According to the findings from Protiviti’s 2020 Next Generation Internal Audit Survey, chief audit executives (CAEs) and internal audit leaders report their next-generation competency levels in three vital areas – governance, methodology and enabling technology – to be remarkably low. There is a danger that, if increasing these competencies and transforming the audit process is not viewed as a priority by internal audit leaders and brought in alignment with the evolving expectations of stakeholders, the internal audit function will begin to lose relevance and cede its responsibilities to other sources of assurance.
The study, titled “Exploring the Next Generation of Internal Auditing,” surveyed nearly 780 CAEs and internal audit leaders across industries to uncover their priorities when it comes to next-generation auditing skills. The study was completed in the first quarter of 2020 and was based on a survey conducted in the fourth quarter of 2019, before the onset of the COVID-19 pandemic.
In what should be a red flag for CAEs and audit committees, enabling technology received some of the lowest competency marks in the entire survey, based on the participants’ own self-assessments (rated on a 1 to 5 scale, with 5 being highest).
- Robotic process automation (RPA) – 2.1
- Artificial intelligence (AI) and machine learning – 2.0
- Process mining – 2.2
- Advanced analytics – 2.6
In one telling finding, only 10% of those surveyed reported their audit functions are using process mining – a form of analytics that uses transactional data captured by enterprise systems to analyze and visualize how processes are actually being performed, and a surprising 41 percent of respondents reported they have no plans to adopt this enabling technology at all. Notably, internal audit lags behind other key business functions, such as finance, in its exploration and adoption of enabling technologies.
Additionally, the overall number of internal audit organizations undertaking digital transformation initiatives more broadly declined since Protiviti’s 2019 survey, to 60% (down from 76% in 2019).
Audit Plan Priorities
The study also examined audit plans. While the following priorities were the most pressing at the time the survey was conducted, prior to the COVID-19 pandemic, they remain relevant and enduring topics for audit plans:
- Fraud risk management
- Enterprise risk management
- Cybersecurity risk/threat
- Vendor/third-party risk management
- Internal audit strategic vision
In the wake of the COVID-19 pandemic, most audit leaders have been reevaluating their priorities as well as the capabilities of their teams to deliver in these changed and challenging conditions. While not cited in the survey, many internal audit leaders are focusing efforts in the following areas: sufficiency of processes related to risk assessment; reporting and other stakeholder communications and interactions; impact to the control environment from workforce disruption and the introduction of new technologies; ongoing performance and resilience of critical business functions; and increased use of data and tools.
The survey report also includes sections on financial reporting and controls, audit committee engagement, and respondents’ self-assessments of their digital maturity and skill sets in cybersecurity, strategy and culture. You can download the report, along with additional resources, at this link.
Listen to Executive Vice President and global leader of Protiviti’s internal audit practice, Brian Christensen, discuss the findings of the survey and the more recent challenges caused by COVID-19.