Internal audit is at a crossroads, and its chief executives must provide guidance about their organizations’ future needs through strategic planning and risk management.
In other words, it’s time to evolve or perish. That’s the tough message in Deloitte’s “Evolution or Irrelevance” report on its 2016 survey of chief audit executives (CAEs).
Content seriesView full content series
Organizations “need internal auditors to apply their rigor, objectivity, independence and skills in new ways,” the report states. Internal audit must go beyond providing information and advice, and financial and operational controls. “CAEs must now lead their functions to take the next critical steps,” the report states.
How? The key lies in using analytics in smarter ways, taking it up a few notches from just the basics to risk assessment and business insights. And everyone – audit committee and executive team – has to be on board with this.
"The need to enhance analytics tools and techniques stands out among the most urgent priorities for Internal Audit", said Neil White, Internal Audit Analytics leader for Deloitte Global. "While using analytics to deliver audits more efficiently is an important goal, the survey results lead us to believe Internal Audit should capitalize on the wealth of available data to deliver more insightful views of business issues and risks."
Here’s a sampling of how serious more than 1,200 CAEs in 29 countries and eight industries consider this:
- The majority (85 percent) expect their organizations to face moderate to significant changes in the next three to five years, and 79 percent predict the same for Internal Audit.
- But only 28 percent say Internal Audit has a big impact in the organization and 16 percent say it has little or no influence.
- More than half (57 percent) say their Internal Audit groups lack sufficient skills to meet stakeholder expectations of insight, effective support in decision-making and efficient audits.
- While most use analytics, only 24 percent consider their use to be at the intermediate level and 7 percent say it’s advanced.
- Most (66 percent) use basic analytics, such as spreadsheets, or none at all.
- Internal Audit will expand in the next three to five years, most likely through risk anticipation (39 percent) and data analytics (34 percent) as the key drivers.
- More than half (58 percent) expect to use analytics in at least half of their audits during the next three to five years. More than a third (37 percent) say they’ll move to high usage-employing analytics in at least 75 percent of audits.
- Use of dynamic tools is expected to increase from 7 percent to 35 percent in easily understood presentations of data, such as heat maps, bubble charts and interactive graphs.
- About half (55 percent) expect advisory services to increase.
- Strategic planning reviews are expected to increase in the next three years, and 70 percent say they’ll evaluate risk management – up from 54 percent during the past three years.
- Formal rotation programs are expected to double and the percentage of guest auditor programs could increase by 50 percent. About a third (33 percent) say co-sourcing also will increase. This is all due to inadequate skills, a talent shortage and the need for specialists in risk, cybersecurity and other areas, the report states.
The report also offers six ways that CAEs can be change agents and prove their value.
- Determine how to increase impact and influence.
- Incorporate analytics.
- Make reports more visual.
- Explore how to handle talent and skill shortages.
- Bolster strategic planning and risk management.
- Win the support of the C-suite and audit committee chairperson