Entities are exposed to increased complexity, accelerating change, data proliferation and new risks. Along with the perceived value of Internal Audit, these factors intensify the importance of Data & Analytics (D&A) for Internal Auditors.
How can my Internal Audit function add more value to business? Can my Internal Audit function be more efficient at a lower cost? Can my Internal Audit activities include a quantitative focus that is less subjective? How do I automate internal audits? How do I get value from the compliance agenda and shift beyond compliance?
D&A itself is not a new concept, but its appeal continues to rise. Whereas traditional Internal Audit involves manually identifying controls and sampling to measure control effectiveness, D&A enables audits that are more focused on risk-based data gathering and a more efficient analysis of a larger population.
It therefore comes as little surprise that the importance of D&A was rated high (at 78%) in our 2015 survey. If implemented properly, D&A can help an Internal Audit function simplify and improve the audit process to protect and create value. Increasing audit coverage was rated the number one objective to incorporate D&A and identifying additional insights a close second. Interestingly, reducing audit costs was the lowest ranked objective, though still rated as important. An analysis tool and set of routines were rated as the most important enablers to incorporate D&A and in our opinion reflects the maturity profile of functions embarking on their D&A journey.
Against the relative importance of D&A, the average effectiveness of incorporating D&A was rated lower at 46%. This is further evidenced by 60% of respondents who indicated that they are not effectively incorporating D&A in Internal Audit. This acknowledgement by respondents shows that more needs to be done. Positively, the survey shows that most Internal Audit functions have started to lay the foundation with 77% incorporating D&A on an ad-hoc basis. Based on the responses received, the proportion of audits leveraged by D&A is estimated at 28%, suggesting most functions are not realizing the full potential of D&A.
To do more, it is critical to recognize and address the barriers to successfully incorporating D&A. Historically, there have been a number of challenges preventing internal audit functions from effectively incorporating D&A. The primary barrier we see, confirmed through the survey, is data quality & availability, often due to poor planning. A structured Request, Transform & Load (RTL) process is needed to overcome this barrier.
Considering other barriers, the difficulty of perceived benefits & management buy-in; skilled resources; ability to translate data to insights and funding have also been rated as high.
Most functions appear not to have considered D&A in relation to their internal audit methodology, evidenced by the inconsistent use of D&A during planning, fieldwork and reporting stages. 27% of respondents currently incorporate D&A during the planning phase and 15% during the reporting phase.
The barriers to D&A can be overcome by defining a business case for D&A and actions to advance enablement towards the desired end state. There are tremendous benefits when successfully incorporating D&A for Internal Audit and the current climate creates an ideal opportunity for entities to evolve their Internal Audit functions to embody D&A.
D&A is indispensable for world class Internal Audit functions helping to reduce risk, identify efficiencies and drive cost benefits. Internal Audit functions without a D&A capability, risk becoming redundant. Our 2015 survey offers insights that Internal Auditors can use to compare their functions and focus their efforts as they continue their journey towards repeatable and sustainable D&A.
© 2018 KPMG Central Services, a Belgian Economic Interest Grouping ("ESV/GIE") and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved.