Learn how data analytics and robotic process automation is helping change internal audit’s functions, to stay ahead of the competition.
According to Paul Holland, Technology Director KPMG in the UK, "Data analytics and new technologies such as machine learning, natural language processing and robotic process automation; are changing internal audit’s (IA) required capabilities. But, the road to ‘robotics’ is not free of obstacles".
The application of data analytics to understand risk and ensure compliance is well understood. But, as the capabilities in organisations grow and the technologies they can deploy evolve, IA has a crucial role in delivering the right solutions effectively.
It’s a two-way street. The risk management and oversight functions are seeking out more granular and timely information about operations. Front-line management want the kind of analytical and risk-based insight that has previously been located in IA and related functions.
Organisations should take a systematic approach to analytics, using four key anchors of trust:
IA will be a critical part of a wider system for trusted analytics as long as it can provide trust in the enterprise’s new approaches to monitoring risk and performance.
There will be cultural resistance to this kind of change. Much rests on trust in data and technology, which grows as we move down the generations. Younger executives typically have a different vision on how technology can help define approaches.
The barrier is not a technical one, nor even exclusively cultural. It’s often financial. Managers in IA, and more widely, want machines to handle workflows and analysis – but delivering that innovation requires significant investment. Making the financial case to justify investments to manage risk can be tough, especially in sectors that lack a clear “role model”.
Each organisation will reach its own tipping point. Maybe wholesale change to core systems opens the door. Perhaps it’s a shift in structure or culture or a third party arrives with a solution in a box.
We help clients automate risk and performance monitoring, and create alerts and reports. We monitor validation activities and track matters to closeout. (We don’t want to blow our own trumpet but, according to Forrester Wave: Insights Service Providers report Q1 2017: “KPMG has cracked the code for balancing business and technology expertise.”
At the very least, new solutions need to allow IA to focus on the quality of audits – one thorough analysis is better than three flabby ones – and sensitivity to the business, which is changing more rapidly than ever.
It’s not just about the ability to use or evaluate new tools. IA needs to calibrate its contribution to the business against what a machine can do – right now – in the same areas. In general the IA profession has been slow in picking up data analytics and it now has the responsibility to ensure this doesn’t happen, as new technologies become available.
New forms of risk assessment and controls powered by analytics are going to be embedded in front-line operations. IA’s role will increasingly include auditing those systems. We have already seen cases where analytics simply rolls IA capabilities forward, from third line of defence, to second and first line.
However, even with all the new capabilities emerging, we caution against going from A to Z in one step. IA should embrace the evolution – dispense with as much of its menial work as possible and deploy data and technology to automate controls and risk management.
This is about opportunities for IA to lead the strategy in the organisation and help the audit committee and board imagine the future – and to take brave steps to keep ahead of the competition.
Find out more by reading the summary of Forrester Wave report into Insights Services Providers.
© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.