Internal audit leaders should develop new skills to stay relevant
Chief audit executives (CAEs) and internal audit leaders report their next-generation competency levels in three vital areas – governance, methodology and enabling technology – to be remarkably low, a Protiviti survey reveals.
The survey also identified that the majority of internal audit functions are at risk of losing relevance for not modernizing and transforming the audit process, against the increasing demands of today’s stakeholders.
Nearly 780 Chief Audit Executives (CAEs) and internal audit leaders were surveyed across industries to uncover the pressing priorities for internal audit functions when it comes to next-generation auditing skills.
The study was completed in the first quarter of 2020 and was based on a survey conducted in the fourth quarter of 2019, before the onset of the COVID-19 pandemic. The release of the study was deferred to now as businesses worldwide reacted and adjusted to the new environment.
Audit leaders should step up their innovation and transformation initiatives
“We continue to advocate for the embrace of a next-generation internal audit mindset and the adoption of the governance, methodology and enabling technology competencies that will position internal audit functions to best support their organizations as they strive to transform amid this pandemic and in the years to come,” said Brian Christensen, executive VP, global internal audit, Protiviti.
In what should be a red flag for chief audit executives and audit committees, enabling technology received some of the lowest competency-level self-assessments in the entire survey: (rated on a 1 to 5 scale with 5 being highest)
- Robotic process automation (RPA) – 2.1
- Artificial intelligence (AI) and machine learning – 2.0
- Process mining – 2.2
- Advanced analytics – 2.6
One telling example of the need for internal audit leaders to step up their innovation and transformation initiatives is that only 10 percent of those surveyed are undertaking process mining – a form of analytics that uses transactional data captured by enterprise systems to analyze and visualize how processes are actually being performed – in their internal audit function, and a surprising 41 percent of respondents reported they have no plans to adopt this enabling technology at all.
Notably, internal audit’s exploration and adoption of enabling technology also lags that of other key business functions such as finance.
Additionally, the overall number of internal audit organizations reported to be undertaking digital transformation initiatives more broadly declined since the 2019 survey to 60 percent (down from 76 percent in 2019).
“Our survey confirms the awareness among internal audit professionals of how far behind their function is in terms of the core competencies required to provide value in the digital age,” added Christensen.
“Next-generation auditing capabilities, processes and tools – from strategic vision, agile auditing and dynamic risk assessment to RPA, machine learning and advanced analytics, among others – should be priorities for the internal audit function to build and grow as their companies continue to transform and stakeholder expectations for these capabilities rise. Our results show that audit committees certainly hold this to be true.”
Audit plan priorities
The study also examined audit plans. While the following priorities were the most pressing at the time the survey was conducted, they remain relevant today and are important, enduring topics for audit plans:
- Fraud risk management
- Enterprise risk management
- Cybersecurity risk/threat
- Vendor/third-party risk management
- Internal audit strategic vision
In the wake of the COVID-19 pandemic, most audit leaders have been reevaluating their priorities as well as the capabilities of their teams to deliver in these changed and challenging conditions.
While not cited in the survey, many internal audit leaders have been focusing efforts in the following areas: sufficiency of processes related to risk assessment; reporting and other stakeholder communications and interactions; impact to the control environment from the introduction of new technologies as well as broader workforce disruptions; ongoing performance and resilience of critical business functions; and increased use of data and tools.
“Audit priorities could all benefit from next-gen internal auditing techniques. Across the board, advanced analytics, machine learning, RPA and other data and technology methods can drive the delivery of significant value,” said Andrew Struthers-Kennedy, managing director and leader of the IT Audit practice, Protiviti.
“Any internal audit function not currently using or taking seriously their pursuit of these technologies will be ill-equipped to deliver the insight and value required and expected of its activities.”