Heads of Internal Audit Virtual Forum

19 August 2020

Please note:

  • All Institute responses are boxed and highlighted blue.
  • Where the chair comments in that capacity, this box is highlighted in yellow.
  • For confidentiality, the identities of all delegates/attendees are anonymised.

Chair’s comments

The institute is now beginning to position data analytics (DA) as a non-negotiable for internal audit, quite simply because it is a statement of fact. Our organisations are increasingly data enabled as data now has immense value across an organisation’s activities. This is equally the case for internal audit and is effectively good practice within the profession.

It is therefore becoming an expectation of our stakeholders which we need to respond to. In addition, its application will increasingly be reflected in External Quality Assurance reports when providing a view as to whether the IA function is remaining current and relevant in its approach to its work.

We have speakers from three organisations today. The first will provide a brief view of the Higher Educations sector’s position on Data Analytics. The second represents a relatively new audit function with a team of three which is being build on a data enabled basis and the third is a larger Financial Services function who are long established and have been on their own journey with data analytics.


Speakers

  • David Williamson, Council of Higher Education Internal Audit (CHEIA)
  • Malcolm Zak, Element
  • Tom Lloyd and Rob Smith, Standard Life

The slides supporting today’s session can be access below:

Data analytics - The art of the possible
Data analytics and technology (DAT) in SLA internal audit


Reflections / key takeaways

Our reflections from today's session are outlined below. Our speakers’ slides provide considerable detail on their respective journeys with DA.

Our speakers were clear - developing a DA capability is a significant undertaking but the rewards are considerable and progress to date is justifying the investment. The following points represent some of the key takeaways from the session.

  • Be strategic in your thinking – It is important to approach DA as a strategic initiative as the commitment and the journey is potentially significant.
  • Do not try and do this alone in IA – Build alliances with key people in the organisation who can, and will, support you. Working with the specialists within your organisation not only assists the speed at which you can develop, it also encourages a collaborative environment which is mutually beneficial in the long run.
  • Start small, learn as you go – It is sometimes tempting to develop DA in relation to the most significant risk areas in an attempt to maximise the impact of the initial work. Unfortunately, these areas do not always readily lend themselves to DA. Consider developing initial analytics where the ability to access and thereafter analyse data is strong. Learn from your experiences and gain confidence through time.
  • Be open and share progress with others – This will help visibility, buy-in and collaboration for the benefit of the organisation.  
  • Be both patient and persistent – There are often significant challenges related to accessing data, potentially across multiple systems, and data quality may not be good. However, once these challenges are overcome progress can be made more quickly. 
  • It does not need to be expensive – There are a range of tools available in the market and some will be available in your organisation. It is possible to scale up your investment as your experience grows.
  • The benefits are delivered – The ability to analyse full populations adds considerable value to the audit report and management’s engagement.
  • Reporting can be genuinely impactful – Utilising new reporting capabilities enables considerable enhancement to the visualisation of IA’s results.
  • Where relevant, transition activities to the organisation – Transitioning DA capabilities to first or second line is appropriate to enhance their own capabilities in managing the organisation.

Chair's comments

Our next meeting will be on the 2nd September and will focus on cyber security.  

We are keen for Head of Audits to contribute to each and every topic. If you are interested in contributing to our upcoming cyber session, please contact me at derek.jamieson@iia.org.uk