Technology increased companies’ resilience and helped businesses survive the shock of the first months of the current crisis. But after those long months of lingering in the shadow of the global epidemic we can see that accelerated digital transformation has had its costs.
The rapid pace of new digital tool deployments changed the way companies organize internal and external processes and sometimes, because they were carried out on an emergency basis, it all happened too fast and caused serious problems.
The digitization of some areas has accelerated, but others are still waiting for transformation.
One of the areas that must go digital is the audit process. Many companies are aware of this, but the digitization of this complex area should be carried out based on specific assumptions and expected functionalities.
In this article, I want to present the audit trends of the near future. I will also show the possibilities offered by currently available IT solutions in this area.
The digital explosion
There is ample evidence that the digital transformation has accelerated. At C&F, we conducted a survey among companies and found out that more than half of them have implemented new digital tools due to the pandemic: apps to maintain business continuity (sales, logistics, customer support), tools and apps allowing for automatic work to save time and resources, tools and solutions allowing for digitizing further business areas.
So, the obvious aspects that affect business profitability and continuity were quickly digitized, which was justified by the needs that had to be met in the short term.
But at this early stage of the crisis hardly anyone took the auditing processes into account. And they are key to long-term profitability.
The landscape of how companies operate is changing as digitization continues. At the same time, sudden changes in the operation of companies entail the need for changes in other areas. An example of this is the rapid deployment of digital work environments that made remote work possible. This move contributed to maintaining the business continuity of many companies and keeping jobs. However, in many cases it caused serious security problems.
We weren’t prepared
As many as 60% of the managers who participated in our survey considered cyber security and data protection to be among the most important areas exposed to risks. And a Bitdefender study revealed that half of infosec specialists admitted that their companies had no contingency plan for any situation similar to the COVID-19 pandemic and a whopping 86% of them reported an increase in the occurrence of cyberattacks in recent time!
Audit of the future: a serious task
At the level of IT security, we will certainly adapt quickly. A much more serious task is faced by the audit, until recently a process in which technology did not play a large part.
The spring round of audits in companies this year was different than any other. Auditors — both external and internal — faced the need to carry out their tasks under unprecedented conditions of lockdowns, remote work, closed offices and limited access to documents.
The audit of the future will be digital. This will be forced by the current situation resulting from the consequences that the coronavirus epidemic has brought to business. After all, companies are undergoing major changes, someone has to effectively monitor the situation, assess risks and ensure that the company’s operations comply with the regulations (especially in the currently very dynamic world of the pharmaceutical industry).
Discussing the trends that will guide the development of audit in the near future, Gartner indicated that further developments in this area will have to take into account dynamic risk coverage, business risk partnership, built-in risk management, digital auditing (remote, continuous or forward-looking audits) and expertise-driven operational structure.
What I would add is that audit must be integrated into fully coordinated governance, risk and compliance (GRC) activities and information for all levels in any organization. Only when we are able to connect different dots in the organization in the area of audit, compliance and risk management, can we have the full spectrum of additional benefits, like a single version of the truth or process optimization.
Internal audit: what’s hot?
Every year, I look forward to the next edition of Deloitte’s Hot Topics for IT Internal Audit in Financial Services. The list of issues highlighted by Deloitte usually perfectly reflects the business reality. Its adequacy is particularly impressive in this recent edition:
1. Cyber Security
2. Operational Resilience
3. Cloud Governance and Security
4. Extended Enterprise Risk Management
5. Transformation and Change Assurance
6. Digital Risk
7. Data Governance
8. IT Strategy and Governance
10. System Development
It is also difficult to disagree with the opinion presented by Deloitte:
A deeper digital transformation and the use of data-driven auditing will not be merely required by Audit Committees as a nice-to-have, but in our view would be core for the development of a resilient and a high functioning function of the future.
We are already there!
What may be surprising is that digital tools to carry out digital audits and manage governance, risk and compliance already exist.
Their functionalities include, or rather should include (among others):
- instant reports to manage all audit processes
- tools designed to ensure that compliance needs are met
- efficient evidence gathering
- document approval and information flow as part of a robust workflow process
- centralized company risk management with instant reporting
- quality management
- personal information (GDPR) management to ensure compliance with the GDPR
If you haven’t done so already, it’s worth starting the process of moving your audit into the digital future. Technologies and ready solutions are at hand. As an expert experienced in this field, I would be happy to elaborate on this topic if you would like to discuss it.