3. Internal Audit Operations
To keep up with dynamic and ever-changing business environments that create new
risks and increase exposure to existing risks, the internal audit department needs to
take a small-speedboat approach that allows it to alter course quickly rather than a
battleship approach that can’t shift direction in a timely fashion. Many internal audit
departments already use the small-speedboat approach, refreshing their annual risk
assessments and audit plans repeatedly throughout the year.
Completing an audit plan has always been a challenge, with stakeholders and events
redirecting and straining resources. Internal audit now also must deal with strict and
expansive regulations around the world, such as the U.S. Foreign Corrupt Practices
Act of 1977 (FCPA) and the U.K. Bribery Act, which require greater vigilance from
organizations doing business abroad on matters of fraud, bribery, and other crimes.3
Leading internal audit departments are investing in proactive approaches to fraud
prevention, such as automated real-time fraud risk assessments and monitoring,
data analytics for early fraud detection, and fraud awareness training throughout the
organization.4 Most departments, though, need to make better use of specialized
technological tools that compress manual efforts and provide real-time data analysis
to facilitate work streams, collaborative efforts, knowledge exchange, and work
mobility. Many governance, risk, and compliance (GRC) tools are not up to date, and
new niche solutions usually don’t integrate well with other solutions.