Skip to main content

Internal Audit 3.0

The future is now

As organisations hurtle to an increasingly technology-driven, innovation-orientated, risky and disruptive future, where is Internal Audit? Very often, despite ongoing efforts to meet stakeholders’ growing list of needs, the answer is playing catch-up.

Internal Audit 3.0

Until recently, the Internal Audit profession had not faced the need to innovate, let alone reinvent itself. Now, as we approach the end of a decade of uncertainty, organisations face evolving strategic, reputational, operational, financial, regulatory and cyber risks. The world is entering the fourth industrial revolution where new technologies, digitalisation, robotics and artificial intelligence are dramatically changing the business landscape.

Through consultation with audit committee chairs, executives, chief audit executives and business leaders, we have developed a blueprint which aims to clarify the expectations of Internal Audit and required enablers to meet these, codifying the most important elements. We call it Internal Audit 3.0, the next generation of Internal Audit.

This publication introduces our point of view on Internal Audit 3.0 and outlines selected aspects of the 3.0 blueprint, depicted below.

Assure. Advise. Anticipate

These three - assure, advise and anticipate - constitute the triad of value that Internal Audit stakeholders now want and need.

Assure

Assurance remains the core role of Internal Audit. Yet the range of activities, issues and risks to be assured should be far broader and more real-time than they have been in the past. Equally, while assurance is central to Internal Audit’s role, it must not be the limit. Internal Audit 3.0 outlines how functions can meet growing stakeholder demands through innovation and technology enablement.

Advise

Advising management on control effectiveness, change initiatives, enhancements to risk management and the design of assurance mechanisms falls well within Internal Audit’s role and stakeholder expectations. In our experience, too many internal auditors use “independence” as a crutch, as an excuse to stay in their lane and avoid offering insights and opinions when most stakeholders have said this is what they truly want. This can regulate the function to reporting on the past, which is not the wave of the future. Under Internal Audit 3.0, functions can respect independence while advising the business through promoting objectivity, integrity and professionalism.

Anticipate

Anticipating risks and assisting the business in understanding risks and in crafting preventative responses, transforms Internal Audit from being a predominantly backward-looking function that reports on what went wrong to a forward-looking function that prompts awareness of what could go wrong and what to do about it, before it happens. Internal Audit 3.0 introduces risk sensing and risk learning to Internal Audit’s role, helping the function keep pace with and get ahead of emerging risks.

Upgrading to Internal Audit 3.0

Digital assets

Robotics, artificial intelligence and visualisation tools have already begun to transform Internal Audit work and are about to revolutionise it.


Skills and capabilities

Thinking that the same people operating in the same way with the same resources can deliver the value stakeholders need now, let alone going forward, amounts to a failure of imagination. Internal Audit functions need new skills and capabilities to position Internal Audit to improve their interface with stakeholders and change traditional thinking, approaches and mind-sets.


Enablers

Enablers such as automated core assurance, Agile Internal Audit and new ways to deliver impactful reporting are helping Internal Audit functions to deliver new value and improving the impact and influence of Internal Audit.


Key contacts

Peter Astley
Global and EMEA Internal Audit Leader
pastley@deloitte.co.uk

Porus Doctor
Asia Pacific Internal Audit Leader
podoctor@deloitte.com

Kris Wentzel
Americas Internal Audit Leader
kwentzel@deloitte.ca

Sarah Adams
Global IT Internal Audit
saradams@deloitte.com

Neil White
Global Internal Audit Analytics Leader
nwhite@deloitte.com

David Tiernan
UK Internal Audit Innovation Lead
datiernan@deloitte.co.uk

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey

Recommendations