Building resilience in Internal Audit
Guiding principles for thriving in a time of remote internal auditing
During this time of unparalleled change, it is more important than ever that Internal Audit continues to provide assurance and advise both management and the board on risk. Managing change and developing resilience has consequently become an important topic for Internal Audit functions.
Area 1: Revisit the risk assessment methodology
What are Dynamic Risk Assessments? What are the benefits of DRA for unexpected events?
Area 2: Refresh and reassess current internal audit plans
Why is it important to construct a risk hypothesis? When should I build a risk hypothesis? How do I build an effective hypothesis?
Area 3: Define collaboration tools for audit execution
What is agile Internal Audit? Why move to agile Internal Audit approach now?
Area 4: Establish standards for secure and continuous access to key sources of business data
What are the benefits of automated core assurance? How do I know which audits to automate?
Area 5: Identify opportunities for digital analytics and continuous monitoring capabilities
How do process analytics add insight to the business? Where in the audit lifecycle can process analytics be used? What is Continuous Controls Monitoring (CCM)? How does CCM work?
Area 6: Redefine reporting and communication model
What value can Internal Audit deliver through visualisation tools such as dashboards? Who are the stakeholders and how should their needs be addressed?
How Deloitte can help
Organisational resilience will likely be the main focus for nearly every company moving forward, making the role of Internal Audit even more pertinent. In the short-term, Internal Audit can use the guiding principles and tips and tricks in this document to help maintain team productivity and engage stakeholders.
However, in the long-term, Internal Audit should recognise that a deeper digital transformation is likely required. New digital tools and automation technologies are creating a world in which remote internal auditing does not mean compromised quality or plan reductions. Instead, it implies a higher level of functioning. In this new world, Internal Audit should embrace continuous risk assessment, exploratory analytics, automated controls testing, and agile methods as a way of decreasing costs and adding advisory value in any environment - whether physical, virtual or somewhere in between.