Ideagen advert Teammate Analytics free trial DataConsulting advert

Research and development

One of the ways for organisations to maintain competitive advantage is to look towards innovative ways to improve and grow the business and its services, products and ways of working. Research and development is a valuable tool to support this. 

This guide provides an introduction to research and development to help you plan an internal audit in this area. 

What is research and development?
Why is research and development important?
Research and development strategy
How does research and development work?
Potential risks to the success of research and development activity
Potential risks and responses
What can internal audit do?


What is research and development?

Research and development (R&D) is a set of investigative activities that a business conducts to acquire new knowledge, create new products or services and improve existing products or services (University College London).

R&D can arise from two main areas. Firstly, potential for the creation or improvement of products, processes or knowledge. For example, the product or service may be the first of its kind in the world. Secondly, R&D can also arise when substantial improvements are made to an existing, maturing technology or product, for example Mark II or III of a car, one simple refinement to an existing product to improve its saleability, or creating a new way of operating that brings significant benefits (such as speed, cost, safety) to a business process.


Why is research and development important?

According to the UK Office of National Statistics, the expenditure on R&D performed in the UK reached £30.6 billion in 2014 in current prices, up from £29.3 billion in 2013 and £11.8 billion in 1990. R&D expenditure has increased by 5% since 2013, while the average annual growth rate since 1990 was 4.1%.

As such, R&D spending provides benefits not only to organisations undertaking the activities, but also to the economy at large in the form of lower prices, improved products and access to new technologies.

In terms of the wider economy, there are many spin-off benefits from R&D which may include new jobs creation, development of the infrastructure that supports R&D activities, advancement of the manufacturing and service businesses that benefit from the R&D activities. New and better-paying jobs enable workers to move up the value chain and support the growth of the manufacturing and service businesses. As a result, the government’s revenue tax base will possibly increase which could allow the government to invest more in the country and in R&D activities.  

To incentivise businesses to set up operations in the host country, governments around the world provide grants, loans, tax advantages and R&D infrastructure for organisations. A range of factors will be considered by organisations in choosing the location of R&D centres, including: 

  • Cost
  • Culture
  • Existing talent pool
  • Political and economic stability
  • Quality of infrastructure 

In view of the importance of R&D, internal auditors need to understand the risks to the organisation if R&D initiatives are not undertaken as well as the risks inherent in R&D activity and in a business being at the forefront of a technology.


Research and development strategy

As with other parts of the organisation a strategy needs to be prepared for the R&D function. This will define the direction of the function, driven by the organisations wider business strategy. Its appetite may be to lead, working with newer products or technologies subject to important shifts, or change and improve products in support of other organisational strategies for example. It is also important to understand the significance of R&D to the organisation and the economy at large.

The strategy should include:

  • Background
  • Purpose
  • Prioritisation and delivery
  • Strategic goals
  • Financial profile
  • Targets and success

How does research and development work?

Based on the definition derived from University College London, organisations generally undertake a Systematic, Investigative and Experimental (SIE) study as a basis for R&D projects. This study is a series of planned activities to test or find out something that is not known in the field of science or technology.

The diagram below provides an overview of the SIE study in the R&D process:

 

Research and development2

Systematic

There must be a systematic approach on the steps or activities that are undertaken in the study. The steps must be executed in a planned or orderly manner.

Investigative

There must be activities undertaken to explore and uncover information to help in understanding of the problem and to find out how to close the gap between the desired outcome and the state of scientific knowledge prior to the commencement of the study. The study cannot simply confirm information that is already a known fact.

Experimental

The study comprises of steps to test the potential solution in solving a technical problem or creating a new product. An iterative process is often needed because the outcome is unknown and results from each round of testing would provide you with more knowledge than before.

In conducting a SIE study, an organisation will typically:

  • Draw up an R&D plan, stating project timelines and milestones
  • Undertake research to develop the potential solution
  • Conduct testing using a systematic approach
  • Deploy a team of personnel with suitable R&D experiences
  • Record, analyse and evaluate the test results
  • Consider and document steps taken to improve chance of success for subsequent testing
  • Modify approach and re-test, as needed
  • Evaluate and record conclusion of the project.

Potential risks to the success of research and development activity

Risks will be dependent upon the nature of the organisation.  The table below provides details of some generic risks. However, discussions with stakeholders will highlight risks specific to the industry in which they operate and tolerance levels that would be deemed acceptable, for example:

  • Pharmaceutical companies and the development of life saving drugs.
  • Car manufacturing and innovation in the use of hybrids and technologies such as driverless cars.
  • Mobile phones with the improvement of existing technology and identifying new technologies.
  • Financial services and the offering of new services that allow for greater efficiency, faster transaction delivery through various channels. 
  • Fashion and clothing - new developments, innovations, improvements in existing processes, in terms of fabric, style, stitching details, patterns, prints and their designs.

Potential risks and responses

1. There is no vision or clear direction to undertake R&D in the organisation.

Potential impact

  • There is a loss of the organisation’s competiveness reducing market share.
  • The organisation is not able to reach out to new customers or markets.
  • Lack of clarity on potential markets for any research and development output.
  • Money is spent on the wrong thing.
  • No new products or services are launched by the company or the products/services are of poor quality.

Potential response

  • Responsibility for the research and development should be assigned to a senior executive.
  • A business plan/strategy should be prepared and agreed within the organisation. 
  • A governance committee is in place to provide oversight and monitor the R&D processes.
  • Clearly defining the market and fully understanding its needs and wants through market validation.
     

2. Ineffective leadership and/or uncoordinated R&D activity.

Potential impact 

  • No new products or services are launched by the company or the products/services are of poor quality.
  • There is a loss of the organisation’s competiveness reducing market share.

Potential response

  • A business plan/strategy should be prepared and agreed within the organisation.
  • Roles and responsibilities should be agreed and documented.
     

3. Insufficient investment in R&D.

Potential impact 

  • Projects cannot be undertaken.
  • There is a loss of the organisation’s competiveness reducing market share.
  • The organisation is not able to reach out to new customers or markets.
  • No new products or services are launched by the company or the products/services are of poor quality.

Potential response

  • A business plan/strategy should be prepared and agreed within the organisation that includes risks and financial profiles.
     

4. R&D projects take too long with escalating costs.

Potential impact 

  • Overspend on budget.
  • The organisation’s internal processes are too complex that make it very slow to respond to new market changes.
  • Competitors bring products to market more speedily and take market share.

Potential response

  • There is a management framework in place to track each phase of the project.
  • A performance measurement process is development to monitor individual projects.
  • Financial budgets are prepared, broken down into individual stages of the project and monitored.
  • Reviews are undertaken to terminate projects if they are unlikely to be profitable or successful.
     

5. Insufficient staff and/or staff do not have the right skills and experience to undertake the work.

Potential impact 

  • Projects cannot be undertaken.
  • Late start of projects.
  • Competitors bring products to market more speedily and take market share.

Potential response

  • Staffing structure in place with total numbers of staff/skills required for each R&D project.
     

6. R&D activity that is unsuccessful and leads nowhere.

Potential impact 

  • Unnecessary costs incurred.
  • Time and effort wasted.
  • The customers have poor experiences with the company.
  • The organisation’s internal processes are too complex that make it very slow to respond to new market changes.

Potential response

  • Clearly defining the market and fully understanding its needs and wants through market validation.
  • Conducting sound technical feasibility studies, e.g. talking to experts in the field.
     

7. The technical feasibility of the product or service. (e.g. whether the quality of the product or service meets the expectations of the buyer).

Potential impact 

Unnecessary costs incurred.

Potential response

  • Conducting sound technical feasibility studies, e.g. talking to experts in the field.
     

8. Breach of another organisations Intellectual Property (IP) or compromise of own IP. 

Potential impact 

  • Legal action is taken against the organisation.
  • Poor publicity with impact on reputation.

Potential response

  • Very early in the R&D process checking the ‘IP position’ around the new product to ensure it does not infringe on someone else’s IP.
  • Agreements are in place when working in partnership with a third party.
     

9. Leakage of commercially sensitive information to competitors by employees or third parties involved in the development.

Potential impact 

Clues are given to competitor(s) who then launch similar updated/new products to market earlier.

Potential response

  • A security policy is in place with training provided to staff.
  • Agreements are in place when working in partnership with a third party.
     

10. Breach of taxation laws.

Potential impact 

  • Legal action is taken against the organisation.
  • Fine and penalties incurred.

Potential response

  • Internal audit should seek appropriate advice before attempting to do any work in the tax arena.

What can internal audit do?

This may be a high risk area according to the nature of the organisation and the sector in which it operates. Conversely, R&D can be an activity which an organisation undertakes to help mitigate or manage competition risks – i.e. to help it stay ahead of the competition. Internal audit should have discussions with stakeholders to obtain their views on what assurances are needed and how they can be provided.

It is important for the internal auditor undertaking an audit engagement in the area to be competent, have sufficient knowledge, experience and appreciation of research and development processes to perform the review. This does not mean that the internal auditor should be expert in research and development but should be able to recognise the existence of risks or potential risks.

Internal audit can provide independent and objective assurance by ensuring that where management have undertaken their own reviews any actions that have been identified are appropriately recorded, verify that the actions are relevant to the findings, that the timescales for implementation of the actions are reasonable and that they are being implemented as well as considering the following areas:

1.  A governance culture is established and methods are working

  • Is there a clear business strategy in place that has been approved and has the backing of the board and senior management?
  • Can leadership from the top be clearly seen?
  • Is there a governance committee in place with representation from the senior executive team and management from the various business units to provide oversight to guide and monitor the R&D processes?
  • Have terms of reference been drawn up for governance committee?  Do they include the purpose, authority, responsibility and have they been formally approved?
  • Are annual research plans prepared, coordinated and agreed?
  • Is an up-to-date research inventory maintained?
  • Is there a management framework in place to track all phases of each research project?
  • Are minutes of meetings of the governance committee formally documented?

The internal auditor should review supporting evidence to ascertain that the above is in place – e.g. approved terms of reference, R&D plans/roadmap, research inventory, management framework and minutes of meetings of the governance committee.  A discussion with senior management should be held in order to understand in greater detail the governance areas.

2.  Identification and review of risks in this area 

  • Has research and development been included on risk registers, particularly the strategic risk register?
  • Have individual risk registers been prepared for each research and development project and is there coordination of these risk registers?  Are different projects reliant on the same facilities or personnel, or have inter-related dependencies (i.e. projects may be inter-related). The internal auditor should review and inspect the risk registers for the different projects and ensure that there is coordination of the risk registers among the different departments.
  • Are risk management processes working effectively – identification, evaluation and reporting of risks is complete and accurate? Review and inspect supporting evidence such as emails, board papers on the risk management process.

The internal auditor can consult with the organisation’s risk management department to obtain the company-wide risk register and the individual risk registers for the different R&D projects.  The risk registers for the R&D projects can also be obtained from the R&D project team.

3.  Finance records are maintained for monitoring and legal requirements 

  • Are systems and processes in place for the monitoring and accountability of funds allocated to each phase of the project?
  • Are systems and processes in place to evidence costs and charges to substantiate and claim R&D tax incentives?
  • Are processes in place to understand how the various incentive schemes can be optimised by the organisation?

The internal auditor should review and inspect supporting evidence to ascertain that the above is in place – e.g. a documented procedure on the monitoring of the accountability of funds allocated to each phase of the R&D projects; a documented procedure on the process to capture the costs and charges to substantiate on the R&D tax incentives and to optimise the tax incentive schemes.

The internal auditor should consult the finance department as a first point of contact to understand the processes and the in-house tax advisor to find out more about the tax processes.

4.  Performance measurement process to track the outcomes of the research project and identify client expectations

  • Are there mechanisms in place to retain documentation in support of scientific data and track the desired outcomes of the research project?
  • Have key performance indicators (KPI) been established as part of the monitoring process, both quantitative and qualitative, and is progress analysed and reviewed against these?
  • Has progress on the R&D project been analysed and reviewed against the KPI’s?
  • Have financial incentives and reward structure been aligned to ensure that the R&D activities are tied to the goals of the organisation?

The internal auditor should review  supporting evidence to ascertain that the above is in place – e.g. documented policies and procedures to retain documentation in support of the scientific data and track the desired outcomes of the research project; documented procedures on the KPIs to monitor the progress of the R&D projects and on how financial incentives and reward structure are used to tie the R&D activities to the goals of the organisation.

The internal auditor should talk to the R&D project manager to find out more about the performance measurement process.

5.  HR planning addresses recruitment and retention and training needs

  • Have processes been put in place for the recruitment and retention of staff with the necessary skills and experience for specific research posts?  Is this working effectively, with job roles being filled on a timely basis?
  • Are exit interviews undertaken to understand why staff are leaving; and is this used to make changes?  Is monitoring and reporting of staff turnover to the board or a board subcommittee?
  • Are there staff training plans in place that covers both organisational training and role specific training needs?

Review and inspect supporting evidence to ascertain that the above is in place – e.g. documented policies and procedures on the recruitment and retention of staff for the research posts; approved job role requisition forms; reporting on staff turnover and staff training.

The internal auditor should talk to HR staff to understand how the recruitment and retention and training process operates. 

Download PDF
Content reviewed: 17 January 2017