Survey Finds Internal Audit Leaders See Urgent Need to Confront Skills Gaps in AI and Cybersecurity

Angelo Poulikakos, Managing Director Global Leader, Technology Audit and Advisory practice

In today’s turbulent business landscape, boards of directors and senior leaders are looking to internal audit to be a trusted adviser that can help the organization navigate risk and change successfully. Chief audit executives (CAEs) who prioritize skill-building for their teams will be best positioned to help them meet this challenge and deliver the proactive, value-adding assurance the business needs.

In March, at The Institute of Internal Auditors’ (The IIA’s) Great Audit Minds conference, Protiviti seized the opportunity to survey internal audit leaders to gauge current capabilities within internal audit departments and their significance for the future auditor. The brief yet comprehensive survey we conducted with about 100 participants delved into key disciplines integral to the evolution and success of future auditors, touching on everything from data analytics to soft skills.

The survey also helped us gain insight into which technologies are important for auditors to be skilled in or have working knowledge of to be effective in today’s rapidly evolving audit environment.

Before we take a closer look at some of the top findings from our survey, let’s quickly revisit how Protiviti has described the following two concepts in the past:

  • Future auditor In our view, a future auditor is an auditor who takes definitive steps toward making The IIA’s vision of “an independent, objective assurance and consulting activity that adds value and improves an organization’s operations” a reality.
  • Next-generation internal audit function — We consider a next-gen function to be one that embraces “an agile, holistic approach that centers on new directions for governance, methodology and technology that deliver efficiency improvements, stronger assurance and more valuable business insights.”

For any internal audit leader who wants to transform their department into a next-gen function, the need to align the right technical and interpersonal skill sets is an imperative. However, at the same time, recruitment and retention for many internal audit functions has never been more challenging. We have also noted before that taking an internal audit organization to the next-gen level may necessitate “the ability to adapt and deploy new technology and approaches, manage rapid change, and pivot quickly.”

Three of the top findings from our recent pulse survey indicate that many CAEs are grappling with critical skill gaps that could hinder their next-gen evolution. Here’s a look at what we learned.

1. Internal Audit Teams Need to Amplify Core AI Knowledge ASAP

The everyday use of artificial intelligence (AI) tools in business has exploded over the past year thanks in large part to the rise of generative AI. Artificial intelligence is vital to the future of auditing, providing the ability for teams to greatly reduce manual work and engage in risk prediction, knowledge discovery and more. It also places new demands on the function, as internal auditors must help the business understand where and how the organization is using AI, how it impacts compliance and security, and what other risks it may present to the business.

Some of the most future-forward internal audit functions and their CAEs have been preparing for the advent of the AI era. These functions are already using or planning to use AI tools in their department, and they are working to understand what the implications for audit as the business embraces and expands the use of AI. However, the results of our pulse survey show that most internal audit leaders see significant room for improvement when it comes to building up core AI knowledge in their function.

2. Cybersecurity Is Now an Indispensable Discipline for Internal Audit

Hardly a week goes by now, it seems, without news of a data breach or some other significant cyber incident impacting a major business, its partners and customers. According to the Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3), losses due to cybercrime surpassed $12.5 billion last year — a 22% increase from 2022 and a new record high.

In Protiviti’s latest Top Risks Survey, we learned that directors and executives see cyber threats as a top risk for their business this year and a decade out. The findings from the pulse survey we conducted at the GAM conference suggest that internal audit leaders do see cybersecurity as an area of high importance for their business and their department. But they also acknowledge that their teams need to improve their capabilities in this area and may require immediate upskilling, in some cases.

3. Tech Enablement Is Driving Dynamic Capabilities in Internal Audit

A next-generation internal audit function is capable of using an array of technology tools, like governance, risk and compliance (GRC) platforms, data analytics, data visualization, process mining, and scripting and automation to increase audit efficiency, speed and accuracy.

Our pulse survey suggests that many internal audit departments still have a long journey ahead when it comes to tech enablement. However, many respondents also identified the ability to leverage technologies like those outlined above as essential to advancing dynamic risk assessment, continuous auditing and monitoring, and aligned assurance efforts.

We concur that an emphasis on tech enablement can help internal audit functions become more agile overall, allowing them to adapt quickly to change and perform real-time assessments.

Closing the Skills Gaps in Internal Audit: Strategies for Success

In an era of escalating cyber threats and AI-driven disruption, CAEs cannot afford to let their teams’ skills stagnate. Inaction now could mean major blind spots and risk exposure down the line — with potentially serious consequences for the business.

The following strategies can help CAEs to prioritize skill-building in their organizations and develop a future-ready internal audit team:

  • Conduct skill assessments and gap analyses — Regularly evaluate auditors’ skill levels against the evolving landscape of technological advancements and emerging risks to pinpoint areas where development or refinement should be an immediate focus.
  • Create targeted upskilling programs — Based on the findings of skill assessments, design training initiatives tailored to priority domains such as AI, cybersecurity and data analytics. Collaborate with human resources and learning and development departments to implement these programs appropriately and track and measure success.
  • Cultivate a culture of continuous learning and knowledge sharing — Foster an environment in the internal audit function that encourages ongoing learning. This can be achieved by implementing knowledge-sharing practices like sharing sessions, creating online resource repositories and initiating mentorship programs.

By taking the above actions, internal audit leaders can create teams that are not just prepared to take on current challenges, but also better equipped to meet tomorrow’s demands. CAEs can help to ensure that their function remains at the forefront of governance, risk management and control practices within their organization.

Add comment