Introduction
Despite increasing innovation and technology-driven digital growth within organisations, Internal Audit (IA) and Internal Control (IC) functions are still playing catch up in many areas. These core Business Assurance functions are sometimes slow to realise the changes and digital volution happening within their organisations, and still deploy traditional methodologies and solutions that cannot efficiently provide the needed assurance at the velocity of change within the organisation.
Without a change in approach, the IA and IC functions may lose alignment with the organisation’s strategic direction and ability to provide assurance over emerging risks arising from the adoption of new technologies. This may ultimately result in a ‘Value Gap’. From a survey of 400 Chief Finance Officers (CFOs) and Audit Committee Chairs conducted by KPMG, only 5% of the participants responded that they received insights on “informed perspectives on emerging risks” from their assurance functions and 36% of them rated it as a ‘most valuable to receive’ insight1.
In addition, IA and IC functions are increasingly expected to add value to organisations and stakeholders in ways that are beyond the capabilities of the traditional model, as stakeholders continuously demand a more efficient and agile assurance process, especially in the everevolving business landscape.
This demand has increased since the emergence of the COVID-19 pandemic. Not only are IA and IC functions tasked with identifying, assessing, and monitoring the risks related to increasingly complex pandemicdriven arrangements, disruptive technologies, events, and regulatory environments, they must do so with smaller budgets, fewer people, in a remote working environments, and at an accelerated pace.
Considering all these, IA and IC functions need to review their delivery model to deliver greater value to their stakeholders. To do this, these functions must innovate and transform into an agile, multiskilled, and technologyenabled function. Failure to act will lead to enterprise risks outpacing the IA and IC’s skills and capabilities. Taking action, however, will position the functions to create and deliver value to their stakeholders.