicious logs associated with IT systems
Internal Audit’s role in Intelligent Automation
With the vast uncertainties presented by the rise of disruptive technologies, the Internal Audit function must keep pace to help the organization understand and manage the associated risks, achieve expected results from automation, and continue to innovate to add value.
Key opportunities for Internal Audit within intelligent automation initiatives
Role 1: Internal Audit can help to integrate governance, risk, and controls considerations throughout the automation program life cycle.
Role 2: Internal Audit can help the organization identify opportunities to embed automation-enabled control activities within the impacted business processes and functions.
Role 3: The Internal Audit organization can capitalize on intelligent automation innovations to increase the efficiency and effectiveness of its own activities.
AUTOMATE YOUR INTERNAL AUDIT FUNCTIONS TODAY
Internal Audit departments, traditionally burdened by manual processes and tedious tasks for years, can now turn the majority of the “grunt work” over to a digital workforce. Automation offers you a team who is able to handle long hours and repetition, and rarely make mistakes when managed properly. As a result, this has the potential to increase efficiency, effectiveness, and quality throughout the Internal Audit life cycle, creating more value for the business and making better use of the most precious resource of all – intelligent, highly skilled human talent.
At Tangent Solutions, we provide the tools, platforms, and expert knowledge to help you plug RPA into your internal audit functions. Click on the image below to reply the webinar that this article is based on.
Contact us today to book a consultation and begin your automation journey.