While the internal audit function has undergone significant transformation, the rapid pace of change is set to accelerate in the foreseeable future. Richard Walker, Advisory Director at BDO South Africa, sheds some light on some key industry trends that have emerged and some key areas of transformation we can expect to see defining the sector over the next five years.
<!doctype html>
The internal audit (IA) function has transformed from a highly manual and time-consuming process into an increasingly data-driven and holistic operation that has a touchpoint across almost every facet of a business. Traditionally seen as the risk assessment and controls hub of an organisation, IA has crossed into a more strategic lane, as businesses seek innovative ways to drive added value and streamline operations.
What is important to remember, though, is that as operations transform, the risk landscape becomes increasingly complex. This means that their strategies must become increasingly fluid to match these complexities in order to mitigate risk and allow organisations to gain a competitive edge while still reducing long-term costs.
Technology will be a key driver of secure transformation
In the next five years, technology will play a significant role in transforming the IA landscape by enabling auditors to analyse vast amounts of data more efficiently and effectively, as well as identify trends and anomalies that may otherwise have gone unnoticed. Digital analytics tools, machine learning, natural language processing and artificial intelligence (AI) technology have the potential to transform the way IA is conducted, as well as the assurance agenda more broadly.
Key technologies that are on the horizon include the following:
- Data analytics − Analysing data quickly and accurately, while identifying patterns and anomalies, will lead to more valuable insights for executive leadership and enable quicker fixes of control issues. Predictive analytics will prove pivotal in improving efficiencies in areas such as payroll expenses, vendor management, order and sales activity, and error identification in accounts payable processes. Auditors will also be able to focus more on high-risk areas, thus providing more value to the organisation.
- Virtual reality (VR) and augmented reality (AR) – These advanced tools are becoming increasingly integrated with the IA function. The interactivity of VR and AR will allow opportunities to drill deeply into data, enabling senior management and board members to make better informed decisions. Auditors could use VR to ‘walk through’ a facility without physically being there or use AR to overlay data onto a physical space. It is quite possible that these tools will be used to simulate different scenarios and test controls in a virtual environment or to simplify the performance of remote audits in general. They could even be used to train internal auditors on new technologies and processes.
- Automation − As the application of technology becomes more commonplace in the IA function, some of the core compliance functions can be automated to improve operational efficiency. Automation will also allow the IA function to focus more on emerging risks, fraud trends, root cause analysis and providing problem-solving solutions to address risk areas in a more preventive and timely manner.
While the opportunities for technology to transform the sector are endless, there are also substantial risks, meaning that governance around new tech is critical. However, if business leaders and policymakers can stay on top of these risks so that they are implemented responsibly and with integrity, the value generated for internal auditors and their stakeholders will be immense.
Navigating the new ESG agenda
Environmental, social and governance (ESG) programming is sitting at the top of boardroom agendas and will continue to impact the IA function well into the future. Internal audit functions will need to become familiar with new guidance specific to ESG, as a vast breadth of knowledge and experience in a company or organisation’s operations, as well as IA’s partnership with leadership across functional areas, will be critically important to any successful ESG programme.
Quite literally, ESG criteria will have to become embedded throughout the organisation if it is to work more synergistically with IA. Through ESG, regulations are anticipated to grow in volume and complexity. Standards for reporting will continue to expand past financial-related information, presenting a new set of responsibilities, challenges, and opportunities for internal auditors. Ultimately, reporting integrity will be enhanced and internal auditors will act as catalysts for change.
Upskilling a future-fit IA team
It is crucial for organisations to reimagine the value that IA teams deliver across the board − which means that there will be a spotlight on team selection. To keep pace with market changes and competitors, organisations will need to strengthen their methods and criteria for sourcing IA talent. Hiring standards for internal auditors will be raised, as more assurance functions will be sought through data-driven technology and system-embedded controls. Internal auditors will also be increasingly assessed by their soft skills and ability to serve as a strategic partner of the organisation driving value. Knowledge and understanding of specialist areas such as the metaverse, data science, analytics, IT, cybersecurity, ESG and privacy will become imperative for the IA function.
Organisations must place a firm focus on diversifying their talent pool and specifically look to recruit from STEM backgrounds. The internal auditor of the future needs more focus on understanding ‘why’ they are reporting on the ‘what’. Ultimately, IA must be promoted as providing a broad career with impact and influence across the entire business.
The internal audit future
Internal auditors who want to stay at the forefront of transformation must be prepared to expand the role beyond assurance and compliance in order to serve as dynamic advisors and strategic partners to their organisation. The world is changing every day, and this has an impact on business and related risks. It is crucial to stay informed, embrace technology, focus on value addition, and continue to embrace development. This may prove to be a journey through new and uncharted waters for many, but if auditors can continuously adapt while still providing value, the future has the potential to be incredibly bright.
Author
Richard Walker, Advisory Director at BDO South Africa