5 Ways Internal Audit Departments Can Do More with Less

Like most organizations, internal audit departments are stretched thin, facing increased demands in complex, remote or hybrid environments. This challenge arises without additional resources or budget, compelling many departments to become creative and innovative to do more with less—a demanding task to say the least. External factors, such as supply chain disruption, ransomware attacks and increasing regulatory changes, have also placed more emphasis on the need for internal audit to evaluate the effectiveness of risk mitigation strategies for the organization.

With all these demands and tasks, what’s an internal audit department to do? Here are five ways that internal audit can do more with less.

1. Leverage Technology Better

While most internal audit professionals have already maximized the use of technology to streamline processes, it’s still worth noting and making a conscious effort to improve. From electronic workpapers to audit process automation tools and leveraging data analytics, internal auditors are no strangers to using technology to increase efficiencies. The increased availability of artificial intelligence and machine learning can also help to advance your internal audit practices and the continuous auditing methods available.

2. Save Time with Stop and Go Auditing

Stop and go auditing can be a timesaver for your department if your internal audit team can survive without producing a lengthy report. The theory is that if there are no significant risks and no major findings, stop the audit. Issue a one-page document that explains the scope, the period under review and lists “audit stopped, no significant findings” as the conclusion. You will save two weeks of discussion and debate on the report wording and the effectiveness of action plans for insignificant issues. This concept also aligns well with internal audit departments that use agile approaches.

3. Shift to Walkthroughs Only

Report on risks and internal control design only. Instruct the internal audit team to walk through one transaction with the process owner to document the process, understand the risks and evaluate the internal control design. Report on the walkthrough findings and leave it at that. The audit committee can determine whether or not to allocate the additional resources required to complete sample testing to validate internal control operating effectiveness.

4. Conduct Control Self Assessments

This certainly isn’t a new concept and should be revisited. A control self-assessment involves a methodical process for recording business objectives, risks and controls. It requires operational management and staff to evaluate the effectiveness of controls. Using an internal control questionnaire is one method that allows for simple data collection and analysis across the business and provides comprehensive insight into risk areas that require further investigation.

5. Reallocate Budget

It may be time to rethink your staffing strategy and consider reallocating some of the budget to a co-sourcing model. As employees leave the internal audit department, do not replace the newly opened position with a salary. Calculate the total cost of the employee and add to it the expenses of recruiting, interviewing, hiring, onboarding and training. Evaluate whether those funds could be better allocated on-demand and spread over a variety of business risk areas. Co-sourcing allows an internal audit department to tap into specialized talent that would otherwise be difficult to keep on staff internally. Think of it as support for internal audit departments on an as-needed basis that provides your team with budget flexibility.

These are just a few strategies that can be deployed in an attempt to do more with less in your budget. The bigger challenge may be to demonstrate the value internal audit provides to a company. If you need help making the argument with executive management or the audit committee, ask Sikich for help. Designing, organizing and managing internal audit requires alignment with your budget, scale, regulatory requirements, risk appetite and multi-dimensional needs. Let Sikich assist you in unlocking the full potential of your internal audit team.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author