Internal auditors need to keep up with the pace of technology says PwC Southern Africa CEO.
Audit firm PwC has released its State of the Internal Audit Profession study 2019, which evaluated internal audit organisations across five important fitness dimensions:
- Vision and roadmap
- Ways of working
- Operations
- Services models
- Stakeholder engagement
According to the study, organisations are increasingly rolling out digital initiatives in an arena defined by more data, more automation, sophisticated cyber attacks and evolving customer expectations.
The study shows that, as organisations move through digital transformation, internal audit functions that are more digitally fit, more effectively help their stakeholders become smarter risk takes in the face of changing risk profiles.
PwC Southern Africa CEO Shirley Machaba says:
“Internal auditors need to keep up with the pace of technology, and the knowledge and skills to provide advice and strategic assurance in this arena. Internal audit functions that increase their own levels of digital fitness will be far more effective at meeting that challenge.”
The study divided the digital fitness of companies into three groups:
- ‘Dynamics’, which embody a mix of highly regulated and less-regulated industries, different sizes of organisations, and different geographical regions. This group was found to be the most digitally fit, consisting of 19 percent of internal audit respondents.
- ‘Actives’ is the next most digitally fit internal audit functions. This group, which represented 27 percent of the internal audit functions, is taking many of the necessary steps to become digitally fit.
- ‘Beginners’ (54 percent) are conducting or planning to conduct some of the activities PwC measured in the study, though in far more ad hoc ways, and are in a very early stage of their digital journey.
The study also identified six habits that lead to more digitally fit risk functions:
- Going all in-on the organisation’s digital plan.
- Collaborate and align with other teams to provide a consolidated view of risks.
- Actively engage decision makers of key digital initiatives.
- Upskill and inject new talent to move at the speed of the organisation. As organisations become digital, internal audit’s baseline levels of digital acumen and skills must rise. For example, a deeper understanding of data is needed because data sits at the center of all things digital.
- Find the right fit for emerging technologies. Many internal audit functions struggle to find the right fit for emerging technologies in their own work. More than half of internal audit respondents are either unsure of or do not plan to use Artificial Intelligence (AI) within the next two years. It is surprising that nearly as many do not plan to use Robotic Process Automation (RPA) or do not know how they would use it.
- Enable the organisation to act on risks in real time. Annual audit plans and risk assessments are antiquated. More frequent and fluid cycles are needed. The vast majority of internal audit functions now revisit risk assessments and audit plans more frequently than they used to.
The study concluded that internal audit’s digital fitness should move at pace with the organisation. “A digitally fit internal audit organisation may struggle to get full benefits from its digital investment if the organisation itself is lagging behind. Conversely, if internal audits’ fitness is lagging behind the rest of the organisation there will be more points of entry for risk, which challenges the function to take faster and larger steps to innovate. By harnessing digital capabilities and the power of data, internal audit functions can find correlations that will not only keep pace with changing risks but also help predict changing risk profiles.”