Navigating Chaos: Internal Audit Perspective



Agile Assurance and the Pace of Change

The great British statesman, Benjamin Disraeli, stated that “Change is inevitable. Change is Constant.” This was true in the 19th century during the heart of the First and Second Industrial Revolutions in Disraeli’s day and has grown exponentially pertaining to the context of an increased rate of change in the heart of the Fourth Industrial Revolution with today’s Digital Economy. 

Gone are the years of simplicity in business. Exponential growth and change in risks, regulations, globalization, employees, distributed operations, competitive velocity, technology, and business data encumber organizations of all sizes. Keeping this risk, complexity, and change in sync is a significant challenge for boards, executives, as well as internal audit professionals. This challenge is even greater when an internal audit is still operating as if it was in the Third Industrial Revolution. Internal audit professionals should understand how to keep up with the pace of change and provide assurance in a new world of uncertainty and continuously changing business, risks, requirements, and regulations. 

Organizations that fail to evolve their audit in today’s environment will increasingly position themselves at a competitive disadvantage to those that can provide combined assurance to management and continuous monitoring of controls in their environment. In a combined assurance setting, internal audit and the other assurance providers work together to 360° contextual awareness/assurance in their organization. Audit needs to adapt and evolve or else the organization risks: 

Organizations need combined assurance in today’s dynamic business environment. The internal audit department should have a complete view of what is happening in the context of change. Contextual awareness requires that the internal audit organization act as a central nervous system to capture signals found in business systems, user accounts, processes, data, and transactions. By doing so the organization knows pivotal details and can quickly remediate risk to improve performance. It also needs to capture changing business and risks for interpretation, analysis, and holistic awareness of controls in the context of risk and compliance.