Agile, resilient and transformative
As organizations transform, at ever increasing speeds, new risks continue to emerge. Technological advances in artificial intelligence, cloud security, data privacy and cyber security; increasing use of automation tools like process mining and robotic process automation, and growing compliance, regulatory and fraud risks have increased the boundaries of Internal Audit and expanded the roles of technology auditors.
Fresh, hybrid working models have progressed at pace during the pandemic and are here to stay. These new ways of working, however, introduce more complex IT risks, especially for cyber security and operational resilience, which can severely impact operations, revenue and brands.
The IT Internal Audit function must keep abreast of these changes and continue to work with the board and senior management as a trusted partner, to assure them that they are effectively controlling all known and emerging risks.
This global report highlights the findings from a survey of 300 participants comprising of Chief Audit Executives, Audit Directors, Vice Presidents and Senior Managers representing audit teams from a wide range of industry sectors across 35 countries and territories. Questions covered the pressing issues facing technology audit teams today, such as auditor skillsets, scope and frequency of audits, emerging technology risks, adoption of new technology to enhance audits, and the evolving role of the Internal Audit function as a strategic advisor at board level.
The responses suggest that, with technology risks increasingly featuring in boardroom conversations, Internal Audit has a great opportunity to step up and play a bigger part in addressing and mitigating these risks.
Aligning capabilities to transformation
Skills gap and need for specialist experience was cited as one of the biggest challenges by the respondents.
Technology Internal Audit is growing in stature and is investing in a range of capabilities including cyber, cloud security, data privacy and advanced analytics.
Forty-seven percent of respondents state that co-sourcing remains the dominant delivery model to access special skills.
Adapting to an evolving risk landscape
Cyber risk and operational resilience are the key focus areas of technology internal audit teams today.
With the enhanced risk landscape, the priority is to build resiliency through the use of technologies and agile auditing techniques, in responding swiftly to address new and emerging threats.
Only thirty-three percent of respondents rate their preparedness for auditing technology associated risks as ‘good’ or ‘excellent’.
Increasing influence at the board level
With the exceptional rise in technology risks and the shift to tech-centric business models, the Boards and Audit committees have high expectations from Technology Internal Audit.
Auditors are increasingly prioritizing audit quality, adopting multiple approaches to monitor their effectiveness to enable enhanced reporting to the boards.
Only thirty-seven percent say their team exceeds or significantly exceeds expectations of the board
and senior management.
Embracing digital technologies
Data and technology are improving the performance of the Internal Audit teams, with increased funding made available for new technology investments.
Technologies such as robotic process automation, artificial intelligence and machine learning continue to be aspriational for Internal Audit teams and are yet to see extensive usage.
Sixty percent of survey respondents cited they have a high degree of maturity in their technology capabilities.
Read the full report