In today's business environment, boards and management continue to grapple with a volatile geo-political backdrop, while organizations navigate risks posed by environmental, social, and governance (ESG) regulations, emerging technologies like Generative AI (GenAI), and the evolving future of work. At the same time, digital transformation is significantly reshaping the internal audit (IA) landscape. Technologies such as AI and data analytics enable IA to deliver timely and comprehensive insights, driving efficiency and effectiveness in risk management. As such, IA must keep pace with the growing speed, volume, and complexity of risks, which raises the need for IA to provide assurance and timely insights.
Resilience and agility have become the key attributes required for organizations to not only survive but also thrive in the current environment. IA has a critical role to play in helping organizations strengthen and maintain these traits by providing objective advice, anticipating risks, and assisting management in accelerating improvements in governance, risk management, and controls.
Insights from recent surveys reveal significant challenges, such as limited empowerment and technological concerns, while also highlighting opportunities for enhanced impact and innovation brought about by IA function digital transformation:86% of functions said they are not achieving very strong potential, and only 14% feel they have a very strong impact.155%1 of auditors are not truly empowered to innovate, needing to ask permission or being confined to innovation in noncore areas that don’t challenge the status quo. >50% of surveyed CFOs cite impact to risk and internal controls (57%),1 data infrastructure and technology needs (52%),1 and investment needs (51%)1 among their top three concerns regarding GenAI.
42%1 of surveyed CFOs say their companies are experimenting with GenAI.
Navigating the complexities of the current IA landscape requires addressing several pivotal challenges. Considering the fast-paced technological advancements within different industries, the traditional IA function faces many challenges that hinder its ability to deliver proactive insights for its stakeholders. Below are some examples:
Reactive: The current practices of IA functions are reactive by nature, as they conduct audit assignments that cover activities which have already taken place, often more than a year ago. This significantly limits their ability to provide real-time insights and make meaningful changes to the outcomes of the entity’s operations.
Transactional: IA functions conduct testing on samples of operations and activities, building reports based on this information. This approach impacts their ability to capture the big picture.
Isolated: The focus of IA functions to maintain independence can sometimes come at the expense of maintaining partnership, which may lead to being isolated from the overall value chain of the entity.
Impractical: Some IA functions have been perceived as providing impractical recommendations, which might have a negative effect on the agility of the operations if adopted. This may occur due to the inability of current auditors to understand emerging business practices and risks introduced by the adoption of artificial intelligence (AI), machine learning (ML), and robotic process automation (RPA) tools.
Ineffective reporting and communication: Many IA functions have yet to adapt their reporting practices to the trends of audience behavior within the past few years. Reports filled with long text paragraphs fail to deliver key messages effectively to an audience with limited time, particularly in today’s fast-paced business world.
To stay ahead of the curve, IA must be strategically transformed through continuous adaptation to cope with the ever-changing landscape. Technological advances enable IA teams to perform more efficient and comprehensive audits. By automating routine tasks and seamlessly analyzing vast amounts of data, the IA function can provide deeper insights into potential risks and areas of improvement, all while reducing the time and resources required to do so. This drive for technological advances aligns with the identified focus on digital transformation for 2025,2 setting the stage to explore the various cutting-edge technologies that are shaping the IA landscape.
The journey from early data analytics to advanced GenAI illustrates the continual expansion of the technology landscape, shaping the business environment and setting the stage for exploring how these technologies can be leveraged in IA.
IA functions should harness the use of emerging technology in their day-to-day operations, and fundamentally integrate these technologies into their DNA. In fact, the following opportunities for the use of emerging technologies in the IA life cycle may help enhance its overall effectiveness:
AI is not replacing internal auditors; it is empowering them. AI provides auditors with the ability to focus on high-value activities, shifting their role from compliance monitors to strategic advisors.
The IA transformation journey fundamentally starts on the ground. By addressing key checkpoints - strategy and vision, operating model, governance and frameworks, technology and enablement, and human capital - organizations can create a resilient and future-ready IA function.
In conclusion, the IA function should not only strive to deliver its expected value but also aim to exceed those expectations. To achieve this, it must embark on a journey to reassess and redefine its core attributes—its very DNA. By taking pragmatic steps to adapt to the changing landscape, IA can ensure it not only meets but also surpasses the evolving needs of the entities it serves. Now is the time to redesign the IA DNA and take decisive action to secure its role and effectiveness in this dynamic environment. This transformation will enhance audit capabilities, and position IA as a crucial partner in any organization's overall strategy and success.
By Dina Fakih, Partner and Fady Sameh, Director, Risk, Regulatory, and Forensic, Deloitte Middle East
Endnotes