Internal auditors are learning to make better use of technology, but there’s still plenty of room for improvement, according to the latest report from the Institute of Internal Auditors.
The IIA’s global 2015 Common Body of Knowledge survey for internal auditors found nearly 40 percent of audit departments worldwide are getting their arms around technology at what they consider to be either appropriate or extensive levels. However, the study also found only one in 10 internal auditors entering the profession globally has education in information systems or computer science.
That means the internal audit profession faces “vast opportunities and challenges,” said Richard Chambers, president and CEO of the IIA, in a statement. The report “offers an important look at where we are as a profession, our strengths and weaknesses involving technology, and how our skills are adapting and developing.”
The report says, for example, the use of software tools for data mining increased 14 percent among survey participants from 2006 to 2015, yet fewer than four of 10 chief audit executives say their use of technology is appropriate or better over time. The report also shows big differences by region. In North America, only one in 10 internal auditors say they rely on manual audit processes, while 3 in 10 report such reliance in SubSaharan Africa and East Asia and Pacific.
In addition to survey results, the report also offers some food for thought for internal audit shops. What new technology-based applications has your audit shop used lately? Do you have capital funds to acquire technology? Do you have sufficient IT skills to address the organization’s use of technology? Do you have plans to address “big data?”
“Ultimately, the goal for internal audit’s use of technology is to evolve in step with the business, using technologies that will, at a minimum, allow you to effectively audit the disparate business infrastructures while also beginning to creatively innovate to stay a step ahead of the real-time pace of technology advancement,” the report says.
The IIA released the report at a joint GRC conference with ISACA, the association of information systems and audit control professionals, where the agenda focused heavily on technology issues, including cyber-security. In a separate report, the IIA said internal auditors need to help bring a more comprehensive approach to cyber defense. “It is shortsighted and potentially dangers to focus solely on keeping cyber invaders out,” the IIA advises in its report. “It’s not a matter of if there will be a breach, but when. And that means organizations must create a holistic approach to cyber-security to be truly prepared before, during, and after am attack.”