Internal audit needs to be strategic in its approach to automating controls.
Automation can increase efficiency — but also some risks.
Articles The Institute of Internal Auditors Aug 08, 2023
Automation can increase efficiency — but also some risks.
For years organizations have been using the phrase, “do more with less.” Automation allows them to put this phrase into action. It can reduce the time employees spend on manual tasks, allowing them to focus on critical strategies that historically have been ignored.
Applying automation allows the internal audit function to take a continuous auditing approach and test an entire population in a fraction of the time, and with fewer resources. The results provide valuable data and insights that allow management to make better, faster decisions related to risks and strategy.
Organizations initially developed automation to enhance the customer experience and help expedite common first-line processes. With these successes, more companies are now allocating funding and resources to internal audit.
To understand where automation should be applied, the function should focus on how much time and effort is saved through its use. This will allow it to rank which areas should be addressed first to provide the biggest return on investment. To date, that has been areas with highly repeatable controls and processes.
Many organizations’ controls are highly manual, which makes it difficult to quickly adopt automation. Organizations need to be strategic about the areas they want to automate. Internal auditors can help because they come across a wide range of issues and problems on the job. Once their understanding is paired with a forward-thinking approach, one that aligns the audit plan with an organization’s overarching objectives, it should be much easier to decide which departments and processes would most benefit from automation.
Another pain point is around skills and training. While it may be easy to go outside of the organization to obtain the skills to develop and implement automation, who is going to be responsible for overseeing these changes in the long term?
Finding and retaining or training employees can be time-consuming and costly, but it’s an important investment to make. When companies introduce automation, it’s critical to have employees who not only oversee the process but can use data to make smarter decisions moving forward.
Another challenge relates to funding and internal audit’s reputation in adding value. Internal audit is often viewed as a cost center and not as a strategic function, and therefore automation funding may end up elsewhere. However, leaders who view internal audit strategically and make the right investments will have a competitive advantage over their peers and will reap the enormous benefits automation presents for expanding risk coverage and driving enterprise value.
While automation offers many advantages, there are some potential risks that organizations should consider. For example, automated systems are sometimes prone to technical failures, such as software glitches or hardware malfunctions. These failures can disrupt operations, cause delays and result in financial losses. However, having robust backup systems and contingency plans in place can mitigate this particular risk.
Another risk involves data security and privacy. Automation naturally requires the collection and processing of large amounts of data. Protecting this data from unauthorized access, breaches, or misuse is of paramount importance. Using a best-in-class automation system that complies with industry-leading security standards and authorizes only certain users to access the data minimizes this risk.
With growing responsibility for risk oversight, especially in complex areas such as cybersecurity and ESG, today’s internal audit teams are busier than ever. Automation can replace time-consuming and repetitive processes with more efficient workflows that reduce costs and eliminate the need for additional headcount.
There are only so many controls that a single internal auditor can check manually, and the assessments typically reflect a single moment in time. But when automation is appropriately integrated, it can provide continuous, real-time insights and constant assurance that controls are working as they should, reducing the risk of a compliance breach. This continuous monitoring also scales easily: As audit work increases with organizational growth, automation scales with those needs.
Moreover, automation reduces the risk of human error — which is never fully avoidable when using manual processes. All auditors strive to reduce human error, of course, but error reduction is particularly important in industries where accuracy is crucial, such as manufacturing, finance, and healthcare.
Before they begin using automation, auditors should have a clear understanding of the processes they want to implement, as well as their underlying documentation. This includes system specifications, policies, and procedures.
Keeping the aforementioned risks in mind, audit teams should identify vulnerabilities and potential impacts on objectives, focusing on areas where automation has the highest risk exposure. Making sure that the automated systems adhere to relevant regulatory requirements, industry standards, and internal governance frameworks is also key, especially where data protection, privacy, and cybersecurity are concerned. Additionally, auditors should ensure the data used in automated processes is reliable and complete. The same goes for any controls implemented within automated systems. Audit teams should thoroughly review access controls, segregation of duties, error handling mechanisms, and monitoring and logging practices.
Finally, keep in mind that while automated processes are designed to perform specific tasks efficiently, they may lack the flexibility and adaptability of human workers. Unforeseen circumstances or changes in requirements may call for human intervention or system reconfiguration. Audit analytics solutions that offer scalability and can adapt to changing needs may address these concerns and potential risks.
Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer? Sign in or become a member to gain access to the latest internal audit news and information today.
Login