Internal auditors must respond swiftly to a disrupted world


Audit business concept. Examination and evaluation of the financial statement of an organization. [iStockPhoto]

Internal audit has evolved over the years with ever-increasing opportunities as a strategic partner in achieving business objectives.

The role has morphed since its emergence in response to the need for accountability within financial controls and compliance in the 1900s, to a focus on agility, sustainability, and advanced technology in the post-Covid era.

At the core of internal audit practice is an increased focus on agility and adaptability in response to rapid changes in business environments and communities. This has been shaped by the importance of environment, social and governance (ESG) considerations and adoption of emerging tech such as artificial intelligence, machine learning, and robotic process automation in businesses.

According to the Global Risks Report 2024 by World Economic Forum, the top four risks in terms of severity over the next 10 years will be environmental risks. These include extreme weather events, critical changes to earth systems, biodiversity losses and natural resource shortages.

All over the world, the impact of climate change has never been clearer. The recent floods in Kenya and other parts of East Africa, barely a year after a drought that ravaged the region, is a clear indicator that the effects of climate change are here with us.

These risks affect businesses and organisations. As a result, internal auditors must be dynamic in their skills and competencies to walk with organisations and communities during and after these disruptions.

Further, the internal audit functions should provide organisations with advisory support to navigate these challenges and discover fresh paths.

There have been significant changes in the regulatory landscape across the globe. For instance, new technologies and social media platforms have created concerns on data privacy and cybersecurity. Thus, it has been necessary to enact laws and standards in various sectors.

The Data Protection Act and the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations for instance, are examples of new mandatory compliance requirements.

Internal auditors need to stay abreast of these evolving laws and regulations so as to not only provide assurance but also advise on the requirements in order to comply.

There are three fundamental attributes of the internal auditor that are critical to meet these rapidly changing expectations and be dynamic to provide business value.

First, the internal auditor must be innovative and find new ways to provide assurance and advisory. They must contribute ideas and solutions to organisations’ challenges or problems during disruption. This includes providing insights at the speed of change.

Additionally, internal audit must be innovative enough to provide customer and stakeholder value in tech-enabled methodologies. As businesses adopt emerging technologies, internal auditors must also leverage on advanced technologies, to analyse large volumes of data, identify trends, and detect anomalies more efficiently and effectively.

Second, internal auditors must be ethical. As practitioners in the trust industry, integrity, objectivity, confidentiality and professional competence are at the core of what internal auditors do. The Institute of Internal Auditors (IIA) Code of Ethics, outlines the principles and expectations governing the behaviour of individuals and organisations in the conduct of internal auditing.

Additionally, as supported by the recently ratified Global Internal Audit Standards, ethics in audit is essential for ensuring accurate financial reporting and maintaining trust among stakeholders, moreso in a global economy faced by major business disruptions. Further, adherence to ethical standards helps prevent conflicts of interest, corruption, and fraudulent practices, promoting transparency and accountability within organisations.

Finally, an internal auditor must be empathetic. Auditors make more informed and compassionate decisions, inspire collaboration, and drive positive change when they empathise with others' experiences, emotions, and perspectives.

During times of change such as technological advancements or organisational structural changes, empathetic auditors understand the anxieties and challenges faced by employees and management. This allows auditors to adapt their approaches and recommendations, fostering resilience and cooperation within the organisation in periods of uncertainty.

Additionally, empathetic auditors can help mitigate the negative impacts of disruption by proactively identifying and addressing the concerns and needs of stakeholders, ultimately contributing to smoother transitions and improved organisational outcomes.

In May, as the world celebrates Internal Audit Month, let it be a reminder for internal auditors to be adaptive in order to provide relevant assurance and responsive advisory services. With all the disruptions taking place, management, organisations and communities are seeking for a trusted, empathetic assurance partner.

The writer is the director of Internal Audit at Safaricom