The Importance of Internal Auditors
The Institute of Internal Auditors (IIA) has placed the Internal Audit department on the critical “3rd Line of Defense” in a model intended to provide a simple and effective way to enhance communications on risk management and achievement of organization objectives. Their overarching responsibility is to act as an independent assurer that risks are being managed within acceptable parameters. But they also have a goal of enhancing the perceived value of the Internal Audit department.
Richard Chambers, IIA President and CEO, addressed this goal at the 2014 IIA GAM Conference:
“Five Imperatives” for Enhancing Internal Audit’s Perceived Value
- Assess and address apparent gaps in stakeholder expectations of internal audit’s focus and capabilities.
- Develop and implement robust knowledge and talent acquisition strategies
- Implement or enhance existing methodologies for assessing risks continuously.
- Assume a leadership role in coordinating and aligning the activities of functions in the organization’s second line of defense
- Find innovative ways to enhance internal audit efficiency.
While there are many ways of addressing these “Five Imperatives”, a common menu of duties for an Internal Audit department might include assessing and scoping risk levels, confirming adherence to compliance requirements and providing assurance that there are sufficient controls over financial reporting (ICFR).
How do they achieve all these objectives? – By performing Audits!
- The Chief Audit Executive (CAE) is constantly challenged to position the Internal Audit department as a value-added unit and “trusted advisor” to the Audit Committee and key business stakeholders. They have to be confident that the assurances and advice you provide them is based on reliable empirical evidence, obtained thru consistent processes that are themselves auditable.
- The daily need to make better use of the department’s limited resources (time, money, staff), allowing for more value-added deliverables versus “check the box” everyday tasks. Tools and processes that enhance productivity are the cornerstone for increasing the value-add of the work Internal Audit can perform.
- The necessity to develop risk-based audit plans, schedule staff, conduct fieldwork, monitor audit progress and ensure management has accurate information to support their business decisions. A logical, consistent and repeatable audit workflow is best maintained with easy to use automated tools like ACL™ GRC, not inefficient manual tools like spreadsheets.
- The ability to have visibility into, and oversight of, the audit staff and their projects on a real-time basis. You can’t control or improve what you can’t monitor and measure.
“Closing the Technology Gap Can Help Alleviate the Pain”
Technology shifts in areas such as mobile computing, cloud-based software, software-as-a-service and Big Data are going to have a transformative effect on how organizations operate. Internal Audit, perhaps more than any other functional area, has a huge opportunity to benefit from these shifts. Spreadsheets, physical documents and shared drives are not a scalable means of managing information and make you and your Internal Audit staff work harder, not smarter. And it is difficult to meet your own expectations, let alone the expectations of others, without the right tools:
With ACL GRC, you can plan, schedule and perform your audits, take advantage of standardized processes and workflows, plus collaborate together in a cloud-based audit management system with not only other auditors, but Compliance and Risk Management personnel as well. This facilitates the sharing of information cross-functionally, negating the perceived need for those departments to seek their own technology solution to manage compliance and risk processes and projects (thus avoiding the perpetuation of a “silo” mentality).
Time-to-value and ease of use is enhanced with built-in audit programs and workflows, intuitive user interfaces and free online access to training videos on common audit projects and tasks.
Whether your team consists of 3 Auditors or 3000 Auditors, Testers and SMEs, you can:
- Improve productivity by achieving an average increase of 25% in audit efficiency with automated workflows
- Deliver higher ROI by providing organizational value-add services while spending less time manually documenting and reviewing workpapers and other evidence
- Enable faster decision making by providing Executives and other stakeholders visualization into key, relevant information with easy-to-read dashboards and reports via the cloud
- Collaborate and work from anywhere since your client audit data is accessible in the cloud and available to your team members 24×7, even on their mobile devices
- Achieve low Total Cost of Ownership by eliminating the heavy up-front technology costs that other on-premise or complex systems impose. ACL GRC is cost effective over traditional manual processes and requires no IT set up time or maintenance headaches – your system is automatically upgraded
Internal Audit professionals are faced with the challenge of reliably achieving objectives while addressing uncertainty and acting with integrity. Whether the objective is to provide business assurance, improve controls, or ensure compliance, without analyzing the underlying transactional data in detail, it will be difficult to draw any credible conclusions that can help the business.
In order to reach actionable conclusions, large volumes of data spanning multiple systems must be analyzed – this is not a trivial processing effort. Furthermore, the core purpose behind the analysis is to identify anomalies and discrepancies in the data that need more investigation – this requires more sophisticated capabilities than just summarization and aggregation. Add to this the importance of easily sharing, presenting and distributing analysis results to stakeholders for further interpretation and remediation, and the search for an effective analysis solution becomes even more challenging.
ACL™ Analytics is designed to revolutionize data analysis by making it easier and faster to get credible results that can help positively impact the business. With its combined strengths of processing power, purpose-built analytic functionality and high usability, it’s not surprising that ACL Analytics has a dedicated global community of over 14,000 organizations that has been relying on its capabilities for more than 25 years. For server-based continuous monitoring and enhanced collaboration capabilities, ACL also offers Analytics Exchange.
Both Analytics and Analytics Exchange are closely integrated with ACL GRC, enhancing and extending the power of the data analysis function with the broad data sharing, interpretation, exception tracking and remediation capabilities of ACL GRC.
The combination of a superior method of conducting Audit Management with the ability to access large and diverse forms of data and analyze it thoroughly will provide the Internal Audit department the tools and processes to enhance the material impact it has on the organization: