Despite a lot of talk about data analytics and its benefits to internal audit, a recent report from Protiviti indicates that at many companies it’s all too often still just that … talk.
While Protiviti’s 2017 Internal Audit Capabilities and Needs Survey: Embracing Analytics in Auditing reveals that 66 percent of internal audit departments use some aspect of data analytics, 34 percent don’t or are unsure.
In addition, 60 percent of organizations said they have a tough time determining where the data is, while 56 percent face system constraints. And only 22 percent rate the quality of the data as good or excellent.
Even more stunning is this finding: Of the internal audit departments that don’t yet use data analytics as part of the audit process, 36 percent said there were no plans to do so. However, 43 percent said they planned to within the next two years, while 21 percent said they would in the next year.
“It can be overwhelming for organizations just getting started with using data analytics,” Brian Christensen, executive vice president of global internal audit and financial advisory at Protiviti, said in a prepared statement. “There may be budget and resource constraints, employees need to learn new technologies, and new processes need to be developed. We’ve found that companies just need to pick a starting point and get the help they need so that, over time, they can truly optimize their internal audit functions.”
After all, the use of advanced data analytics is the “runaway winner as a best practice of the future,” he said. But that’s going to take the help of chief audit executives (CAEs) who approach the C-suite and boards to invest in data analytics “in terms of both tools and skill sets, as the practice of internal auditing shifts increasingly to analytics and continuous auditing and monitoring,” Christensen said.
Remember when TV (among other functions) left the analog world behind? Well, an “analog” approach to auditing “is not a tenable long-term strategy for advancing the function into a higher-level role helping the organization understand and manage risk,” the report states.
What’s it going to take? In a word: planning. Protiviti’s report recommends these three no-brainer tactics:
- Long-term strategizing and a plan for putting analytics into play.
- Carefully choosing pilot programs.
- Clear guidance (and investments in skills, tools, and expertise) from CAEs and other managers.
The payoffs, of course, can be notable. As the report indicates, internal audit functions that are employing continuous auditing and monitoring capabilities are achieving great benefits. Those include:
- Strengthening risk assessments.
- More effectively tracking fraud and operational risk indicators.
- Enabling a real-time perspective on organizational risk.
- Performing risk-based audits.
Protiviti’s report is based on an online survey of more than 900 respondents in late 2016. The majority of respondents were audit managers, audit staff, and CAEs at organizations with a gross annual revenue of $1 billion to $4.99 billion.
Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.