The sudden onset of the pandemic and the subsequent lockdowns and travel restrictions have upended business around the globe. To navigate the resulting complex and dynamic risk landscape, organizations have no option but to go digital. For the internal audit function too, it has become imperative that it reinvents itself with innovative tools and technologies to stay relevant and meet today’s business challenges.
In Deloitte’s 2020 survey of audit committee chairs and members, 92% of respondents said that IA should provide insights on and help prepare for emerging risks, while 63% said IA should be faster reporting results of their work. The current volatile business environment warrants an agile, flexible, and future-ready internal audit function that can add value to an organization.
The internal audit function provides valuable insights into the effectiveness of an organization’s risk management, governance, and internal control processes. Before considering what Industry 4.0 technologies to adopt to modernize IA, it is important to have a comprehensive view on the level of maturity of this function, the maturity of the technology being considered, and the associated risks.
Identifying the current level of maturity of IA marks the first step of the digital transformation journey. Depending on the level of automation and structure, the Institute of Internal Auditors (IIA) has identified five levels of maturity of the IA function:
Assessing the level of maturity of internal audit is important as it will help an organization recognize the shortcomings of its existing approach, determine the desired future state, and the technologies that must be adopted towards achieving this goal.
To wade through the pandemic-driven new normal and successfully manage the resulting distributed workforce, internal auditors need to embrace advanced transformational technologies to provide valuable insights and rapid assurance. When talking about Industry 4.0 technologies, the key technologies that have gained considerable traction in the past couple of years include cloud computing, robotic process automation (RPA), AI/ML (analytics), and blockchain, among others.
Implementing these technologies will empower IA teams to continuously monitor and quickly detect risks even in the remote setup, collaborate seamlessly across the three lines, automate the aggregation of risk data, be cognizant of emerging risks, and more. These capabilities, in turn, will help make the IA function more agile and future-ready.
That said, organizations should decide on the technology to be adopted and its level of maturity depending on the business needs and goals. They must determine if the application is relevant to the nature of their business or if they are implementing it just out of the fear of missing out. Ultimately, the primary reason to embark on the digital transformation journey of IA is to add value to top management’s view of business risk and facilitate effective decision making.
When considering implementing Industry 4.0 technologies, it becomes critical for organizations to assess where these technologies are going to create risk and where the risk is going to fall. KPMG has defined four dimensions of risks when it comes to IA:
In addition to keeping abreast of the latest technologies and developments, IA practitioners must focus on understanding the impact of digitalization on business and audit processes, and identify, assess and mitigate the associated risks such as cyber risk, third-party risk, and others.
Organizations can simplify the digital transformation of their IA by leveraging MetricStream Internal Audit Management. The product enables companies to drive an agile internal audit program that is not only aligned with organizational goals but also allows to factor in new risks that arise with shifting priorities. In addition, automated processes, real-time reporting, and access to audit data, and analytical tools help auditors to accelerate internal auditing and optimize resource allocation and enable senior management to make faster and well-informed business decisions.