The impact of digital technologies on internal audit

January 2017

On 21-22 November 2016, members of the European Audit Committee Leadership Network (EACLN) met in Berlin. In one session, they were joined by Jonathan Blackmore, Senior Partner and EMEIA advisory risk leader at EY, and Hans Winters, Chief Audit Officer at Siemens, for a discussion about the ways that technological innovation is changing the internal audit function.  

In conversations before and during the meeting, members and guests discussed three main themes regarding the impact of digital technologies on internal audit:

  • Business transformation complicates internal control and risk management
    Digital advances in areas such as mobile and cloud computing, automation and artificial intelligence are transforming the way companies do business, creating a new landscape of internal controls and risk management.  Large-scale digital platforms are changing business processes from end to end, and the boundaries with customers and business partners are becoming blurred.  These developments are shifting control points across organizations and demanding more proactive approaches from internal auditors.

  • Digital technologies both strengthen and challenge internal audit
    Digital technologies such as robotic process automation and advanced analytics are also helping internal audit improve its performance.  They allow internal auditors to test an entire population rather than just a sample of transactions, and they can lead to significant cost savings by automating rote tasks.  They also allow the internal audit staff to focus on the tasks that require human judgment, deepening insight and enabling internal auditors to provide better advice on business processes as well as improved auditing.  Achieving these benefits, however, will require new skills and more flexible approaches to audit planning.

  • Audit chairs are concerned about both innovation and assurance
    Audit chairs want the internal audit function at their companies to understand and utilize new technologies and techniques.  They want chief audit executives (CAEs) who understand the tools and resources required and how these should be integrated into the function and the broader organization.  But audit chairs also want to maintain the integrity of assurance, which could be jeopardized as new technologies cause the three “lines of defense” in assurance – line management, compliance and risk management and internal audit – to encroach on each others’ responsibilities.  Collaboration among these lines of defense is important, the guests said, but the independence and objectivity of internal audit must be maintained.