Internal Audit

Internal Audit remains one of the cornerstones of an organization’s corporate governance as it is uniquely positioned to provide global assurance to the audit committee an senior management regarding the effectiveness of internal governance controls and risk processes. Furthermore, internal auditors are well-placed to fulfill an advisory role on assurance coordination, effective ways of improving existing processes, and assisting management in implementing recommended improvements.

However, in order for Internal Audit functions to serve in this valuable capacity they themselves must be innovative. How can auditors manage the controls around new technology implementations and technology- driven processes without acquiring new technology skill sets, taking new audit approaches and using innovative technologies for extracting data, testing and reporting?

How can Internal Audit cast a wider lens over risks without building the department’s efficiency through collaboration tools, analytics, and other technologies? In other words, innovation-driven organizations need innovation-driven internal audit functions, or Internal Audit’s value will diminish. Fortunately, the age of automation has arrived and is accompanied by opportunities for integrating advanced technologies into Internal Audit functions as the third line of defense. Internal Audit departments, large and small, have already begun their journey into the world of automation by expanding their use of traditional analytics to include predictive models, robotic process automation (RPA), and cognitive intelligence (CI). This is leading to quality enhancements, risk reductions and time savings as well as increased risk intelligence. With automation technologies advancing swiftly and early adopters demonstrating their effectiveness, now is the time for Internal Audit to understand and prioritize opportunities for automation and take the necessary steps to prepare for successful deployment. 

START YOUR INTELLIGENT AUTOMATION JOURNEY TODAY

Book an appointment with one of our representatives.

A GLIMPSE INTO THE INTERNAL AUDIT WORLD

The Role of Internal Auditors:

Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. As the third line of defense, it helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The following activities typically form part of internal auditor’s roles and responsibilities:

1. Evaluating existing controls

Internal auditor’s need to assess the tone and risk management culture of the organization as well as evaluating and reporting on the effectiveness and efficiency of the implementation of management policies.

2. Evaluating potential risks

Internal auditors need to identify key activities and relevant risk factors, while assessing their significance. The manner in which risks are assessed is often affected by changing trends and conditions on a business/economic scale. As a result, the techniques of Internal Audit have changed from a reactive and control-based approach to a more proactive and risk-based one. This enables internal auditors to anticipate possible future concerns and opportunities as well as identifying current issues.

3. Analyzing operations and confirming information

Internal auditors need to work closely with line managers to review operations and report their findings. Therefore, internal auditors must be well versed in the strategic objectives of the organization in order to have a clear understanding of how the operations of any given part of the organization fit into the bigger picture.

4. Reviewing compliance

Compliance review ensures that the organization is adhering to rules, regulations, laws, codes of practice, guidelines and principles as they apply individually and collectively to all parts of their organization.

Internal Audit Mandate:

-Check internal controls 

-Error handling 

-Provide objectivity 

-Add value back to business 

THE PERSISTENCE OF AUDIT CHALLENGES

The world is reaching a technology inflection point where powerful and accessible emerging technologies give organisations the opportunity to make leaps in productivity and market growth, while creating new products, services, and markets not yet imagined. However, in reflecting the changes around it, Internal Audit soon will not be auditing the way it has in the past by using today’s skills.

Today Internal Audit may only have exposure to a limited number of technologies, such as enterprise resource planning (ERP), cloud, big data, and analytics. However, the list of technologies that auditors must understand is growing rapidly, including the risks that will have to be covered, and the frequency of technological change that will have to be addressed that makes today’s foundational tools obsolete. To play a valuable role in the organization, Internal Audit must enlist innovative tools, skills, and methods for providing assurance. 

With the adoption of these emerging technologies, gaps are created in audit frameworks and procedures that must be applied consistently. To adapt, Internal Audit departments must shift their underlying methodologies to more-ongoing, continuous, or real-time modes of audit, while the organizations must make significant investments in training, resources, tools and standardization.

Internal auditors face constant challenges regarding independent access to data required for conducting audits. In order to become more self-sufficient, internal auditors must be able to extract data directly from operational and financial systems, use tools as governance, risk, and compliance technology, use optical character recognition, and adopt security tools to access the data needed.

Very few Internal Audit functions are rated as advanced in their use of this emerging group of technologies. However, as organizations embrace intelligent automation in products and services, Internal Audit will need to be knowledgeable about these technologies well in advance of applying them within the department. It will make Internal Audit a much more attractive profession in the future and can create differentiation for organizations when competing for scarce skill sets and technology savvy resources.

The pace and scale of technology innovation demand that Internal Audit no longer structure its team with individualized skillsets as it has in the past. The legacy approach requires too many individuals and is sure to be cost prohibitive. Therefore, a technology understanding at a level well beyond basic IT general controls must be part of everyone’s core skills. Internal Audit needs risk professionals who are technology curious and have mindsets and abilities to routinely retool, based on emerging technologies and changing enterprise risks.

The Daily Barriers of Internal Audit

-Lack of independent connection to data sources required for audits 

-Poor data quality, usually due to human error 

-Normalisation of data for analysis due to the receival of exceptions in various formats 

-Management of a vast amount of exceptions on application such as MS Excel

THE RISE OF ROBOTIC PROCESS AUTOMATION

The Spectrum of Automation

An internal audit function designed from a blank sheet would naturally put appropriate technologies in place to support (1) efficient file sharing, (2) risk assessment and audit planning, (3) sample testing, and (4) reporting and ongoing monitoring. The "automation spectrum" illustrates the maturity of organizations based on their adoption of a broad range of technologies, starting at predictive models and tools for data integration and visualization to more advanced technologies with cognitive capabilities that mimic human behavior.

Typically, the natural adoption curve for Internal Audit functions has been towards a greater use of long-standing tools and less towards more-advanced ones. For example, certain technologies that have been thought of as revolutionary in the recent past are now considered foundational tools for Internal Audit functions that seek to resolve complex issues and maintain their value in a technology-driven future. This includes technologies from dashboards and self-service data extraction to advanced analytics.

However, some Internal Audit functions have started moving across the continuum by leaning right into the technology-driven future. They are already advising in areas such as risks and controls over Robotic Process Automation (RPA) and the application of Artificial Intelligence (AI) in their organization. They are using collaboration tools to increase their levels of organizational alignment and efficiency, data extraction tools and RPA to improve the expediency and coverage of their audits, and analytics, artificial intelligence (AI) and machine learning (ML) to offer innovative and value-added insights to the organization.

Spectrum of Automation within Organisations


THE IMPACT OF ROBOTIC PROCESS AUTOMATION

The Institute of Electrical and Electronics Engineers (IEEE) Standards Association defines RPA as: ‘‘A preconfigured software instance that uses business rules and predefined activity choreography to complete the autonomous execution of a combination of processes, activities, transactions, and tasks in one or more unrelated software systems to deliver a result or service with human exception management’’. These preconfigured software instances known as robots, or software robots, reproduce the work typically performed by humans. In other words, RPA has the capability of automating human tasks.

Rather than hard-coding automation workflows and Application Programming Interfaces (APIs) into software programs, RPA mimics a person’s actions in conjunction with existing systems. RPA works in the same way that a human worker reads and interprets data from a physical document and transfers this to multiple applications on their computer.

Robots can seamlessly move data across boundaries, from one application to another, mimicking activities such as clicking, typing, and moving between windows. In addition, these robots can use native and add-on Artificial Intelligence (AI) and Machine Learning models (ML) to enhance overall capability and learn from experience over time.

“There is no way to talk about a financial institution without considering technology. Therefore, the internal audit functions of these institutions must know technology and make intense use of it in their work. I believe that in the next five years, technology will make internal audit functions fast, relevant, and timely and offer greater coverage and lower costs.”

- Fabio Adriano Da Silva, Internal Audit Manager, Banco do Brasil SA

THE BENEFITS OF CREATING A DIGITAL WORKFORCE

The Institute of Electrical and Electronics Engineers (IEEE) Standards Association defines RPA as: ‘‘A preconfigured software instance that uses business rules and predefined activity choreography to complete the autonomous execution of a combination of processes, activities, transactions, and tasks in one or more unrelated software systems to deliver a result or service with human exception management’’. These preconfigured software instances known as robots, or software robots, reproduce the work typically performed by humans. In other words, RPA has the capability of automating human tasks.

Rather than hard-coding automation workflows and Application Programming Interfaces (APIs) into software programs, RPA mimics a person’s actions in conjunction with existing systems. RPA works in the same way that a human worker reads and interprets data from a physical document and transfers this to multiple applications on their computer.

Robots can seamlessly move data across boundaries, from one application to another, mimicking activities such as clicking, typing, and moving between windows. In addition, these robots can use native and add-on Artificial Intelligence (AI) and Machine Learning models (ML) to enhance overall capability and learn from experience over time.

“There is no way to talk about a financial institution without considering technology. Therefore, the internal audit functions of these institutions must know technology and make intense use of it in their work. I believe that in the next five years, technology will make internal audit functions fast, relevant, and timely and offer greater coverage and lower costs.”

- Fabio Adriano Da Silva, Internal Audit Manager, Banco do Brasil SA

BASIC CONSIDERATIONS FOR AUTOMATION

The way to begin an automation road map is to conduct a process scan and opportunity assessment to identify processes and activities with the highest potential return on automation investment. Activities appropriate for RPA generally have certain characteristics.

It must be a highly manual, repetitive and high-volume process
It must be a rule based process
Must have low variation between processes
Inputs must be electronic or machine readable
The process and their application must be stable
The processes are already being performed by large teams

THE KEY PROCESSES SUITABLE FOR AUTOMATION IN INTERNAL AUDIT


CONSIDERATIONS FOR AUTOMATION

A great starting point if considering RPA is by automating basic processes such as invoice data entry and cash applications. These are best suited to carry out proof-of-concept studies before beginning the RPA journey. You can follow this with other processes such as billing and invoicing, as well as customer and vendor data setups.

The general accounting processes are, however, often fragmented as they are generated from periodic and event-driven activities. Therefore, the best way to automate these processes is to adopt a more agile and iterative approach to ensure that the most value is attained.

In addition, processes that incorporate activities such as manual journal entries should rather implement attended rather than unattended automation. The reasoning behind this is that these processes could require the need for expert judgement or a customized computation specific to the event or scenario.

INTERNAL AUDIT’S ROLE IN INTELLIGENT AUTOMATION

In an environment that is constantly changing, internal auditors play an increasingly important role. With the vast uncertainties presented by the rise of disruptive technologies, the Internal Audit function must keep pace to help the organization understand and manage the associated risks, achieve expected results from automation, and continue to innovate to add value. Key opportunities for Internal Audit within intelligent automation initiatives include the following:

Internal Audit can help to integrate governance, risk, and controls considerations throughout the automation program life cycle as an organization establishes and implements its programme.

Internal Audit can help the organization identify opportunities to embed automationenabled control activities within the impacted business processes and functions.

The Internal Audit organization can capitalize on intelligent automation innovations to increase the efficiency and effectiveness of its own activities

“RPA and AI are the next big technologies. It will be important for Internal Audit to understand these technologies and be able to push the business in how they implement new solutions in the future. With new technology comes new security risk, and this should be a concern of boards going forward.”

- Alvin Bledsoe, Audit Committee Chair, SunCoke Energy

MAKING AUTOMATION A PRIORITY

Innovation is changing the future daily and bringing with it an expansive array of risks and opportunities. That is why Internal Audit functions must not only fully understand innovation’s impact on their organizations’ risk profiles but also embrace that impact themselves. Through the acceleration of an existing technology and talent strategy, or building a more revolutionary action plan, all Internal Audit functions will have the ability to address the technology- and innovationrelated risks facing them. That readiness will continue to increase Internal Audit’s relevance and reinforce the function’s role as a trusted advisor.

Internal Audit departments, which have been burdened by manual processes and tedious tasks for years, can now turn the majority of the “grunt work” over to a digital workforce who are able to handle long hours and repetition, and who rarely make mistakes when managed properly. As a result, this has the potential to increase efficiency, effectiveness, and quality throughout the Internal Audit life cycle, creating more value for the business and making better use of the most precious resource of all - intelligent, highly skilled human talent.

RPA AS THE ON RAMP FOR ARTIFICIAL INTELLIGENCE

RPA, AI, ML and other advanced cognitive technologies are complementary to each other. While RPA alone can perform rule-based repetitive tasks, this can further be enhanced by embedding AI, ML and cognitive technologies.

This not only future-proofs RPA well into the future but enables it to act as the on-ramp for AI into the enterprise. It often starts with AI computer vision to allow easier, faster and more stable automation for virtualized environments. This is particularly useful for situations where traditional business process management methods that use SAP, flash, PDF and images, etc. fail or are difficult to use.

Exception management is another area of interest. Development tools such as UiPath is already using ML to enable robots to self-recover from simple exceptions. More advanced algorithms for exception management can be created by closely monitoring employee behavior to create robots that can solve complex exceptions.

USN Partner Logo


UiPath Partner Gold Logo


@TangentSolutions


@TangentSolutions


@TangentSolutions


@TangentZA