Internal Audit at a Tipping Point and Ten-Year Trends

Brian Christensen, Managing Director Global Leader, Internal Audit and Financial Advisory
May is International Internal Audit Awareness Month. We are Internal Audit Awareness Month logocelebrating with a series of blog posts focused on internal audit topics and the daily challenges and future of the internal audit profession.

 

In the tenth year of our Internal Audit Capabilities and Needs Survey, we believe internal audit has arrived at a tipping point. The issue is no longer whether or not your function is evolving, but rather how quickly and effectively it is transforming for the future toward a more strategic, collaborative and data-driven operation while maintaining the highest performance quality. As an additional insight for our readers, our latest annual survey this year includes 10-year trend data to illustrate top priorities and how they have evolved, dating back to when we began conducting the survey in 2007.

Here are the most significant changes our trend data revealed:

  • Tech versus technique. The most apparent difference between 2016 and 2007 is that all of the priorities in 2016 are tied to data and technology, while all of the priorities of 2007 were tied to technique – from mastery of the COSO Enterprise Risk Management Framework to compliance with international reporting standards.
  • Agile versus rigid. In 2007, mastery of the highly structured Six Sigma project management methodology was one of the top technical needs in our survey results. In 2016, that same level of priority is being placed on less-structured, agile methodologies, reflecting the increasingly dynamic nature of risks today.
  • Big Data versus information. Data security/information security emerged as a top concern in our 2008 survey. Back then, the primary focus was on protecting trade secrets and intellectual property. Today, it is more about data utilization. And although the phrase “Big Data” has yet to appear among internal audit’s top priorities, it is represented on the list in 2016 as the Internet of Things – a growing trend that promises to disrupt everything, from demand planning to health care.
  • External versus internal. At the time of our first survey, all of the top capabilities and needs were focused internally, and many centered on the internal audit function’s emergent role in enterprise risk management. In the past three years, almost all of the top capabilities and needs reflect strategic responses to external threats and a changing risk landscape.
  • Consultant versus constable. This outward-turning focus is indicative of the internal audit profession’s growing focus on strategic risk management and consultative value creation. Practitioners have long talked about moving away from the traditional policing and compliance role. This changing perspective is strong evidence of the progress that has been made along those lines.

One important observation from this year’s survey: We have, without a doubt, entered the age of the Internet of Things – an era of machine-to-machine communication where the amount of data in the world has entered an exponential upward climb. The threat window from misuse of this data has narrowed to real time. And the only way to even begin to manage such a risk is to invest in and master data analytics. This is mission-critical.

Internal audit knows that. Year after year, for the past five years, we’ve seen data analysis technologies show up in our surveys as a critical deficiency. An optimistic interpretation of this trend would be that the profession is attuned to this critical threat and it therefore weighs heavily on the minds of respondents. A less optimistic interpretation is that internal audit lacks either the knowledge or the resources, or both, needed to deal with a recognized threat.

The reality, in our experience, is that data analytic capabilities in a majority of internal audit departments have not kept pace with the speed of risk. The tipping point, however, has been reached. This risk is on the run, and unless we, as a profession, act now to aggressively address this deficiency, there is a substantial risk of failure. It’s not often we are given such an imperative. Now is one of those times.

What do you think it will take to meet the challenge? Please share in the comments.

The full survey report, video, podcast and infographic can be accessed here.

Add comment