Audit efforts not directly tied to strategic initiatives will stop.
This is predicated on the belief that there isn’t enough value in spending time on efforts that do not align with the strategic objectives of the organization. Audit’s role is to support the business, so activities that don’t directly tie to supporting longevity and risk mitigation are considered cancelable detractors.
When asked, “Which non-strategic audit activities would be a potential target for elimination under this prediction?” internal auditors responded with cyclical audit reviews (43%), site audits/reviews (36%), no changes anticipated (24%), and systems design consulting (8%). Cyclical audit reviews are defined as audit activities executed at least once every two years, regardless of risk assessment or associated emerging risks.
- Perform a detailed review of your current audit plan.
- Can you clearly tie planned activities to your organization’s strategic objectives?
- What could be eliminated?
- What is not currently on the plan that should be?
- What do you need to start reprioritizing?
Dramatic shifts in the nature and extent of co-sourcing and outsourcing mean fundamental audit activities will be brought in-house.
While outsourcing represents a quick and relatively low-risk method for augmenting the capabilities of the internal audit function, the shift to a more strategic focus coupled with the desire to scrutinize and reduce extraneous vendor relationships will drive internal auditors to become more vigilant about maintaining in-house resources to provide key audit activities. Outsourcing will be reserved for specialized skill sets as Chief Audit Executives find it more imperative to maintain an internal cadre of auditors with detailed history and knowledge of the organization. Hear what CAE’s from Booz Allen Hamilton and Cboe Global Markets said about the future of outsourcing in a replay of Internal Audit’s Next Normal.
Internal auditors were asked, “What potential change do you anticipate in your use of external resources to augment your audit plan?” and responded with We Currently Do Not Outsource (34%), No Change/Increased Activity (33%), Slight Reductions (19%), and Significant Reductions (14%).
- Review your current co-sourcing/outsourcing arrangements and evaluate the nature of the services being provided.
- Is there opportunity to reduce reliance on external resources?
- Are there other activities that would be a target for leveraging these resources that would be more value-adding to your organization?
- What skills are you currently outsourcing that could be brought in-house for a reasonable cost?
- What benefits does outsourcing provide that cannot be augmented internally?
- Are your efforts quantifiable and have they been communicated to senior leadership and the board?
Internal audit will place greater reliance on technology for producing data-driven results.
Greater reliance on technology to manage risk assessments using data analytics means internal audit teams must shift to new required technical capabilities. Auditors will rely less on onsite audits and face-to-face interactions and instead will shift to real-time data self-service, robotic process automation, and broader and deeper data analytic models to drive the execution of critical audit procedures. As this happens, expectations will shift from performing sample-based testing to population-based evaluations. A central audit management tool to capture and manage all critical activities within the internal audit function will become necessary for real-time data visibility and enterprise-wide risk management.
When asked, “Which technology elements does your organization currently leverage or plan to leverage in the near future?” internal auditors responded with Central Audit Management System (74%), Data Analytics Platform (44%), Business Intelligence Platform (19%),Other (13%), and Automated Testing Procedures/Robotic Process Automation (6%).
- Evaluate your department’s current technical capabilities.
- Does your organization have a centralized efficient collaboration system? If not, be sure to read A Buyer’s Guide to Audit Management Software.
- Are critical data elements managed in a decentralized manner, and if so, what is the level of effort required to correlate critical data?
- How mature are your technical capabilities when considering the level of proficiency required to provide increased levels of assurance with less manual work?
Internal audit will become educators within organizations.
Because the internal audit function is in the lucky position to see the entire landscape of an organization, internal auditors are better able to understand the impact of emerging risks to the business. This means internal auditors need to start teaching other teams how to identify risks early on, including where they should be looking and how they should be thinking.
Internal auditors were asked, “What would you need to feel you’re equipped to be an educational resource in your organization?” and responded with Time to assemble a presentation with materials (35%), Materials creation (32%), Presentation training (30%), Internal Company Knowledge Center (25%), and None, I’m ready to teach today! (21%).
- Host monthly meetings that rotate topics to deliver education and insights to the organization.
- Cover what is new in regulations or geopolitics that could have implications to your business down the road.
- Suggest where teams should be looking deeper to assess the future situation.
- Provide updates on previous issues addressed to let your organization know how they played out and how the collective efforts helped.
We will all go back to the office.
Or will we?
In the time leading up to the pandemic, the prevailing sentiment was that employees need to be in the office to operate most effectively. This concept is somewhat driven by fear and/or lack of trust, along with the genuine belief that putting people together face-to-face always produces better results. This has been particularly true in the internal audit world, where a key element of the job revolves around building relationships and trust, most often in person.
Employees have proven that they can be just as effective with remote working. Chief Audit Executives leading positive change for the future will embrace this realization and evolve their teams accordingly. In a recent study by research strategists at NextMapping, 56% of global companies will offer remote work and companies that embrace remote work will have 25% lower worker turnover.
When asked, “What is your plan when stay at home orders are lifted?” Internal Auditors responded with Rotate between office/home (50%), Go back to the office full-time (21%), Continue working from home full-time (8%), and I don’t know yet, still waiting it out (21%).
- Have discussions with your team about what they have learned about their work styles during stay-at-home orders.
- Understand what makes them most productive and efficient while still allowing them to collaborate with other team members.
- Determine how much efficiency audit management software technologies could provide in your new decentralized approach.
- Scope out a plan that maximizes audit productivity and present it to senior leadership as the desired way forward, clarifying the results expected in the form of tangible productivity.
Evolving the internal audit function will become critical over time as we see business strategies shift from the COVID-19 pandemic. More Chief Audit Executives will search for better risk management initiatives and efficient technologies to conduct strategic internal audit plans and activities.