Will the internal audit disappear?
It is very
common nowadays in audit meetings, groups and seminars to question the future
of internal auditing, especially if it will disappear due to technological
developments.
In fact, the
theme of the 39th Internal Audit Congress that took place this year in the city
of Florianópolis was Technology and Innovation for Internal Audit and in my
lecture entitled “Internal Audit in a Changing World” brought to mind points to
explain that the audit will be affected like any other activity, but not to the
extension that may affects its existence.
First of all,
we need to understand that the application of “Triple A” - Automation,
Analytics, and Artificial Intelligence in corporate activities, is not the
future but the present.
Digital
convergence is already a reality in society as well as in companies. It
implying the way business is done, managed and operationalized. We need to keep
in mind that corporations are changing at great speed, and often disruptively.
Organizational
structures are no longer hierarchical but flatter; operations and processes are
no longer centralized and local to be decentralized and remote; functions are
no longer specific to being more generalist and collaborative.
In such scenario
it is clear that internal audit activity, if wants to remain an important
player for the organization's success, will also have to adapt and innovate.
With this in
mind, let's consider what the impacts will be on the audit activity. In my
perception, what should not change, and what will change:
- The mission, definition and professional standards for audit practice should not change, only adjust for technology applications,
- The systematic and disciplined audit methodology, consisting of the planning, execution and reporting of results, will continue to be used in digital platform,
- Evaluations, according to their nature: compliance, performance (operational) and accounting will also continue to be used, without significant changes,
- Tools for applying audit procedures and techniques, as well as some planning and communication activities should change due to the use of Triple A solutions.
- Possibly the risk of auditing (non-detection) should be mitigated as much as we can abolish the sampling of the works, as the technology will allow an evaluation of the whole universe tested,
- The auditor's competencies and skills should be complemented to be proficient in using triple A solutions and knowledge of languages such as Phyton and R.
Solutions that are currently on the market are highly
applicable in a compliance and / or regularity audit, but for an (operational)
performance audit they still have low application.
What worries me is that many auditors have not yet
realized the need to update, this was for yesterday, they are already late, and
at the speed of things, the professional shall become obsolete very quickly.
Another thing that strikes me, but it does not have much to do with technology, is that a
large portion of auditors have yet to understand their real responsibility as a
third line of defense and the audit mission as defined in the IIA IPPFs.
They continue to perform only compliance audit work,
which is the simplest and primary form of assessment, rather than performing
operational performance reviews, reviewing the risk management and internal
control system applied to operational processes to evaluate the governance.
As I said, I do not believe in the disappearance of
auditing, but in the disappearance of auditors who do not connect with auditing
standards, with new technologies, with new formats and structure of the
corporate and business world.
The modern auditor has a great responsibility to
support leadership in the governance process, the ethical values, the
effectiveness of the processes and the economically of the application of
resources. This auditor will always have his place in the corporation.
Be happy!