Reimagining the DNA of internal audit: The journey to revolutionize the IA function

In today's business environment, boards and management continue to grapple with a volatile geo-political backdrop, while organizations navigate risks posed by environmental, social, and governance (ESG) regulations, emerging technologies like Generative AI (GenAI), and the evolving future of work. At the same time, digital transformation is significantly reshaping the internal audit (IA) landscape. Technologies such as AI and data analytics enable IA to deliver timely and comprehensive insights, driving efficiency and effectiveness in risk management. As such, IA must keep pace with the growing speed, volume, and complexity of risks, which raises the need for IA to provide assurance and timely insights. 

Resilience and agility have become the key attributes required for organizations to not only survive but also thrive in the current environment. IA has a critical role to play in helping organizations strengthen and maintain these traits by providing objective advice, anticipating risks, and assisting management in accelerating improvements in governance, risk management, and controls. 

Insights from recent surveys reveal significant challenges, such as limited empowerment and technological concerns, while also highlighting opportunities for enhanced impact and innovation brought about by IA function digital transformation:86% of functions said they are not achieving very strong potential, and only 14% feel they have a very strong impact.¹55%¹ of auditors are not truly empowered to innovate, needing to ask permission or being confined to innovation in noncore areas that don’t challenge the status quo. >50% of surveyed CFOs cite impact to risk and internal controls (57%),¹ data infrastructure and technology needs (52%),¹ and investment needs (51%)¹ among their top three concerns regarding GenAI.

42%¹ of surveyed CFOs say their companies are experimenting with GenAI.

Today’s traditional IA function challenges

Navigating the complexities of the current IA landscape requires addressing several pivotal challenges. Considering the fast-paced technological advancements within different industries, the traditional IA function faces many challenges  that hinder its ability to deliver proactive insights for its stakeholders. Below are some examples:

Reactive: The current practices of IA functions are reactive by nature, as they conduct audit assignments that cover activities which have already taken place, often more than a year ago. This significantly limits their ability to provide real-time insights and make meaningful changes to the outcomes of the entity’s operations. 

Transactional: IA functions conduct testing on samples of operations and activities, building reports based on this information. This approach impacts their ability to capture the big picture.

Isolated: The focus of IA functions to maintain independence can sometimes come at the expense of maintaining partnership, which may lead to being isolated from the overall value chain of the entity. 

Impractical: Some IA functions have been perceived as providing impractical recommendations, which might have a negative effect on the agility of the operations if adopted. This may occur due to the inability of current auditors to understand emerging business practices and risks introduced by the adoption of artificial intelligence (AI), machine learning (ML), and robotic process automation (RPA) tools.

Ineffective reporting and communication: Many IA functions have yet to adapt their reporting practices to the trends of audience behavior within the past few years. Reports filled with long text paragraphs fail to deliver key messages effectively to an audience with limited time, particularly in today’s fast-paced business world. 

The evolution of internal audit: Staying relevant and ahead of the curve
 

To stay ahead of the curve, IA must be strategically transformed through continuous adaptation to cope with the ever-changing landscape. Technological advances enable IA teams to perform more efficient and comprehensive audits. By automating routine tasks and seamlessly analyzing vast amounts of data, the IA function can provide deeper insights into potential risks and areas of improvement, all while reducing the time and resources required to do so. This drive for technological advances aligns with the identified focus on digital transformation for 2025,² setting the stage to explore the various cutting-edge technologies that are shaping the IA landscape. 

Understanding the technology enablement landscape 

The journey from early data analytics to advanced GenAI illustrates the continual expansion of the technology landscape, shaping the business environment and setting the stage for exploring how these technologies can be leveraged in IA. 

Equipping internal audit with cutting-edge technologies 
 

IA functions should harness the use of emerging technology in their day-to-day operations, and fundamentally integrate these technologies into their DNA. In fact, the following opportunities for the use of emerging technologies in the IA life cycle may help enhance its overall effectiveness:

1. Dynamic risk assessment: ML and predictive analytics can be used to analyze historical data and external risks, identifying high-risk departmental areas and providing real-time insights into emerging risks across the overall entity.  
2. Audit plan development: RPA automates data collection and risk categorization for efficient planning.
3. Fieldwork and testing: ML and intelligent automation RPA detects anomalies in transactional data and dynamically adjusts audit testing based on risk, improving efficiency and accuracy.
4. Reporting and follow-up: GenAI streamlines audit report drafting, generates executive summaries, and customizes communications to the organization’s style.⁶

The AI-enabled internal auditor: Enhancing human judgement

AI is not replacing internal auditors; it is empowering them. AI provides auditors with the ability to focus on high-value activities, shifting their role from compliance monitors to strategic advisors.

• Continuous compliance monitoring: AI automates policy adherence, ensuring round-the-clock regulatory oversight.
• Enhanced decision-making: AI supports auditors with predictive models and scenario analysis for deeper risk insights.
• Strategic advisory and governance: Auditors leverage AI-driven intelligence to guide leadership on risk mitigation and business strategy.

The IA transformation journey fundamentally starts on the ground. By addressing key checkpoints - strategy and vision, operating model, governance and frameworks, technology and enablement, and human capital - organizations can create a resilient and future-ready IA function. 

1. Strategy and vision: The process begins with rethinking the strategic vision to ensure alignment with an organization’s goals. This involves creating a new IA vision focused on partnership, proactiveness, foresight, and digital initiatives, while fostering a culture of innovation and adaptability.
2. Operating model: Defining and implementing an operating model that seamlessly supports the strategic vision and extends beyond traditional IA boundaries. 
3. Governance and frameworks: Realigning IA governance and frameworks to establish a robust structure for effective oversight.
4. Technology and enablement: Infusing technology into the IA cycle is crucial for enhancing capabilities and improving efficiency. 
5. Human capital: Elevating human capital by investing in skill development and upskilling the team is necessary to ensure they can understand and leverage new insights. This also involves rethinking roles, shifting from traditional functions to anticipating and managing emerging risks.

In conclusion, the IA function should not only strive to deliver its expected value but also aim to exceed those expectations. To achieve this, it must embark on a journey to reassess and redefine its core attributes—its very DNA. By taking pragmatic steps to adapt to the changing landscape, IA can ensure it not only meets but also surpasses the evolving needs of the entities it serves. Now is the time to redesign the IA DNA and take decisive action to secure its role and effectiveness in this dynamic environment. This transformation will enhance audit capabilities, and position IA as a crucial partner in any organization's overall strategy and success. 

By Dina Fakih, Partner and Fady Sameh, Director, Risk, Regulatory, and Forensic, Deloitte Middle East 

Endnotes

1. Deloitte. (June 2024). Global Chief Audit Executive Survey, June 2024. 
2. Deloitte. (2024). Hot Topics for Technology and Digital Risk for 2025: An Internal Audit Viewpoint.
3. Big Data Framework (2024) .A short history of Big Data. A Short History of Big Data | Big Data Framework.
4. Looking Forward, Looking Back: Five Key Moments in The History of RPA. Looking Forward, Looking Back: Five Key Moments in The History of RPA.
5. IBM. The history of artificial intelligence. The History of Artificial Intelligence | IBM.
6. Deloitte, The Netherlands. (April 2024). Internal Audit: Gen AI Workshop – Use case identification.
7. Global Internal Audit Standards (2024). Principle 9: Plan Strategically.
8. Global Internal Audit Standards (2024). Standard 10.3: Technological Resources.
9. Global Internal Audit Standards (2024). Standard 10.2: Human Resources Management.