The COVID-19 pandemic accelerated the pace of digital transformation, forcing businesses to evaluate how to better engage their teams and achieve strategic goals. As trusted advisors, internal auditors must also adapt to these technological changes, innovate when assessing key risks for their organizations, and harness the power of the many tech tools now available.

The time for internal audit transformation has come.

However, many Internal Audit functions have yet to adopt Governance, Risk, and Compliance (GRC) software, data analytics, and automation – despite the fact that these tools enhance audit coverage and increase efficiencies. Following a virtual Institute of Internal Auditors (IIA) chapter meeting in the Washington, D.C. area, the audience was polled on their use of automation and data analytics.

These results revealed significant areas for improvement:

  • 24% of respondents did not use data analytics at any point in the audit process.
  • 71% of respondents did not use automation in their audit projects.
  • 43% of respondents do not have a GRC tool.

These numbers underscore the need for the Internal Audit function to continue to innovate and digitally transform to ensure that it is keeping pace with and continues adding value to the business. Here are a few considerations for how to get started and make a difference.

internal audit best practices

Take Advantage of the Tools and Technology Already Available to You

One barrier to the adoption of automation and analytics tools is cost. However, you may currently have tools that your organization previously procured or are available for free.

For example, Microsoft Power BI is a great option for building data visualization dashboards, and Power BI Pro is often included in existing licenses. Further, there are many free open-source tools that take advantage of the Python programming language which can be used for complex data analysis and visualization (e.g., pandas, Matplotlib). Finally, aligning the audit team with broader organizational digital transformation initiatives will create synergies that reduce the cost of Internal Audit’s adoption. 

Corporate governance, financial reporting, risk management, cybersecurity, and other key functions throughout the business can benefit from internal audit leaders migrating their teams and processes into modern digital tools to ensure all departments are modernizing at appropriate speeds and in proper alignment.

Evaluate Innovation in Your Quality Assurance and Improvement Program (QAIP)

The objective of a QAIP is to ensure that your audit function incorporates quality assurance and aligns with the standards issued by the IIA. Because a quality assurance review already involves examining completed audits for improvement opportunities, it is also a great time to identify areas where data analytics and automation can be leveraged throughout the audit process. Consider assigning an innovation score to your audits as part of these reviews. 

Focus on Training and Upskilling Your Team

There are myriad training options available to auditors who are looking to gain new skills. Start with a skills assessment to determine areas where the team would benefit from training. Additionally, it is helpful to identify champions who will help communicate the value of automation and/ or data analytics and guide the team on how to best incorporate these technologies. In some cases, strategic hires may be necessary to make significant progress. 

Key stakeholders in senior management should advocate on behalf of upskilling their team, rather than waiting for consensus to form or to be prompted to upskill for external reasons. Leveling-up skill sets can take many forms and provide new roadmaps for ambitious staff, too. For example, cross-training an internal auditor in advanced cyber capabilities benefits both functions (IA and Cyber) as well as the employee. Or, enabling employees to dedicate time to the exploration of new technologies, like artificial intelligence or machine learning, can help source new ideas for internal audit transformation.

Find Additional Opportunities Outside of Audit Fieldwork to Leverage Data When Conducting Risk Assessments and Audit Planning

In the poll, only 27% of respondents said that they used data analytics during risk assessments or audit planning, as opposed to 63% who said they had used it while performing audit fieldwork. Aligning with the business to incorporate quantitative metrics into the risk assessment process can facilitate a more dynamic analysis of the risk landscape, which would enable you to focus on areas that matter most for the company. In addition, data analytics can be used during the planning process of an audit to help identify segments of the business that may require additional focus. 

Build a Business Case for a GRC Tool

The value of GRC tools is not always apparent to those outside of the Internal Audit function. Governance, risk management, and compliance are three critical factors for any organization’s success, and GRC tools (such as AuditBoard) provide enhanced visibility into those areas across the organization. They can also streamline the document request process and allow process owners to provide direct updates on audit remediation activities, extending value to a variety of stakeholders. 

Internal Audit, like any business function, must continue to evolve and embrace the opportunities brought forth by digital transformation. The adoption of GRC tools, data analytics, and automation is proving crucial to the future of any audit function, and Internal Audit must adapt or risk falling behind.

To move the need on your organization’s internal audit transformation, contact CrossCountry Consulting today.

Editor’s note: Updated May 2022