Finance leaders face a unique challenge in the months ahead as organizations pivot strategies and chart their steps forward from a disruptive period. The changes to how we work affected a number of routine operational functions, and as the dust settles on how many of those arrangements stay virtual versus how many end up coming back in person, there may unique opportunities to reallocate and optimize investments in traditional “cost centers.”

Internal audit is one such area to consider in part because the risk management function was particularly affected by the remote work scenarios. The following questions may help guide conversations about how to evaluate your internal audit function and internal audit spend in light of the new environment.

Is My Internal Audit Team Adapting to the Changes in the Risk Environment?

Your organization’s internal controls may have had to change during the remote work environment and those changes should be well-documented. How the internal audit is performed also had to change because elements of the internal audit may have traditionally relied on internal auditors being physically onsite at your organization.

To facilitate more remote internal audit work, many teams relied more heavily on technology tools. The use of technology in internal audit such as governance, risk and compliance (GRC) tools was happening well-before the pandemic. Technology’s role in the process became even more important when teams were forced to work virtually. GRC tools help to electronically facilitate requests for documents, testing, and results. This enables internal audit teams and management to monitor progress in real time. If your organization has been on the fence about whether to enable its internal audit team by investing in additional GRC technologies, now may be the time to build out your GRC system and capabilities. Organizations with internal audit functions that use GRC tools regularly tend to experience better work-flow and project management, shorter onboarding times leading up to the internal audit testing.  Additionally, multiple users can simultaneously contribute to the documentation preparation process will perfect version control is maintained.

Do My Internal Audit Results Connect Risks to Broader Strategies?

Internal audit technologies help to automate some of the functions traditionally performed by an internal audit team but they often need more interpretation to connect what the results say to the organization’s broader strategies and efforts. When considering internal audit budgets and staffing levels, finance leaders should consider whether they are getting additional insight from their internal audit findings beyond the results produced by the tools. For example, do the results indicate that the organization should rethink its internal controls? Your internal audit team members can help illustrate how containment or exploitation of risks benefits the organization’s bottom line.

Does My Internal Audit Team Have the Right Skill-Set?

Taking a closer look at your internal audit department may reveal a skills gap. Rapid technology changes such as cyber risk, cloud computing, block chain, AI and the prevalence of GRC tools and growing use of data analytics within in the internal audit process has caused many seasoned professionals to retire or change fields rather than adapting and developing new skills needed to meet the standards of knowledge and capabilities.  Identifying talent with the necessary skills has been an issue across the board.

Replacing talent and team members on their way to retirement will also not be easy if your organization is tightening its financial spend. Seasoned professionals for higher-level positions aren’t easy to find, especially on a budget. But because remote work capabilities have been enhanced over the past year, you may be able to expand your geographic search for employees to find the right fit at the right price point in a market you wouldn’t have considered in the past. Another build-the-bench strategy is through co-sourcing or outsourcing internal audit work. The true benefit to looking externally is the flexibility to scale a team up or down as needed and apply the right skill set (e.g., Supply Chain, revenue, Cyber, e-commerce, etc.) to the process(es).

Bottom Line: Internal Audit Can Innovate

Changes have been happening over the past year that may make it time to rethink the approach to the internal audit function. Finance professionals who understand some of the shifts that have been happening can help their organization prioritize the risk management investments their organization should be making. Our modern internal audit playbook illustrates more of these changes and for additional insights, contact a member of our team.

Copyright © 2021, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).