The COVID-19 pandemic has accelerated the pace of digital transformation, forcing businesses to evaluate how to better engage their teams and achieve strategic goals. As trusted advisors, internal auditors must also adapt to these technological changes, innovate when assessing key risks for their organizations, and harness the power of the many tech tools now available.
However, many Internal Audit functions have yet to adopt Governance, Risk, and Compliance (GRC) software, data analytics, and automation - despite the fact that these tools enhance audit coverage and increase efficiencies. Following a virtual Institute of Internal Auditors (IIA) chapter meeting in the Washington, D.C. area, the audience was polled on their use of automation and data analytics.
These results revealed significant areas for improvement:
- 24% of respondents did not use data analytics at any point in the audit process.
- 71% of respondents did not use automation in their audit projects.
- 43% of respondents do not have a GRC tool.
These numbers underscore the need for Internal Audit to continue to innovate and digitally transform to ensure that it is keeping pace with and continues adding value to the business. Here are a few considerations for how to get started and make a difference:
Take full advantage of the tools and technology already available to you.
One barrier to adoption of automation and analytics tools is cost. However, you may currently have tools that your organization previously procured or are available for free. For example, Microsoft Power BI is a great option for building data visualization dashboards, and Power BI Pro is often included in existing licenses. Further, there are many free open-source tools that take advantage of the Python programming language which can be used for complex data analysis and visualization (e.g., pandas, Matplotlib). Finally, aligning the audit team with broader organizational digital transformation initiatives will create synergies that reduce the cost of Internal Audit’s adoption.
Evaluate innovation in your Quality Assurance and Improvement Program (QAIP).
The objective of a QAIP is to ensure that your audit function incorporates quality assurance and aligns with the standards issued by the IIA. Because a quality assurance review already involves examining completed audits for improvement opportunities, it is also a great time to identify areas where data analytics and automation can be leveraged throughout the audit process. Consider assigning an innovation score to your audits as part of these reviews.
Focus on training and upskilling your team.
There are a myriad of training options available to auditors who are looking to gain new skills. Start with a skills assessment to determine areas where the team would benefit from training. Additionally, it is helpful to identify champions who will help communicate the value of automation and/ or data analytics and guide the team on how to best incorporate these technologies. In some cases, strategic hires may be necessary to make significant progress.
Find additional opportunities outside of audit fieldwork to leverage data when conducting risk assessments and audit planning.
In the poll, only 27 percent of respondents said that they used data analytics during risk assessments or audit planning, as opposed to 63 percent who said they had used it while performing audit fieldwork. Aligning with the business to incorporate quantitative metrics into the risk assessment process can facilitate a more dynamic analysis of the risk landscape, which would enable you to focus on areas that matter most for the company. In addition, data analytics can be used during the planning process of an audit to help identify segments of the business that may require additional focus.
Build a business case for a GRC tool.
The value of GRC tools is not always apparent to those outside of the Internal Audit function. Governance, risk management, and compliance are three critical factors for any organization’s success, and GRC tools (such as AuditBoard) provide enhanced visibility into those areas across the organization. They can also streamline the document request process and allow process owners to provide direct updates on audit remediation activities, extending value to a variety of stakeholders.
Internal Audit, like any business function, must continue to evolve and embrace the opportunities brought forth by digital transformation. The adoption of GRC tools, data analytics, and automation is proving crucial to the future of any audit function, and Internal Audit must adapt or risk falling behind.