Blogs
Transforming Policy and Document Management with Generative AI
- Audit Management
- 15 January 25
5 min read
Oerview
Artificial Intelligence (AI) technologies are rapidly transforming the landscape for risk and compliance professionals worldwide. According to a recent survey conducted by Moody’s, involving 550 global risk and compliance experts, 70% of respondents anticipate that AI will have a significant impact on the field within the next three years. Moreover, nearly 90% expressed a strong interest in integrating AI tools into risk and compliance solutions. Among the key applications, Generative AI (Gen AI) stands out as a transformative force in the field of Governance Risk and Compliance (GRC), particularly in policy and document management, offering the potential to streamline processes and enhance efficiency.
Policy creation in GRC is crucial for ensuring compliance with regulatory requirements and mitigating risks. It establishes a structured framework for governance, aligning organizational processes with industry standards while fostering accountability and transparency. Clear policies define roles, responsibilities, and acceptable practices, helping organizations address vulnerabilities and safeguard against legal, financial, and reputational risks. Additionally, well-crafted policies enhance audit readiness, support continuous improvement, and strengthen overall organizational resilience. AI can further enhance the role of policy management across the organization.
By infusing AI in policy management such as content drafting, grammar optimization, smart policy searches and predictive text suggestions, Gen AI streamlines these tasks by analyzing regulations, generating standardized templates, harmonizing stakeholder inputs, ensuring precise language, and tailoring policies to industry and regional needs. It also assists with cross-referencing existing policies, tracking changes, and enhancing audit readiness, saving time while boosting accuracy and scalability in policy creation. Let’s delve into how Gen AI is shaping the future of Policy and Document Management.
Document Drafting: Simplifying the Writing Process
The initial stages of document creation often pose the biggest challenges. Starting from scratch requires significant time, effort, and expertise. Gen AI’s “Help me write” feature is designed to overcome this hurdle by assisting users in generating content quickly and efficiently.
Here’s how it works:
- Content Generation: Based on the input or prompts provided, Gen AI can draft sections or even complete documents, saving valuable time and reducing cognitive load.
- Contextual Suggestions: Whether writing corporate policies or internal guidelines, the AI adapts its suggestions to match the document’s tone and purpose.
- Efficiency Boost: By eliminating the need for manual sentence construction, writers can focus on fine-tuning the content instead of creating it from scratch.
Grammar and Smart Compose: Accelerating Content Creation
- Error Elimination: AI-driven tools identify and correct grammatical mistakes, typos, and punctuation errors, ensuring an error-free document.
- Enhanced Readability: By offering suggestions for sentence restructuring and vocabulary improvement, the tool ensures that the content is clear and concise.
- Consistency in Tone: Whether drafting a legal agreement or a casual memo, the AI ensures that the tone remains consistent throughout the document.
- Time Efficiency: Real-time feedback reduces the need for multiple manual reviews, accelerating the editing process.
- Speed: Users can complete repetitive sections of documents, such as disclaimers, standard clauses, or policy templates, in a fraction of the time.
- Customization: Over time, the AI learns user preferences, offering tailored suggestions that align with previous writing styles.
- Flow Maintenance: By providing a seamless writing experience, Smart Compose helps users overcome writer’s block and maintain momentum.
Gen AI in Policy Updates
- Regulatory Analysis and Summarization: Gen AI quickly analyzes updated regulations, providing concise summaries and highlighting key changes relevant to the organization which can be incorporated into Policies.
- Policy Integration: Detected changes can be mapped directly to relevant sections of internal policies, highlighting areas that need revision.
- Non-Compliance Alerts: The system can flag non-compliant sections in existing documents, providing actionable insights for remediation.
- Version Control: Automated updates ensure that the latest policy versions are readily accessible, reducing confusion and enhancing accountability.
- Streamlined Stakeholder Collaboration: By combining inputs and creating draft updates, Gen AI speeds up the review process and helps get approvals faster.
AI-Driven Policy Summarization
When multiple users contribute to a policy, generative AI can automatically summarize the content, ensuring clarity and coherence. It identifies key points, eliminates redundancies, and highlights critical changes, creating a concise overview of the policy. This helps streamline collaboration, improve version control, and provide a unified understanding of the policy's current state for all stakeholders.
Conclusion
Generative AI is revolutionizing policy and document management by making it more efficient, accurate, and adaptable. From simplifying the drafting process to ensuring compliance with evolving regulations, these tools are invaluable for organizations aiming to maintain high standards and productivity. By leveraging AI-driven solutions, companies can not only enhance the quality of their documentation but also foster a culture of innovation and agility. As this technology evolves, its potential to transform workflows and empower users will continue to grow, making it an indispensable part of modern document management strategies
Simplify Policy and Document Management with MetricStream
MetricStream offers a robust policy and document management solution that integrates cutting-edge AI capabilities to enhance efficiency, compliance, and collaboration for effective policy management. Transform your approach to policy and document management with:
- Centralized Repository: Securely store and access all policies and documents in a centralized location, ensuring version control and reducing the risk of outdated information.
- Seamless Policy Mapping: Map policies to regulations, risks, controls, requirements, and processes, linking specific sections to applicable compliance mandates while triggering automated email notifications and alerts to keep stakeholders informed of policy changes in real-time.
- Smart Policy Discovery and Search: Effortlessly find policies relevant to you anytime, anywhere, using NLP-powered smart search widgets integrated into your intranet, chatbot, or workplace tools, providing quick access to policy details, related risks, and compliance insights.
- Collaboration Tools: Simplify stakeholder collaboration with integrated workflows that streamline review, feedback, and approval processes.
- Audit Readiness: Ensure policies are audit-ready with built-in tracking, automated logs, and compliance reports.
- Customizable Templates: Use pre-built templates tailored to your industry or organization’s specific needs, saving time and enhancing accuracy.
Request a demo now and find out how MetricStream’s Policy and Document Management solution, can transform your approach to GRC, ensuring resilience and agility in today’s complex regulatory landscape.
Jump to Topic
Related Resources
Blogs
GRC Success Story: How dnata Integrated Firm-Wide GRC Processes with MetricStream
- Audit Management
- 16 July 24
4 min read
Introduction
At the recently held GRC Summit 2024 in Baltimore, David Story, Vice President Health, Safety, & Environment, dnata, provided the audience with a detailed overview of their GRC journey experience with MetricStream.
Dubai National Air Travel Agency (or dnata) was established in 1959 through a government decree. It set up its first international business in 1993. Gradually, over the years, it has seen significant growth across all its business units.
Here are the excerpts from David’s session on “dnata’s Integrated GRC Transformation”.
GRC Program Objective
David: Our foremost priority is safety and security. Through a series of SMART objectives, we're building a best-in-class, health, safety, and environmental system, or HSE ecosystem, as we call it. Over the next few years, up to 2027 and beyond, through our medium-term plan, we are striving for a best-in-class or world-class status, and central to delivering on that goal is the effective use of our GRC platform.
Within dnata, MetricStream is the product that we use, and we have done a number of modifications and upgrades through MetricStream over the years. We refer to it within the company as “dnatahub”, which is everything we do from a GRC perspective.
So, in terms of why GRC is so important to us -- central to that is our safety management system, or SMS. SMS is essentially the bedrock of everything that we do across four key pillars -- safety policy, risk management, assurance, and promotion. To be able to deliver on the requirements of our SMS, our dnatahub platform is absolutely central to achieving those goals.
GRC Journey with MetricStream
David: So, how has the dnatahub platform evolved over the last few years?
We're now into the 9th year of our partnership with MetricStream, beginning back in 2015 along with our “Global One Safety” initiative. The first pillar in that strategy was rolling out Incident Management, which allowed us to have one platform for reporting safety occurrences across local businesses.
In 2018, there was global expansion – we introduced new applications within dnata in addition to incident management and reporting.
In 2020, we started moving into the continuous monitoring phase, which saw the likes of our Documentation Management System (DMS). We also introduced surveys and inspection through the auditors. We would go out there and report safety hazards and threats to our organization. This was across all three of our operational divisions.
The beauty of DMS is that it can be accessed by any of our team in the world who got access to Office 365 accounts. Examples of a DMS document could be a global safety alert, a new manual, a guideline document, or a new operational standard. All of those are published through DMS and are automatically and electronically tested within the system as well. So, for auditing purposes, it's very, very efficient.
We also launched Observation Management as well. And, through Issue and Action Management we can assign tasks and actions to our businesses around the world.
We're now moving into Phase IV, as we call it, looking at how we scale up as we continue to build our business. We are currently two weeks away from the launch of the Euphrates upgrade as well.
We've built a very strong partnership with MetricStream, and we've now established a very strong governance model as well in terms of performance monitoring.
Business Value Realized
David: What's been key to success is keeping things simple. One of the worst things you can do in my role as a safety professional is over-complicate how you manage safety within your business.
In terms of just some numbers, we have got:
- 20,000+ documents hosted within the DMS platform
- 10,000+ mobile users (around 14,000 to 15,000 currently)
- 40,000+ audit and survey documents accessible within the platform
What gives me great confidence is 400,000+ observations. We actively encourage -- from our leadership level all the way down to the front line -- to report any unsafe behaviors and actions within our business. What we've seen over the last 2-3 years is a considerable increase in the number of safety reports within the business. So that leads to a much more positive and safety-aware culture.
Looking Ahead
Over the next few years, we've got some really interesting challenges coming our way. You would have seen the announcement about the new airport project in Dubai. The target is 2033 for the opening of the new terminal with a capacity of 250 million passengers a year. We already have that airport as we have for the last 10 years, and this will be a significant upgrade to be the world's largest international gateway.
We have two to three new businesses that are going to be coming online towards the end of this year, including a particularly large business in Italy. And it's essential that we look at how we scale up to meet that demand, because we could have potentially 3,000 to 4,000 users within dnata by the end of this year.
Also Read:
Jump to Topic
Related Resources
Blogs
Our European GRC Summit Roadshows and the Instagram of Risk
- Artificial Intelligence
- 02 November 21
4 min read
Introduction
Talk about roundtrips…. In-the same week of a very successful 2021 GRC virtual summit on the 19 and 20 of October, where MetricStream had over 2500 customers, prospects, and partners registered to learn, participate, and share their experiences around GRC, IRM, and everything in-between, we decided to host three physical summits based in London, Copenhagen, and Zurich to continue the conversations with our community.
All three locations had a boardroom style setting dedicated to a round table discussion. The aim was simple, we would listen to what our community had on their mind. It was an opportunity to find common synergies, lead round table discussions, and network with senior risk professionals that are paving the way in this industry.
With representation from risk, compliance, audit and IT Cyber, the discussions were captivating, and the commentary was electric.
London Calling
The first of the events started off in London, and we had a great mix of customers, partners, and prospects around the table.
Our CEO, Bruce Dahlgren introduced the session, and it was an engaging group that shared their thoughts and concerns around the current themes and trends.
Alongside the presentations, our partners gave a short speech on the success of collaborating with MetricStream to provide business benefits for our risk community. What followed was an insightful roundtable discussion that covered risk quantification, cyber security, and the need for organizations to lead with purpose.
It did not take long for ESG to make an appearance and quite rightly so, with COP26 on the agenda and the link to compliance, organizations that have a purpose and are aligning to social governance, diversity, and climate change are setting a precedent. MetricStream recently launched the ESGRC product, which enables organizations to define and manage ESG standards, frameworks, and disclosure requirements. There was a lot of excitement on this in the room.
Emerging risks and third-party risks were explored in detail. With recent supply chain disruptions, it became even more apparent how peripheral risks had to be managed.
Dinner followed, and the conversations (like the wine) continued flowing. It was delightful to see customers connecting with customers. It was evident that they all thrive in this environment and that it was clearly something they had sorely missed over the last 20 months.
Cycling through Denmark
We settled in for another topical roundtable discussion, where the thoughts and real-life examples of how technology is an enabler in the GRC space were deliberated. In some instances, the dialogue went back and forth. One example of this was that the concern organizations face with risk was not always a technology one, but more of a transformational project that the organization needed to resolve. Accompanying this, was the remark that there are inconsistencies in risk terminologies across the industries, which fuels part of the problem. It was also surprising (to me) to learn that there were still so many organizations using spreadsheets to manage their risk. This was their default way to identify, monitor, and track risks, even though they knew it was not sustainable, efficient, or scalable.
The need for AI and ML to automate risk attributes was the next topical point. The comment was made that AI techniques recognize pattens and trends to help alleviate the pain, time, and missing information that humans cannot always detect, but how do you know that AI is doing the right thing. This conversation continued into the evening, accompanied by food and drinks.
High-End Shopping in Zurich
And finally, concluding the week in Zurich, we had another full house with an engaging group that deliberated on how they can start a community of risk or as was suggested, the “Instagram of risk”. There were discussions around risk culture, accountability, accurate data, and mindset. Some customers admitted that it was quite possible to get lost in the data and what they require is speed, agility, and most of all simplicity. A comment was made that you could spend all your time managing documents and not the risk. Another referenced that as change management sits in all departments including HR and legal it can be a challenge to bring it all together for larger organizations. Crypto also made it in the discussion, with a notable mention that new risks have no historical data to base it on.
Visibility and accountability were front of mind in the discussions, and a common theme that was mentioned was on reporting risks up to the board of directors and the role of the board in risk governance.
MetricStream presented 5 current trends that we are observing in the industry and 5 innovation themes that we are leading the way with (API, AI, Adoption, Agility & Analytics).
By bridging the gap and driving value for the community, MetricStream has a purpose to continue to add value and innovate alongside our community. We want the community to thrive on risk and reap the rewards of being on a GRC journey that like a good bottle of wine gets better with age.
Until the next summit.
Jump to Topic
Related Resources
Blogs
Staying Remote, Yet Relevant: Essentials of a Value-Based Audit During Pandemic
- Audit Management
- 13 July 21
4 min read
Introduction
The COVID-19 pandemic is a major crisis affecting every organization across every sector. To adapt to the new operational environment brought about by the outbreak, organizations worldwide increasingly switched to a digital-first business model and adjusted their business functions, including internal audit, to remote setup in 2020. With various pockets around the world still in the clutches of the coronavirus and its deadlier variants, remote auditing seems to be the norm this year as well for a number of organizations.
Remote auditing is not new—organizations, particularly those with global operations, have been using this audit method for years now. However, the pandemic has made the pivot towards remote auditing an absolute necessity for almost all organizations, regardless of their size and global footprint.
According to the International Organization for Standardization (ISO), the value of remote auditing “resides in its potential to provide flexibility to achieving the audit objectives. In order to realize the benefits of this audit method, all interested parties should be aware of their role in the process, inputs, expected outputs, and risks and opportunities that will provide the basis to achieve the audit and audit program objectives.”
How to Scope a Value-Driven Remote Audit
Broadly speaking, the audit lifecycle remains the same whether conducted on-premises or remotely. And, organizations have to ensure that their IA function is agile, relevant, and effective. MetricStream’s State of Internal Audit Survey Report 2021 highlighted the dire need to revamp the IA function at most organizations – 60% of the respondents said that their organization doesn’t yet follow an agile approach to internal auditing, while 80% of auditors still use office productivity software or point solutions despite the limitations of these tools.
That said, there are certain key considerations to ensure the effectiveness of the remote auditing approach in today’s digitized and fast-paced world:
- Devising a Comprehensive Remote Audit Plan
A well-planned strategy is the first step in developing a successful remote auditing program. It is important that the plan is aligned with the strategic goals and the current business environment and circumstances. In this post-COVID era, for instance, remote working, macroeconomic shifts, and structural changes have heightened existing risks and created new ones in areas such as supply chain, remote supervision and training, cybersecurity, and many more. Internal auditors, therefore, must refocus on areas they may not have considered as high risk before or risks they may not have considered at all.
In addition, implementing a rapid assurance model should be included in the plan. By breaking down the audit cycle into shorter segments or cycles with compressed timelines for reviews, insights, and action, this approach can help provide real-time assurance and instill more agility into an organizations’ working models. This will also help facilitate a more risk-based approach to auditing.
- Communicating the Plan
Effective communication is critical for ensuring that the remote auditing approach yields the desired results. The best practice is to organize a kick-off meeting with all relevant stakeholders to explain the scope and the strategy – the timelines of the process, how the information will be collected, tools used, etc. This is critical to ensure that the auditees are aligned with the overall plan.
In addition to the kick-off meeting, remote auditors must also schedule additional engagements for discussing issues and status updates, reviewing the audit report, etc. For remote interviews, the meetings must be scheduled well in advance to ensure the availability of the auditees.
- Leveraging Advanced Tools and Analytics
For conducting the audit process remotely, the reliance on video conferencing tools and document sharing platforms increases manifold. Remote auditors today can also leverage advanced technologies, such as cloud computing, artificial intelligence, machine learning, etc., and data analytics, which facilitate digitized risk assessments, provide real-time access to audit data, dashboard, and reports, enable real-time reporting, and more.
By automating various processes, these tools enable a systematic, workflow-driven, risk-based audit process, thereby reducing the burden on the IA team. Technology, in fact, is a key element for effectively driving remote auditing and enhancing the efficiency of the process. Implementing the right audit management tool or software can help streamline and standardize audit processes and better equip the executive management to make timely, data-driven business decisions.
MetricStream Internal Audit Management enables organizations to infuse more agility into their internal audit program and ensure that it is aligned with business goals and prepared for multi-dimensional risks. It also strengthens collaboration across the three lines, optimizes productivity, and boosts the board’s confidence with improved visibility into risks and potential opportunities. In addition, with the latest Arno release, MetricStream has delivered some exciting new features to the product in order to ease the pressure on Internal Auditors and complement their skills and knowledge.
To request a demo, click here.
Also Read:
1. Navigating New Terrain: Internal Auditing in a Covid-19 Era (To download the eBook, click here)
2. Importance of Robotic Process Automation (RPA) and Data Analytics (DA) in Internal Audit (To download the eBook, click here)
3. Can Artificial Intelligence Help Internal Audit Step Up Its Game? (To download the insight, click here)
Jump to Topic
Related Resources
Blogs
Reinventing Internal Audit to Ensure Agility, Relevance, and Effectiveness
- Audit Management
- 09 June 21
4 min read
Introduction
It has become too trite to say that the COVID-19 pandemic has upended organizations around the globe. The impact, in fact, is of unimaginable magnitude—affecting business units, functions, and the very core of any organization, its employees. In these turbulent times, internal auditors have a pivotal role to play in providing trusted risk perspectives and guiding their organizations to higher ground.
To gain deeper insights into their evolving role in the new normal, we surveyed internal auditors from across industries and countries. The objective was to understand how prepared internal auditors are to help their organizations recover from the ongoing crisis and model a holistic audit program that drives insight and action.
Here are the key takeaways from the survey:
- A majority (67%) of internal auditors have had to change their plans, and reprioritize audit activities during the pandemic
- 39% of the respondents said that they are in the process of implementing, or have already implemented continuous monitoring and continuous auditing and are actively using them
- 60% of internal auditors don’t yet follow an agile approach to internal auditing
- 80% of organizations still use office productivity software or point solutions while only 10% of respondents said they use one integrated solution for policy, audit, risk, and compliance management
- Although changing business priorities, risk and compliance landscape, and lack of right tools and technologies were cited as the top challenges faced by internal auditors, only 27% of those surveyed said that they will dedicate future investments towards adopting an integrated solution for policy, audit, risk, and compliance
“The future may look uncertain right now, but internal audit’s unique knowledge and perspectives can be invaluable in guiding organizations through the new normal. By embracing change, and thinking ahead, auditors can help their organizations emerge from the crisis stronger than ever,” an excerpt from the report reads.
Internal Audit: Key Considerations
The survey highlighted that the current approach to IA by most organizations largely lacks key attributes such as agility, continuous monitoring and auditing, and others. These features are crucial for organizations to move at the speed of risk and make well-informed business decisions.
Ensuring Risk-Based Approach to Auditing:
Embedding a common definition and language of risks and controls are prerequisites of an effective audit plan. Particularly in today’s volatile and uncertain business and risk landscape, the focus has shifted from mitigation to pre-empting risks. Risk-based internal auditing is important to enhance an organization’s risk appetite and ensuring that the executive management and board have access to actionable risk insights for making better-informed business and investment decisions.
Aligning with Business Objectives and ERM Framework:
Business risks, priorities, and strategies evolve over time due to ever-changing internal and external factors. Regularly updating audit plans to ensure alignment with overall strategic objectives and the overarching enterprise risk management (ERM) framework will enable the internal audit team to be aware of the high-risk areas and facilitate the optimum utilization of time and resources towards more pressing issues.
Implementing Rapid Assurance Model:
This has become imperative particularly in the post-pandemic era. The model calls for a novel and pragmatic approach to assurance—breaking down the audit cycle into shorter segments or cycles with compressed timelines for reviews, insights, and action. This approach will enable providing real-time assurance and help organizations instill more agility into their working models.
Adopting Quantitative Approach:
Adopting a quantitative approach to risk assessments—calculating risk scores and translating risks into monetary value—is critical for determining the probability and impact of every identified risk. This approach will help organizations prioritize risks and realign audit plans and business strategies in an agile manner.
Testing Internal Controls:
Conducting audit tests of internal controls is important to determine their efficacy and effectiveness. If a control fails the test, it means that it is ineffective in detecting and thwarting risks, making the organization more vulnerable. The onus then falls on internal auditors to promptly inform the senior management to investigate and remediate.
Leveraging Smart Tools and Technologies:
Intelligent tools and technologies, such as Robotic Process Automation (RPA) and artificial intelligence (AI), are the key ingredients for ensuring agility, relevancy, and effectiveness of audit plans. Implementing the right audit management tool or software could be a game-changer. It can not only streamline, standardize, and automate internal audit activities but also equip the executive management to make timely, data-driven business decisions.
MetricStream Internal Audit Management can help internal auditors overcome their challenges and streamline various processes. The solution helps drive an agile IA program that is aligned with organizational goals and prepared for multi-dimensional risks, while preserving the trust of every stakeholder. In addition, the latest Arno release brings some exciting new features to the solution including, collaborative authoring of audit test samples and enhanced cross-functional collaboration across teams.
To request a demo, click here. To download the full survey report, click here.
Jump to Topic
Related Resources
Blogs
Reduce Errors, Expedite Audit Control Testing, and Enable Collaboration with MetricStream Technology
- Audit Management
- 19 May 21
2 min read
Introduction
Completing an audit on time is one of the major challenges faced by audit teams. It is compounded for complex audits involving several layers of entities and processes and related internal controls. For an internal auditor, a significant part of their role is providing assurance to management and the audit committee over internal control effectiveness. Selecting a prudent sample size for testing these internal controls becomes even more important in such cases. According to the Institute of Internal Auditors (IIA) – effective audit sampling procedures will increase the coverage, focus, and efficiency of audits and will allow the auditor to provide assurance on business processes that impact the organization’s achievement of its goals and objectives.
Technology – how it helps
Audit teams are seen making the gradual shift towards adopting technology to facilitate their work. And technology can enable collaboration. Time-consuming activities in the audit execution process, involving multiple user interactions, have been made simpler with the use of Microsoft Office tools. By leveraging the core capabilities of these tools, it is possible to improve the efficiency of audit testing by allowing auditors to collaborate and work on the tests intuitively. What was once seen as a long winding process of collating all the samples and then sending them for review or approval is now made simpler with the use of server-side editing of these test samples. A core excel file containing the list of all the test data can now be uploaded to the server and can be accessed by other members of the team. This not only removes the aspect of uploading multiple versions of the document, thereby reducing the error rate, but also improves the time taken to review the data and expedite the audit execution lifecycle.
In the post-pandemic world, it has become more pertinent for auditors located remotely to bridge the distance using collaborative tools to execute their tasks. An auditor spends most of his/her auditing time scanning through different documents assessing the various controls and risks involved in the different processes of an organization. It becomes very important that auditors maintain consistency and accuracy in documenting the assessment information at the same time ensuring adherence to timelines. Having tools that enable and support auditors in this endeavor would go a great way in executing an effective audit. As part of research conducted by PwC, it was found that Internal audit functions that are more advanced in their use of collaboration tools stand out from their peers in managing stakeholder relationships and cost efficiencies.
MetricStream’s server-side editing solution addresses this need by supporting collaborative authoring of audit test samples in control test workpapers. Audit teams can now upload a single version of collated test sample excel sheet and collaborate internally to review and make changes without downloading a copy. This feature rules out the upload of erroneous versions of the sample document at the same time ensuring audit team members are on the same page while reviewing the sample data. Such a capability, enabling collaboration among all stakeholders, not only brings in more agility to the audit execution process but also expedites the overall assessment lifecycle.
The adoption of collaboration tools combined with other disruptive technologies will greatly facilitate the audit process. Embracing change along with evolving market dynamics is the way forward for internal audit teams to differentiate themselves, create value, and elevate the function in the organization.
Click here to learn more.
Jump to Topic
Related Resources
Blogs
Internal Auditors Tap Industry 4.0 Technologies to Move from Traditional to Agile
- Audit Management
- 26 March 21
4 min read
Introduction
The sudden onset of the pandemic and the subsequent lockdowns and travel restrictions have upended business around the globe. To navigate the resulting complex and dynamic risk landscape, organizations have no option but to go digital. For the internal audit function too, it has become imperative that it reinvents itself with innovative tools and technologies to stay relevant and meet today’s business challenges.
In Deloitte’s 2020 survey of audit committee chairs and members, 92% of respondents said that IA should provide insights on and help prepare for emerging risks, while 63% said IA should be faster reporting results of their work. The current volatile business environment warrants an agile, flexible, and future-ready internal audit function that can add value to an organization.
Internal Audit: The Digital Transformation Journey
The internal audit function provides valuable insights into the effectiveness of an organization’s risk management, governance, and internal control processes. Before considering what Industry 4.0 technologies to adopt to modernize IA, it is important to have a comprehensive view on the level of maturity of this function, the maturity of the technology being considered, and the associated risks.
- Internal Audit Maturity Level
Identifying the current level of maturity of IA marks the first step of the digital transformation journey. Depending on the level of automation and structure, the Institute of Internal Auditors (IIA) has identified five levels of maturity of the IA function:
- Initial: Scattered policies and processes, high reliance on manual systems and spreadsheet, no data validation, ad hoc audit activities
- Repeatable: Better policies and processes but may not be documented, low reliance on data and information generated from systems, reporting processes are defined but may not be documented
- Defined: Defined and documented policies and processes, greater reliance on information generated from systems, effective use of reporting templates
- Managed: Policies and processes are communicated to personnel, high data integrity, reliable automated reports, continuous monitoring of key data, highly effective reporting, quality and timeliness metrics defined and monitored
- Optimized: Continuous monitoring and updating policies and processes for necessary changes and emerging leading practices, extensive use of data mining and analytics, highly effective reporting, robust succession planning in place
Assessing the level of maturity of internal audit is important as it will help an organization recognize the shortcomings of its existing approach, determine the desired future state, and the technologies that must be adopted towards achieving this goal.
- Bringing Industry 4.0 Technologies to IA
To wade through the pandemic-driven new normal and successfully manage the resulting distributed workforce, internal auditors need to embrace advanced transformational technologies to provide valuable insights and rapid assurance. When talking about Industry 4.0 technologies, the key technologies that have gained considerable traction in the past couple of years include cloud computing, robotic process automation (RPA), AI/ML (analytics), and blockchain, among others.
Implementing these technologies will empower IA teams to continuously monitor and quickly detect risks even in the remote setup, collaborate seamlessly across the three lines, automate the aggregation of risk data, be cognizant of emerging risks, and more. These capabilities, in turn, will help make the IA function more agile and future-ready.
That said, organizations should decide on the technology to be adopted and its level of maturity depending on the business needs and goals. They must determine if the application is relevant to the nature of their business or if they are implementing it just out of the fear of missing out. Ultimately, the primary reason to embark on the digital transformation journey of IA is to add value to top management’s view of business risk and facilitate effective decision making.
- Associated Risks with Technology
When considering implementing Industry 4.0 technologies, it becomes critical for organizations to assess where these technologies are going to create risk and where the risk is going to fall. KPMG has defined four dimensions of risks when it comes to IA:
- Recurring: This is the dominant risk that should be considered on a recurring basis.
- Exceptional: This includes risks that don’t have previous audit history within the organization. IA should aim to provide initial assurance to the key stakeholders as to how these risks are addressed.
- Emerging: Most of the new and emerging technologies fall under this risk. This includes risks and opportunities that may not have clear attention of the organization but may soon become material risks.
- Established: These are the risks that are clearly considered to be the key to the organization and should dominate the IA plan and assurance agenda.
In addition to keeping abreast of the latest technologies and developments, IA practitioners must focus on understanding the impact of digitalization on business and audit processes, and identify, assess and mitigate the associated risks such as cyber risk, third-party risk, and others.
Organizations can simplify the digital transformation of their IA by leveraging MetricStream Internal Audit Management. The product enables companies to drive an agile internal audit program that is not only aligned with organizational goals but also allows to factor in new risks that arise with shifting priorities. In addition, automated processes, real-time reporting, and access to audit data, and analytical tools help auditors to accelerate internal auditing and optimize resource allocation and enable senior management to make faster and well-informed business decisions.
Jump to Topic
Related Resources
Blogs
4 Top Priorities for Internal Audit in 2021
- Audit Management
- 08 February 21
4 min read
Introduction
Over the years, internal auditing has continued to pivot and evolve in response to changing stakeholder needs. From certifying the reliability of financial statements, to advising on a broad range of business risks, regulatory changes, culture, and cybersecurity, internal auditors have adapted time and again to meet business expectations in a dynamic world.
Then came the COVID-19 crisis which forced internal auditors to once again shift gears, and find new ways of helping their organizations contain and respond to the crisis. Now, with the start of a new year and the roll-out of vaccines, the end of the pandemic looks to be in sight. As organizations prepare for a post-COVID-19 world, how can internal auditors continue to deliver value?
Our latest eBook provides some insights as it explores ways in which internal auditors can strengthen their strategic advisory role to accelerate business performance. Based on these insights, here are four priorities that are likely to be top of mind for internal auditors in 2021.
1. Enhance the business impact of internal auditing
Businesses are grappling with digital disruptions, cost pressures, compliance burdens, and more. In the face of these challenges, internal auditors must move beyond their traditional role as corporate policemen, and become the valued strategic advisors that the business needs. Boards and executive teams are relying on auditors not just to identify weaknesses in control environments, but to provide insights on how the business can improve its efficiency and operating effectiveness.
Traditional audit responsibilities such as risk detection and fraud identification are now table stakes in the line of duty. More important questions are being asked about business resilience, climate change, supply chain disruption, data privacy in a remote work environment, and digital transformation risks. Within these conversations, internal auditors have the opportunity to deliver real business impact. The work they do can help organizations shape better risk and compliance programs, while also bolstering their readiness for future challenges.
So, how can internal auditors rise to the occasion and deliver what their businesses need? Here are four key steps:
2. Strengthen organizational preparedness for future crises
The COVID-19 pandemic may have been unprecedented, but it’s unlikely to be the last major crisis. And if there’s anything that organizations have learned, it’s that they need be more resilient and better prepared. Internal auditors will play a key role in this effort, helping businesses anticipate the severity of a potential crisis, and build agility.
The role of internal audit doesn’t necessarily have to begin only after the other lines of defense have completed their observations, defined key risks, and implemented controls. Instead, auditors can be involved in the entire spectrum of activities since they have a unique, birds-eye view of the business. It is this that makes their contribution during a crisis, crucial.
Internal auditors carry the ability to dive into the business, check for silos or gaps, and ensure that crisis management plans are aligned to risks, communication strategies, and most importantly, strategic goals and objectives. Auditors can also help ensure that crisis plans are tested, approved, and exercised in a timely manner. The more they are involved, the greater the value they can deliver.
3. Build agility in audit
Risks are evolving so quickly that lengthy audits with rigid, pre-defined plans are no longer sustainable. Instead, internal auditors must be able to swiftly pivot and respond to new risks, be it health and safety, data privacy, or third-party risks. That’s where agile auditing can help.
Agile focuses on faster audit cycles, quicker reporting, fewer documentation requirements, and less waste. It pushes auditors and stakeholders to determine upfront the value that needs to be delivered through a particular audit project. It also helps prioritize audits based on their importance and urgency—which is critical in today’s fast-evolving environment.
Here are five best practices to enable more agility in internal auditing:
4. Expand the use of robotic process automation (RPA) and data analytics
RPA can save significant auditing time and resources by minimizing the need for human intervention—especially in tasks such as data aggregation, continuous control monitoring, and real-time identification of financial fraud. RPA also enables auditors to increase coverage by moving from simple statistical sampling to full population testing. With that, they can dig deeper into data, proactively identify hidden issues, and ensure that no risks are overlooked.
Meanwhile, advanced analytics can shed light on new risk patterns, anomalies, internal control gaps, or opportunities. They help internal auditors improve the scope and quality of their work, while also delivering better insights to stakeholders.
That said, the use of data analytics often requires sufficient funding, high quality data, and auditors with certain skill sets. But these challenges aren’t insurmountable. Now is the time for internal audit teams to pave the way for a successful analytics program that can help them deliver better assurance to the business.
For more insights, take a look at our eBook on “Strengthening Internal Audit’s Strategic Advisory Role to Accelerate Business Performance.”
As you step into 2021, MetricStream Internal Audit Management can help you enhance audit agility and efficiency, while also improving visibility into risks. Find out more.
Jump to Topic
