How internal audit can make better use of technology

A constantly expanding set of technological tools presents rapidly increasing opportunities for internal auditors to provide value to their organisations.

While internal auditors have increased their use of these tools over the past nine years, many of them are not taking full advantage of the opportunities presented by technology, according to a new survey report.

Just 38% of chief audit executives (CAEs) say their organisations are using technology at an “appropriate” level or higher, according to the 2015 Global Internal Audit Common Body of Knowledge survey report from The Institute of Internal Auditors Research Foundation.

Nearly one-fourth (23%) of CAEs said their organisations rely primarily on manual systems and processes in internal audit. The report reflected the findings of a survey of more than 14,000 internal audit practitioners in 166 countries and territories.

Electronic workpapers are internal audit’s most commonly used IT tool worldwide, with 72% of respondents reporting at least moderate use. Other common technological tools for IT include:

• A software tool for data mining (53% report at least moderate use).
• An automated tool for data analytics (53%).
• An automated tool to monitor and track audit remediation and follow-up (52%).
• Flowchart or process-mapping software (52%).

Use of many of these tools has increased in recent years. Respondents reporting at least moderate use of software or tools for data mining are up 14 percentage points from 39% in 2006. Also up from 2006 are those reporting at least moderate use of flowchart or process-mapping software (up 9 percentage points from 43%); electronic workpapers (up 7 percentage points from 65%); and continuous real-time auditing (up 7 percentage points from 37%).

To take advantage of these tools properly and stay a step ahead, the report suggests that internal auditors consider:

• What new technology-based applications their organisations are using and whether internal audit has deployed new technologies of its own to make sure it can effectively audit the new systems.
• Whether internal audit has enough funding to acquire the technology needed to properly audit the organisation’s systems.
• Whether internal audit possesses sufficient IT technical skills.
• How internal audit plans to address the Big Data, both structured and unstructured, that is important to the organisation.
• Whether there are any organisational applications or processes that take place entirely in the computer – such as the computation of interest charges on loans – and if so, how those processes are audited.
• What types of software internal audit needs to make audits more efficient and effective.

The full report is available for download.

—Ken Tysiac (ktysiac@aicpa.org) is a CGMA Magazine editorial director.