Internal Audit: Finding Efficiencies through Analytics
Over a three-year span, this organization’s internal audit team went on a data analytics journey, taking operations and finance teams along for the ride. The result? The internal audit team's focus on mitigating risk got everyone excited about using data to improve efficiency, resulting in better engagement with their 500+ locations. Today, the internal audit team members are efficiency experts who leverage technology and data to enhance business partnerships.
When the Associate Vice President of Internal Audit began drafting the 2019 audit plan, they knew it was time to look further ahead. For years, the internal audit team conducted reviews by scheduling auditors to visit locations worldwide for two weeks at a time — a manual and time-intensive process. But the company was growing rapidly, and recent acquisitions increased their portfolio, with more growth anticipated.
As they started thinking about the coming year, the internal audit team saw their role not as police officers — a common misconception about internal auditors — but as trusted business advisors. Keen to embed these values into their plan, the internal audit team would take a multi-year journey into data analytics, with a few twists and turns along the way.
Formulating a Plan
As with any good planning, the internal audit team began by asking key questions:
- Where would the company be in five years?
- What competencies and scale were needed to maintain the high level of service while also being sensitive to costs?
- How should the team divide themselves geographically, given the company's growth?
The internal audit team wanted to strategically support the growth and development of the company using technology to enhance its capabilities. They had seen other departments within the organization successfully implement LogicGate’s Risk Cloud platform to centralize data, streamline communications, and strengthen analytics capabilities, but they faced unique challenges.
Their process was manually intensive, and although they saw opportunities in digital innovation and data mining, they didn’t know what data was available or how to access it. Further, they lacked the analytics capabilities to apply the data and empower businesses. They also worried about the growing number of cybersecurity incidents making headlines. Eventually, they decided they needed a plan. Not just for the following year, but the subsequent five years.
A longer-term view would position them to capture opportunities in internal audit, within the organization more broadly, and throughout the industry as a whole. Ultimately, they formulated a guiding vision, "Our strategic opportunity lies in continuously increasing efficiency by leveraging technology while maintaining our role as a trusted business advisor."
The Journey Commences
The three pillars of internal audit's strategy — leveraging technology tools, continually building efficiencies, and enhancing business partnerships — were presented to their audit committee in late 2018. And by the summer of 2019, internal audit was working with external experts to begin their analytics journey.
The first step was to identify what data was available and how it could inform their work. Then just as the internal audit team was becoming better versed in accessing, identifying, and using the relevant data they needed, the COVID-19 pandemic hit, and the global audit program came to a halt. Stuck, the team went back to their guiding vision, which motivated them to view this new challenge not as a roadblock but as an opportunity to reimagine their role.
The travel freeze pushed them to focus strategically and move more aggressively. They honed in on their existing manual processes to assess how information could be centralized and sought out data that would identify efficiencies. The internal audit team partnered with the organization’s data and analytics function to fulfill its mission to drive increased efficiencies.
The team developed analytics to measure what the internal audit team identified as critical risk areas and used Risk Cloud to develop metrics that fed into their risk assessment process. These metrics were integrated into the Risk Cloud dashboard to direct the team's efforts. Internal audit no longer had to visit every location on a fixed schedule. They could verify low-risk sites remotely while identifying higher-risk sites for onsite review and the areas to focus on within those locations.
The Associate Vice President of Internal Audit shared, “In the past, we audited on a rotational basis every two to three years, now we can take a much more targeted approach. We do desktop reviews of lower-risk locations and make sure we get onsite at those locations that pose a higher risk.”
As a side benefit, local stakeholders were excited by the data and enthusiastically engaged with the internal audit process. They, too, wanted dashboards and analytics to make better business decisions.
The Road Ahead
Starting small allowed the team to refine its approach to data analytics. They found lots of available data but needed time to figure out what information would really inform their work. Since beginning their journey, they have built metrics and analytics to assess multiple additional areas that support the business, including account reconciliation, vendor management, and procurement.
The Associate Vice President explained, “Our ultimate goal is to create dashboards and analytics that are helpful not only for internal audit, but for the business.”
Engaging stakeholders throughout the process helped the internal audit team build stronger relationships throughout the corporate, regional, and local levels. Sharing metrics via the dashboard helps everyone understand the current state and where efficiencies can be found. Finance teams at the various locations are keen to have a dashboard, a natural next step that internal audit is working toward.
Partnering with LogicGate
The organization was already widely using Risk Cloud to help manage other parts of their risk program, including Third-Party Risk Management, Incident Management, IT Risk Management, and Controls Management. When it came time to find a better way to manage the internal audit processes, they decided to look at how some of their existing technology could help them reach their goals. By leveraging Risk Cloud’s automation and trend analysis capabilities, the internal audit team concentrated their efforts and provided the most value and partnership with the business.
LogicGate's customizable Risk Cloud platform gives internal audit teams the flexibility to slice and dice information as needed — they can filter, reweight metrics, and change the logic to add or remove data. This added agility and adaptability benefits all our clients and helps them win every day.