Internal Audit’s Technology Aversion is a Thing and it Needs to Go
In this, the Age of Data, technology and auditing are a match made in heaven. Between data mining, predictive analytics, fraud detection, and cybersecurity, it’s as if the top internal audit technology was designed to address the new challenges and opportunities facing the profession.
Yet why are internal auditors so reluctant to adopt new audit technology into their practice? And why is there a skills gap when we look at internal audit’s relationship with technology?
In this article, we’ll be looking at some of the key reasons internal auditors don’t adopt new technology into their practice, and why they should change their tune.
Are internal auditors scared of technology?
First of all, is the internal audit function actually technology-averse, or is that just a pervasive myth?
An exhaustive RMIT research report on the adoption of audit technology in audit firms (published in 2013, but covering tech trends that persist in auditing today) suggested internal audit is slower to adopt technology than other business units. Further, it found that 50% of auditors had never used computer-assisted tools with the exception of – you guessed it – electronic spreadsheets. This syncs up with another report finding: where audit technology is adopted, organizations tend to focus on “the less advanced applications.”
When report authors looked at employees’ skills and capabilities at implementing audit technology in their work, they found the audit technology-related competencies of auditors were “at low to average level.” This wasn’t the case at medium to large firms, where researchers uncovered more audit assurance and IT services for advanced audit but found auditors were still viewed as late adopters.
This is troubling because auditors are already having a hard time communicating their business value to executives. Where’s the link between technology and the value of the audit function? Audit technology enables internal auditors to improve their own efficiency. More critically, it enables them to better communicate internal audit’s credibility and value to executive stakeholders. And that’s something technology-averse internal auditors are having a hard time accomplishing.
Internal auditors don’t use tech to demonstrate their value
A recent KPMG report found those inside and outside of the audit function see the value of internal audit very differently. A confident 85% of internal audit professionals surveyed said they believed internal audit provides “insight into efficiency and effectiveness across the organization.”
Strikingly, only 10% of executive stakeholders said the same thing.
This means a majority of internal auditors believe their output is essential to the organization, a barometer of overall organizational health, and a key component of continuous improvement. It also means nine out of 10 executives don’t see it that way at all.
The report also examined the ways internal auditors can develop their strategic role within an organization. Chief among them: recognizing the importance of leveraging technology to provide deeper insight into the business. Auditors aren’t effectively communicating their value to leadership, something that is easily accomplished with good internal audit technology.
Technological challenges need technological solutions
Of course, there’s more to internal audit technology than simply demonstrating value in the organization. The more data analytics, Big Data, the Internet of Things, cybersecurity, and AI become commonplace in business, the more obvious the alignment of audit and technology becomes.
Yet with the value of technology apparent across all business lines including internal audit, and with larger companies adopting tech at a much higher rate than small organizations, why are internal auditors traditionally the slowest to adopt technology into their practice?
Interestingly, it’s not an inability among auditors to see the value of audit technology. The RMIT report noted that most firms participating acknowledged the benefits of technology in performing auditing efficiently, reducing mistakes, and increasing audit productivity. Further, auditors questioned didn’t find audit tech tools – which they also labeled as “cost-effective” – hard to comprehend or learn.
So, let’s get this straight: auditors are slow to adopt audit technology more advanced than simple spreadsheets, but they acknowledge the benefits of such technology in enabling them to do their jobs better and they don’t find these apparently cost-effective tools hard to understand? What’s at play here?
Internal audit’s Cerberus: risk, uncertainty, and change
To find answers to that question, we can look to a very telling nugget in the report: “Nevertheless,” it notes after detailing all of the advantages of audit technology that auditors themselves observed, “the auditors were unsure whether the technology would be appropriate and compatible with their existing audit practices.” Another Rutgers report on technology in audit engagements noted that some auditors did not use sophisticated tools because they “believed that they could get the same evidence with the traditional audit.”
Now, auditors are known to be change- and risk-averse. That’s not a criticism of the profession, nor is it meant to suggest auditors relish doing things the way they have been done. Rather, it is a testament to the fact that auditors take their work and what they do very seriously.
Organizational change always upsets the waters of risk, and risk management and mitigation are at the heart of what auditors do. It is understandable that an auditor is reluctant to play around with technology and process when the ripples of change will invariably recalibrate their risk landscape. But you needn’t look further than any other business activity to find that traditionalists who insist on doing things the way they have always been done are quickly left in the dust by competition that leverages ever-improving tech tools to do their jobs more efficiently, effectively and profitably.
Which brings us to the old return-on-investment question.
ROI and risk have a complicated relationship
When it comes to determining the payback of technology such as audit data analytics tools, traditional technology ROI models just don’t apply well. Risk is so central to the role of an auditor. But risk itself is a fickle mistress, rife with uncertainties and intangibles, making firm ROI all the more elusive.
Organizational risk covers what went wrong and how it went wrong, as well as what might have been and what might be, and what to do to prevent it. From brand damage to costly fines and noncompliance, risk can account for the biggest line items on a corporate ledger. Risk management could be thought of as the preventive care an organization takes to ensure its vitality and sustainability. But when things go right – i.e. when identified “risks” are minimized and averted – the resounding success of not having failed doesn’t exactly reverberate across boardroom tables.
In other words, the cost savings associated with what didn’t (or won’t) go wrong isn’t incorporated into ROI assessments of audit technology.
The changing nature of the workforce
Auditors are also facing a change most organizations are dealing with today: the demographic shift of the global workforce. Veteran auditors continue to enjoy careers that are lasting longer than they used to in this, the age of 100-year lives, as Deloitte’s recent Global Human Capital Trends report outlines. This occurs just as a younger, excited, and, yes, tech-savvy cohort of millennials outpaces Boomers and Gen Xers as the largest segment of the workforce.
While auditors among the aging workforce have a wealth of invaluable experience and institutional knowledge, they grew up on analog and have only gradually transitioned to a digital in the workplace. Millennials, conversely, were raised in a digital world and live and breathe apps, devices, and connectivity. Seasoned auditors prefer to stick to familiar processes while fresh faces are eager to leverage tech. When it comes to adopting audit technology, this incongruity tends to favour the experienced, but as the Human Capital Trends report authors suggest, as workers continue to stay on the job longer, organizations have a great opportunity to turn advancing worker age into a competitive advantage, but it will take marrying the best of the old and the new and unlocking the combined power of experience and technology.
Robots are not taking your jobs
The discrepancy between the technological aptitude of the entering and aging workforce is the source of another anxiety among established auditors: the idea that adopting new audit technology is the death knell of their careers – that they’ll face obsolescence once executives see audit technology as faster and more efficient than auditors themselves.
The fear is understandable, yet baseless.
The Institute of Internal Auditors’ (IIA) 2018 Pulse of Internal Audit Report collected information from hundreds of auditors to assess the state of the profession. Of 16 audit skills listed, data mining and analytics were identified as the skills most in need of additional training at 67%. Next were cybersecurity and privacy, both risks and themes the report has singled out for years now. Following that, automation, signal detection, and AI. In the KPMG report on risk and internal audit mentioned earlier, digitization, IoT, and Industry 4.0 are all identified as top risks to consider in the profession right now.
Data analytics. Data mining. Cybersecurity. Automation. AI. IoT. What do all these things have in common? They are linked to technology and managed with it. They are also central themes of the audit of the future; a future where “companies that fail to anticipate or adapt to new technologies risk being blindsided by a sudden shift in market perceptions and falling valuations,” as noted in Bain and Company’s recent look at tech tipping points.
Technology and internal audit are now inextricably linked and shall forever remain that way.
Don’t stop learning
A few years back, IIA President Richard Chambers once listed lifelong learning as one of the seven characteristics of a virtuous internal auditor. In her assessment of the “technology revolution” at hand, Internal Auditor Editor Shannon Steffee noted that while auditors with IT experience are still in high demand, “they continue to be hard to find, afford, and retain.” And a recent World Economic Forum (WEF) article noted that an aging workforce actually represents a massive opportunity for organizations at this time crossroads.
Contrary to the fear-fueled notion that audit and technology are at odds and the latter will render the auditor’s job obsolete, technology stands only to make audit prosper. If auditors want to understand the relevance of their role with technology, they need to paint a picture of what their jobs look like without it.
Paul Leavoy researches and writes on internal audit technology for CaseWare IDEA.
EXCLUSIVE WEBINAR: Learn what internal audit technology looks like from the C-Suite perspective by attending Optimizing Audit Technology: Perspectives from the C-Suite, our exclusive webinar with former CAE-CFO-CEO Michael Cangemi and CaseWare IDEA Industry Strategist Brian Element. Register today.