Innovating internal audit
Accenture internal audit services evolves its processes and innovates with technology to help identify risk more effectively in a fast-changing world.
The internal audit function is a requirement of public companies registered with the New York Stock Exchange and is considered a best practice globally. Key responsibilities are to assess risk, identify fraud, improve processes and promote policy compliance.
Accenture’s Internal Audit function faces a complex challenge in carrying out these responsibilities due to the large scope of oversight and finite resources supporting an organization with more than 500,000 employees serving clients in more than 120 countries.
Like many other internal audit organizations, Accenture’s followed a traditional annual risk assessment process that resulted in the development of the annual audit plan. That plan was then performed throughout the year and findings compiled on an audit-by-audit basis. But today’s business environment is fast changing and risks change more frequently than annually, making the traditional approach out of sync with Accenture’s needs. The Internal Audit team, a relatively small team within Accenture’s Finance organization, saw the need to do more in a more dynamic risk environment but without significantly increasing its team size.
The Internal Audit team viewed the changing environment as an opportunity to reengineer the function by developing new processes and taking advantage of technology, including those advances Accenture was implementing in transitioning to a digital and intelligent enterprise. The team wanted to change to become more agile in focusing on the most relevant areas of risk for Accenture. The goal was to move to a real-time risk assessment process where the team could adjust its plan and approach as changes occur in the risk environment.
The conditions were right for leading with innovation and transformation. Internal Audit has progressively evolved the function in numerous ways:
Internal Audit developed a series of dashboards with digitized risk models that are updated in near real time, allowing the team to identify potential areas of risk within Accenture. The combination of timely data access and drill-down capability enables Internal Audit to improve the quality of its audit selection, scoping and testing. It also allows Internal Audit to be more agile with its audit plan during the year and change it as needed to focus on conducting the audits that are most relevant to Accenture’s current risk environment as seen through data.
The dashboards are connected to an Accenture Enterprise Insights Platform that draws from a common data lake that is used by other areas of Accenture’s business. Internal Audit uses additional tools to prepare, transform and analyze data in ways it could not before, enabling insight-driven internal auditing. The tools allow analytic consideration to occur in the early planning phases of an audit, driving more strategic scoping of the audit. Also on the horizon is the development and integration of predictive analytics as part of the audit process.
Robotic process automation (RPA) holds the potential to perform repetitive, high-volume and time-consuming processes and free up individuals to perform higher-value activities. Internal Audit developed a proof of concept to automate the testing of Sarbanes-Oxley information technology general controls (ITGCs). The bots reduced testing time by more than 80 percent. Accuracy of test results also improved, and were provided in near real time. Internal Audit is planning to advance RPA efforts to facilitate testing of additional controls as well as other operational activities. A governance and operating model have been established to guide future efforts.
Internal Audit also innovatively repurposed Microsoft Dynamics CRM to digitize its process for conducting hundreds of interviews with Accenture leaders, including using the insights gathered from these interviews to adjust, update and advance risk assessments in near real time.
Internal Audit is exploring how natural language processing (NLP) and metadata tagging can be applied to discussion notes entered in the Dynamics CRM system to highlight risk statements or trends in real time. The idea draws on an NLP word embedding capability Accenture Legal is using to search for specific clauses with risky terms across vast numbers of contracts within Accenture’s record management system. The solution is enabling users to more quickly extract key terms relating to risk and gain insights around the types of risks that exist. Another idea being explored between Internal Audit and Legal is a capability to search for variances from standard contract clauses or required clauses that are missing entirely.
The process changes and technology innovations have equipped Internal Audit to significantly change the way audits are conducted at Accenture as envisioned. Empowering team members with analytics enables them to do full population testing instead of traditional manual sample testing. The use of RPA holds the potential to automate repetitive testing and operational activities. These and other technologies enhance the careers of individuals as they are freed up to do higher-value work, enable them to increase their technical acumen, and allows the department to expand the scope of advisory services that drive value for Finance and all of Accenture.
Today, the management of the audit plan at Accenture is a dynamic process rather than an annual exercise. Internal Audit works in a data-driven way, generating new insights through advanced technologies and identifying risk across Accenture with new approaches. Dynamics CRM enables Internal Audit to gather an ongoing leadership perspective on the risk landscape in an orderly fashion as the year progresses and as changes occur. The sum of these capabilities enables Internal Audit to operate more effectively than in the past with even more potential to enhance its capabilities in the future with RPA and other technologies.
"As Accenture moved along its digital transformation journey, so did Internal Audit. We have been able to take advantage of new capabilities and rich data to conduct real-time risk assessments, more effectively scope our audits and perform our audits more efficiently."
Highlights of achievements:
Audits supported by analytics
Automated, interactive, data-driven risk dashboards