The Auditor of the Future
John Brennan | Managing Director, Infrastructure Practice.
The internal audit industry is facing a time of rapid business transformation. Only a decade ago there was no discussion of cloud-based technology, and smart phones and social media were just beginning to take hold. Today, the business environment in which organizations and their audit functions now operate is significantly different.
The rise of consumer access to technology and digital platforms has been noted as significantly influencing businesses. While these shifts bring market opportunities, they also broaden the scope of risk that auditors must be aware of including information piracy and other cyber threats which will require new or improved processes and controls.
Companies seeking an internal audit department that can keep pace should be looking for the “Auditor of the Future.” What does the “Auditor of the Future” look like? He or she is an executive who not only brings leadership skills and presence, but due to the increased role technology is playing in an organization’s day-to-day activities, takes a holistic approach to technology while leading the audit function.
A holistic approach to technology includes incorporating big data analytics in a smart way. While the amount of data auditors can access has significantly increased, success with data requires connecting the information to insights about risks on the horizon.
Traditionally, internal audit has focused on using data in limited ways in the field, commonly known as “computer-assisted audit techniques.” However, with developments in ease of use and affordability, internal audit can leverage data in a way that will provide deeper business insight, increases in efficiency, enhanced monitoring activities, and give better response time. Using data in a useful way for an organization requires a shift in mindset which integrates the information into the audit life cycle from assessment, fieldwork, execution, monitoring, reporting, and planning.
Cyber risks are another challenge that the “Auditor of the Future” will be ready to combat. Data breaches can not only compromise client information but can harm the organization’s reputation in the industry. It is not enough to focus solely on keeping online invaders out of a system. Recent events have shown an inability to stop a cyber-attacks despite investments in cyber defense. Internal audit must take a comprehensive approach to cyber security to ensure organizations are prepared before, during and after an attack.
The “Auditor of the Future” is in a unique position to educate board and audit committee members about the diverse efforts that are needed to battle cyber threats. These efforts include: protection, ensuring there is a worthy first-line-of-defense either internally or with a strategic third party partnership; detection, using data analytics to pinpoint breaches in security; business continuity, ensuring that clients and business partners will continue to be served despite any crisis scenario; crisis management/communication, internal audit should be prepared to provide assurances internally; and continuous improvement, which requires an iterative process of exploring what improvements are needed in the future.
While big data and cyber security are the focus of today, the “Auditor of the Future” looks ahead to what advances are coming down the pipeline for companies to stay ahead of the curve. A successful audit executive needs to understand that ignoring the technology of tomorrow while implementing what is available today can put an organization on the wrong side of the transformation curve.
The “Auditor of the Future” will ensure their team is adding value through the incorporation of technology in audit in combination with the intangible leadership skills that are required for the audit function to be a strategic partner to the organization. Additionally, they must have a vision for building their team which includes diverse skill sets aligned with their company’s transformational goals. These should include business continuity, cybersecurity, cloud-based services, mobile computing and enterprise resource planning.
Audit functions which add the greatest value today, and are set to continue to contribute significantly into the future, are able to keep up with business change through taking the long-term view and have an ability to be adaptive to the ever-changing risk landscape.
Price Waterhouse Cooper. 2015 State of the Internal Audit Profession Study. 2015.
Protiviti. The Future Auditor: The Chief Audit Executive’s Endgame. 2015.
The Institute of Internal Auditors Research Foundation. Internal Audit’s Role in Cyber Preparedness: The Importance of a Holistic Approach. 2015.