Effective internal control is one of the essential enablers for entities to grow with confidence and integrity in a multi-stakeholder world filled with volatility, uncertainty, disruption, and complexity.
Internal control goes beyond statutory compliance requirements; it helps entities build trust, confidence, and reputation in achieving strategic business outcomes. How has the trend of transformation in entities impacted internal control?
Accountancy, finance, and internal audit professionals, in whatever role they discharge, are fundamental players, together with others, in the control frameworks of their entities. Yet all entities face many challenges. They need to rapidly transform to ensure that they address the difficult operating environment of the 2020s.
To do this, they are increasingly using technology and data. Data-driven insights are essential to enable management to react quickly and take decisive action. That action is across an increasingly broad horizon, as stakeholders require disclosures that cover not only financial objectives, but also those that address non-financial areas such as actions in relation to climate change and human capital.
The purpose of internal control
The survey respondents had a strong alignment to the IIA’s Three Lines Model demonstrating the interrelated governance roles of the board, management, and internal auditors to assure and achieve effective internal controls over financial – and more recently – sustainability reporting. Yet as entities undertake their transformational journeys, so a key skill shortage among those enacting the internal controls was highlighted. 50% of survey respondents ranked this as a key issue.
Transformation is an on-going activity for many entities. The report comments that there is a need to ensure that internal control and risk-management frameworks are agile and fit for purpose in a business environment that is increasingly expanding in scope with rapidly evolving technologies such as Cloud computing, artificial intelligence, blockchain and process mining. Non-financial disclosures are increasing being brought into the scope of internal control, which brings its own implications.
The nature of rapid change requires adaptive and agile leadership and project focus. Internal control must be integral to these advancements. The application of technology is also evolving as entities embrace the ‘fourth industrial revolution’ and connected technologies.
It is a change not only in the nature of control but a shift from a more static view to one that focuses more on near-real-time data flows, continuous and automated. 52% of respondents highlighted that increased data flows had improved their internal controls. There is also recognition of shared objectives, such as those concerned with governance over the integrity of data, and alignment to a dynamic risk culture that reacts to rapidly evolving operating models.
The skills mix required to address internal control is shifting and requires a broader range of expertise than may traditionally have been the case across all functions focused on internal controls.
1. The evolution of technology and control means that the gap in the skill sets of those involved in internal control are significant issues.
2. Technology will continue to advance and there is a risk that internal control becomes ineffective if it does not embrace the changes and automate where appropriate.
3. If non-financial reporting is to be included within the scope of internal control, then there is a need to understand the implications.
4. There needs to be an investment in the technology and data skills of those charged with internal control.