Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

Bots, RPA, AI, and Unfulfilled Promises​

Comments Views

Let’s say you’re about to attend an IIA conference. (And let’s further pretend it is in a near future where the concept of people getting together in person has once again become normal.) You review the list of interesting and exciting concurrent sessions with the intent of culling the great from the almost-great when what to your wondering eyes should appear but these two sessions: “Audit Smarter, Not Harder: Advanced Analytics” and “Unleashing Technology and Science for Audit Excellence, Efficiency, and Effectiveness.”

If you are like countless other audit professionals looking to find better ways to use the increasingly valuable technologies and data that are out there, these would be must-see; attendance required, line up like Comic-Con; tell your neighbors; wake the kids; highlight, underline, and bullet point; do-it-do-it-do-it-do-it sessions. These would be sessions one should not miss.

Interesting fact. Those two sessions were held in 1996 during The IIA’s 55th International Conference in Anaheim, Calif. .

It seems we’ve been interested in, but struggling with, the issues of data, analytics, and technology for quite a long time.

To say that the technological possibilities available to internal audit are a vast plain of nigh-on unending opportunity is to understate the potential within our grasp. But it is similarly an understatement to say that we are not the best at taking advantage of those opportunities.

Okay, let’s omit the niceties and cut to the chase. We stink.

We keep saying we will innovate. We keep saying we will use technologies. We keep saying we will use data to drive better answers, results, and opportunities. We keep making promises, yet remain firmly seated in the back of a long, long train where those in the front are evolving — finding better and more resourceful ways to use technology — while those of us in the back are being pulled into the future as we continue to promise “Honest, tomorrow we’ll get better.”

Think I’m overstating it? Here’s a little tidbit from The IIA’s 2018 North American Pulse of Internal Audit. The category: “Internal Audit Implementation of Innovation.” The question: “What best describes the degree to which your internal audit department has implemented each of the following?” The percentages presented here represent participants who said they had “full or partial implementation.” (No credit for those answering “Implementation planned.” We have all seen far too many audit shops for whom “manana” is the constant answer to “When will it actually get done?”)

Let’s take a look at the two easiest, should-have-been-a-slam-dunk areas. Percentage of departments using data analytics: 62%. Percentage using electronic workpapers: 77%

Sit and marvel at the inadequacy. We have been talking data and technology for at least 25 years, yet almost one-fourth of audit departments are not using something as essential as electronic workpapers and nearly 40% are not using data analytics.

As you marvel, let’s look back at how we all wound up talking about this particular area.

Way back at the beginning of the year, well before the new normal kept getting newer and less normal, I started a series of posts about events from the prior decade where internal audit missed opportunities to make a significant impact. And, while opportunities had been missed, I was also emphasizing that those opportunities were still waiting for us in the new decade. I’ve talked about reputation risks, disruption, whistleblowers, and the gig economy. (You can also see a summary here.)

With that last topic, we turned our attention to how internal audit should be making itself better. And now, as we talk about bots, robotic process automation (RPA), and artificial intelligence (AI), we squirm a little more as the magnifying glass is focused even more acutely on what we have and haven’t done.

While we sat around as if we are waiting for someone to give us permission to innovate or tell us how to do it, bots, RPA, and AI have progressed to the point where they are almost cliched buzzwords. We are far behind and, before the conductor of the previously mentioned train kicks us off the caboose, we have to grasp the concepts, embrace the opportunities, and become leaders in these areas.

And that doesn’t mean just being able to audit these areas; it means actually using them in our day-to-day activities. How can we audit these tools if we cannot use them ourselves?

Right now, bots and RPA could be used in internal audit to reduce the time invested in data research and analysis, improve the way that data is received, make reporting of results more efficient, and streamline all aspects of the work we do in conducting our audits. Then, as our familiarity with the tools increases, we could start exploring how AI might make our processes more responsive to the needs of ourselves and our clients.

But, if history is any guide, the profession will generate a lot of sound and fury about how we need to use these tools, signifying nothing as we continue to plod along with antiquated approaches and, even worse, antiquated ideas.

You want to trivialize auditing? You want to make it irrelevant? Then all we have to do is keep doing things the way we always have — doing work the same way while constantly promising that tomorrow, tomorrow, and tomorrow we will creep in our petty pace from day to day.

The time is not tomorrow, the time is not the next hour, the time is not the next minute. If internal audit truly wants to step forward and make impactful differences, we must learn, understand, and apply bots, RPA, and AI in our everyday work right now.

If I am wrong — if you have innovated and robotized and AI’d and technologized the heck out of your processes, making your department efficient, effective, and a model of the future — let me know. In fact, if you have only taken the first tentative but real steps in this direction, please share. We all need to know not only that it is possible, but that it is actually happening.

But also prove me wrong by doing. You, the person reading this blog post — the person who may be a brand-new auditor or a seasoned professional or a manager or a director or a chief audit executive or a clerk who is barely allowed to change ink in the printer — you go out and learn the tools. If you are important, you are setting an example. And, if you are not quite so important, then you are being a leader. Start making change and let us know.

And having gone on (and on and on, ad infinitum) about how we need to “do something,” it raises a question: What might “do something” look like? The next installment of this continuing, seemingly never-ending series will tackle that very question, perhaps providing a little meat with all this sauce.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.

 

 

Comment on this blog post

comments powered by Disqus
  • IDEA_CaseWare_May 2020_Blog 1
  • Galvanzie_May 2020_Blog 2
  • IIA CIA LS_May 2020 Blog 3