Elevating risk management

Learn how extreme automation, when leveraged effectively, can enable an improved control environment and how the role of internal audit is evolving.

The CFO's agenda for disruption will shape risk and controls

The rapid pace of change in today’s competitive business world is driving chief financial officers (CFOs) to uncover new ways to improve efficiency and reduce risk, all at a lower cost as they seek to deliver maximum value to shareholders. CFOs are rethinking their approaches to disruption, including looking to automation to propel their efficiency and low-cost agendas forward. This migration towards automation is prompting organizations to re-examine their risk management strategies.

The modern organization faces significant risk in a number of areas—including strategy, finance, operations, and technology—as well as reputational issues and the growing threat of cyberattacks. Developing an effective risk governance and controls environment that supports innovation, automation, and organizational changes is one way in which organizations can stay on top of the risk-related challenges they face from disruption.

Elevating risk management
As CFOs explore automation, companies are re-examining their risk strategies to stay on top of the potential challenges.

Extreme automation in practice

Technological advances are impacting how organizations perform business tasks—and ultimately how they handle their approach to risk identification and risk management.

The future will see a shift from descriptive and diagnostic analytics to predictive and prescriptive measures that can help detect potential risks earlier and facilitate data-driven decisions on what should be done to control them. Predictive analytics can be applied to identify vulnerabilities and fraud. By deploying deep pattern analysis algorithms, for instance, organizations can better recognize network anomalies or inappropriate access by hackers via tracking network traffic in real time. Prescriptive analytics can be leveraged to explore new markets or channels. Artificial intelligence (AI) can produce a scenario analysis of these opportunities, providing valuable insights and identifying weaknesses. Business leaders can identify next steps and adjust their strategies and plans accordingly.

The use of robotic process automation and machine learning will enable faster decisions and lower costs, while automated master data management, cloud technologies, and blockchain will lead to improvements in how data is structured and accessed, reducing  the need for repetitive processes  and manual interventions.

Reducing manual control activities will provide a platform for efficiency, growth, and scalability. The use of such systems will lead to stronger confidence in an organization’s risk processes and better value around risk management, which in turn will enable a stronger focus on the drivers of strategic value and business performance.

The benefits of such methods are starting to be appreciated. When asked to rank the most important benefits of using advanced technologies in the financial reporting process, over a quarter (27 percent) of financial executives pointed to real-time insights into areas of heightened risk and internal controls.1


A new scope for internal audit

Internal controls must keep up with the speed of disruption, at a minimum, or surpass it for value creation, while a continuous process must be established to assess the potential impacts of technological advancements on existing processes, systems, and controls. This means supporting innovation, automation, and organizational changes to help businesses establish and monitor their risk positions to promote agility.

The internal audit function will play a pivotal role in helping organizations make the changes that are required to manage risk more effectively. Internal audit professionals need to be involved from the very start of any change process, helping to shape new processes, systems, and wider organizational changes and reporting to audit committees and CFOs.

Internal audit will need to transform into a “value lens” for the business, shifting away from its traditional role focused on monitoring financial activities, testing controls to prevent misstatements, and ensuring compliance. It will need to become more of an analytical and consultative function, capable of identifying, assessing, and proactively mitigating broader operational and strategic risks—including those related to the company’s brand and reputation, as well as cybersecurity and emerging technology concerns. Internal audit will also be tasked with providing an integrated, data-driven view of assurance and business performance to senior management, the board, and the audit committee.

Working closely with the CFO and the broader business, internal audit professionals will need to determine the extent to which they wish to automate areas such as strategy monitoring, operational monitoring, finance and information technology (IT), and develop a controls structure appropriate to the level of automation required.


New skills for internal audit

The changing role and responsibilities of internal audit will translate to new skill requirements. Internal audit will need to take a more consultative approach towards working with other parts of the business than may have been the case in the past. Read this whitepaper to discover the skills that are needed by the modern internal audit professional.


1 KPMG LLP and Forbes Insights, Digital transformation (2017)