By Jason Agnoletto FCPA, National Leader - Internal Audit Services
Share this article
During the COVID-19 crisis, leading Internal Audit teams have demonstrated remarkable agility and resilience. The daunting array of new and enhanced risks has triggered a rapid response where internal controls have been adapted to protect and support organisations. This points the way towards the future of Internal Audit.
Internal Audit leaders can use the momentum from the past few weeks to embed these new ways of working into their teams. The days of a one-year ‘set and forget’ plan are well and truly over. Now, and in future, all Internal Audit functions need to be more digital, insightful, agile and effective.
Enabling organisations to adapt with confidence
The pandemic has tested the mettle of every Internal Audit function in Australia. The best have risen to the occasion by evaluating the impact of organisations switching to virtually-connected operating models. They have enabled the redeployment of resources to high-priority areas of the business, while collaborating with risk management and compliance functions to deliver truly integrated assurance.
In short, they have implemented an agile Internal Audit experience that has helped steer their organisations during a tumultuous time.
As organisations adjust to this period of heightened uncertainty, Internal Audit functions are adding the most value when they focus on areas such as:
Business continuity: Future proofing the organisation by ensuring lessons are learned, documented, shared and built into future plans.
Risk management and mitigation: Providing comfort that risks (e.g. cybersecurity, data, OHS, fraud, etc) are sufficiently mitigated during this time where processes, controls and working arrangements have changed.
Returning to the workplace: Ensuring the plan to return colleagues to their workplace(s) minimises disruption to operations and appropriately considers risks to staff wellbeing.
Risk culture: Ensuring that cultural expectations are reinforced, with indicators identified, measured and acted upon.
Employee payments and JobKeeper compliance: Ensuring employee entitlements are complete and accurate, including compliance with JobKeeper requirements (if applicable).
Superannuation Guarantee: Ensuring compliance with superannuation legislation during the amnesty (ie. September 2020), to mitigate potential fines and ensure colleagues are rewarded correctly.
In the coming months, it’s essential that Internal Audit plans provide timely insights in the above areas. The wider operating environment will remain uncertain, and Internal Audit reviews must be agile enough to adapt to new and changing circumstances, as they unfold.
For some Internal Audit functions, this requires a substantial shift in thinking and operating. The transition will not always be easy. But their organisations will feel the benefits – not only during the pandemic, but also afterwards. And that will result in greater business engagement with Internal Audit.
Define the new normal
While the pandemic and its impact will remain for some time, proactive business leaders are turning their attention to the aftermath. The decisions we make today will influence how our economy and organisations look tomorrow.
For Internal Audit leaders, that starts with reimagining their functions and defining what the ‘new normal’ should be. This might include a more proactive focus on risk where external and internal data informs continuous risk-sensing processes. It might also include a more flexible operating model to ensure a function has ‘surge’ sourcing capability and capacity to fill gaps in internal audit, IT or specialised areas (serviced by agile, remote staffing options).
The vision of the future may involve an ‘audit spectrum’ rather than a traditional audit plan. This would diversify the scope and nature of activities, enabling Internal Audit professionals to focus reviews around specific business issues, as well as facilitate audit insight workshops, and more.
Unearth new value
In order to make the vision a reality, Internal Audit leaders need to map out the journey their functions need to take. Naturally, this needs to align with the organisation’s strategic goals and culture, first and foremost. The map should also be clear on the tools and model that will be required.
It’s important to focus on the value the Internal Audit function is seeking to add in the future, before selecting the tools to enable this. Time should be taken to consider how to embed continuous monitoring across the key areas of the organisation and implement more dynamic risk identification, assessment and monitoring. Having clarified that, Internal Audit leaders and their colleagues can identify the required tools, data sources and analytics technology.
A clear idea of the optimal operating model is also essential – and the past few weeks have offered some indication of what that might entail. Leading Internal Audit teams have surprised themselves at how fast they could switch to virtual and remote working models. New methods of continuous learning and communication have been adopted. Virtual meetings have been used to share findings, data analytics, risks and challenges with stakeholders. Secure technologies have enabled colleagues to conduct walkthroughs and whiteboard sessions, as well as develop collaborative documents. And showcase sessions have facilitated discussion of business issues, focus areas, and management actions.
The operating model of recent weeks can be the catalyst to rethink and refresh for the longer term. What lessons have been learned? Were any systemic problems solved? In future, how might the Internal Audit function be less reliant on geographical proximity?
‘Next generation’ Internal Audit functions
Having built a clear picture of where the Internal Audit function wants to go, and how it will get there, leaders and their colleagues can implement the transformation. To navigate this journey, it’s important that colleagues are clearly briefed on the vision and milestones.
Internal Audit team members also need to be empowered to execute each stage of the transformation. This requires a shift away from hierarchical decision-making, towards greater collaboration. And it also requires a commitment to upskill colleagues so that they can harness emerging technologies. In my next article, I will explore what a ‘digitally fit’ Internal Audit function might consist of, including the skills and qualities that professionals require.
National Leader, Internal Audit Services, Melbourne, PwC Australia
Tel: +61 402 443 104