Financial institutions are undergoing profound change as digital technology sweeps the financial services industry (FSI), bringing web-enabled products and services, as well as new competition and new risks. The internal audit (IA) function is experiencing a parallel digital transformation, underlining the importance of data analytics and dynamic risk assessment as top priorities for learning in 2017.
Data analytics knowledge topped the IA needs list for all industries in Protiviti’s 2017 Internal Audit Capabilities and Needs Survey. That need was especially acute, however, in FSI, where 68 percent of respondents said they use analytics as part of the audit process. We summarized the FSI results of the survey in a recent white paper, Top Priorities for Internal Audit in Financial Services Organizations, which can be downloaded free from our website. Here are some key findings:
- Demand for analytics is expanding among a majority of FSI respondents — especially among those with a designated analytics champion or analytics function. Continuous auditing is becoming more prevalent as well, with nearly half of FSI organizations indicating they had employed such practices to improve audit planning and risk assessments, conduct risk-based audits, and more effectively track fraud and risk indicators, enabling a real-time view of organizational risk.
Even so, most FSI audit shops are in their “analytic infancy.” Respondents ranked data analytics knowledge as the top need for improvement, with dynamic risk assessment coming in a close second.
- The more mature analytics capabilities are, the greater value they’re perceived to deliver. By implementing dynamic risk assessment, financial services organizations are able to continuously reassess the risk environment and adjust their internal audit plans to consider emerging risks and reprioritize assurance. Combining this approach with advanced data analytics offers a powerful tool to enable the IA function to become more responsive and flexible and laser-focused on the highest risk areas of the business, delivering the highest value.
Advancing the organization’s internal audit data analytics capabilities can be a challenge due to budget and headcount constraints, as well as a lack of knowledge and expertise with regard to advanced data analytics processes, measures, tools and innovations. Often, even internal audit leaders who desire to elevate their data analytics capabilities and functions to the next level do not know how to accomplish this. Having a clear vision, long-term data strategy, a strategy implementation road map and knowledgeable resources are essential for building a sophisticated analytics process.
- Model risk management and stress testing are top-of-mind for financial services industry auditors — specifically, the Comprehensive Capital Analysis and Review (CCAR), as well as the new accounting standards for Current Expected Credit Loss (CECL).
- Cybersecurity, cloud computing and big data are constant issues for financial services firms. Auditors are grappling with technology-related risks, new legislation and the need to become more efficient in a digital world.
- Business and digital transformation are drawing more attention. Not only is this a much higher priority compared to prior years, but its effects are infiltrating most audit plans and activities as IA functions seek to stay informed on a wide range of emerging technologies, their effects on risk management and internal control, and new standards and rules related to these technologies.
Protiviti conducts this survey every year to put current challenges in context and help internal audit leadership identify and prioritize action items for the year ahead and add value to their organizations. My colleague Barbi Goldstein provided an excellent list of those action items in this blog post.
With the recent political swings, the uncertainty of regulatory change and the never-ending disruptions sparked by technology and digitally native competitors (fintechs), the future of the FSI is more daunting, more promising and more uncertain than ever. While internal auditors cannot project the future state of the financial industry with 100 percent accuracy, their work can help ensure that the organization remains equipped to handle emerging risks with a high level of confidence.
To do so, the function needs to have the leadership, strategy, processes, technology and relationships in place that enable it to continually monitor the organization’s risk taxonomy. The findings and analyses in our report are designed to help FSI internal auditors ensure that their organizations are prepared for an unknowable future.