The unconventional path needs the changing role of the auditor and the internal audit function amid today’s headwinds. As far as Internal Audit is concerned, time reckons it needs a cross-functional approach by working in consulting and various functions across banking including organization, human resources, risk management, and compliance internal audit. Training, in particular, has played an important part in both the Head of Audit & ICC and the development of those around him. Multi-disciplinary experience of the Head of Audit & ICC provides a horizontal view of the banking business, which it should believe is quite helpful in becoming a Head of Audit & ICC.
Emerging risks and evolution of the risk landscape: Emerging risks are becoming quite material for banks today. As this continued evolution of the risk landscape is underway the role of internal audit changing for banks. The risk landscape has changed dramatically over the last decade, especially since the COVID-19 pandemic. All these aspects of digitalization; innovation of new products and services; technology; market competition; environmental, social, and governance (ESG); geopolitical conflicts; and more not only represent new risks but also require a completely new perspective and, therefore, a change of mind in approach. Given the frequency and impact of these risks, the internal audit function must be proactive and adapt faster, with a permanent anticipatory mood. The traditional and static audit life cycle is no longer adequate. Stakeholders including the board, employees, regulators, and investors expect timely assurance as to how banks will react to mitigate these risks. It should think about an internal audit function that plays a leading role in the bank and should be the shape of strategy for the future. The complexity and the interaction of different risks are proving to be bigger themes. Also increasing the importance of the audit’s role, transversal view.
Internal Audit is a function with a wide view across the bank. It should provide an independent, timely, and complete view of the effectiveness of the controlled environment, rooted in a dynamic and analytical operating model. The aim should provide stakeholders with a safer run and a well-understood operating environment across the group. Delivering transparency to the board, insight to the business and company, and a compelling proposition to talent in audit are what should aim for. For example, who on earth, if not an internal audit, can provide the board with a holistic and critical view of the execution of all the projects connected to an ESG strategy that, by definition, crosses the bank?
The necessity of transformation of the audit: Starting point was the traditional audit model. With a natural love for innovation, as foresee leapfrogging from the past to the future. It needs to design a path with a clear view of best-in-class audit practices around the world. With insights-driven data, it is hoping to change the position and the perception of the internal audit of the bank across all stakeholders and also in the market to be attractive to talent.
It has methodologies that were backward-looking and not reactive enough. Therefore, it should seek a blueprint that would help the board’s steering capabilities, drive value for the bank, and align with the business. This is why needs reassessing the audit framework entirely and moving toward an unconditional transformation journey may be made of four pillars: promoting a dynamic risk assessment process, using predictive analytics for more timely intervention and with a forward-looking approach to risks and unexpected events; Building up our dialogue with business through a convincing audit execution, driven by risk and data; improving the follow-up and reporting process, granting the best and most appropriate remedial action; with the aforementioned pillars leading to a dynamic and continuous audit approach, fastened by a close synergic approach with the bank’s chief data officer and chief information officer.
Meanwhile the beginning, we knew that change within the audit function was necessary to manage, if not anticipate, future risks and help businesses manage those risks. It is seeing tangible results in efficiency and effectiveness, which is touching all parts of the bank. While still in the early stages, it may get the success it may hope for. The results may encourage us to challenge further to continue down the path of delivering positive results. “Four pillars” transformation strategy that builds each other. Many of these initiatives require close collaboration with other functions that can directly benefit human resources, information technology, data and modeling, and other second lines of defense. Nevertheless, it can build a future-proof internal audit function. The final key to success is the ability to keep stakeholders updated on the progress made and the benefits obtained.
Data and analytics and benefit the audit function: Digital data analytics and artificial intelligence (AI) are improving our day-to-day life outside of the bank and within the internal audit function. It may convince that data analytics and AI are the most powerful enablers to foster the vision. Predictive analysis will also enable early detection of underlying risks. It is beneficial to redesign audit processes with better data, but it can’t be forced. Building a data culture is something that can benefit the entire function. As a look across audit transformation, data helps extensively in four areas: risk assessment, dynamic audit planning, risk-driven audit execution, and reporting. In such a way, many of the solutions that will deliver are prototypes that are not consolidated, but their accuracy and predictive power will surpass the previous ones.
Retain the right skill sets within the audit function: Skills and people are the enablers of strategy, with technical competencies remaining ever-important. As risks have evolved, so too has the need for soft skills, with a risk-focused mindset for flexibility, agility, and speed, to drive transformation efforts. Auditors should ask themselves, “What could go wrong?” While the question appears quite simple, the answer is the core of the job since it helps foresee risks connected to the processes. Communication skills are a powerful tool in the path to changing the perception of internal audits across the bank. Only with clear communication, it can explain and effectively validate value with stakeholders. This constant and constructive communication of risks is instrumental in the ability to add value to the business and across the organization.
The biggest challenge in the transformation: Primarily, the injection of technology and advanced use of data in the processes may be the biggest challenge. Then it may observe the biggest challenge is cultural change. So it needs integration of existing staff with new team members, it may require the breaking of some rigidity through the change management process, and it may need to strive to create a place where each colleague can learn and grow as a person and accomplish something meaningful. Integrating people with different backgrounds belonging to almost five generations from boomers to Generation Z—in a changing working framework is proving to be tough but also exciting.
Concluding thoughts: Stepladders should consider i.e. Become agile and dynamic (Flexibility must be designed into the function because the future remains highly uncertain. The task is to be predictive and proactive against the next disruptions, whether it’s a liquidity crisis, capital shortage, power outage, or cyber-attack; and be ready to operate amid such disruptions in a proactive versus reactive manner); To Face forward (Pivot to a more forward-looking view of organizational activities, strategic decisions, and risks. Use data analytics and cognitive technologies to provide insights (advice) and foresight (anticipate) to pinpoint the key risk considerations); Adjust the talent model (To make the most of the fact that this is a great time to be in Internal Audit. Seize this moment to not only further upgrade capabilities but also to transform the function into a talent magnet and career springboard. Anyone seeing this
as farfetched may be viewing the function in outmoded “policing” terms); To align the lines of defense (Assist the first and second lines of defense in enhancing synergies to improve efficiencies and rationalize oversight and execution processes. This means helping to translate the compliance modernization strategy risk appetite, risk tolerances, desired risk profile, and desired conduct into operational reality and to calibrate those roles). However, the overall challenge is the same on all fronts, get comfortable with discomfort and learn to dance with disruption.
