For decades, internal audit (IA) departments at financial services industry (FSI) organizations have relied on data analytics to support their work. With the growing availability of data, the value of this practice has increased significantly. Increasingly, IA departments are looking to develop forward-looking analytics capability rather than just scrutinizing data in support of individual audits. To achieve this goal, IA functions inside the largest FSI companies are striving to operate independently, access data when and where they need it, and conduct their own analysis, rather than rely on the business units that generate the data.
The demand for enhanced analytics capabilities is being driven by a variety of factors, most notably IA’s growing role in supporting regulatory compliance needs and monitoring, and intensifying pressure to gain better insights for improved risk management. The organizations’ reliance on big data and big data tools is further escalating the need for sophisticated data analysis within IA.
It is not a surprise then that knowledge and use of data analytics tools rate as top priorities for organizations to address, according to the responses of FSI participants in Protiviti’s 2015 Internal Audit Capabilities and Needs Survey. Respondents identified the following areas among their top five audit process improvement priorities in the coming year:
- Data analysis tools: Statistical analysis
- Computer-assisted audit tools
- Continuous auditing
The findings spurred us to develop a separate benchmarking study involving the IA departments at some of the largest financial institutions – we wanted to learn how they are advancing their analytics capabilities and get a glimpse at their priorities in this area.
The study’s questions touched on a number of topics, including staffing levels specific to analytics, types of analytics tools used, and key challenges. The study was distributed to a select group of the largest U.S. financial institutions, including 13 of the top-25 U.S. banks and two of the top-five U.S. insurers. Among the most significant findings:
- IA functions treat analytics as a high priority: 87 percent of FSI IA functions report that they have a dedicated data analytics/information management group within internal audit.
- Analytics are evolving to provide a more risk-based approach to internal audit: The vast majority (86 percent) of IA analytics functions employ continuous monitoring – to some degree. Typically, this practice is used to plan individual audits, monitor key risk indicators and support risk assessments.
- There is a significant opportunity to expand continuous monitoring capabilities: Ninety percent of those who use continuous monitoring say that their monitoring is currently focused on specific areas where there are known risk issues. Less than half of participants currently monitor key risk indicators; fewer monitor indicators of fraud risk.
- Analytics departments appear intent on having access to business data when they need it: A majority of participants indicated that IA has access to the business data it needs within its own data warehouse or a similar environment. As demand for continuous monitoring grows, so will the need for greater flexibility in accessing needed data.
Of course, with greater analytics ambition come new challenges. Among them: identifying where data resides, confidentiality and privacy issues, and the ability to combine data from multiple systems and/or environments for analysis. By collaborating and coordinating with key stakeholders and management, however, IA can overcome these obstacles and leverage analytics to monitor the business in the most risk-relevant manner.
Access our full report and analysis of the benchmarking study here.