Internal auditors have traditionally been perceived as compliance people who help keep the business world honest. They verify everyone is following the rules by looking for errors, omissions, and internal controls issues. Audits have evolved beyond safeguarding assets and enforcing policies to preserve value. The internal auditor has added value creation for the organization to his tool belt. Today’s auditors collaborate with management to mitigate risk and prioritize goals and objectives. They identify complexity and redundancy and ways to streamline operations and reduce costs.
Enterprise Risk Management (ERM) has emerged to help identify and assess the institutional risks that could preclude the achievement of goals and objectives within an organization. This framework for evaluating risks gives management the advantage of grasping opportunities within their reach by taking advantage of favorable conditions in their market or operational environment. In a report by the Poole College of Management at North Carolina State University entitled “2019 The State of Risk Oversight,” survey respondents of organizations that have not yet adopted an ERM approach indicated that they do not think ERM is a priority or benefits do not outweigh costs. In reality, prioritizing ERM can provide an organization with the tools it needs to achieve its objectives:
- Identification of risk at all levels of the organization
- Standardized reporting of risks
- Early detection of potential risk events
- Elimination of redundant processes to improve efficiency
- Reduced effort and cost in meeting regulatory and compliance standards
There is value in collaboration between the ERM and the Internal Audit risk assessment processes. The ERM process provides input to Internal Audit on areas management considers high risk. In return, Internal Audit objectively assesses the system of internal controls and informs management on the areas where there is opportunity to strengthen the system of internal controls and increase efficiency of operations.
The scope of a comprehensive internal audit goes beyond checking the boxes and into the realm of an array of value added services. A robust internal audit includes the following components:
- Managing risk
- Prioritizing the right activities to help achieve the highest goals
- Streamlining the control environment to eliminate complexity and redundancy
- Enhancing financial priorities by establishing cost saving strategies
- Identifying areas of opportunity for business growth
PwC’s 2018 State of the Internal Audit Profession survey report, Moving at the Speed of Innovation, reveals that many internal audit functions are embracing new technologies. For example, it is expected that by 2020 using governance, risk management, and compliance technology tools will increase from 23% to 62%. Indeed, the role of technology in internal auditing has opened up many possibilities that expand the capabilities of audits. With the exponential growth of data, new tools for data mining, and unlimited processing power of today’s computers, the future is bright for extracting the insights needed to drive economic growth. With the rapid advances in machine learning and artificial intelligence, the functions of internal audit will reach a new level of insights that has few limitations.
The capabilities of internal audit have been elevated from the day-to-day activities of compliance and monitoring to adopting a much broader role in business consulting, helping to add value at all levels of the organization that will accelerate growth and eliminate unnecessary spending. Armed with these new tools, today’s internal auditor is primed to venture into the unchartered territory of unlimited potential in the modern business landscape.
For questions about this article, or for more information on McKonly & Asbury’s Internal Audit and Management Consulting Services, please contact Brian Johnson, Senior Consultant at email@example.com.