The Reshaping of Internal Audit through Robotic Process Automation


Author: Tangent Solutions

Published: 9 June 2022

The Internal Audit

Internal Audit remains one of the cornerstones of an organisation’s corporate governance, as you are uniquely positioned to provide global assurance to the audit committee and senior management regarding the effectiveness of internal governance controls and risk processes. 

Furthermore, internal auditors are well-placed to fulfill an advisory role on assurance coordination, effective ways of improving existing processes, and assisting management in implementing recommended improvements. However, for Internal Audit functions to serve in this valuable capacity they, themselves, must be innovative.

This article explores and answers the questions around; how can you, as auditors, manage the controls around new technology implementations and technology-driven processes without acquiring new technology skill sets, taking new audit approaches, and using innovative technologies for extracting data, testing, and reporting. 

The Role of Internal Auditors

Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. As the third line of defense, it helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The following activities typically form part of your internal auditors roles and responsibilities:

  • Evaluating Existing Controls | Internal auditors need to assess the tone and risk management culture of the organisation as well as evaluate and report on the effectiveness and efficiency of the implementation of management policies.
  • Evaluating Potential Risks | The method by which risks are assessed is often affected by changing trends and conditions on a business or economic scale. As a result, the techniques of Internal Audit have changed from a reactive and control-based approach to a more proactive and risk-based one. This enables internal auditors to anticipate possible future concerns and opportunities as well as identifying current issues.
  • Analysing Operations and Confirming Information | Internal auditors must be well versed in the strategic objectives of the organisation to have a clear understanding of how the operations of any given part of the business fit into the bigger picture.
  • Reviewing Compliance | Compliance review ensures that the organisation is adhering to rules, regulations, laws, codes of practice, guidelines, and principles as they apply individually and collectively to all parts of their organisation.

The Persistence of Internal Audit Challenges

The world is reaching a technology inflection point where powerful and accessible emerging technologies give organisations the opportunity to make leaps in productivity and market growth while creating new products, services, and markets not yet imagined. However, in reflecting on the changes around it, Internal Audit soon will not be auditing the way it has in the past by using today’s skills.

The Rise of Disruptive Technologies

Today, Internal Audit may only have exposure to a limited number of technologies, such as enterprise resource planning (ERP), cloud, big data, and analytics. However, the list of technologies that auditors must understand is growing rapidly. As a result, Internal Auditors must enlist innovative tools, skills, and methods for providing assurance.

A Shift in Audit Methodology

With the adoption of these emerging technologies, gaps are created in audit frameworks and procedures that must be applied consistently. To adapt, Internal Audit departments must shift their underlying methodologies to more-ongoing, continuous, or real-time modes of audit, while the organisations must make significant investments in training, resources, tools, and standardisation.

Barriers in Data Extraction

Internal auditors face constant challenges regarding independent access to data required for conducting audits. In order to become more self-sufficient, internal auditors must be able to extract data directly from operational and financial systems, use tools as governance, risk, and compliance technology, use optical character recognition and adopt security tools to access the data needed.

A Growing Knowledge Gap

As organisations begin to embrace intelligent automation in products and services, Internal Auditors will need to become more knowledgeable about these technologies well in advance of applying them within the department. It will make Internal Audit a much more attractive profession in the future and can create differentiation for organisations when competing for scarce skill sets and technology savvy resources.

Changes in Audit Skill Sets

A technological understanding at a level well beyond basic IT general controls must be part of everyone’s core skills. Internal Audit needs risk professionals who are technology-curious and have mindsets and abilities to routinely retool, based on emerging technologies and changing enterprise risks.

The Rise of Robotic Process Automation

Typically, the natural adoption curve for Internal Audit functions has been towards greater use of long-standing tools and less towards more-advanced ones. For example, certain technologies that have been thought of as revolutionary in the recent past are now considered fundamental tools for Internal Audit functions that seek to resolve complex issues and maintain their value in a technology-driven future. This includes technologies from dashboards and self-service data extraction to advanced analytics.

However, some Internal Audit functions have started moving across the continuum by leaning right into the technology-driven future. They are already advising in areas such as risks and controls over Robotic Process Automation (RPA) and the application of Artificial Intelligence (AI) in their organisation.

The Four Levels of Automation

  • Level 1 represents organisations that have not adopted any sort of automation within their business and nor have it within their strategy. This is indicative of companies conducting manual work with a high rate of human error.
  • Level 2 identifies with organisations that have started dipping their toes to get a feel for automation. They have some basic processes automated, which require human intervention at some point within the process.
  • Level 3 is where businesses are now moving towards a more intermediate level of automation. A majority of their standardised processes are automated, requiring minimal human intervention, with independent access to data sources.
  • Level 4 organisations have got full automation implemented within various departments. It requires minimal human intervention, has independent access to the data source, and has complete coverage of all processes.

The Benefits of Creating a Digital Workforce

The investment in automation technologies can yield many positive returns such as:

  • Better Use of Scarce Resources | By replacing manual activities, automation can free up capacity for teams, allowing personnel to focus on higher-value activities, such as quality assurance reviews, exception management, process improvement, and interpersonal interactions. In turn, this shift toward value-added activities can improve operating effectiveness, allowing the Internal Audit organisation to keep pace with business changes and the associated impact.

  • Increased Efficiency and Reduced Costs | RPA can operate and execute audit tasks around the clock at an accelerated pace. A reduction of time-consuming manual activities can lead to significant cost savings.

  • Higher Quality Output | RPA enables tasks to be performed more uniformly and efficiently. In addition, the results are highly traceable and auditable. With inherent process standardization, fewer manual errors are likely to occur, which improves the accuracy and quality of audits.

  • Greater Business Value | RPA technology can enable organisations to increase the frequency of testing and, in many cases, to transition to a continuous auditing model for providing more timely insights to the business. As technologies evolve, the business value is expected to increase in tandem, enabling proactive insights and analysis in reporting.

  • Greater Coverage | Having Robotic Automation manage and drive the full analytics allows Internal Audit professionals to get greater coverage across the organisation (more data, transactions, etc.) achieve greater assurance, while not increasing the time or resources needed to analyse large data populations.

  • Improved On-Demand Visibility into Department Performance | Using automation in reporting and project tracking allows for on-demand visibility into departmental performance. Dashboards and workflow tools execute timely and efficient internal audit functions while simplifying the sharing of information and collaboration with risk functions.

Key Processes Suitable for Automation in Internal Audit

The following audit phases are examples of processes that are primed for automation and can have positive and lasting implications for your business model;

1. Risk Assessment

a. Compliance risk assessment and visualisation.
b. Continuous business operations monitoring. 

2. Audit Planning

a. Automation of text-heavy documents.
b. Profile business operations.
c. Exploratory analytics and “what-if?” analysis.

3. Fieldwork

a. 100% population testing
b. Detection of suspicious logs associated with IT systems


Internal Audit’s Role in Intelligent Automation

With the vast uncertainties presented by the rise of disruptive technologies, the Internal Audit function must keep pace to help the organisation understand and manage the associated risks, achieve expected results from automation, and continue to innovate to add value.


Key Opportunities for Internal Audit within Intelligent Automation Initiatives

Role 1 | Internal Audit can help to integrate governance, risk, and controls considerations throughout the automation program life cycle.

Role 2 | Internal Audit can help the organisation identify opportunities to embed automation-enabled control activities within the impacted business processes and functions.

Role 3 | The Internal Audit organisation can capitalize on intelligent automation innovations to increase the efficiency and effectiveness of its own activities.

Want To Learn More
About Tangent?

Take a look at all our Case Studies, Articles, On The Record, and In The News

Contact Us To Begin Your Automation Journey

Increase efficiency, effectiveness, and quality throughout the Internal Audit life cycle. Create more value for your business and make better use of the most precious resource of all – intelligent, highly skilled human talent.