Over the years, internal auditing has continued to pivot and evolve in response to changing stakeholder needs. From certifying the reliability of financial statements, to advising on a broad range of business risks, regulatory changes, culture, and cybersecurity, internal auditors have adapted time and again to meet business expectations in a dynamic world.
Then came the COVID-19 crisis which forced internal auditors to once again shift gears, and find new ways of helping their organizations contain and respond to the crisis. Now, with the start of a new year and the roll-out of vaccines, the end of the pandemic looks to be in sight. As organizations prepare for a post-COVID-19 world, how can internal auditors continue to deliver value?
Our latest eBook provides some insights as it explores ways in which internal auditors can strengthen their strategic advisory role to accelerate business performance. Based on these insights, here are four priorities that are likely to be top of mind for internal auditors in 2021.
Businesses are grappling with digital disruptions, cost pressures, compliance burdens, and more. In the face of these challenges, internal auditors must move beyond their traditional role as corporate policemen, and become the valued strategic advisors that the business needs. Boards and executive teams are relying on auditors not just to identify weaknesses in control environments, but to provide insights on how the business can improve its efficiency and operating effectiveness.
Traditional audit responsibilities such as risk detection and fraud identification are now table stakes in the line of duty. More important questions are being asked about business resilience, climate change, supply chain disruption, data privacy in a remote work environment, and digital transformation risks. Within these conversations, internal auditors have the opportunity to deliver real business impact. The work they do can help organizations shape better risk and compliance programs, while also bolstering their readiness for future challenges.
So, how can internal auditors rise to the occasion and deliver what their businesses need? Here are four key steps:
The COVID-19 pandemic may have been unprecedented, but it’s unlikely to be the last major crisis. And if there’s anything that organizations have learned, it’s that they need be more resilient and better prepared. Internal auditors will play a key role in this effort, helping businesses anticipate the severity of a potential crisis, and build agility.
The role of internal audit doesn’t necessarily have to begin only after the other lines of defense have completed their observations, defined key risks, and implemented controls. Instead, auditors can be involved in the entire spectrum of activities since they have a unique, birds-eye view of the business. It is this that makes their contribution during a crisis, crucial.
Internal auditors carry the ability to dive into the business, check for silos or gaps, and ensure that crisis management plans are aligned to risks, communication strategies, and most importantly, strategic goals and objectives. Auditors can also help ensure that crisis plans are tested, approved, and exercised in a timely manner. The more they are involved, the greater the value they can deliver.
Risks are evolving so quickly that lengthy audits with rigid, pre-defined plans are no longer sustainable. Instead, internal auditors must be able to swiftly pivot and respond to new risks, be it health and safety, data privacy, or third-party risks. That’s where agile auditing can help.
Agile focuses on faster audit cycles, quicker reporting, fewer documentation requirements, and less waste. It pushes auditors and stakeholders to determine upfront the value that needs to be delivered through a particular audit project. It also helps prioritize audits based on their importance and urgency—which is critical in today’s fast-evolving environment.
Here are five best practices to enable more agility in internal auditing:
RPA can save significant auditing time and resources by minimizing the need for human intervention—especially in tasks such as data aggregation, continuous control monitoring, and real-time identification of financial fraud. RPA also enables auditors to increase coverage by moving from simple statistical sampling to full population testing. With that, they can dig deeper into data, proactively identify hidden issues, and ensure that no risks are overlooked.
Meanwhile, advanced analytics can shed light on new risk patterns, anomalies, internal control gaps, or opportunities. They help internal auditors improve the scope and quality of their work, while also delivering better insights to stakeholders.
That said, the use of data analytics often requires sufficient funding, high quality data, and auditors with certain skill sets. But these challenges aren’t insurmountable. Now is the time for internal audit teams to pave the way for a successful analytics program that can help them deliver better assurance to the business.
For more insights, take a look at our eBook on “Strengthening Internal Audit’s Strategic Advisory Role to Accelerate Business Performance.”
As you step into 2021, MetricStream Internal Audit Management can help you enhance audit agility and efficiency, while also improving visibility into risks. Find out more.