Internal Audit Must Step Up the Use of Data Analytics to Drive Risk-Informed Decisions

Internal Audit Must Step Up the Use of Data Analytics to Drive Risk-Informed Decisions

In a world full of systemic risks, data-enabled risk awareness is vital to support organisations in identifying how effectively these threats are being mitigated. 

Currently, organisations face some of their strongest headwinds in years. The upheaval caused by the pandemic has been followed by inflation rates not seen for decades. Financial markets have been in disarray. Systemic risks are now everywhere and internal audit must do everything it can to determine how well senior management understands the situation the organisation finds itself in. It’s a complex environment and it may feel like an impossible challenge to deliver relevant assurance. 

Now is the time to stay as close to senior management as possible to understand how integrated their risk view is, and data analytics is a key ingredient. If executives lack an understanding of the organisation’s data and what it shows, they won’t understand its potential breaking points. However, internal audit has yet to fully embrace data analytics, and there are many areas for improvement, according to findings from a survey conducted by the Chartered Institute of Internal Auditors (CIIA) and AuditBoard. 

See key takeaways below and download the full report, Embracing Data Analytics: Ensuring Internal Audit’s Relevance in a Data-Led World, to delve further into the current state of audit analytics, opportunities, and challenges. 

Audit Analytics Are in Use, but Maturity Is Low

By not developing its data fluency and analytics capabilities, internal audit faces a potential credibility crisis. Digitalisation was accelerated by the pandemic. Internal audit must accept this reality by viewing the organisation, its activities, and risk controls through a data lens, and integrating data analytics to enhance its service delivery. Failure to do so will mean internal audit is in danger of quickly losing relevance. 

More than two-thirds (67%) of internal audit functions are currently using some form of data analytics in their work. This is a solid foundation, but there is room for progress. This research also shows that 30% of functions are still not using any data analytics techniques whatsoever. Of the 70% who are applying data analytics, 69% are doing so on a planned but transactional basis and only 3% report being at the furthest end of the maturity curve with fully optimised analytics adoption. There is a real possibility that organisations will increasingly look to external assurance providers with an aspiration for them to fill the void and achieve a higher quality of service, which is not always forthcoming.

Opportunities for Data Analytics to Go Beyond Financial Risk 

Currently, the third line is overwhelmingly directing data analytics towards finance-related activities. The survey shows that, across the audit population, 62% of internal audit functions are currently finding the most value from applying these techniques to financial areas of the organisation. Internal audit teams should recognise that these tools can be applied to virtually any risk in some way. Audit analytics can be applied to much more than just numbers or binary entry fields, with machine learning increasingly adopted to parse huge volumes of text, for example.

Internal Audit May Be Overlooking Data Analytics’ Potential to Enable Continuous Monitoring

There are numerous benefits of applying data analytics to the work of internal audit. Most teams see the primary value in the greater assurance levels that can be provided. As systemic risks build, the profession may be overlooking the awareness advantages of embedding continuous monitoring. Continuous risk assessment is one of the highest-value applications of data analytics that internal audit can apply. It improves the third line’s risk awareness, focusing its attention on what matters and at the right time. 

According to the survey, only 8% of internal auditors see this enhanced risk awareness as the primary benefit of these tools, with greater levels of assurance considered to be the main advantage, cited by 48% of respondents. In an environment in which systemic risks are boiling over, internal audit may be underestimating the value of this awareness and the ability to hone the audit plan with greater precision.

Lack of Resources and Skills Remains a Barrier to Implementing Audit Analytics

Integrating data analytics is not without its challenges. According to the survey findings, the biggest barrier to the adoption of data analytics and AI, cited by 49% of internal auditors, is a lack of existing skills and competencies. The next widely reported challenge, cited by 24% of respondents, is the cost and limited available budget to implement these capabilities. 

Upskilling the internal audit function is best achieved by recruiting dedicated data analytics specialists so they can develop relevant apps that deliver audit efficiencies. Championing data analytics investment directly into the organisation that internal audit can then leverage may be a shortcut to opening up the third line’s access to data analytics. Experimenting with analytics and sharing your biggest successes in visual audit reports is an effective way to win over senior stakeholders, which in turn can free up audit budgets. A lot can be achieved with a little, especially by tapping professional networks and shadowing data experts.

Consider whether you are failing to keep pace with what is expected of an effective internal audit function in the 2020s and then make the case for data analytics when speaking to the audit committee and other key stakeholders. Data is key to the future for all organisations, it is therefore key for internal audit as well. Understanding what the data shows about risk resilience in today’s complex environment will ensure organisations’ success. To learn more about how internal audit can make strides in data analytics and read case studies, download the full Embracing Data Analytics report.