Over the years, PwC has provided great value through their annual commentaries on internal auditing.
However, in their 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.
The subtitle to their report is “Elevating Internal Audit’s Role: The digitally fit function”.
PwC starts quite well, acknowledging that disruptive technology and the need to address it has been around for decades.
Organisations are rapidly rolling out digital initiatives in an arena defined by more data, more automation, sophisticated cyberattacks, and constantly evolving customer expectations. In some ways — for internal audit functions— the situation is not new: technology risks and controls have already been on their agendas for decades, and most can reliably deliver a technology audit.
But then they go wrong.
But digital rollouts heighten risks beyond the technology itself.
I cannot comprehend this statement. The risk has always been the effect of a technology-related issue on the business! There’s nothing new here at all!
This has been true for as long as I have been around auditing (and that’s a very long time). PwC says:
Internal audit needs (1) the dexterity to pivot quickly and to keep up with the digital pace of the business,…