The FINANCIAL -- Innovation is key to improving the impact and influence of the Internal Audit function according to Deloitte Global’s new Chief Audit Executive (CAE) report, “The innovation imperative.”
The new report represents feedback from more than 1,100 Internal Audit leaders across 40 countries and a wide range of industries and points to insights and ideas that Internal Audit functions can consider to help meet their organizations’ needs, now and in the future.
“In today’s climate of constant disruption, many businesses are employing new business models and new technologies, and partnering with third-parties in new ways,” says Terry Hatherell, Deloitte Global Internal Audit leader. “As organizations seek to harness risk for value creation, the Internal Audit function must go beyond delivering traditional compliance and focus on far more innovative approaches to providing assurance, delivering advisory services, and anticipating risks.”
This will require innovation. When asked what they believe will be the key innovative developments impacting Internal Audit over the coming three to five years, respondents indicated that data analytics (22 percent), Robotic Process Automation (RPA)/cognitive technologies (15 percent), predictive analytics (14 percent), risk anticipation (13 percent) and adopting Agile Internal Audit (8 percent) will transform the Internal Audit function.
“These findings reinforce that Internal Audit groups are aware of the need for Internal Audit to innovate, and many have begun along that journey – now it’s a question of expanding their understanding of the tools and methods available to facilitate it,” says Neil White, Deloitte Global Internal Audit Analytics leader. “Embracing innovation will be critical for Internal Audit to secure the impact and influence it needs within an organization.”
The report highlights a notable connection between investment in innovation and Internal Audit’s impact and influence within an organization. Internal Audit functions with strong impact and influence have improved to 40 percent, up from 28 percent in the 2016 survey findings. But that still leaves 60 percent of responding CAEs who believe their functions lack strong impact and influence. In general, the results of this survey indicate that groups who have adopted innovative approaches and methods tend to have greater impact and influence than those that have not. For example, among CAEs who believe they and their functions have high impact and influence, 71 percent plan to increase their investment in innovation.
It’s important to keep in mind that innovation goes beyond adopting technology—it can also include taking new approaches to enhance not only the value the function delivers to the broader organization, but the ways in which they present that value to management, the audit committee, and other stakeholders. As Internal Audit groups consider how to deliver value to their evolving organizations, CAEs see the function’s leading strategic priorities as implementing Internal Audit analytics, strengthening talent pipelines, enhancing partnerships with the business, and enhancing quality. Many are also considering adopting an Agile Internal Audit approach and utilizing cognitive technologies and RPA to enhance the value they deliver to their organizations.
“Yet, Internal Audit groups need to proactively address certain issues if they are to deliver on these strategic priorities. For example, more than one-third of surveyed CAEs cite missing skills and talent as a key challenge—but nearly one in four still do not use alternative resourcing models to access those specialist skills. And analytics talent, in particular, is in short supply,” continued White. “According to our survey, 56 percent of Internal Audit groups still use analytics at basic levels. There is great opportunity to leverage advanced analytics to free up resources to partner with the business, enhance quality and efficiency, and to deliver automated assurance and risk anticipation.”
Additional report highlights from survey respondents:
Resourcing models are evolving—but must evolve faster: Alternative resourcing models may not only fill talent and skill gaps, but also effect knowledge transfer in areas where in-house expertise may be lacking. However, nearly one in four Internal Audit groups employ no alternative resourcing model, and guest auditor and rotation programs in particular see relatively low usage.
Internal Audit’s role in organizational culture is underestimated: Breakdowns in organizational culture, as reflected in conduct that fosters risk events, have become all too common. This is an area where Internal Audit could be playing a key role, yet less than 30 percent of Internal Auditors surveyed have evaluated their organization’s culture in the past three years.
Cyber risk assessments can enhance impact and influence: As cyber risks continue to proliferate, Internal Audit has an opportunity to provide real value by assisting the organization to understand and mitigate those risks—but about half of Internal Audit groups are not currently conducting cyber risk assessments. Expanding their coverage of cyber risks—a high-profile issue for senior executives and boards—can greatly enhance the function’s impact and influence.
RPA is making inroads: The most innovative Internal Audit groups are applying RPA to the many repetitive tasks that internal auditors perform. The two percent of groups that have adopted RPA are on the leading edge of Internal Audit innovation. Another 21 percent are considering or researching use of RPA in Internal Audit.
Agile practices are gaining momentum: Adapting Agile Internal Audit can enhance Internal Audit flexibility, responsiveness, resource allocation, speed, value delivered, and stakeholder relationships. For those reasons, 55 percent of Internal Audit groups are either using Agile Internal Audit or are considering doing so. This is impressive for a relatively new approach to internal auditing.
Reporting is poised to become more agile and dynamic: Only eight percent of Internal Audit groups surveyed note that the form of their reporting depends on the audit objectives. Meanwhile, in general, stakeholders’ reading time is limited, and risks and issues emerge rapidly—meaning reporting must become increasingly more streamlined and visual. Three percent report observations on an ongoing basis—with no final report—a hallmark of the Internal Audit function of the future.
Key Performance Indicators (KPIs) should reflect broader business priorities: KPIs should evolve to focus on areas that enable Internal Auditors to strengthen their impact and influence within the organization, rather than the traditional metrics tracked. For instance, KPIs can usefully be expanded to include cost savings or revenue opportunities identified (now used by almost a quarter of respondents) and other updated metrics that capture positive impacts on the business.