cannot GET (401)

Best in Class Practices in the Audit Function


To provide a landscape scan of best in class practices in the audit function (for both banks and non-banks), including case studies and examples. Specifically, this will include a summary of best in class practices for an audit function , innovations in the audit space , and case studies on best in class audit departments. This information will be used to determine what a best in class audit function should look like.

Early Findings

Best in Class Practices For an Audit Function

  • Continuous risk monitoring is one of the best practices for a world-class audit department. Risks need to be constantly reassessed, and audit plans revised to reflect the changing risk environment. For this to happen internal auditors need to receive and provide risk updates in real-time.
  • Concise audit reporting is one of the best practices for world-class audit units. Internal auditors should seek to understand what the board and management need to know, and why to provide audit reports that are of maximum value to all stakeholders.

Innovations in the Audit Space

  • Innovative internal audit groups have been actively adopting agile methods. Agile methods aim to reduce costs and time to delivery while improving quality.
  • Many internal audit units have embraced the internal audit trend of advancing toward robotic process automation (RPA) and cognitive intelligence (CI) tools to drive efficiency, expand capacity, boost quality, and extend audit coverage.
  • Cognitive technology or artificial intelligence can plow through large tracts of data and perform digital analysis in a way that is impossible even with a large team of auditors. Technology transformation is the third most important consideration for impactful internal audit departments according to the 2019 KPMG Internal Audit report.

Case Studies of Best in Class Audit Departments

  • Epiroc develops and produces innovative equipment, consumables, and services for the mining and infrastructure industries in more than 150 countries and has annual revenues of $4.4 billion.
  • Epiroc's audit team audits around 40 entities per year, with audit work conducted both onsite and offsite.
  • In 2018, the audit team adopted HighBond to automate their control self-assessments and risk assessments. As a result, audit reports that were previously finalized after 4 weeks are now finalized onsite and form part of the closing meeting during the week of the audit.

Proposed next steps:

You need to be the project owner to select a next step.