Reinventing Internal Audit to Ensure Agility, Relevance, and Effectiveness

4 min read


It has become too trite to say that the COVID-19 pandemic has upended organizations around the globe. The impact, in fact, is of unimaginable magnitude—affecting business units, functions, and the very core of any organization, its employees. In these turbulent times, internal auditors have a pivotal role to play in providing trusted risk perspectives and guiding their organizations to higher ground.

To gain deeper insights into their evolving role in the new normal, we surveyed internal auditors from across industries and countries. The objective was to understand how prepared internal auditors are to help their organizations recover from the ongoing crisis and model a holistic audit program that drives insight and action.

Here are the key takeaways from the survey:

  • A majority (67%) of internal auditors have had to change their plans, and reprioritize audit activities during the pandemic
  • 39% of the respondents said that they are in the process of implementing, or have already implemented continuous monitoring and continuous auditing and are actively using them
  • 60% of internal auditors don’t yet follow an agile approach to internal auditing
  • 80% of organizations still use office productivity software or point solutions while only 10% of respondents said they use one integrated solution for policy, audit, risk, and compliance management
  • Although changing business priorities, risk and compliance landscape, and lack of right tools and technologies were cited as the top challenges faced by internal auditors, only 27% of those surveyed said that they will dedicate future investments towards adopting an integrated solution for policy, audit, risk, and compliance

“The future may look uncertain right now, but internal audit’s unique knowledge and perspectives can be invaluable in guiding organizations through the new normal. By embracing change, and thinking ahead, auditors can help their organizations emerge from the crisis stronger than ever,” an excerpt from the report reads.

Internal Audit: Key Considerations

The survey highlighted that the current approach to IA by most organizations largely lacks key attributes such as agility, continuous monitoring and auditing, and others. These features are crucial for organizations to move at the speed of risk and make well-informed business decisions.

Ensuring Risk-Based Approach to Auditing: 

Embedding a common definition and language of risks and controls are prerequisites of an effective audit plan. Particularly in today’s volatile and uncertain business and risk landscape, the focus has shifted from mitigation to pre-empting risks. Risk-based internal auditing is important to enhance an organization’s risk appetite and ensuring that the executive management and board have access to actionable risk insights for making better-informed business and investment decisions.

Aligning with Business Objectives and ERM Framework: 

Business risks, priorities, and strategies evolve over time due to ever-changing internal and external factors. Regularly updating audit plans to ensure alignment with overall strategic objectives and the overarching enterprise risk management (ERM) framework will enable the internal audit team to be aware of the high-risk areas and facilitate the optimum utilization of time and resources towards more pressing issues.

Implementing Rapid Assurance Model: 

This has become imperative particularly in the post-pandemic era. The model calls for a novel and pragmatic approach to assurance—breaking down the audit cycle into shorter segments or cycles with compressed timelines for reviews, insights, and action. This approach will enable providing real-time assurance and help organizations instill more agility into their working models.

Adopting Quantitative Approach: 

Adopting a quantitative approach to risk assessments—calculating risk scores and translating risks into monetary value—is critical for determining the probability and impact of every identified risk. This approach will help organizations prioritize risks and realign audit plans and business strategies in an agile manner.

Testing Internal Controls: 

Conducting audit tests of internal controls is important to determine their efficacy and effectiveness. If a control fails the test, it means that it is ineffective in detecting and thwarting risks, making the organization more vulnerable. The onus then falls on internal auditors to promptly inform the senior management to investigate and remediate.

Leveraging Smart Tools and Technologies: 

Intelligent tools and technologies, such as Robotic Process Automation (RPA) and artificial intelligence (AI), are the key ingredients for ensuring agility, relevancy, and effectiveness of audit plans. Implementing the right audit management tool or software could be a game-changer. It can not only streamline, standardize, and automate internal audit activities but also equip the executive management to make timely, data-driven business decisions.

MetricStream Internal Audit Management can help internal auditors overcome their challenges and streamline various processes. The solution helps drive an agile IA program that is aligned with organizational goals and prepared for multi-dimensional risks, while preserving the trust of every stakeholder. In addition, the latest Arno release brings some exciting new features to the solution including, collaborative authoring of audit test samples and enhanced cross-functional collaboration across teams.

To request a demo, click here. To download the full survey report, click here.



Read more about the latest happenings in the GRC universe. MetricStream experts share their valuable insights on how organizations can turn risk into a strategic advantage and thrive on risk.