Auditing disruptive technologies

Perspectives

Advising on the risks of new technologies

Internal Audit in the age of digitalization

​Widespread technological advances—commonly referred to as Industry 4.0 or the fourth industrial revolution—are rapidly reshaping business. They're also making an impact on Internal Audit (IA) as the function must address the spectrum of financial, operational, organizational, regulatory, and technology risks associated with digitalization.

Internal Audit’s mandate: Proactively assessing new risks

A host of technologies is rapidly advancing Industry 4.0, including more interconnected and powerful networks, high-performance computing, and the advent of digital tools, such as data analytics, robotic process automation (RPA), and cognitive intelligence (CI). Combined, these technologies are changing business in profound ways.

As companies continue to adopt emerging technologies, IA must proactively assess and gain insight into the risks of new technologies. Doing so will enable IA to assess whether appropriate controls are being implemented to prevent and detect new and emerging risks.

In this report, we take a closer look at the specific risks associated with digitalization and offer five practical considerations to help IA departments assess those new digital technology risks.

Disruptive digitalization

Disruptive digital technologies build upon—and extend—foundational and analytical technologies. By introducing new automation capabilities through RPA and CI, disruptive digital technologies can offer IA large gains in efficiency and effectiveness. Many leading companies have adopted one or all of the technologies shown in figure 2 to manage their day-to-day operations.

Digital technology risks: Five key categories

When introducing these RPA and CI technologies into the ecosystem, enterprises are exposing themselves to potential risks that need to be addressed. We classify these risks into five key categories.

Auditing digital technology risks

Assessing the impact of RPA and CI technologies on the existing controls environment, including new risks, is imperative to the successful adoption of these new age technologies. But there's no need to reinvent the wheel. These risks can be addressed by extending existing approaches to managing enterprise risk. When assessing these technologies, IA should find a balance among its responsibilities to:

  • Assure: Providing traditional assurance
  • Advise: Acting as a trusted adviser
  • Anticipate: Preparing for new risks on the horizon

Back to top

Five considerations for Internal Audit

As companies continue to adopt disruptive technologies in order to gain tangible operational efficiencies, IA departments must keep pace. Here are five practical considerations for how IA departments can contribute:

Strategic planning and alignment. IA departments should create the strategic vision, goals, and road map on how they plan to audit processes that will be automated via RPA and CI technologies and advanced analytics.
Risk assessments. IA should begin the risk assessment of RPA and CI automation as early on as possible. Due to the rate of technological advances and adaption, it's critical that IA assess the risk associated with digitalization continuously.
Analytics and dashboards. Leveraging analytics to design dashboards that provide IA departments with a detailed picture of the health factors of the RPA and CI technologies will help IA stay ahead of the curve.
Training and recruitment. IA professionals must adopt and adapt to the impending automation change. In addition, senior management should inject fresh perspectives and knowledge by recruiting subject matter specialists (SMSs) from other departments or other companies.
The power of internal audit automation. IA departments should consider opportunities to leverage advanced analytics and RPA and CI technologies to automate the audit life cycle. Internal audit automation allows IA functions to modernize their approaches to perform audit. It can also offer key insights on the challenges and risks posed by adopting these disruptive technologies.

The rate of adoption of disruptive digitalization technologies may be different for each company. Therefore, the preparedness level of each IA department to respond to the risks posed will vary.

But the overall challenge remains the same: Get comfortable with discomfort. And brush up on what IA can do to deliver assurance and advise in the age of digitalization.

To read the full report, download Auditing the risks of disruptive technologies: Internal Audit in the age of digitalization.

Back to top

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?