Internal audit 3.0
The future is now
As organisations hurtle to an increasingly technology-driven, innovation-oriented, risky, and disruptive future, where is internal audit? Very often, despite ongoing efforts to meet stakeholders’ growing list of needs, the answer is playing catch-up.
Internal Audit 3.0
Through consultation with audit committee chairs, executives, chief audit executives, and business leaders, we have developed a blueprint that aims to clarify the expectations of internal audit and required enablers to meet these, codifying the most important elements. We call it IA 3.0, the next generation of internal audit.
These three components – Assure, Advise, and Anticipate – constitute the triad of value that internal audit stakeholders now want and need. The blueprint above addresses the concerns and requirements that business and IA leaders expect to be a part of their internal audit function.
Internal Audit 4.0
Purpose driven, digitally powered
An unprecedented set of challenges has led to broadened demands on Internal Audit functions. In addition, the pace and scale of innovation in the profession pointed to the need for an update of our vision. Our updated IA 4.0 framework brings three new features to the forefront. By aligning Internal Audit’s outcomes with the organization’s purpose, helping accelerate organizational change and learning, and further embracing digital, we believe Internal Audit can upgrade and maximize its impact and the value it delivers.
Internal Audit 3.0
Internal Audit 3.0
Internal Audit considerations in response to COVID-19
Following the outbreak of coronavirus (COVID-19), organisations, their environments, and their ways of working are evolving rapidly and in ways that had not been previously envisioned. This paper outlines Deloitte’s high-level views on key Internal Audit (IA) considerations given the mass scale of business disruption caused by COVID-19.
The third line of defence is uniquely placed to play a key role in response to the COVID-19 crisis, from a position of good organisational knowledge and with a highly relevant skill set. As organisations adapt to dealing with the initial impact of COVID-19, IA functions have an important role to play and continue to provide critical Assurance, help Advise management and the Board on the shifting risk and controls landscape, and help Anticipate emerging risks.
Assure, Advise, Anticipate
Assure
Assurance remains the core role of internal audit. Yet the range of activities, issues, and risks to be assured should be far broader and more real-time than they have been in the past. Equally, while assurance is central to internal audit’s role, it must not be the limit. Internal audit 3.0 outlines how functions can meet growing stakeholder demands through innovation and technology enablement
Advise
Advising management on control effectiveness, change initiatives, enhancements to risk management, and the design of assurance mechanisms falls well within internal audit’s role and stakeholder expectations. In our experience, too many internal auditors use “independence” as a crutch, as an excuse to stay in their lane and avoid offering insights and opinions when most stakeholders have said this is what they truly want.
Anticipate
Anticipating risks and assisting the business in understanding risks, and in crafting preventative responses, transforms internal audit from being a predominantly backward-looking function that reports on what went wrong to a forward-looking function that prompts awareness of what could go wrong, and what to do about it, before it happens. Internal audit 3.0 introduces risk sensing and risk learning to internal audit’s role, helping the function keep pace with and get ahead of emerging risks.
Opens in new window
Internal Audit High Impact areas 2020
These are the trending topics which industry giants are talking about in the Internal Audit space.
