Last week, hundreds of internal audit professionals converged on Huntington Beach for the first annual AuditBoard User Conference. Key trends and themes emerged across the sessions, ranging from the importance of leveraging technology to drive efficiency, to how agile methods can solve today’s common audit problems.
Read on to learn the top 5 takeaways from the AuditBoard User Conference, and how they can help your department pursue audit excellence in the months and years ahead.
There has never been a better time for internal audit to gain a seat at the table by driving more innovation and business value for their organizations. AuditBoard co-founders Daniel Kim and Jay Lee took the stage to share their journey from Big 4 audit to designing a technology platform that would empower audit, risk, and compliance teams to take the value of audit further. Harnessing the power of collaborative cloud technology that analysts are attributing as a thrust in the market shift to Integrated Risk Management (or GRC 3.0), audit teams have a pivotal opportunity to move from spreadsheets and legacy GRC platforms to solutions tailor-made for the modern audit need. With newfound visibility and time savings through automation and business intelligence, auditors are now able to go beyond required compliance activities to provide a new level of strategic value to the organization.
What does the internal audit workplace of the future look like? Brian Christensen, President of the Internal Audit Foundation and Executive Vice President, Global Internal Audit at Protiviti, laid out a roadmap for internal audit departments to deliver a bright future during this time of digital transformation. One essential objective for a future-forward internal audit function is to enable the organization with the technology needed to address emerging business risks. Leveraging collaborative, cloud audit management technology will help to increase internal audit’s effectiveness and efficiency — saving hours that can be redeployed to projects that provide the business with deeper and more valuable insights from internal audit’s activities and processes.
With an ever-increasing rate of change in business, the risk landscape can often change significantly between an audit project’s start and end, making the results out of date before they are finished. When Laura Ganann, Sr. Director, Global Audit Solutions at Walmart Inc., asked the room if anyone was creating an annual audit plan that never changed, not a single hand was raised. Describing why an audit department would make the move to agile, Laura pointed out that the characteristic auditor drive for perfection can cause delays in communication and waste time on deliverables that are obsolete by the time they are completed. Agile auditing can solve many of the common challenges faced by audit departments by increasing interaction with audit customers, providing for iterative delivery of work, enabling faster communication that leads to faster issue resolution, and constantly reevaluating priorities to ensure the highest and best use of resources. Yet, to fully realize the benefits of agile, audit teams must be willing to shift to an agile mindset that is ok with iterating and puts customer-focused decision-making and communication first. Adopting agile doesn’t require developing an overengineered process — start with a few great ideas about how to perform iterative work and engage your customer differently.
In October 2018, the SEC released a report that urged companies and their auditors to focus on cyber-related risks and the internal accounting controls needed to mitigate them after a number of companies lost millions of dollars to phishing scams. Rob Frattasio, Partner and National Process Risk and Controls Leader at RSM US LLP, noted that the SEC called it “cyber-related,” but that the focus in the report was on the safeguarding of assets and anti-fraud controls mostly targeted at cash. The expectation is that cyber-related fraud risks and controls will increasingly be in scope in the years to come, and it will be important to keep informed and try to stay ahead by making sure the company has reasonable cyber controls and understands the link to financial reporting. Cyber-related risks should be clearly considered in the risk assessment, and occurrences of actual cyber incidents should be analyzed, documented, and considered during the Internal Control Over Financial Reporting (ICFR) risk assessment.
Internal audit is one of the only functions that has to deal with every aspect of an organization — and if everyone on the internal audit team brings a similar background and thinks the same way, there’s likely a missed opportunity to add value to audit engagements. Karen Gift, CFO at AuditBoard, moderated a discussion on the value of creating and retaining a diverse internal audit department with audit executives from Wyndham Hotels & Resorts, TripAdvisor, American Tower, and Staples. One thing the panel agreed on was that a well-balanced internal audit team with members of diverse backgrounds and genders will collectively bring a broader, more complete perspective to the table, be better equipped to respond to evolving business risks, and help audit deliver greater value to the organization. A show of hands in the room revealed that company diversity initiative programs are on the rise, indicating a positive trend toward building and maintaining more diverse internal audit functions.
The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter. You should not act or refrain from acting on the basis of any content included in this site without seeking legal or other professional advice.