CEO Blog: Technology is vital – but only in conjunction with human skills, writes Anne Kiem.

From AI to data analytics and real-time auditing, technology is now key to everything we do. Automation is everywhere and in everything. But before we start to believe that technology has taken over (for good or ill), we must remember that people and culture remain critical to organisations and cannot be neglected in our race for digital efficiency.

Technology provides remarkable tools and internal audit can, and must, use these to tighten controls, speed-up findings, widen the scope of audits and improve the way issues are reported. More timely, accurate and wide-ranging audit findings benefit everyone.

But businesses are still about people, not purely technology – even technology companies themselves rely on people. So, how do we work with technology without ignoring the human side?

While technology is great at identifying where things are going wrong, or could go wrong, people are better at understanding why other people behave in undesirable ways and can encourage positive behaviour traits. Machines cannot replicate empathy for human thought processes. It is no coincidence that the third topical requirement published for discussion by IIA Global is on Organizational Behaviour.

New risks

Technology can create challenges for organisational culture. Board directors and frontline staff alike may feel intimidated by the possibilities and the risks, real or perceived, presented by new tech. Lack of confidence or wariness that AI may make their roles redundant can cause people to refuse to engage with new tools. At the other extreme they may bypass processes designed to safeguard data thereby putting sensitive or confidential information at risk of exposure.

At board level, ignorance of technology can cause poor executive decisions, a lack of understanding about risks and business opportunities and reluctance to ask questions. Chief audit executives (CAEs) may struggle to get executives and audit committees to engage in constructive conversations about AI – or may have to combat disproportionate suspicion of tech and highlight if this restricts organisational development.

There cannot be many, if any,  CAEs who do not recognise the risks and opportunities AI presents, but not all will feel they have a strong enough understanding to be confident in developing audit processes to assess and counter the risks that technology poses. There are an increasing number of platforms which can assist with this, and it is a timely reminder to CAEs that they don’t have to be experts in everything, so long as they have access to expertise. A more likely blind spot for CAEs is that they may fail to consider ethical and cultural questions about how their organisation uses AI and data. These are important to consider as it is still the case that most successful cyber attacks are enabled by human error, accidental or otherwise.

And internal audit’s input is needed. Recent research from ethics and compliance provider LRN found that 85% of organisations do not include AI ethics in their code of conduct and most could do more to embed their codes of conduct in their day-to-day operations. 

Technology is also creating long-term training and recruitment problems, which will affect internal audit teams and their organisations. The Big Four accountancy firms have cut their intake of new graduates, because many junior tasks can be done by AI. Law firms are doing the same. This leaves the question, “Who will train the talent we need in the future?”

Share and learn

These issues – and many more – will be considered by speakers at the Internal Audit Conference on 8-9 October in London. All internal auditors keen to understand more about technology, ethics, culture, the future of the profession and other critical issues including environmental, social and governance (ESG) challenges and diversity, equality and inclusion (DEI) should try to attend either in person, or via livestream. 

Recorded sessions will be available afterwards to watch on demand, but nothing beats being in the room. Not only does this enable you to ask questions of the expert speakers, but you can learn from peers and continue discussions at breaks. 

Internal audit can be an isolated role and even those in larger teams can struggle to find time to think beyond the next task. The conference is the ideal opportunity to listen, learn and contribute to the profession. 

Furthermore, we know from the annual Risk in Focus research, conducted jointly with the European Institutes of Internal Auditors, that ethics, technology (including cybercrime and AI) ESG and DEI are all perennial concerns that consistently feature in the top ranked challenges facing internal audit leaders and boards. We have just completed the tenth Risk in Focus report, giving us a decade of findings to consider. It is a major achievement and a great resource for the profession to enable it to stay relevant, look ahead and provide the guidance and support organisations most need.

I would also encourage those who attend the conference to come to the annual AGM, which takes place at 5.15pm on 8 October. You will meet the council members, vote for the new President and hear more about our strategy. If you can’t attend in person, the voting process is already open, so cast your vote and find out more about how the Chartered IIA is governed.

This year we will say thank you to Sandro as he steps down from the Presidency, although he remains on Council for a further year as immediate past President. We also say thank you and goodbye to Roza Watson and Piyush Fatania, who will be standing down from Council. They have both made tremendous contributions to the progress of the Chartered IIA during their tenures. And we extend a warm welcome to Jeremy Lawson and Ben Kaye who are taking their places following on from recent voting. I look forward to working with them in the future to take our strategy forward.

With so much change in the internal audit profession, plus rapidly shifting global risks, all our members should have successes to celebrate and innovations to share. I therefore hope that more teams and individuals than ever will enter our next Audit & Risk Awards– nominations open in October. This is an important opportunity to recognise and celebrate excellence, and to share experiences to benefit the profession.

As an institute, we are also focusing on contributing to the national debate on corporate governance and effective audit. We recently co-ordinated a cross-party letter urging the Prime Minister to bring forward long-awaited plans for audit reform – securing the support of 66 MPs and Lords from eight different political parties. This work is essential to keep the value of the internal audit profession in the eye of policy makers and regulators.

Internal audit must adapt, learn and expand its reach faster than ever – and we must unite and work together to tackle common problems. I will be looking for inspiration from our conference speakers and at Chartered IIA events throughout the autumn. I hope to see you there.