The Post-Pandemic Evolution of Internal Audit

Internal audit After the pandemic

Those who are practicing internal audit in the same way they were before the COVID-19 pandemic are in the minority, according to a new study. Between remote auditing, newly implemented technology, and a heightened focus on cybersecurity, internal audit has changed.

Approximately 70 percent of auditors have had to change their plans and reprioritize audit activities during the pandemic, according to the survey conducted by GRC solutions provider MetricStream. Internal audit teams are accessing new resources too. About 12 percent of respondents either increased their audit scope or team capacity, while another 15 percent deployed new technology to improve efficiency.

Only a quarter of those surveyed said that their plans and activities remained unchanged during the pandemic. According to the survey, such respondents were most likely well-automated and digitalized before the pandemic hit, making the switch to remote work an easier one, or their organizations were not significantly impacted by the crisis.

Most respondents, however, were forced to quickly adapt to rapid change. Nearly half (44 percent) said the biggest internal audit challenge was the level of change occurring in business priorities, as well as in risks and compliance. The second greatest challenge for internal auditors during the pandemic was the lack of efficient auditing tools and technologies (35 percent). Providing integrated assurance with risk and compliance was the third biggest obstacle (30 percent).

How Agile Are You?
One solution to a rapidly changing audit landscape, say the report’s authors, is agile auditing. It enables auditors to move quickly and provide more targeted assurance. It also delivers timelier insights, saves capital, and reduces waste. Despite the benefits of agile auditing, 60 percent of those surveyed said they have not yet adopted an agile approach to internal audit. Of those that do use agile methods, the highest proportion (27 percent) use it to conduct rapid audit planning and task prioritization.

The pandemic also instilled an urgency to reach benchmarks. About 15 percent of respondents, among those who use some form of agile auditing, said they established shorter sprints to achieve specific goals. Shorter sprints allow auditors to take stock more often, ensuring that their audits are still on track to complete the objective.

Agile auditing is not the only improvement internal audit teams are adopting. Many are also implementing continuous monitoring (CM) and continuous auditing (CA). Almost 40 percent of internal auditors say they are in the process of implementing, or have already implemented, CM and CA. According to the report, CM and CA are helping organizations strengthen risk management and compliance, while also optimizing decision-making and reducing costs.

Beyond Microsoft Office
The COVID-19 travel bans and resulting work-from-home environment made it more difficult for internal auditors to obtain data in real time. Part of the problem, the study finds, is that many are still relying on aging desk-top software, such as spreadsheets and Microsoft Word. The majority of respondents, 54 percent, say they still rely on such basic office productivity software packages. While effective when in a physical office, these older methods can become cumbersome and hinder insights when working remotely. Point solutions, used by 26 percent of respondents, have their own limitations, the report’s authors argue, since they don’t always lend themselves to integrating audit programs with risk management, compliance, and other assurance functions for a holistic risk view.

While many internal auditors say they want to increase collaboration and exchange information with other assurance functions while still maintaining their independence, only 10 percent of respondents say they use integrated solutions.

Over a third have gone beyond the traditional applications of audit technology and are experimenting with data analytics and data visualization. These innovative tools make remote auditing and continuous monitoring easier, the report finds. They also improve decision-making by providing a wider perspective on risks, challenges, and uncertainties at multiple levels.

Never Let a Good Crisis Go to Waste
While cybersecurity is always a concern, internal auditors say the pandemic has pushed cyber-risks even higher. The top three cyber-risks and threats keeping executives up at night are denial of service attacks, compliance violations, and spoofing of corporate social media accounts. Since the pandemic, cyber-attacks have escalated across industries, thanks to the increasing adoption of new technology and virtual working models. Cybersecurity firm VMware Carbon Black found that in the financial sector alone, cyber-attacks increased by 238 percent between February and April 2020.

Increasing operational resiliency is also on the to-do lists of many internal auditors. Roughly 42 cited it as a top priority. As a result of the pandemic, many senior management teams are asking internal audit to help strengthen businesses preparedness for future crises.

The majority of respondents, 54 percent, said they are also investing in training their auditors on emerging risks and technologies. Artificial intelligence, machine learning, and advanced analytics are already transforming the way audits are done. More than 30 percent of respondents say they are also looking to hire more skilled auditors, while 25 percent hope to adopt more innovative tools like robotic process automation (RPA).

Where Internal Audit Investments Are Being Directed.

There is no doubt that the pandemic has changed the game for internal audit functions, but the crisis has simultaneously opened the door for internal auditors to create value in new ways and improve the function with updated technologies. Whether it be through adopting agile auditing, harnessing emerging technologies, or adopting collaborative solutions, auditors are looking to the future with excitement and anticipation.  Internal audit end slug


Michael McGee is assistant editor at Internal Audit 360°

One Reply to “The Post-Pandemic Evolution of Internal Audit”

Leave a Reply

Your email address will not be published. Required fields are marked *