Building resilience in Internal Audit

How to build resilience in a time of constant change?

In the attached article, we address six areas for evaluation as Internal Audit shifts to auditing with low-to-no contact.

Area 1: Revisit the risk assessment methodology

What are Dynamic Risk Assessments? What are the benefits of DRA for unexpected events?

See Spotlight opportunity: Benefits of dynamic risk assessments for unexpected events (PDF)

Area 2: Refresh and reassess current internal audit plans

Why is it important to construct a risk hypothesis? When should I build a risk hypothesis? How do I build an effective hypothesis?

See Spotlight opportunity: Risk hypothesis—The importance of asking the right questions (PDF)

Area 3: Define collaboration tools for audit execution

What is agile Internal Audit? Why move to agile Internal Audit approach now?

See Spotlight opportunity: Agile Internal Audit—Communication and collaboration are key to delivering value (PDF)

Area 4: Establish standards for secure and continuous access to key sources of business data

What are the benefits of automated core assurance? How do I know which audits to automate?

See Spotlight opportunity: Automated core assurance (PDF)

Area 5: Identify opportunities for digital analytics and continuous monitoring capabilities

How do process analytics add insight to the business? Where in the audit lifecycle can process analytics be used? What is Continuous Controls Monitoring (CCM)? How does CCM work?

See Spotlight opportunities: Utilizing process analytics to offer insights to the business; Value-based investigation with Continuous Controls Monitoring (PDF)

Area 6: Redefine reporting and communication model

What value can Internal Audit deliver through visualisation tools such as dashboards? Who are the stakeholders and how should their needs be addressed?

See Spotlight Opportunity: Redefining report and communication model (PDF)

How Deloitte can help

Organisational resilience will likely be the main focus for nearly every company moving forward, making the role of Internal Audit even more pertinent. In the short-term, Internal Audit can use the guiding principles and tips and tricks in this document to help maintain team productivity and engage stakeholders.

However, in the long-term, Internal Audit should recognise that a deeper digital transformation is likely required. New digital tools and automation technologies are creating a world in which remote internal auditing does not mean compromised quality or plan reductions. Instead, it implies a higher level of functioning. In this new world, Internal Audit should embrace continuous risk assessment, exploratory analytics, automated controls testing, and agile methods as a way of decreasing costs and adding advisory value in any environment - whether physical, virtual or somewhere in between.