continuous risk assessment
ComplianceFinanceTax & AccountingOctober 14, 2020

Moving to continuous risk assessment is a change worth making

Greek philosopher Heraclitus is known for his belief that “the only constant in life is change.” Over 2,500 years have passed since those words were first written, and as we observe our own surroundings and our own reality, we can appreciate that these words continue to ring true in every aspect of our lives.

However, the sad reality is that many organizations around the world reject even the thought of changing the status quo or getting out of their established routines. The recent Touchstone Research for Internal Audit, conducted by Wolters Kluwer in over 120 countries and generating over 1,000 responses from internal auditors across the globe, proves that internal audit teams are not immune to those fears.

The Touchstone Research shows that 64 percent of the participants are still leveraging a traditional annual assessment to identify risks. The study also finds that 19 percent have started their journey toward implementing a more continuous risk assessment approach within their organization. However, of all participants conducting a risk assessment, 15 percent are still following a cyclical-based method rather than a risk-based approach.

The study also confirms that 40 percent of the participants realize that they will need to make substantial changes to their current approach in order to stay ahead of emerging risks that could severely impact their business. These internal audit teams indicated that they have plans to adopt a more dynamic or continuous risk assessment approach within the next 24 months. A concerning statistic from the Touchstone Research is that 61 percent of these teams still use Excel as their main risk management tool, which could ultimately hamper their ability to leverage emerging technology to help them foster collaboration across risk functions.

Many of these organizations are actively looking for resources that could help them drive these critical initiatives within their audit universe. Today, there are a small number of internal audit departments around the globe that are considered “trailblazers,” meaning that they are well into their journey toward change and are currently paving the way for hundreds of other forward-thinking organizations to do the same.

These trailblazers figured out a way to inspire their tenured teams of experienced auditors to overcome their natural fear of change by coalescing their teams around their strategic vision for the future—a vision that would have a positive impact for the entire internal audit industry.

Yet, as we know, change does not happen overnight. It is a journey that requires planning and preparation.

However, it’s encouraging to learn that change can be implemented successfully if organizations follow a pragmatic approach in defining a plan with clear milestones to reach their specific objectives. This article will focus on three things internal audit teams can do today to move toward implementing a more dynamic risk assessment approach.

3 Things Teams Can Do to Move Toward a Dynamic Risk Assessment

One of the biggest roadblocks that internal audit teams encounter when starting in their journey is not having a clear plan of action or an executive sponsor who is willing to drive those key and innovative strategic initiatives.

Here are three things that internal audit teams can implement quickly that deliver significant results but do not require substantial changes to resources and tools.

  1. Create a plan to move away from Excel as the primary risk planning tool

    Excel is, and will continue to be, an integral part of the audit workflow but it was never designed to be a dedicated risk management tool. The research shows that 61 percent of the organizations that plan to implement a continuous risk assessment approach within the next 24 months are still leveraging Excel as their main risk management tool. However, they would be better served by taking advantage of the audit management workflow tools they have already invested in, such as TeamMate+. These purpose-built tools provide internal audit teams with the foundation they need to bring in critical data from other risk functions to enhance their risk assessment plan.

  2. Foster collaboration across risk functions by leveraging the data you already have access to

    Trailblazing internal audit teams are collaborating with their first- and second-line functions. They’ve helped their teams realize that even though they might perform different risk functions, they ultimately share a common objective to provide assurance to their organization. In this fast-paced environment, collaboration is critical to provide proper risk coverage across functions as emerging risks are now overlapping into different areas of the business.

    Creating a collaborative environment enables risk functions to identify and assess risks more efficiently because they are no longer relying on an individual and siloed point of view. Trailblazers quickly learned about the real-time insights into emerging risks that they could gain by leveraging the common data sources that other risk functions already had access to. Having a shared common source of data fosters collaboration across functions because everyone is using a global method to identify and assess risk. Identifying or creating a common language and data source not only helps to significantly reduce duplication of effort across risk functions but it also provides your organization with broader risk coverage without requiring a substantial financial investment.

  3. Leverage technology to feed historical insights into your risk assessment plan

    Some think that only large internal audit teams leverage APIs to feed historical insights into their risk assessment. However, the Touchstone Research confirms that 14.79 percent of the participants already use APIs to augment how they assess and score risk. Surprisingly, 14.62 percent of internal audit departments, ranging in size from one-to-10 auditors, state that they are actively pulling data from other organizational systems to augment their current risk assessments.

The efficiencies gained by leveraging emerging technology, like APIs, has enabled internal auditors to save significant resources by not spending time and effort auditing areas of the business that have already been identified and assessed by other risk functions. Internal audit is, without a doubt, in a unique position to provide organizational insights and help other risk functions leverage the findings they’ve identified during an audit.

We don’t need a Greek philosopher to help us realize that change is inevitable. Change is part of our reality and it will happen whether we like it or not. However, it’s exciting to know that some internal audit teams across the globe have accepted this fact and are well into their journey to help their organizations reshape how they identify and react to emerging risks.

Can you inspire your organization to do the same? The three initiatives in this article could be the spark you use to encourage your team to embrace change and join you on this exciting journey.

Jonathan Pizarro
Lead Product Manager at Wolters Kluwer TeamMate
Jonathan brings over 10 years of Enterprise Product Management Experience and currently serves as a Lead Product Manager within TeamMate. Jonathan is responsible for ensuring the Americas client base is well represented within our Product portfolio. He coordinates contextual design interviews with customers, prospects and business partners to confirm that upcoming features will provide maximum value.
Global Internal Audit Research

Touchstone Research

for Internal Audit

Representing ground-breaking insight into the current and future state of internal audit.
Solutions

TeamMate+ Audit

Audit Management

The world’s leading audit management software - empowering audit departments of all sizes.