What are the advantages of having an integrated audit function?
Simmons Combining the knowledge, skills, and disciplines of financial, operational, and IT auditors on audit engagements allows for a holistic view of the business, risks, and controls, revealing the bigger picture of the control environment. It also enables two-fold efficiencies in auditing business functions and opining on the strength of the overall control environment — for the audit silo responsible for coverage, as well as for the customer who gains greater assurance from how IT is supporting its business controls and whether IT issues may be impacting its practices or regulatory conformance. It provides cross-skilling of resources with IT and business knowledge information. Finally, it enables internal audit to meet board expectations and provide the C-suite with more comprehensive and connected audit universe coverage.
Anunciacion Having an integrated audit function has benefits for both internal audit and the first line of defense, depending on the organization. In a more tangible sense, an integrated audit function helps minimize testing fatigue — passing tests back and forth — which minimizes redundancies. Also, internal audit builds credibility with internal clients.
Why is it important for internal auditors to understand the impact of technology innovations on their organizations?
Anunciacion Internal audit exists to provide assurance to the organization. Since technology plays an increasingly large, fundamental role for companies, auditors must fully grasp what’s involved and associated with it. Auditors must incorporate this into their risk-based audit plan, as changes in technology can easily threaten companies. Today, audit should not be conducted at the speed of risk, but rather at the speed of innovation. Internal audit must keep up with the technology changes that impact the organization to provide assurance to stakeholders.
Simmons The pace of technology advancement is changing the way organizations invest in technologies to: gather and consolidate information; manage risk and regulatory pressures; and seek ways to be more efficient, agile, and insight driven. To maintain a competitive advantage, organizations must invest, yet more importantly they must understand the balance of opportunity vs. risk of doing so and how it could impact the risk landscape and ultimately change the control environment. Auditors can add value by not just flagging risks, but also by providing comfort that the risk is well-managed and worth taking. Therefore, auditors need to understand new and emerging technologies and discover innovative ways to engage the business to stay current and provide best-in-class assurance to the organization.
What technologies do internal auditors need to have a working knowledge of?
Simmons Several disruptive technologies are driving a new wave of processing and doing business, including artificial intelligence, machine learning, software robotics, blockchain, cryptocurrencies, semantic analysis, cloud computing, connected devices, and the Internet of Things. These technologies are being used to fight fraud, improve model and algorithmic trading, decipher unstructured data, and connect things previously unconnected. Internal auditors should be knowledgeable about these technologies to give assurance over them. In addition, auditors should understand how the underlying data is being created, consumed, and used; data is such an important element underpinning how business occurs, it cannot be overlooked. Audit functions should employ their own technology to support them with this, starting with basic to advanced data analytic tools to better analyze large data sets — for data driven audits — and reperform system outputs and interpret predictive analytic techniques used by the business. Lastly, in keeping internal audit innovative, it should consider intelligent automation and workflow automation technologies.
Anunciacion Internal auditors need to have a working knowledge of core transaction systems, as well as mission-critical systems, that impact what’s being audited. Business intelligence and office productivity tools are just the start — specific industries require specific tools, as well. Ultimately, internal auditors need to be aware of the organization’s technology roadmap — where they see themselves headed in terms of the technology used — and stay aware of the technologies that could be on the horizon.
How important is it to have team members with advanced technology skills?
Anunciacion It’s increasingly important to have team members who not only know their way around technology, but also can push the organization forward. Chief audit executives (CAEs) must pursue a well-rounded team, with expertise in a full tech stack — infrastructure, security, building complex queries, analyzing large data sets, and more. Pursuing a team that is heavily invested in technology and accounting might be difficult, but it’s invaluable in terms of strategically addressing operational risk for the entire company.
Simmons One of the top challenges facing CAEs is obtaining high-quality resources with the right skills to balance technology, business knowledge, and project management. It is imperative in most industries to have a balance of IT auditors — application, infrastructure, data analysts/scientists — and financial auditors who understand the front-to-back functions and operations of the organization. Financial auditors are now expected to have basic general computer control skills and carry out testing of these, leaving the complex tech-related areas to be addressed by advanced tech auditors.
Why is it important to develop working relationships with IT professionals?
Simmons Technology is deeply ingrained in organizations’ fundamental operations today. Data and processes typically don’t exist without it. Having good and trusted working relationships with key technology professionals and the chief information officer (CIO) ensures auditors remain in touch with current, planned, and future work/projects and keeps them abreast of how the risk landscape is affected by run-the-business or change-the-business activities. This can be achieved through a strong continuous monitoring program, an effective audit work tool that derives meaningful data, and an audit methodology that is agile enough to anticipate or react to events/incidents/programs.
Anunciacion IT professionals and the CIO can help auditors get where they want to be. Auditors looking to modernize their processes and organization should not overlook relationship building with IT. After all, IT is the gatekeeper for all technology, supporting the business, helping achieve strategic objectives, and often holding the purse strings when it comes to purchasing new technology. Additionally, building rapport with the chief information security officer (CISO) is of paramount importance. Just like audit, the CIO’s goal is constant vigilance and oversight of the organization’s practices. CAEs should consider monthly meetings with their CISO to make sure all risks are acknowledged.
How can internal audit use technology to manage stakeholder relationships?
Anunciacion Simply put, technology allows for unparalleled collaboration among the organization and the three lines of defense. Internal audit also can use technology to provide foresight and hindsight — not only mitigating risk before it occurs, but also simplifying the audit reporting process across the board.
Simmons Technology that brings together business data, metrics, indicators, financial numbers, risk profiles, emerging risks, market trends, and insight in a connected way for an audit function demonstrates to stakeholders how well auditors understand their business, the market, and the expectations of regulators. The right technology is an enabler for auditors to drive the right conversations and be that trusted advisor.