The Protiviti study, titled “Exploring the Next-Generation of Internal Auditing,” surveyed nearly 780 Chief Audit Executives (CAEs) and internal audit leaders across industries to uncover the pressing priorities for internal audit functions when it comes to next-generation auditing skills. The study was completed in the first quarter of 2020 and was based on a survey conducted in the fourth quarter of 2019, before the onset of the COVID-19 pandemic.
In what should be a red flag for chief audit executives and audit committees, enabling technology received some of the lowest competency-level self-assessments in the entire survey: (rated on a 1 to 5 scale with 5 being highest)
One telling example of the need for internal audit leaders to step up their innovation and transformation initiatives is that only 10 percent of those surveyed are undertaking process mining in their internal audit function, and a surprising 41 percent of respondents reported they have no plans to adopt this enabling technology at all. Notably, internal audit’s exploration and adoption of enabling technology also lags that of other key business functions such as finance.
Additionally, the overall number of internal audit organizations reported to be undertaking digital transformation initiatives more broadly declined since the 2019 survey to 60 percent (down from 76 percent in 2019).
Audit Plan Priorities
The study also examined audit plans. While the following priorities were the most pressing at the time the survey was conducted, they remain relevant today and are important, enduring topics for audit plans:
- Fraud risk management
- Enterprise risk management
- Cybersecurity risk/threat
- Vendor/third-party risk management
- Internal audit strategic vision
“Audit priorities could all benefit from next-gen internal auditing techniques. Across the board, advanced analytics, machine learning, RPA and other data and technology methods can drive the delivery of significant value,” said Andrew Struthers-Kennedy, managing director and leader of the IT Audit practice, Protiviti. “Any internal audit function not currently using or taking seriously their pursuit of these technologies will be ill-equipped to deliver the insight and value required and expected of its activities.”