Internal Audit Innovation

Area of Focus

Ascertain Your Position

Description

To ultimately realise the potential benefits, a strategic approach is required. An approach that not only transforms the way the business delivers assurance, compliance and risk management, but also seeks to seamlessly automate and connect those capabilities. Whilst it should not necessarily be Internal Audit’s role to drive this, there is a need for Internal Audit to determine what role it should have to support the aligned assurance agenda within the organisation.

Make a Case for Change

Knowing the path that the organisation should take is one thing. Convincing others that this is the right course of action is quite another. That’s why getting buy-in from senior leadership is a prerequisite to achieving successful change. To gain that buy-in, there must be a crystal-clear business case for that change. One that is typically grounded in reduced cost, enhanced performance and better business resilience.

Create a Roadmap and / or Clarify Your Existing Roadmap​

Internal Audit should consider its own role in providing assurance and also support the wider aligned assurance strategy by:

• Aligning with the organisation’s key risks, risk language (e.g. risk categories), risk assessment criteria, Audit Universe design, applicable control frameworks and compliance requirements. Preferably this would be delivered through a single or connected technology platform (GRC tool).
• Understanding the organisation’s risk appetite and required assurance response against each major risk category. For example, coverage requirements, depth and frequency of assurance, degree of independence required by the assurance provider, etc.
• Determining the primary providers and secondary users of assurance, including minimum expectations over the quality of assurance activities to enable reliance by secondary users.
• Helping to develop governance processes to coordinate and minimise duplication, e.g. an ‘assurance traffic control’ to oversee changes to planned assurance activity.
• Working with management to leverage the benefits of technology investments e.g. key risk indicator monitoring, data analytics, and continuous controls monitoring.
• Explore opportunities for integrated reporting of specific risks across the three lines model.

Area of Focus

Fostering an Environment for Creation

Description

• Facilitate audit automation by highlighting the potential and benefits of automation.
• Support online forums, newsletters and other periodic communication vehicles to drive enthusiasm and collaboration, provide support and perpetuate auditor momentum.
• Creating a prescribed approach to identifying opportunities across the functions ways of working including use of automation and visualisation in audit work and performance within the function.
• Train auditors to understand how and where technology can be applied to achieve leverage.
• Conduct workshops with audit teams to take a deeper dive into key business processes to identify audit automation opportunities.
• Host hands-on automation discovery roundtable sessions to brainstorm automation possibilities and share successes.
• Update the Audit Methodology to mandate the use of automation and analytics within internal audits where feasible. Create audit roles supporting the alignment of audit, data and technology.

AAF Components

Deloitte’s Analytics and Automation Factory approach is modular in focus, focusing specifically on:

• Opportunity Identification: Facilitate a culture of automation through education, incentives and workshops to foster a pipeline of automation candidates with net positive return on investment.
• Intake and Pipeline Management: Capture ideas quickly and frequently. Add more details as the ideas gain support and momentum. Capture value metrics such as ROI, and prioritise work.
• Development and Deployment: Stay up to date with the development team, including updates on planning, building, testing, and implementation.
• Maintenance and Re-Certification: Perform updates and incremental improvements to ensure digital assets continue to provide value and are in proper operating condition.
• Decommissioning: Confirm that obsolete assets are retired with transparent communication and appropriate archiving.
• Reporting: Develop a set of stakeholder targeted reports to monitor and communicate program adoption and trajectory, throughput, quality, efficiency, audit coverage, etc.

Area of Focus

Purpose

Internal Audit should align its role and remit to organisational purpose. Clearly aligning purpose and articulating how Internal Audit’s role and remit helps the organisation achieve its own purpose (for example, by designing ways of working to support specific organisational outcomes), can create greater value. This can help attract top talent and also enables Internal Audit to make smarter investment choices, ensuring innovation efforts are purpose driven.

Accelerate

Internal Audit should define what role it can play in accelerating organisational learning.

• Act with speed – Consider ways in which the function can be quicker in communicating insights. Could your function embrace agility, work in sprints and issue findings iteratively, forming stable teams to continuously improve and speed up the way they operate?
• Go beyond the audit – Without owning remediation, Internal Audit can promote learning after the audit and provide ‘after sales’ care. Helping to bring the organisation together, sharing good practice from within or outside the organisation, and moving the focus to the bigger picture (away from solely on point fixes to individual issues) can build a more robust and future-proofed control environment.
• Change the culture – Consider how Internal Audit can influence organisational culture to help create optimal conditions for learning and action to embrace the concept of psychological safety.

Digital

Assess how integrating and embedding digital technologies can transform ways of working.

• Mindset – It doesn’t matter if you're a small or large function, the mindset and willingness to explore and experiment with digital tools is half the battle.
• Approach – Be willing to experiment. While transformative initiatives can work, many functions have avoided a ‘big bang’ approach and moved towards an iterative approach with a mindset of continuous learning and sustained incremental change. More functions have taken this systematic and methodical approach to digital innovation in order to drive internal audit ‘operating system’ enhancements, intentionally piloting proofs of concept and measuring return on investment to guide purpose-driven initiatives.