EY VIA - Virtual Internal Auditor
Naam spreker(s): Tonny Dekker, Niels Edelijn
CONTENTS
▪ Digitalization of the internal audit function
▪ The case for change
▪ What will the IA mandate be?
▪ How did we define our approach?
▪ Functional flow of EY VIA
▪ Our Modules as of today
▪ EY Virtual Internal Auditor (EY VIA) – disrupting the industry
Study on how the Internal Audit Function (IAF) is using digitalization technologies and how digital theory and methodology can be embedded best into the business practice.
Technologies that are receiving significant attention in auditing are Robotic Process Automation (RPA), Predictive Analysis (PA) and Artificial Intelligence (AI).
In addition to literature research, an online survey was conducted.
The study findings suggest that RPA, PA and AI have not profoundly found their way into the Internal Audit activities of Dutch IAFs yet.
Main obstacles for implementation of new technologies were stated as ‘cost/level of effort for applying digitalization’, ‘lacking skills of IA employees’ and ‘technology related challenges’.
1
DIGITALIZATION OF THE INTERNAL AUDIT FUNCTION
2
3
4
5
Organizations are managing evolving consumer expectations, new partnerships, dynamic ecosystems, changing industry boundaries, disruptive business models and new
competitive domains.
Every industry is changing and the cycles of change are moving ever faster.
Industry convergence is touching every market segment.
From technology and climate, to geopolitics and trade, the outside landscape is changing dramatically.
Operating models are shifting – employees seek purpose-driven organizations; full time roles are being replaced by gig work; nature of work is
changing due to technological advances
THE CASE FOR CHANGE
1
2
3
4
5
WHAT WILL THE IA MANDATE BE?
THE MANDATE DOES NOT NEED TO CHANGE BUT THERE WILL BE A BETTER BALANCING OF FOCUS
Business counselor
► Focus on strategic topics and actively engaged in strategic discussions and problem solving
► Anticipating the future trends and the impact on the business
► Fostering change and best practice development and sharing Analytics and robotics
► Prescriptive and trends Strategic and Innovative view
Change agent
► Focus on trends on why things fail systematically and audit against “unknown” rules
► Deep dive in root-cause/and internal best practices for recommendations
► Initiating change Analytics and robotics
► Descriptive and internal/external data driven Current and change view
Anticipative monitor
► Focus on future topics (e.g., missing controls, policies and procedures)
► Future impact of recommendations
► Anticipating how the business model is changing Analytics and robotics:
► Predictive and real time Strategic view
Assurance factory
► Focus on non-negotiable assurance and base level of trust and current/past topics
► Current impact of recommendations
► Raising awareness on current/past topics Analytics and robotics
► Descriptive and internal data driven Current view
Proactive
Reactive
Partner
Policing
HOW DID WE DEFINE OUR APPROACH?
KEY ISSUES INTERNAL AUDIT FUNCTIONS ARE FACING
Challenges:
▪ Limited Risk Coverage only focusing in-house
▪ No capability to perform full population testing
▪ No capacity and capability to perform full root cause analysis
▪ Traditional backward looking approach
▪ Annual Risk Assessment
▪ Only reporting what has happened in the past
▪ Not relevant for their stakeholders (C-Suite, AC)
▪ No time to focus on risks and topics beyond todays scope
As of today:
▪ All tools are providing a process flow or are scattered to address some of the challenges isolated only
They are looking for:
▪ Full Risk Coverage of the defined audit universe (breadth and depth)
▪ Full population testing
▪ Full root cause analysis
▪ Mix of continuous Risk Monitoring and periodical Risk Assessment
▪ Combination of (traditional) backward looking approach, real-time and predictive analysis
▪ Mix of reactive and proactive audit response
▪ Become more relevant through deeper insights
▪ More time to focus on risks and topics beyond todays scope
▪ Flexible, differentiating and industralized reporting capabilites
FUNCTIONAL FLOW OF EY VIA
Page 7
Risk Monitoring Flexible Audit Response Model (FARM)
Inquiry Module 3
Inquiry
Digital discussion Evidence request
Assessment Module 4
Qualitative Assessment (Controls) Self
Assessment Audit Feedback
Follow-Up Module 6
Follow-Up Continuous FU-
Status
Digital interaction
Audit Execution Module 2
Audit Management Audit
Dashboard Audit Workflow Findings
Dashboard One-Klick Report
Reporting On-demand
Reporting
Web-based Reporting
Video Reporting Module 5
Video Reporting Animated videos Optional
Audio
Risk Analytics Module 1
Data Ingestion Manual Upload path
SAP Oracle
Risk Monitoring
Analytics Workbench Continuous
Monitoring
Canned Tests
Pre- Interpretation
Benchmarking &
Writeback
Admin & Set-Up Module 0
Set-Up and Administration
Profile Set-Up IA Methodology Auditable Units EY RACMs
SOX Module 7
SOX 302 Certification Control
Execution PMO/Audit
Manager
OUR MODULES AS OF TODAY
EY VIRTUAL INTERNAL AUDITOR (EY VIA) – DISRUPTING THE INDUSTRY
It is a suite of tools, solutions and methods to be lifted to one platform
Its modularizedapproach gives the flexibility to address all maturity levels of the IA
function
It is for Internal Auditors(IA function) and business stakeholders(auditee)
It will equip IA with a new and disrupted IA delivery model
WHAT IS COVERED THROUGH EY VIA?
between the human and the machine leading optimized and faster operations
Improved work re-allocation
by the human leveraging the pre- interpretation done by the machine
Better interpretation of results
10101 00001 10001 1
Expansion of IA delivery – the breadth and depth of risks
Significant increase in risk coverage of audits
OUTCOMES
• Data
We treat data as an asset.
• Risk Monitoring
We monitor downside, upside and outside risks continuously.
• Flexible Audit Response Model (FARM)
We have flexible and proactive answers to risks.
• Communication
We innovate communication of results as the
‘product’ of IA.
EY VIA KEY COMPONENTS
Page 9