Business colleagues looking at laptop

10 plays to strengthen your internal audit function

Related topics

Ten strategies to enhance internal audit functions using data analytics, real-time reporting and flexible talent management.


In brief
  • To stay relevant, internal audit functions must integrate advanced technologies and flexible workforce strategies to enhance operational effectiveness.
  • Regularly updating the audit universe and employing data-driven risk assessments help organizations swiftly address new and emerging threats.
  • Embracing automation and AI in auditing processes boosts team agility, improves accuracy, and fosters informed decision-making for better outcomes.

Special thanks to the following contributors:

  • Megan Turner, Partner — Consulting, Risk Consulting, CNS – Risk – Process & Controls, Ernst & Young LLP
  • Scott Montmorency, Senior Manager, Business Consulting, Ernst & Young LLP

Internal audit functions must adapt with data analytics, real-time reporting and flexible talent strategies for effectiveness.

In an era of rapid technological advancement and evolving business landscapes, internal audit functions must continuously adapt to remain effective and relevant. Organizations are increasingly recognizing the need to rethink their audit strategies to better manage risks and enhance stakeholder communication. By leveraging data analytics, implementing real-time reporting and embracing flexible talent strategies, internal audit can significantly improve its operational efficiency and resilience.

These 10 considerations can drive ongoing improvement, positioning organizations to be better equipped as they navigate the complexities of today’s dynamic environment:

1.Talent strategy

A robust talent strategy is crucial for aligning internal audit functions with emerging technologies and a multigenerational workforce. By conducting skills assessments, organizations can identify gaps in capabilities and address them through targeted training programs that facilitate the adoption of new technologies. Additionally, revising talent acquisition strategies helps attract individuals with the necessary skill set. Promoting flexible work arrangements accommodates diverse work-life balance preferences, enhancing employee satisfaction and retention.

 

2. Audit universe

Conducting a “blank sheet of paper” audit universe refresh every three to five years is crucial for maintaining relevance and comprehensiveness. This approach helps identify new and emerging risks, keeping the audit universe attuned to current priorities. It eliminates outdated or redundant areas, optimizing resource allocation. Periodic refreshes also adapt the audit universe to changes in the business environment and regulatory landscape. This method enhances objectivity and fosters continuous improvement, encouraging regular re-evaluation and enhancement of audit practices.

 

3. Risk assessment

A robust risk assessment approach is essential for effective risk management. Leveraging data-driven methodologies drives precise insights. Integrated activities and reporting streamline information flow, providing stakeholders with up-to-date risk information. This enables timely risk coverage, allowing quick identification and response to emerging risks. Combining risk assessment with reporting empowers informed decisions. Overall, this enhances risk management effectiveness, leading to robust risk mitigation strategies and better protection of organizational assets.

 

4. Cyber and resiliency

Re-evaluating the approach to auditing cyber risks and resiliency in third- and fourth-party relationships drives comprehensive risk coverage. This thorough assessment of external partners identifies potential vulnerabilities and strengthens overall cyber resilience. A revised audit approach improves compliance with cybersecurity regulations. Regular re-evaluation enables proactive risk management and fosters stronger partnerships through transparency and collaboration on cybersecurity practices.

 

5. Audit coverage

Audit coverage works best when it aligns efforts with risk levels. Defining various audit response mechanisms tailors approaches to specific risks, which facilitates more relevant coverage. This comprehensive management addresses strategic and operational risks. Diverse mechanisms optimize resource allocation, focusing on high-risk areas. Varied responses enhance flexibility, adapting to changing risks. Clear coverage and diverse mechanisms reassure stakeholders, boosting confidence in risk management practices.

 

6. Reporting

Effective audit reporting provides stakeholders with current information on audit findings and risk assessments. Real-time reporting enhances decision-making with the latest data and increases transparency, fostering trust, while near-real-time reporting supports proactive risk management by identifying and mitigating risks early. Streamlining the reporting process improves efficiency and helps maintain regulatory compliance, demonstrating a commitment to high standards of governance and accountability.

 

7. Data analytics

Empowering audit teams to use data analytics enhances their ability to analyze data, identify trends and uncover insights, facilitating thorough audits. Decentralizing these capabilities increases agility, allowing quick responses to emerging risks. Providing tools and training fosters skill development and professional growth. This approach improves efficiency, reduces reliance on a centralized team, and results in more relevant and actionable insights.

 

8. Automated testing

Leveraging existing process, risk and control inventories to build and implement automated tests increases audit efficiency by streamlining the process and reducing manual effort. Automated tests enhance accuracy by limiting human error, leading to consistent and reliable results. They also enable real-time monitoring, allowing timely detection and remediation of issues. Automated testing is scalable, covering more processes without increasing resources. Additionally, it generates data-driven insights, informing strategic decision-making and improving risk management effectiveness.

 

9. AI for enterprise

Understanding the role of artificial intelligence (AI) in the organization enhances enterprise intelligence. Involvement in AI governance creates oversight. Conducting AI framework and governance audits, along with system audits and product reviews, helps to generate AI solutions that align with organizational goals and regulatory standards.

 

10. AI for internal audit

Developing an AI strategy for internal audit creates alignment with organizational goals, expanding the impact of AI applications. This strategy helps identify and prioritize high-value use cases, focusing resources on areas with the greatest ROI. Establishing a structured approach to assessing ROI provides a framework for evaluating benefits, costs and risks, enabling informed decision-making. Assessing ROI improves resource allocation, investing in high-return AI projects. Continuous monitoring and evaluation refine AI applications, driving sustained value and relevance.

 

The views reflected in this article are the views of the author(s) and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.

Summary 

Enhancing internal audit functions through talent management, real-time reporting, comprehensive risk assessment and leveraging AI can improve organizational resilience and effectiveness. Continuously evolving audit practices and embracing innovative technologies help manage risks and drive improvement. Leaders should prioritize these considerations to support long-term success and stability.

About this article

Contact us

Related articles

Act now or risk later: reimagining skills assessment in internal audit

Discover how internal audit can adapt to complex risks through effective skills assessments and proactive talent development strategies.

13 Mar 2025 Liz Collins

How internal audit can govern AI risks and promote compliance

Managing AI risks requires a proactive approach to governance by internal audit. Learn more.

05 Mar 2025 Jessica Rodgers + 1

4 pillars of a responsible AI strategy

Corporate AI adoption is surging amid genAI advancements. Establishing responsible AI policies is crucial to mitigate risks and ensure compliance.

22 Jan 2025 Samta Kapoor + 1
    You are visiting EY us (en)
    us en