Five things internal audit must provide in 2019

In a world where technology and globalisation are changing most industries at a dizzying pace, internal audit is no exception.

At the Metric Stream Governance Risk and Compliance Summit held in London this week, Mazars’ partner of internal audit and risk management Matt Dalton laid out his vision for the future.

“The impact the volatility and speed of change is having on internal audit is profound,” he said.

Recent developments such as global financial uncertainty, the fact that 60% of the world’s population now owns a smartphone, and changing regulation – including GDPR in the EU region – have changed how companies operate. In turn, this has affected what they expect from internal audit teams.

And Dalton said that they now expect internal audit teams to become trusted business advisors.

“Fundamentally, stakeholders are expecting more,” he said. “They want internal audit to be focused on the risks and issues of the future.”

This means new skills are required, and eventually a different kind of workforce will emerge.

“Even in five years’ time, jobs in internal audit will look very different,” Dalton said.

Dalton outlined five areas which companies will want internal audit to provide in 2019:

  1. Align to the business strategy

“We need to speak the business’s language,” Dalton said. “Internal audit teams can help the business develop its strategy, by being present when those conversations happen, for instance on strategy days. Internal audit teams can also provide commentary and advice on risks, including the company culture. This may be very different at the lower levels of the organisation to the culture which the board promotes,” he said.

  1. Provide timely insight on key risks

Dalton emphasised the importance of taking an “agile” approach, responding to events as they happen rather than waiting to report them. “If issues come up, communicate them quickly,” he said. The need to act quickly means moving away from fixed three-year plans towards a more flexible, responsive way of working.

  1. Improve how we audit

There are a number of ways the audit process itself could be improved in line with current requirements. “We need to ask more challenging questions than we did in the past,” Dalton said. The ultimate aim should be to move to a process of continuous monitoring, where signs of any risk or issue can be spotted immediately and acted upon. A new skill set is also needed among internal audit teams, which is more of a business advisor skill set than in the past. “There is an immediate need for people with technical skills, and for soft skills training,” he explained.

  1. Effective use of tools and tech

Mazars in France recently purchased a cognitive data analytics firm. “We are looking at how to bring that into internal audit if relevant.” Tech tools are increasingly becoming part of the audit process itself, but equally important is understanding how tools such as AI and robotic process automation are already being used by companies such as banks, which use AI to calculate claims. When offering advice to companies on data, a key focus should be the intended purpose. “There is so much data available, but what are you trying to achieve?” Advise the company to figure this out before they start, so they are not just collecting data for the sake of it, Dalton said.

  1. Act as a business advisor during key decisions

As companies in many sectors undergo huge transformations, often connected to digitisation, internal audit can offer an advisory role. Dalton cited change on the high street where there is a lot of consolidation going on as an example. “Transformation programmes are risky, they fail all the time,” he said. Change can be met with resistance within the organisation, or there is an ineffective cultural transition, for example. “The business is responsible for that, but internal audit can support it,” he said.

Exit mobile version