THE CHANGING ROLE OF INTERNAL AUDIT AND ADDED VALUE TO THE COMPANY

Abstract

Over the past few years, internal audit has re-positioned itself as an influential function within a company, identifying key risks and taking an advisory role to decision-makers, and thus creating added value for the company. This new importance was heightened by the global Covid-19 pandemic and its effect on the economy, the challenging labor market, the events causing disruption to many processes and creating substantial risks.

The study raises a problematic question: what internal audit activities and how do they add value to the company?

The aim of the study is to reveal the changing role of internal audit in creating added value and to provide recommendations for its increase.

Research methods used: analysis and systematization of scientific and normative literature, logical analysis, analysis, comparison and generalization of practical experience of the world's most famous audit companies are used to reveal the functions of internal audit, their changes and creation of added value for the organization. To reveal the changing role of internal audit, research over a 20-year period and insights from recent audit practices are reviewed.

The International Standards for the Professional Practice of Internal Audit provides and researcher uses the following concept of internal audit in this paper: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (IIA, 2017). The internal audit activity adds value to the organization (and its stakeholders) when it provides an objective and relevant assurance and contributes to the effectiveness and efficiency of governance, risk management, and control processes.

Traditionally, the internal audit function focused on providing core assurance around business process risk and controls. These responsibilities translate directly into an expectation that internal audit provide assurance that key risks are identified and managed effectively. However, increasingly, management and shareholders' expectations extend beyond this core assurance role in search of greater value — in effect, a greater return for the organization’s internal audit investment. As context for this expanded expectation is a  focus on creating added value in an uncertain and often challenging business climate.

The results of the study show that although the functions of internal audit have traditionally remained the same (assurance and consulting activity), their content has changed significantly since the global Covid-19 pandemic.

With increasing market volatility and complexity, internal audit is being asked to deliver deeper insights and value beyond assurance, particularly in the areas of strategy execution, emerging risk, and increasing the use of analytics.

The investigation showed that the main risks that should focus an internal audit and are: Strategic risk; Cybersecurity and data governance risk; Culture, conduct, and compliance risk; Human capital management risk; Sustainability risk.

Developing strong competencies to understand, evaluate these risks is vital for an internal audit team as a means of providing additional value to the stakeholders. Pandemic-related risks and threats drove internal audit to rethink their approaches. The results of research illustrate the increasingly integrated role of IT internal audit leaders are assuming in regard to technology initiatives in their organizations.

As shown by the analysis of the practical experience of the world's leading audit companies and of the scientists' opinions, as a result, such internal audit trends have emerged and innovative techniques have been introduced: artificial intelligence, diagnostics tools, bespoke analytics solutions, soft controls and company culture, a holistic approach to third-party risk management.

The proposed next-generation internal audit model includes three key components (governance, methodology, enabling technologies) and the elements that ensure their operation. Governance component includes: internal audit strategic vision, organizational structure, human resources management, aligned assurance; methodology component includes: continuous monitoring, high-impact reporting, agile audit approach, dynamic risk assessment; enabling technologies component includes: artificial intelligence, machine learning, process mining, automation, advanced analytics. Applying this next-generation internal audit model could provide companies with the greater added value that stakeholders expect from internal audit.