Deloitte Global study finds investment in innovation key to impact and influence of Internal Audit groups
Canada’s Chief Audit Executives anticipate key innovations in Advanced Internal Audit analytics, robotic process automation and Agile Internal Audit
Toronto, May 10, 2018 - Innovation is key to improving the impact and influence of the Internal Audit function according to Deloitte Global’s new Chief Audit Executive (CAE) report, “The Innovation Imperative.”
The new report represents feedback from more than 1,100 Internal Audit leaders across 40 countries including 95 from Canada, along with a wide range of industries and points to insights and ideas that Internal Audit functions can consider to help meet organizations’ needs, now and in the future.
“In today’s climate of constant disruption, many businesses are employing new business models and new technologies, and partnering with third-parties in new ways,” says Terry Hatherell, Deloitte Global Internal Audit leader. “As organizations seek to harness risk for value creation, the Internal Audit function must go beyond delivering traditional compliance and focus on far more innovative approaches to providing assurance, delivering advisory services, and anticipating risks.”
This will require innovation. When asked what they believe will be the key innovative developments impacting Internal Audit over the coming three to five years, respondents indicated that data analytics (26 per cent), Robotic Process Automation (RPA)/cognitive technologies (13 per cent), predictive analytics (14 per cent), risk anticipation (13 per cent) and adopting Agile Internal Audit (12 per cent) will transform the Internal Audit function.
“These findings reinforce that Internal Audit groups are aware of the need for Internal Audit to innovate, and many have begun along that journey – now it’s a question of expanding their understanding of the tools and methods available to facilitate it,” says Neil White, Deloitte Global Internal Audit Analytics leader. “Embracing innovation will be critical for Internal Audit to secure the impact and influence it needs within an organization.”
The report highlights a notable connection between investment in innovation and Internal Audit’s impact and influence within an organization. Internal Audit functions with strong impact and influence have improved to 47 per cent, up from 37 per cent in the 2016 survey findings. But that still leaves more than half of responding CAEs who believe their functions lack strong impact and influence. In general, the results of this survey indicate that groups who have adopted innovative approaches and methods tend to have greater impact and influence than those that have not. For example, among surveyed CAEs who believe they and their functions have high impact and influence, 69 per cent plan to increase their investment in innovation.
It’s important to keep in mind that innovation goes beyond adopting technology—it can also include taking new approaches to enhance not only the value the function delivers to the broader organization, but the ways in which they present that value to management, the audit committee, and other stakeholders. As Internal Audit groups consider how to deliver value to their evolving organizations, CAEs see the function’s leading strategic priorities as implementing Internal Audit analytics, strengthening talent pipelines, enhancing partnerships with the business, and enhancing quality. Many are also considering adopting an Agile Internal Audit approach and utilizing cognitive technologies and RPA to enhance the value they deliver to their organizations.
“Yet, Internal Audit groups need to proactively address certain issues if they are to deliver on these strategic priorities. Analytics talent, in particular, is in short supply,” continued White. “56 percent of Internal Audit groups still use analytics at basic levels. There is great opportunity to leverage advanced analytics to free up resources to partner with the business, enhance quality and efficiency, and to deliver automated assurance and risk anticipation.”
View global page
Additional report highlights from survey respondents:
- Resourcing models are evolving—but must evolve faster: Alternative resourcing models may not only fill talent and skill gaps, but also effect knowledge transfer in areas where in-house expertise may be lacking.
- Internal Audit’s role in organizational culture is underestimated: Breakdowns in organizational culture, as reflected in conduct that fosters risk events, have become all too common. This is an area where Internal Audit could be playing a key role, yet less than one fifth of Internal Auditors surveyed have evaluated their organization’s culture in the past three years.
- Cyber risk assessments can enhance impact and influence: As cyber risks continue to proliferate, Internal Audit has an opportunity to provide real value by assisting the organization to understand and mitigate those risks—but only 38 per cent of Internal Audit groups are not currently conducting cyber risk assessments. Expanding their coverage of cyber risks—a high-profile issue for senior executives and boards—can greatly enhance the function’s impact and influence.
- RPA is making inroads: The most innovative Internal Audit groups are applying RPA to the many repetitive tasks that internal auditors perform. The one percent of groups that have adopted RPA are on the leading edge of Internal Audit innovation. Another 12 per cent are considering or researching use of RPA in Internal Audit.
- Agile practices are gaining momentum: Adapting Agile Internal Audit can enhance Internal Audit flexibility, responsiveness, resource allocation, speed, value delivered, and stakeholder relationships. For those reasons, 62 per cent of Internal Audit groups are either using Agile Internal Audit or are considering doing so. This is impressive for a relatively new approach to internal auditing.
- Reporting is poised to become more agile and dynamic: Only eight percent of Internal Audit groups surveyed note that the form of their reporting depends on the audit objectives. Meanwhile, in general, stakeholders’ reading time is limited, and risks and issues emerge rapidly—meaning reporting must become increasingly more streamlined and visual. Four percent report observations on an ongoing basis—with no final report—a hallmark of the Internal Audit function of the future.
- Key Performance Indicators (KPIs) should reflect broader business priorities: KPIs should evolve to focus on areas that enable Internal Auditors to strengthen their impact and influence within the organization, rather than the traditional metrics tracked. For instance, KPIs can usefully be expanded to include cost savings or revenue opportunities identified (now used by 17 per cent of respondents) and other updated metrics that capture positive impacts on the business.
About the report
Deloitte Global’s “The Innovation Imperative,” report is based on a 2018 survey of more than 1,100 Chief Audit Executives from across 40 countries and a range of industries. The full report can be found at https://www2.deloitte.com/globalcaesurvey.
Deloitte provides audit & assurance, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries and territories bringing world-class capabilities, insights and service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 264,000 professionals—9,400 of whom are based in Canada—make an impact that matters, please connect with us on LinkedIn, Twitter or Facebook.
Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.