Building resilience in Internal Audit

As COVID-19 continues to impact every aspect of the work environment, organisations, their environments and their ways of working are evolving rapidly and in ways that had not been previously envisioned. As such, Internal Audit (IA) should give consideration to the manner in which it delivers services to the organisation. During this time, IA functions have an important role to play to continue to provide critical assurance, help advise management and the Board on the shifting risk and controls landscape, and help anticipate emerging risks. Now, more than ever before, IA should consider deploying enabling digital technologies, beyond analytics and automation, with the objective of becoming more resilient, cost-conscious, and smarter about providing services that make an impact.

Organisational resilience will likely be the main focus for nearly every company moving forward, making the role of IA ever more pertinent. In our report, we have compiled a set of guiding principles across a standard IA lifecycle as an immediate response and highlighted transformational digital technologies and methodologies that can be utilised to drive change and increase long-term organisational resilience, enabling internal auditors to adjust to the “next normal” of remote internal auditing.

In this new world, IA should embrace continuous risk assessment, exploratory analytics, automated controls testing, and Agile methods as a way of decreasing costs and adding advisory value in any environment—whether physical, virtual or somewhere in between.