Here, in our opinion, are four best practices to strengthen internal audit’s relevance and value in a COVID-19 world:
In the wake of the pandemic, nearly 70% of respondents in our survey reported having to change their audit plans, and reprioritize audit activities. Twelve percent either increased their audit scope or team capacity, while 15% deployed new solutions to improve efficiency.
Sudden changes of this sort may have been rare in the past. But today, we live in an age of disruption. Cyber threats are becoming more frequent and intense. Climate change-related consequences such as flooding and wildfires are increasing. And last year, global political risk hit a multi-year high.
These and other shifts impact the way business is done. As assurance providers and strategic advisers, internal auditors must be proactive and prepared to help their businesses navigate change. They must be able to pivot and respond quickly to disruptions and sudden shifts in business priorities, risks, and compliance.
To do that, some audit teams may have to upgrade their audit tools and technologies. Others may need to improve collaboration and integration with risk and compliance functions, so that together they can respond faster to risk. Whatever the approach, internal auditors must be ready to help their organizations ride the wave of change, rather than being pulled under by it.
In a dynamic world, internal audits cannot afford to be rigid or long-winded. They must be flexible and able to keep pace with changing risks and business requirements. That’s where agile auditing can help.
When executed well, agile auditing saves time, helps generate insights faster, reduces waste, and minimizes documentation. It also enables audit teams to stay focused on the objectives and issues that matter most to their organization at the time.
Despite these benefits, only about 40% of respondents in our survey use agile methods for internal auditing. The most popular of these methods are rapid audit planning and task prioritization, short sprints to achieve specific goals, and regular Scrum meetings.
Two other powerful techniques are continuous auditing (CA) and continuous monitoring (CM). Over half of all respondents are either planning to, are in the process of, or have already implemented CM and CA tools. These technologies will enable internal auditors as well as management teams to determine where they should be focusing their attention and resources to manage risks better.
One of the biggest internal audit challenges cited by respondents is a lack of the right tools and technologies. So, what tools are auditors currently using?
More than half (54%) of the respondents rely on basic office productivity software like documents and spreadsheets. However, these tools often involve a lot of manual intervention, and don’t scale easily. Meanwhile, 26% of respondents use point solutions which can sometimes be too narrow in scope and difficult to integrate with other assurance systems to deliver a holistic risk view.
Many of these challenges can be overcome with an integrated governance, risk, and compliance (GRC) solution that ties policy, audit, risk, and compliance management activities on a common platform. Such a solution can help strengthen collaboration between internal auditors and other GRC functions, while also providing a more holistic picture of risks. Yet, only 10% of respondents use an integrated solution, which indicates that many are missing out on its benefits.
Any technology auditors choose should ideally enable more than just audit planning or fieldwork. A good audit tool will also help assess risks, optimize resource allocation, accelerate reporting, track audit issues, and provide robust analytics and visualization that deliver a broad and granular perspective on risks.
Even before the pandemic, regulators around the world were emphasizing the importance of operational resilience. But since COVID-19, resilience has become a matter of survival, not just a checkbox for compliance.
Businesses are increasingly looking at how they can adapt rapidly to changing environments, and continue driving productivity in the midst of disruption. Internal auditors will play a pivotal role in helping their business identify resilience gaps, weaknesses, and potential areas of improvement.
So, it’s no surprise that 42% of respondents in our survey cite operational resilience as a top audit priority. Other key areas of focus are enterprise risks, operational risks, and of course, cybersecurity.
As for where auditors plan to direct their investments in the coming years, 54% of respondents said they’re most likely to invest in training auditors on emerging areas and technologies, while over 30% are most likely to hire more skilled auditors.
Digital upskilling and training will be key for internal auditors to optimize their own use of technologies like AI/ ML, robotic process automation (RPA), and advanced analytics, while also providing informed strategic advice on how these and other technologies are used across the business.
After working in crisis mode for many months, it’s time for internal audit functions to recalibrate for a new future. Uncertainty and complexity are here to stay for a while at least. But there are also plenty of opportunities for internal auditors to innovate, deliver greater value, and implement more effective ways of working remotely.
Over the coming year, organizations will continue to rely on internal auditors to provide timely insights while guiding their businesses through a dynamic risk landscape. By embracing change, and thinking ahead, auditors can help organizations emerge from the crisis stronger than ever.
To find out more, read the MetricStream Internal Audit Survey Report 2021