Organizations will need to test more frequently for an increasing number of risks to internal controls, according to a recent poll by Deloitte.
In the year ahead, 55.9% of the more than 350 C-suite and other executives who responded to a poll during a webcast in January indicated they expect their organizations’ internal controls programs will need to test for larger and more frequent risks. When they were asked the same about the past 12 months, only 45% said their organizations had to test for larger and more frequent risks, according to the survey, which was released Wednesday. That represents a sizable increase in focus on internal controls for risk management and a signal that internal control programs continue to expand.
Only 15.3% of the respondents reported their organizations already use advanced technology such as artificial intelligence and automation within their internal controls programs. Not only that, but 14.8% of the respondents said their organizations have no plans to do so.
Deloitte suggested several questions that leaders can ask about the state of their internal control programs to determine their maturity:
- Are our internal controls processes working well enough that we could apply automation or other advanced technology to identify more risks more efficiently?
- In “fishing” for risks, does the internal controls program function more like a spear (task-driven) or like a net (data-driven)?
- Who is effectively your organization’s “chief controls officer?”
- Are teams outside of risk management or internal audit tapped to support internal controls programs?
Organizations should make the most of what they have and reduce siloed activity that can add costs and limit them from realizing the full potential of their people and technology investments.
