Observations from IIA’s 2023 GAM Conference
Last week we attended the IIA's 2023 GAM conference in Dallas. There were many insightful sessions that introduced some interesting and thought-provoking themes.
Here’s a quick summary of what we heard, along with some key observations and takeaways.
Observation #1: Internal Audit as a Profession is Still Relevant
With the IIA releasing a draft of the proposed Global Internal Audit StandardsTM, more privacy regulations being introduced, and fraud stories regularly hitting the headlines, it is not surprising that a key theme at GAM is that there is still a great need for internal auditors, with the profession continuing to be more relevant and important than ever.
In addition to new and changing regulations, along with the heightened publicity around fraud cases, the increasing pace of business change – including many digital transformation projects –internal auditors must examine new areas of the business they previously haven’t touched. In addition, the need to look at all rather than a subset of transactions is becoming increasingly important and the norm. This is an unrealistic task using traditional, often manual, auditing methods, which leads us to the second trend we saw at GAM – automation.
Observation #2: Automation is a Game Changer
The constant evolution of tools to help auditors become more efficient was apparent. The continued evolution of tools, particularly with the addition of automation, enable auditors to significantly increase the number of items they look at and test. This allows organizations to dive deeper into audit scopes without the huge increase in budget required to employ an army of auditors.
Audit management tools are a good example of where automation can significantly reduce unnecessary process burdens placed on auditors. Rather than having manual processes involving auditors passing documents to an audit manager and then to an audit director for review, audit management tools store documents centrally and provide workflows to make the audit review process easier and more efficient for all stakeholders involved.
Observation #3: ESG is Increasing in Scope for Auditors
Our third observation at GAM, which we have also seen at other audit events, is that auditors are increasingly involved in environmental, social, and governance (ESG) audits. We believe this is due to increased federal and state-level regulations their companies must comply with. As a result, auditors must balance how much of their audit plan is dedicated to ESG audits, while still delivering the expected financial, operational, compliance, and IT audit plan. As the ESG workload increases, the need for audit automation will become more relevant, enabling auditors to deliver more, without adding significant additional resources to their teams.
Observation #4: Auditors and Security Teams need to Work Together
Previously, we have seen friction between audit and other teams within companies. Audit teams are often viewed as the “blockers” who are perceived to be constantly looking for ways to hinder progress, rather than supporting projects to move the business forward.
A key theme we repeatedly saw at GAM was the suggestion that auditors should work more collaboratively with other departments, including ones they may not have worked closely with previously. This is particularly important when it comes to cybersecurity teams.
By working together to understand the goals and objectives of one another- not just on large digital transformation projects, but also goals related to day-to-day operations - these teams can become more effective and efficient while increasing the company's overall compliance and security postures. Auditors can partner with the cybersecurity experts early and often, reducing the need to rework or retrofit controls into projects after deployment - saving time, resources and unnecessary pain.
The overarching message from GAM was that the audit profession is more relevant than ever. However, increased regulations, the growing scope of the role, and high-profile fraud cases in the press, are all adding to their workload, so anything they can develop or deploy to become more efficient and effective is critical.
To this end, automation and collaboration were described as critical initiatives to help auditors manage greater workloads and identify compliance issues early, before they become major issues.
To learn more about how Fastpath can help you manage risk and achieve audit compliance, get registered for our upcoming webinar on March 30th: Security and Compliance: Diving into the Need for a Strong Relationship