Internal auditing in financial services continues to be a core competency of financial institutions and one that is continuing to evolve around emerging risks and practices to enable optimal risk coverage, value, and efficiency. Whether it’s environmental, social, and governance (ESG) reporting standards and what that means for organizations or trying to harness the latest innovative technologies to enhance the audit process, chief audit executive teams are continuously seeking to stay ahead of the curve and provide high-value services to their organizations.
In September 2022, the Institute of Internal Auditors (IIA) held the annual Financial Services Exchange in Washington, D.C.. The conference was widely attended by internal audit professionals representing multiple financial services-related segments and organizations of all sizes and scale. The conference agenda was broken down into tracks comprising Governance, Risk, & Regulation; Innovation & Emerging Technology; and Internal Audit Leadership & Data. The Internal Audit team at FORVIS had the opportunity to attend the conference and noted the following key takeaways.
Governance, Risk, & Regulation:
Investor, regulatory, and social concerns with sustainability have increased the pressure on certain organizations to produce reporting and positioning on ESG topics. Many of the risks of greatest importance within ESG are non-financial in nature. These can be harnessed as a competitive advantage particularly with the advent of innovative technologies to stay ahead of the risks. While most organizations have processes in place to promote ESG across an organization, there remains a need to educate the board on its importance. Empowering management to implement ESG programs, providing the risk management knowledge and tools, enforcing compliance when incorporating ESG risks into risk frameworks, and establishing methodologies and resources to enable internal audit to perform its monitoring function are key areas of evolving opportunity. The topic of ESG will continue to evolve as organizations make the necessary investments that move ESG from a new and emerging topic to a business standard.
Along with ESG, regulators continue to have a heightened focus on operational risk and its components of resilience (soundness), performance (sustainability), compliance (security), and assurance (safety). To address these topics, close collaboration across risk management, compliance, and internal audit is needed, not just at the surface-level risk areas, but within the details and intricacies of each underlying risk. Business leaders will be looking for guidance from these core function professionals who will play a critical role in providing perspectives on how to navigate these difficult challenges.
Innovation & Emerging Technology:
A key conference topic was cybersecurity and leveraging innovative technologies to enhance the audit process—whether holistically or to address a specific risk, i.e., using natural language processing (NLP) to monitor/remedy customer complaints. This confirms that cyber risks are very complex, pervasive, and require hybrid auditors who are competent in cybersecurity and internal audit. Internal audit methods have evolved to get below the surface to address these complexities including more advanced penetration testing. The best audit coverage is achieved using an ongoing process and not based on traditional, point-in-time audits.
Additionally, technologies can be employed in connection with a holistic framework related to all aspects of the audit methodology or specific to certain relevant use cases. The conference mentioned two use cases that provided “quick win” strategies for internal auditors: utilizing NLP to examine customers’ complaints and AI for real-time assurance.
Internal Audit Leadership & Data:
Advanced automation is here to stay. Emerging best practices devoted to applying advanced analytics to many aspects of the audit process indicate that internal auditors are on board with the new auditing paradigm. Increased reliance on effective tools to manage projects, resources, targeted sampling, as well as quality control, provides internal auditors with more efficiency. This also equips them with data-driven tools that can uncover breakdowns and emerging issues that may have taken weeks or months to identify and manage in a manual setting.
The key to success with data analytics is having the right data. It is incumbent on internal auditors to leverage the investments their organizations have made and obtain the right data for internal audit purposes. It is also appropriate for internal audit to take the lead in developing and deploying certain data analytic solutions that can be shared and leveraged by first and second-line functions. Sharing data analytics benefits the organization and allocates more time to develop new solutions.
The 2022 IA FSE provided a refreshing update on topics that emerged pre-pandemic and that have since evolved substantially. Internal auditing in financial services will continue to be at the forefront of innovation and leading practices. As organizations recognize the growing importance of internal audit as a core competency, they should make the needed investments in this area as they would with any line of business or service.
How FORVIS Can Help
Reach out to learn more about how our clients are taking advantage of the latest audit practices while staying ahead of emerging issues and risks impacting organizations today.