Change is a simple and undeniable fact of the business environment.

Due to a number of factors, the pace of change is faster than what we were accustomed to before. And amid this environment, we are feeling the need for a stronger, even more effective, governance and control framework. Internal and external stakeholders expect that banks retain a robust defence mechanism while still ensuring that the institution is agile enough to capture the opportunities. We believe that the internal audit function can be a key for your bank to achieve this.

Let us consider, first, the key agents of change for the industry.

Top of the agenda is certainly the technological revolution. Technology is changing the product offering requirement of banks.

Firstly, technology is changing the way businesses and consumers come together and transact business. As this happens, it is requiring banks to provide new services for their customers or else face a serious threat from other market players – other banks, financial institutions and other emerging service providers. Naturally, technology is not only driving innovation in the client-facing sphere but also internally – leading to important drives towards efficiency and effectiveness.

A third factor to be considered is the workforce. The challenges emanating from change itself require a more flexible workforce, equipped with the right skills in a fluid environment. In a context of low unemployment levels, the talent gap is more present.

Furthermore, it is recognised that newer generations of workers are engaged at work through newer practices: valuing work/life balance, dynamism and social responsibility (to name but a few) more than their older colleagues.

All this leads to different risk considerations that the IA function must keep within its sights. Starting with the technologically-driven changes, institutions must ensure that the governance, risk management and controls are well-embedded within the transformation life cycle.

Equally importantly, banks must put in place a robust IT strategy to ensure that the IT-related developments are well managed, are rendering the required return on investment and are in line with the business requirements.

The IA function will remain a key agent in ensuring regulatory compliance. Audit committees will still consider that a key responsibility of the IA department is to ensure that the right controls are in place within the compliance function and that the work of both functions is driven by an updated risk assessment to identify the key priorities within the regulatory sphere.

Banks must put in place a robust IT strategy

Identifying and retaining talent affects the IA function in two ways. The IA function must ensure that the institution has the processes in place to attract and retain the right talent. Secondly, it must embark on an ongoing programme to ensure that IA professionals have the right skills in this environment where so much more is being asked from the internal auditor.

In the face of this change, the successful IA function of the future will be defined by a number of elements. We believe that key among these elements are flexibility, the role of the function and quality.

The IA function will need to be flexible and respond to this changing landscape. For instance, the setting up of annual plans (let alone three-year plans), will become outdated. The use of data and analytics as well as more use of tech-based tools in auditing are expected to become indispensable.

Going even further, a new form of internal auditing, coined as ‘agile auditing’, is taking shape. The key is continuous collaboration with management and a more iterative approach to auditing to ensure that projects adjust to deliver in line with expectations.

The role of the internal auditor will become ever more strategic in nature. Institutions will require the internal auditor to provide value-adding business insight beyond the internal audit report. It is thus expected that practical business knowledge will be the key on how the IA function will be able to deliver real value. As such, the profile of the team within the function needs to step up and include professionals with business acumen more than ever before.

IA quality will remain key. At its most basic, this relates to the extent of coverage of the level of work supporting our work. However, it needs to be more than that. The IA needs to consider the bigger picture around the robustness of risk management, providing a holistic view of the areas which should be given priority by management.  At KPMG, we believe that to achieve the above, decisive action needs to be taken. We believe that such a transformation can only be achieved if a strategic vision, aligned with that of the institution, is put in place.

Moreover, the stature of the IA function needs to be aligned with the expectations of senior management. In short, the internal auditor must show deep business understanding and deliver greater value so that in turn he can be regarded as a critical player within the organisation.

Finally, the professionals within the team must have the requisite skills to provide meaningful recommendations to the bank.

Our vision of the future of the IA function and how to get there are embedded in our service offering. The IA services team at KPMG is built on a mix of core internal auditors and subject matter professionals bringing the necessary width and depth of experience to the table.

We invest in our relationships with management specifically because we know that this provides us with the requisite insight into the business that makes our work as out-sourced or co-sourced internal auditors relevant to the institution. And finally, our external quality assessments of IA functions set out both the baseline requirements and the ‘leading practice’ views, providing insight to management as to whether that function will be the right partner to assist you in navigating the upcoming challenges and leveraging the approaching opportunities.

Alex Azzopardi is a director and heads the risk consulting advisory practice in the areas of internal audit, AML and investment services at KPMG.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.