Internal auditors face a new challenge that elevates both the importance and depth of their roles. Disruptive forces in every market — from robotics, artificial intelligence and genome sequencing to geopolitical uncertainty, regulatory expansion and climate change — present enterprises with a high-speed mix of promise and peril. Senior leaders are searching for growth amid the chaos, and they need trusted advisors to make smart, fast decisions.
Consequently, instead of being viewed strictly as the guardians of rules and regulations, internal auditors are emerging as key strategic advisors who are experts in interpreting both the upside and downside of a wide range of risks.
As they evolve as strategic advisors, auditors find themselves at more formative — and decisive — stages of senior-level planning sessions. This creates opportunities to positively impact the trajectory of their organizations and accelerate their own career paths. However, this strategic rise is nearly always fraught with some common obstacles, such as disparate data systems and limited resources.
Overcoming these obstacles is easier when internal auditors embrace technology that provides meaningful insights and empowers them to automate previously manual work. Let's explore these solutions in more detail.
Challenge #1: Disparate Systems
Sometimes organizations build silos through bad data management hygiene. Data is collected and stored by multiple teams across multiple clouds or servers. It’s not tagged or maintained in the same way from one storage location to another, or even from one team or department to another. So, when internal auditors pull data, the risks are obvious. Information is likely to be incomplete, out of date or simply delivered in incompatible formats. Instead of spending time strategically analyzing relevant data, auditors spend hours compiling and verifying data from multiple sources.
Now that internal auditors are being asked to provide insight and recommendations on non-financial topics — including sustainability, cybersecurity and diversity and inclusion — the problems associated with disparate systems and data hygiene are multiplied.
How to mitigate: The good news is that, in recent years, cloud-based tools that collect and analyze data from disparate sources have emerged. The bad news is that few of them are purpose-built for internal audit operations. Choose the wrong platform and you’ll spend significant time and money configuring it for your purposes. The right audit management solution will integrate data from any source, including Oracle, SAP and Concur, providing a single source to analyze your data.
Another key capability that distinguishes generic from purpose-built platforms is continuous monitoring. This “always-on” feature collects relevant data — as defined by your parameters — in real time and offers a range of analytics and reporting features. Whether it’s for external compliance or internal audits, continuous auditing technology brings speed and accuracy to the process. This helps address staffing and bandwidth issues.
The other bit of good news is that the best purpose-built platforms are SaaS offerings. In addition to lower deployment and ongoing IT costs, this means organizations can start with the data collection and analytics capabilities they need, then scale up as needs change or users become more proficient with the technology. In most cases, internal audit teams can deploy the right platform without disrupting their existing budgets.
Challenge #2: Insufficient Audit Resources
Audit teams are being asked to analyze more data, connect more dots and identify the risks and rewards associated with new growth opportunities. Incorporating sustainability, DEI and other nonfinancial data into strategic narratives is more than a simple data collection exercise that requires additional bandwidth. It exponentially increases the complexity of analysis activities and often requires entirely new skill sets.
How to mitigate: Internal audit teams need to streamline their operations with new technologies while still delivering the traditional protective value they always have. This places great importance on deploying the right analytics platform — one that provides the traditional tools of the audit function while intuitively integrating non-financial information.
Once the right platform is deployed and higher value insights are being generated, it’s important to ensure the organization understands the audit team’s full value. This requires linking the investments made in audit technology to improved decision-making and profitable growth. The new aspects of upside risk analysis — which drives growth and fortifies enterprise resilience — need to be understood and communicated to C-level leadership.
Challenge #3: Bolstering Cybersecurity
As enterprises expand their digital footprint — by connecting with employees, suppliers, business partners and customers — they create a larger attack surface. This is a critical part of the expanding audit purview. Based on data collected from internal networks and external sources, auditors can recommend steps to strengthen cyber defenses and prepare the organization to mitigate the financial and reputational impact if an event occurs. This is becoming an increasingly critical enterprise issue: Gartner predicts 45% of all enterprises will endure an attack of some kind in 2023 and eSentire predicts the global cost of cybercrime will climb from $8T in 2023 to $10T by 2025.
How to mitigate: The truth is you can’t buy or build a network that’s impervious to attack. The key for internal audit teams is to partner with CSOs, CISOs and CTOs to develop strategies that combine best-in-class technology with defense strategies that are based on long-term thinking and real-time surveillance. Building these proactive strategies requires real-time organizational visibility. Not long ago this visibility was primarily a map of trends and activities within the confines of a firewall. But today, sprawling digital ecosystems create new challenges that require a much broader view. This is yet another argument for a secure, purpose-built cloud-based platform that offers customized dashboards that can be used to manage reputational risk and improve overall cybersecurity posture.
Challenge #4: Complex Regulations
From taxes and the environment to labor and privacy, organizations are facing a wave of new or expanded regulations. With the rapid pace of change and ever-increasing levels of complexity, attempting to maintain full visibility and control with old methods is almost certainly a path to errors and penalties. Also, given that internal audit's purview sometimes overlaps with the work of risk and compliance teams, there remains a threat of misalignment on crucial issues like risk management.
How to mitigate: It’s imperative that internal auditors have an ongoing, open dialogue with risk and compliance teams. Collaboration is needed to develop a joint strategy based on full visibility of both the organization and the broader regulatory landscape. All parties must draw from the same source of reliable data, and collaborative strategies should be based on a real-time understanding of existing and emerging regulations.
The best way to achieve this is to deploy a common controls framework using a cloud-based platform that integrates compliance information and provides predictive and prescriptive analytics tools. These platforms typically offer monitoring, mapping and reporting tools that are designed to reduce errors, save time and cut compliance costs.
Challenge #5: Alignment With Risk and Compliance
Internal audit's purview sometimes overlaps with the work of risk and compliance teams, which can lead to redundant work and misalignment on crucial issues like risk management. The issue of disparate data sources also creates a problem here because, in addition to creating duplicate work, audit and compliance teams investigating the same topics can often present conflicting information and analyses.
How to mitigate: Audit must have an ongoing, open dialogue with risk and compliance teams to help everyone approach challenges and threats strategically. Beyond collaborative efforts, deploying a common controls framework can prevent the disparate data problem. The right platform will serve as a single source of truth and provide each team with visibility into shared strategic work.
Challenge #6: Stakeholder Engagement
Audit teams work in a complex and detailed realm. While details and nuanced differences are often the key to profitable decisions, stakeholder attention spans can be short. It can be challenging to turn background information and predictive findings into actionable, urgent information leadership and other stakeholders can absorb.
How to mitigate: Clarity, predictability and brevity are frequently the keys to resolving this stakeholder reporting challenge. The platform that’s selected for collecting and analyzing data should also offer automated and highly configurable reporting capabilities, including easy-to-read dashboards that allow decision-makers to quickly glean the information they need. Audit teams can use these tools to find common ground with leadership audiences and quickly generate reports that strike the right levels of detail and strategy.
Common Thread: The Right Audit Management Platform
The level of trust being placed in internal audit teams clearly signals the increasing importance of their reporting, analysis and strategic recommendations. To support and enable this trust, it's essential that companies invest in solving the six challenges noted here.
To further explore the capabilities to look for in an audit management solution, download our free buyer’s guide.