What is Internal Audit?
According to the Institute of Internal Auditors (IIA) “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Relevance of Internal Audit at present
With risk management and compliance, most organizations operate on the three Lines of Defense model, during which the operational management, compliance, and internal audit work together to assess and mitigate risk and ensure controls and compliance.
This model however does not work effectively in the real world as there are siloed processes, and disparate systems and all three lines of departments may not work in tandem. Auditors face significant challenges to keep pace with technology and as a result, may end up identifying the impact of new and emerging risks.
Is Internal Audit gaining more attention today?
Internal Audit for long hasn’t been on the priority list on the management’s desk. Most organizations simply outsource the audit function and audit reports were more customary.
However, of late Internal Audit is transforming into a strategic function with the advent of new GRC and Audit tools along with the advent of new technology such as Big Data, Data Science, Analytics, AI & ML. The scope of Internal Audit has expanded and focused extensively on both traditional and emerging risks.
New and Emerging technologies in Internal Audit
With Internal Audit gradually gaining increasing attention from management and other stakeholders, tools such as GRC & Audit software are available for automating the Internal Audit function. Inducting the right tool can turn out to be a game-changer for organizations. It would aid in integrating the Audit function with other lines of defense enabling them to provide the management with a centralized and a holistic view of the risks faced by the organization.
New technologies such as Big Data, Data Science, Analytics, RPA, Blockchain, AI, ML, Text mining and NLP algorithms help analyze audit data and improve the overall audit process, identify outliers, and divulge patterns from previous audit reports, historical audit data.
The Future – Use of disruptive technology in Audit
What both Robotic Process Automation (RPA) and Blockchain bring to the table with respect to Internal Audit is, that it minimizes the audit cycle time and increases the coverage of statistical sampling. It helps auditors to provide higher levels of assurance compared to the earlier “Reasonable Assurance” as they would be able to test a near 100% of the data population.
RPA helps in reducing human intervention by automating continuous monitoring of the control frameworks and concurrent audits. Organizations would be able to perform continuous assessments as compared to regular intervals. It helps discover new risk patterns, outliers, and internal control failures among others. It expands the scope of audits across the organization.
The blockchain is a distributed ledger made up of “blocks” that each contains data. The blockchain is made up of these blocks, which can contain financial information, protected healthcare information, or any other sensitive information. To create this distributed ledger, a person must mine the data by setting up a computer to recognize transactions and transform them into a digital hash. When data is transformed into a hash, it gives non-repudiation assurance of completion. The hash can also ensure the completeness and accuracy of a transaction from one company to another, or from one person to another.
Blockchain technology, apart from solving problems such as reasonable assurance to providing absolute assurance, additionally, also solves problems such as data fudging and backdated documentation. Every transaction is stamped, edit-proof, and visible to all members of the blockchain.
By developing a coordinated strategy to integrate the three lines of defense along with disruptive technologies, the audit function would be able to produce far more insights to help identify, assess, treat, monitor, and report risks. Auditors need to constantly embrace the changes caused by technology and adapt to make the function leaner and stronger.
Product Consultant, BCT Digital
Pradheep has expertise in the areas of enterprise risk and process audits working with one of the top 4 audit firms. His focus has been on internal financial controls, control effectiveness, and assurance. He is an MBA graduate from Great Lakes Institute of Management.