Internal audit profession making tech advances
Internal auditors are getting more involved in technology initiatives like cybersecurity and data analytics, according to several new reports.
One of the reports, from PricewaterhouseCoopers, found that 75 percent of companies who use internal audit technology will see a return on investment, but only 14 percent of internal audit functions are advanced in their adoption of technology. PwC’s 2018 State of the Internal Audit Profession study polled more than 2,500 board members, senior executives and audit professionals in 92 countries.
It broke down internal audit professionals into several groups. Nearly half (46 percent) of internal audit functions are taking notice and following the lead of the advanced group of “evolvers” in terms of technology adoption, but at a slower pace. PwC refers to them as "followers." Others are even further behind and are referred to as “observers.” More than one-third (37 percent) of internal audit functions are still observers when it comes to technology adoption.
“What we’re seeing is the pace of change is increasing rapidly and it’s a great opportunity for internal audit to ensure they’re keeping up,” said PwC risk assurance partner Lauren Massey. “The number one thing companies are focused on is innovation.”
Another new report, from the Institute of Internal Auditors’ Internal Audit Foundation and Crowe Horwath, focuses on internal auditors’ future engagement, role and expertise with cybersecurity. The report found internal auditors are increasingly adapting to cybersecurity risks and have growing responsibilities in validating the effectiveness of cyber risk management. The report, The Future of Cybersecurity in Internal Audit, was unveiled at the Institute of Internal Auditors conference in Las Vegas.
To maintain effectiveness and credibility, the report found that internal audit professionals need to understand how much emphasis should be given to prevention, detection and response in cybersecurity programs, along with the sufficiency of the controls and testing. Internal audit should assert itself in independently assessing the rapidly evolving and escalating risk environment.
“The evolving responsibilities of internal audit in addressing cybersecurity issues mean that audit professionals must develop a clear understanding of the principles of data security and the cyber frameworks that apply within their own organizations,” said IIA President and CEO Richard F. Chambers in a statement. “As internal audit departments continue to adapt to cybersecurity risk management, the responses recorded as part of the Foundation’s research project can provide a valuable snapshot of the current state of the profession—as well as a potential road map for the future.”
The report found that 45 percent of chief audit executives consider their internal audit functions to be very or extremely agile. Only 43 percent of CAEs said their internal audit functions are fully or partially prepared to react to disruption. In addition, 38 percent of CAEs believe the overly traditional expectations of management are a roadblock to agility.
A third report released Monday, from Protiviti, examined the use of data analytics in auditing. Protiviti’s 2018 Internal Audit Capabilities and Needs Survey found the use of analytics in auditing is still in its early stages, and many audit functions seem to be using analytics tools as “point solutions,” rather than as part of a broader initiative to leverage analytics throughout the audit process.
Protiviti polled more than 1,500 chief audit executives and internal audit leaders and professionals throughout North America, Europe, Asia-Pacific, Latin America, Africa, India and the Middle East to see how internal auditors are using analytics in the audit process and where improvements are needed.
“Growing demands from boards and executive management for deeper insights into strategic risks that organizations face has made the ability to leverage analytics and robotics a top priority for CAEs and audit committees,” said Brian Christensen, executive vice president of global internal audit at Protiviti, in a statement. “Even so, many internal audit departments are still struggling to develop a formal methodology for integrating data analytics. It is critical for these departments to formalize a data analytics program that specifies how data is to be identified, acquired and analyzed.”
The survey found that organizations in Europe and the Asia-Pacific region seem to be using data analytics in the audit process more frequently, with 76 percent of respondents from both regions confirming they currently use data analytics, compared to only 63 percent from North America. Two-thirds of internal audit groups intend to implement data analytics in the next one or two years (66 percent), but one out of three organizations (34 percent) have no plans to do so.
The survey also found a correlation between the audit committee’s level of interest in the use of analytics to support the auditing lifecycle and the amount of information shared with the committee about the use of auditing analytics. Fifty-nine percent of respondents said that when a high level of information is shared with the audit committee, there is also a high level of interest from the audit committee in the use of audit analytics.
“We’re seeing the barriers to entry with the technology are diminishing quickly,” said Massey of PwC. “The cost investment you have to make has dropped significantly. There’s this real opportunity for internal audit departments that maybe have been sitting on the sidelines waiting to see what they want to invest in, they’ve got an opportunity to really be revolutionary in making some leaps forward.”