Transforming

Internal Audit
and Control
through Digital
Innovation
How Internal Audit and Control
functions can embrace digital innovation
and leverage opportunities presented by
the pace of technological advances.

October 2022

home.kpmg/ng
Glossary
ACA Associate Chartered Accountant

ACCA ACCA Associate Chartered Certified Accountant

BAL Business Assurance Leader

BI Business Intelligence

CA Continuous Auditing

CFO Chief Financial Officer

CM Continuous Monitoring

CA/CM Continuous Auditing and Continuous Monitoring

CAATs Computer-Assisted Auditing Techniques

CIA Certified Internal Auditor

COE Centre of Excellence

COVID-19 Coronavirus Infectious Disease

DA Data Analytics

IA Internal Audit

IC Internal Control

IT Information Technology

RPA Robotic Process Automation

SOX Sarbanes-Oxley Act (SOX)

Transforming Internal Audit and Control through Digital Innovation 2

Table of Contents
Glossary 2

Foreword 4

Introduction 5

Internal Audit and Control Now versus the Future 6

01

02 Digital Innovation benefits for IA and IC 7

Digital Innovation enablers for IA and IC 9

03

04 Digital Innovation Challenges and Solutions 15

Conclusion 19

How KPMG can help 20

Contacts 21

Transforming Internal Audit and Control through Digital Innovation 3

Foreword
To continue to deliver value to their stakeholders in this digital age, Internal Audit (IA) and Internal Control
(IC) functions need to review their delivery model to keep pace with technological changes happening within
their organisations. IA and IC must innovate and transform into agile, multiskilled, and technology-enabled
functions.

As technology advances and changes the way Design and Implementation of Data-enabled Internal
organisations conduct business, the mandate of Audit Transformations for clients across sectors within
Business Assurance functions remain the same – to Nigeria.
continue adding value to their organisation. To achieve
this, they must constantly adapt to the pace of KPMG Nigeria supports IA and IC functions on their
technological changes within their organisations and a digital innovation journey with a variety of solutions,
failure to do this would bring about a ‘value-gap’ where whether on strategic, tactical, or operational level
the Business Assurance functions are unable to provide considering the function’s current state and desired
value that aligns with the organisation’s growth pace. future state.

In this publication, we outline KPMG Nigeria’s vision Are your IA and IC functions ready to embrace digital
on the future of Internal Audit and Control, the benefits innovation?
of digital innovation in transforming the IA and IC
functions to achieve the desired future state, and Enjoy the read!
technology enablers to get the functions started on their
transformation journey.

From our interactions with Business Assurance Leaders

within the Nigerian landscape, we have identified
common challenges IA and IC functions may face when
embarking on their digital transformation journey. In
this publication, we have addressed some of these and
proffered possible solutions.

Much of our insights are garnered from our experience

carrying out out-sourced and co-sourced independent
Tomi Adepoju
Partner and Head,
Internal Audit reviews, Quality Assurance Reviews (QAR) Risk Consulting
of Internal Audit and Internal Control functions, and KPMG in Nigeria

Transforming Internal Audit and Control through Digital Innovation 4

Introduction
Despite increasing innovation and technology-driven
digital growth within organisations, Internal Audit (IA) and
Internal Control (IC) functions are still playing catch up in
many areas. These core Business Assurance functions
are sometimes slow to realise the changes and digital
evolution happening within their organisations, and still
deploy traditional methodologies and solutions that
cannot efficiently provide the needed assurance at the
velocity of change within the organisation.

Without a change in approach, the IA and IC functions

may lose alignment with the organisation’s strategic
direction and ability to provide assurance over emerging
risks arising from the adoption of new technologies. This
may ultimately result in a ‘Value Gap’. From a survey of
400 Chief Finance Officers (CFOs) and Audit Committee
Chairs conducted by KPMG, only 5% of the participants
responded that they received insights on “informed
perspectives on emerging risks” and 36% of them rated
it as a ‘most valuable to receive’ insight1.

In addition, IA and IC functions are increasingly expected

to add value to organisations and stakeholders in ways
that are beyond the capabilities of the traditional model,
as stakeholders continuously demand a more efficient
and agile assurance process, especially in the ever-
evolving business landscape.

This demand has increased since the advent of the

COVID-19 pandemic. Not only are IA and IC functions
tasked with identifying, assessing, and monitoring
the risks related to increasingly complex pandemic-
driven arrangements, disruptive technologies, events,
and regulatory environments, they must do so with
smaller budgets, fewer people, in a remote working
environments, and at an accelerated pace.

Considering all these, IA and IC functions need to review

their delivery model to deliver greater value to their
stakeholders. To do this, these functions must innovate
and transform into an agile, multiskilled, and technology-
enabled function. Failure to act will lead to enterprise
risks outpacing the IA and IC’s skills and capabilities.
Taking action, however, will position the functions to
create and deliver value to their stakeholders.

1
Seeking value through Internal Audit, KPMG International

Transforming Internal Audit and Control through Digital Innovation 5

01

Internal Audit and Control

Now versus the Future
A comparison of the current state of Internal Audit and control vs the future state is described below.

Now Future

Internal audit and control prioritise future-

Cyclical and regulatory compliance focused emerging risk reviews and higher-
audits take priority. impact operational reviews that drive value
to the business.

Audit plan is responsive to disruption

Annual audit plan quickly becomes and flexes to meet shifting strategic
irrelevant as the business changes. demands.

Majority of audit and control work

Audit and control work is primarily is enabled via data, analytics, and
manual. automation.

Audits are based on small, random samples. 100 percent audit coverage.

Lengthy, written reporting on findings.

Concise, visualised reporting on impact.

Most internal audit and control professionals have The internal audit and control teams
audit expertise only. possess a mix of business, audit,
technology, and analytics skills.

Audit frequency is quarterly at best.

Continuous, real-time auditing and control
monitoring is a reality.

Internal audit and control are often left out of Internal audit and control are included in
strategic discussions. high-level conversations with the board and
C-suite.

Transforming Internal Audit and Control through Digital Innovation 6

02

Digital Innovation benefits for

IA and IC
Business disruption - and the resulting competitive the years ahead. The traditional “Three Lines” model is
pressures are compelling IA and IC functions to being challenged by the scale, scope and pace of these
transform how they work and where they focus. The technological changes and Business model disruptions.
traditional roles and activities that these functions For example, more than 50% of CFO’s and Audit
perform today might not be relevant in the future as Committee Chairs who participated in a KPMG survey
organisations are transforming increasingly complex opined that the IA function needs to be able to match the
business activities by leveraging technology solutions. sophistication and complexity of their audit targets2.
As it is, only a few IA and IC functions today are
adequately positioned for the task of providing assurance
over the multifaceted, dynamic, and data-rich operating
environments expected to become more prevalent in

20th Century 21st Century More than 50%

Internal Audit Internal Audit of executives say
that internal audit
Focuses on objectivity The rapid pace of needs to...
in a role to detect change demands that
weaknesses in internal audit work – Be more diverse in
how effectively the with the business to skills and activities
organization manages embed the risk and
risk, usually by performance mindset – Be more proactive
comparing against a into new process and with stakeholders
defined standard. technologies as they
are implemeted. – Be able to match
the sophistication
Internal Audit creates and complexity of
monitoring solutions audit targets.
adopted by the
business blurring the
boundaries between
the first and second
lines.

Digital innovation is a critical way for IA and IC functions to up their game. Below are some benefits that the
functions stand to achieve with digital innovation:

Agility
Change is inevitable in business, with technological change the most forceful of all. IA and IC functions that will
remain relevant and successful through the adoption of digital transformation will be agile—able to change their
approach and focus quickly and on a timely basis in line with current business needs.

2
Seeking value through Internal Audit, KPMG International

Transforming Internal Audit and Control through Digital Innovation 7

Increased efficiency and effectiveness
Robotic Process Automation (RPA) is one technology that will prove critical to improving the efficiency and
effectiveness of IA and IC, especially around reviewing operating effectiveness of controls. Control activities, including
monitoring and testing, are typically a significant operational expense for businesses. Automating these manual, labor-
intensive processes with RPA can save time, money, and improve bottom-line results. 71% of 400 CFOs and Audit
Committee Chairs surveyed by KPMG inferred that effective and efficient audits are important to them3.

Increased assurance
Digital transformation will improve IA and IC’s ability to quantify results to management. Dashboards and
visualisations bring key findings to the forefront in a way that’s quick and easy to explain, explore, drill down, and
ultimately act on. IA and IC will be able to pinpoint anomalies in the data that may point to potential problems down
the road and may even prevent them. These insights will help Business Assurance Leaders identify the highest risk
areas and improve audit and control focus, making the IA and IC functions far more dynamic, relevant, and effective.

A more strategic positioning

Automating manual and routine tasks and eliminating duplicate work through digital transformation will free up
auditors and control officers for higher-level critical thinking.
IA and IC functions will employ strategies for layering their activities ranging from routine and repeatable to complex
and bespoke, e.g., leveraging automation for assurance in areas of “routine” risk and control monitoring while
deploying dynamic and agile-based approaches for more complex business problems. Beyond traditional audit and
control reporting, IA and IC will also be able to provide the business with a holistic view that controls are working, and
risks are being managed effectively.

Other likely outcomes that IA and IC functions stand to achieve with digital innovation include -- reduction of risks,
enhancement of controls monitoring, improved risk assessment, capacity creation and costs reduction. Repetitive
tasks and time-consuming tedious activities are reduced, and staff are provided with more concrete data for decision
making; hence they can focus on higher-value activities such as performing deep dives into root causes, exceptions,
and anomalies. In the long run, it makes companies profitable and increases staff satisfaction and productivity.

3
Seeking value through Internal Audit, KPMG International, 2016

Transforming Internal Audit and Control through Digital Innovation 8

03

Digital Innovation enablers

for IA and IC
Having established the benefits of digital innovation, what technology enablers can IA and IC adopt in closing the
value gap? Digital innovation can be adopted to transform IA and IC through the investment and use of a combination
of some of the following technologies:

Continuous
Data Analytics & Auditing and
Business Continuos
Intelligence Monitoring
(CA/CM)

Intelligent
Automation

Data Analytics & Business Intelligence

Data Analytics is an analytical process by which insights leveraging data analytics also accommodates the growing
are extracted from operational, financial, and other forms risk-based focus on fraud detection and regulatory
of electronic data internal or external to the organisation. compliance.
These insights can be historical, real-time, or predictive
and can also be risk-focused (e.g., fraud, asset Data Analytics is not a new answer to the need for
misappropriation, policy non-compliance and regulatory increased quality, efficiency, and value generation in IA
breaches). and IC. Traditional analytics approaches i.e. leveraging
Computer Assisted Auditing Techniques (CAATs) to
With data analytics, organisations can review every perform stratified sampling, are commonly seen across
transaction— not just samples—which enables a IA and IC functions and although the basic concepts have
more effective analysis on a greater scale. In addition, remained the same, the practices of leading IA and IC

Transforming Internal Audit and Control through Digital Innovation 9

functions have been forced to evolve rapidly to keep pace to cover significantly more risks with fewer resources
with their organisation’s evolution in response to market, and in a remote working environment. While analytics will
economic, and environmental changes. never replace the judgment and skepticism of an internal
auditor, it can be crucial in enabling them to perform
Leading IA and IC functions have adopted frameworks detailed procedures over complete populations and in-
that address the four elements of successful Data depth complex assessments.
Analytics implementation – data, tools, people, and
processes, which are combined to offer increased quality The following is a model data analytics process for
and efficiency. These efforts can dramatically increase the leveraging data analytics within an internal audit project:
audit quality and efficiency, allowing IA and IC functions

1 2 3

Define the audit Determine what analytics Identify relevant IT

objective(s) are relevant in achieving systems and assess
the audit objective(s) availability and quality
of data

4 5 6

Include analytics Develop analytics (i.e., Acquire data (i.e., extract,

work steps into Data script, program, etc.) transform, load process)
Analytics enabled
work programs

7 8 9
Run analytics and Confirm the results of the Validate results of
perform initial analytics support achieving analytics with business
validation of results to the audit objective(s) and owners
identify data and/or revise, abandon or rerun
logic flaws analytics as necessary

10 11 12

Report findings and Report findings and Deep dive on the root
recommendations to recommendations to cause of identified
business owners and business owners to exceptions
management management

Business Intelligence (BI) tools, such as Microsoft and other visuals that accurately communicate insights
PowerBI,Tableau, and Qlikview, significantly reduce from the underlying data in dashboards and reports.
the complexity of the end-to-end data and analytics Apart from BI tools, other Audit-specific data and
process, by simplifying the extraction, transformation analytics tools such as Caseware Idea, and Galvanize
and processing of large amounts of structured and (ACL) can be used for data analytics. These tools have
unstructured data from a variety of source systems and an added advantage of providing template scripts
databases. BI tools help prepare data for analysis and for common audit reviews and checks, which can
extraction and presentation of actionable insights through significantly improve efficiency.
reports, dashboards, and data visualisations. These tools
can combine a broad set of data analysis and data mining In KPMG Nigeria, we provide internal audit and internal
modules for cleaning and modeling data and they also control co-sourcing and out-sourcing services to a
include data visualisation modules for designing charts growing number of clients, many of these engagements

Transforming Internal Audit and Control through Digital Innovation 10

within a short timeframe, and in hybrid working environment within minutes, with little to no human
environments. We are only able to achieve such coverage assistance or environment re-configuration to identify
by deploying automated analytics scripts and ETL critical control gapes and audit exceptions such as;
routines with pre-built analytics workflows for common duplicate purchase orders and payments, three-way-
processes ranging from Procure-to-Pay, Order-to-Cash, match circumventions, unauthorised procurements
Record-to-Report, Payroll etc. with support for multiple or adjustments, fictitious journal postings, transaction
ERP environment such including SAP, Oracle, Microsoft splitting, segregation of duty violations, early payments,
Dynamics, Sage etc. For example, our Procure-to- vendor master data quality issues etc.
Pay scripts can be deployed on-demand in an SAP

Continuous Auditing and Continuous Monitoring (CA/CM)

Continuous Auditing (CA) is the collection of audit control effectiveness or operational performance. Fast
evidence and indicators on information technology forward to a CA/CM approach where control objectives
(IT) systems, processes, transactions, and controls are codified into risk indicators and audit triggers and
on a frequent repeatable, and sustainable basis while CA/CM tools review organisational data in real-time to
Continuous Monitoring (CM) is a feedback mechanism measure the effectiveness of these controls, providing
used to ensure that controls operate as designed and live notifications and dynamic dashboards to IA, IC and
transactions are processed as prescribed. This monitoring risk owners when control breaches occur.. This approach
method is the responsibility of management and can becomes much more comprehensive, providing a
form an important element of the internal control holistic view of transactions and risk, and also gives
environment. the organisation the ability to respond to these risks
immediately, as opposed to only waiting for an audit
Continuous Monitoring feedback can be used for cycle to detect audit exceptions that may have crystalized
Continuous Auditing leveraging historical transactional in the past.
and operational data, statistical analysis, machine learning
and data visualisation to disaggregate large volumes At KPMG Nigeria, our CA/CM tool integrates data
of data, identify anomalies in business processes and analytics, data engineering, cloud and business
predict risk events in real-time. intelligence techniques to deliver greater insights to
clients’ Internal Audit & Internal Control processes and
CA/CM tools provide real-time insights from help mitigate risks. This tool tracks changes to known
organisational data and provide to the IA and IC functions and emerging risks, and control gaps, as well as identify
as well as key stakeholders such as Senior Management areas for performance improvement and strengthens
and the Audit Committee. CACM tools are also important internal controls. For example, with in-built rules, and the
in the Internal Audit fieldwork; performance and risk flexibility to add custom rules, our CA/CM tool can review
indicators tracked by the CA/CM dashboards would serve historical transactions, to highlight exceptions over a
as the basis for a more informed dialogue with the key period, the tool can also review transactions in real-time
stakeholders on evolving risks within the business. to provide organisations with the ability to respond to
Consider a traditional audit approach, which is based on a exceptions in real-time before they materialize, as well
cyclical process that involves manually identifying control as provide indicators that point to occurrence of future
objectives, assessing, and testing controls, performing exceptions.
tests, and sampling only a small population to measure

Rules based Analytics – Past performance

Retrospective review of all payments to

highlight transactions which are not in
accordance with the contractual terms. This
includes the identification of suspicious /
erroneous payments e.g. duplicate payments, Detect
split invoicing to circumvent controls
Real-time Analysis - Continuous Monitoring

Improving the quality of ‘information data’

provided by suppliers.
Deter Implementing a near/real-time solution that
detects anomalous transactions before they
are paid - enabling you to identify and deal with
Predictive Analytics – Predicting future issues as at when they happen.
issues

Using predictive analytic techniques to identify Prevent

the subtle indicators of future issues. This may
include:
- Key suppliers that are having financial
difficulties
- Likelihood of fraudulent activity

Transforming Internal Audit and Control through Digital Innovation 11

The application of continuous auditing and continuous monitoring is a powerful way to eliminate repetitive activities in
the audit process while providing richer insights. Here are sample leading practice questions to consider if you intend
to implement CA/CM:

The benefits of implementing a continuous auditing and continuous monitoring include:

•  ringing together data from disparate ERP’s into a single platform for a more holistic, enterprise view of risk and
B
controls.

•  elivering regular insights into the status of controls, performance, processes, and transactions across the
D
enterprise, reporting value to C-level management and the board, thereby ensuring data driven decision making.

•  ssist Internal Audit & Internal Control in monitoring the risks prevalent within the organisation, allowing for a
A
“continuous risk assessment” of areas for audit focus.

•  nhancing surveillance and overall risk and control oversight capability through early detection and continuous
E
monitoring.

•  llowing management and Internal Audit & Internal Control to shift their focus from traditional retrospective/
A
detective activities to proactive/preventive activities in order to reduce the risk of fraud, errors, and misconduct.

Transforming Internal Audit and Control through Digital Innovation 12

Intelligent Automation
Intelligent automation represents the overall umbrella the technology is becoming more affordable, even as
of technologies that enable the transformation and it becomes more powerful and advanced. Second,
automation of business processes by leveraging any organisations can now integrate RPA applications such
combination of software robotics, cloud, artificial as UiPath, BluePrism and Automation Anywhere more
intelligence and smart machines. It is comprised of efficiently within existing processes and technology
robotic process automation (RPA), cognitive automation infrastructures, increasing the speed of deployment for
and is enabled by rules based macros, artificial these types of solutions.
intelligence and natural-language processing.
These RPA tools consists of modules or activities such
At its most basic level, robots automate the steps in a as rule-engines, process workflows, computer vision and
process by leveraging rules to mimic human actions. optical character recognition (OCR), citrix automation,
At its most complex level, cognitive systems draw on desktop automation, document processing, and web
historical data to handle exception processing, make scrapping modules etc.to automate manual and routine
judgments on behalf of the human. activities that follow clear-cut rules.

Robotic Process Automation (RPA), also known as digital Today’s RPA innovations have the transformational
labour, was once an intriguing but far-fetched idea, but it potential to increase the speed, operational efficiency,
has now become almost “a given” in many organisations. cost-effectiveness, control, and accuracy of daily
Today, virtually all business sectors are investing in RPA business activities and to empower skilled human
to automate manual work and IA and IC should not be professionals to generate more impactful insights,
left behind. enabling smarter decisions more quickly.
In Internal Audit, RPA can be adopted in all stages of the
Automation is not new, but several factors are converging audit life cycle. These include:
to drive the rapid adoption of RPA. First, the cost of

Fieldwork

Collation and Analysis of audit evidence - unstructured data

such as scanned documents, legacy desktop applications,
etc. as well as automation of audit reviews, i.e. Access
Control Reviews etc.

Audit Planning Reporting

Process flowchart and narrative Automated generation of text-based

creation and updates, and audit reports/dashboards based on a
Automated strategic analysis pre-defined format
reports etc

Risk Assessment Ongoing Monitoring

Continuous Risk Assessment, Enhanced tracking of audit activities

Control Self-Assessment and tracking the closure of open
items through automated logs and
reminders, etc

RPA use cases are very common in automating internal settlement reconciliations for Banks and FinTech’s, KPMG
control activities, for example reconciliation within Nigeria deploys automation solutions that automate
different processes serve as a critical control activity the end-to-end activities required to perform these
that can sometimes be laborious and time consuming. reconciliations for clients in an fast and effective manner
Form bank reconciliation, asset reconciliation, vendor and without breaking the bank.
reconciliation, stock reconciliation to industry specific These solutions have flexible workflows that can support
reconciliations such as ATM reconciliation, and different types of use cases and data sources, while also

Transforming Internal Audit and Control through Digital Innovation 13

making room for the human in the loop to ensure that human review are factored. Below is a high-level sample
activities that require human attention or second level approach for a rules-based robotic process automation:

Transforming Internal Audit and Control through Digital Innovation 14

04

Digital Innovation Challenges

and Solutions
The transformation of the IA and IC functions through integration with, the overall assurance objective/mandate
digital innovation is not a straightforward task. To get the and other related objectives.
desired results, Business Assurance Leaders need to From interactions with Business Assurance Leaders,
take the time to do the work required to support their some of the observed setbacks and challenges faced
functions in delivering the desired transformation. The in implementing digital innovation to transform their
application of the digital innovation tools can be very functions include:
helpful but will most likely be unsustainable if it is applied
in a stand-alone, ad-hoc fashion without linkage to, or

Effective articulation of technological benefits to IA and IC

Discussions with Business Assurance Leaders functions — particularly around risk and potential revenue
indicate that it is often a herculean task convincing the enhancement — this is not their primary concern. The
management of their organisations to invest in the most important factor is effectiveness and efficiency.
digitalisation of their functions. The reasons for this
may not be farfetched - IA and IC functions may not Business Assurance Leaders should work on amplifying
be articulating the benefits of digital transformation the importance of their respective functions to the
effectively. In addition, Management may be reluctant Management. They should be able to demonstrate,
to invest heavily if results cannot be measured measure, and communicate success effectively using
quantitatively. relevant Key Performance Indicators, targets, and more
qualitative indicators of success. It is also important
According to research, there is a gap in the value Internal that the functions are aligned with the expectations
Audit functions provide vis-a-vis what the companies of Management and report regularly in line with those
find valuable4. It is also quite clear that while companies expectations.
want measurable impact from their Internal Audit

4
Seeking value through Internal Audit, KPMG International

Transforming Internal Audit and Control through Digital Innovation 15

Data Availability and Quality
Data can be a major roadblock to the digital innovation in the changing business environment. While some
journey of the IA function. Several organisations others have the data required, they have not designed
do not have appropriate data to undergo the digital systems to properly maintain the data in good quality. The
transformation required for IA and IC functions to thrive main challenges with data include:

Data is a major part of the innovation journey and can The IA and IC functions can kick-start the transformation
be cumbersome to gather, especially if there is poor by modifying their processes to include technology-
enterprise data architecture. It makes the process enabled strategies. They should think of data first to
discouraging to Business Assurance Leaders looking to provide adequate time to identify data assets, request
embark on the journey. access, and gather an understanding before using them
in their processes.
These challenges can be addressed by the functions
establishing a Technology-enabled Program (a Data The functions should also meet regularly with IT
Strategy). IA and IC should define their data strategy to understand upcoming changes to systems or
and communicate same to Management. This strategy configurations, as a continual consumer of this data.
must be clear and aligned with the organisation’s overall It is important that IA and IC understand whether any
strategic objectives to help drive the initiative across the changes will impact their ongoing analytics efforts,
organisation. especially for CA/CM.

Cost constraints
The cost of embarking on a digital innovation journey is expensive even though it leads to significant cost savings
one of the biggest drawbacks of implementation. Without in the long run. All of these is coupled with the fact
proper information, the setup cost is assumed to be very that the Business Assurance functions are not revenue-

Transforming Internal Audit and Control through Digital Innovation 16

generating and might not get financial approvals for what solutions are immediately realised.
is not deemed ‘critical by management. It is also important that the Assurance functions pick the
Concerns around cost can be resolved through strategic right set of tools considering prevailing factors such as
investments in digital innovation technologies. It is the data sources from which data would be obtained, the
advisable for Assurance functions to deploy simpler control objectives, budget/pricing, scalability and agility of
innovation solutions at the onset and move on to more the tool, integration with existing software/solutions, etc.
complex procedures as the functions mature digitally.
This way, the evolution is gradual and does not require
huge investments at once, and the value from such

Technological Capabilities and Resources

Several organisations do not have adequate people To close the technology skills gap in IA and IC functions,
resources within the IA and IC functions with the depending on the organisational structure, size and short/
required skills to implement digital innovation. In long-term strategies, the Business Assurance Leaders
some cases, basic level analytics performed within should decide on a resourcing model they deem fit to be
these functions are outsourced (either contracted out best for their functions. A resourcing model that is both
to external parties or other departments within the cost-effective and efficient will resolve the challenges of
company). time and effort in training/up-skilling IA and IC Staff. The
following resourcing models can be considered:
62% of respondents in a survey of CFOs and Audit
Committee Chairs believe that technology skills are
essential for IA professionals .

Centre of excellence • Global consistency / central library of tests

vs. Local delivery • Local understand of privacy laws
• Efficiencies from scale

In-house cappability vs. • Ownership and control of staff

Outsource model • Flexible resourcing model
• Access to leading edge technology

Dedicated DA • Raising technology capability across IA

professionals vs Up- • Specialist skills are expensive to recruit
skilling the IA team • ‘Use or lose’ skills

Non-Financial Investment (e.g. time and effort) constraints

The digital innovation process can be quite cumbersome Developing a Data strategy and adopting a suitable
to execute at the early stage. The initial learning curve resourcing model are key ways to address this challenge.
may be steep as IA and IC Staff are being asked to do By adopting a phased and structured approach to digital
things differently from what they are used to. Business innovation, Business Assurance Leaders can properly
Assurance Leaders may be skeptical about investing the manage their resources to achieve digital transformation
required time and effort at the expense of meeting up without compromising audit and control quality.
with timelines and other responsibilities.

4
Seeking value through Internal Audit, KPMG International

Transforming Internal Audit and Control through Digital Innovation 17

Availability of Technical Structures
Organisations lack the technical structures required to The challenges being faced by the IA in embracing/
build and sustain digital innovation and keep up with the adopting digital innovation can be reduced to the bare
pace of technological changes. For example, there may minimum in the following ways:
be difficulties in integrating new technology solutions into
existing data management infrastructure.

Transforming Internal Audit and Control through Digital Innovation 18

Conclusion
IA and IC functions are faced with a difficult task: providing increased value and efficiency in an operating environment
that is constantly being disrupted by new operating models, organisational changes, external environment, and a
pandemic.

Leveraging digital innovation can provide immediate value, offering unique, value-added insights throughout the audit
process while simultaneously enabling auditors to cover more locations, more transactions, and more risks.

Transforming Internal Audit and Control through Digital Innovation 19

How KPMG can help
KPMG’s highly experienced and industry-focused methods, training, and technical infrastructure. With
internal audit professionals drive meaningful insights organisations being driven to do more with less, the
by leveraging business and data analysis. With deep internal audit function has become a prime candidate for
technical skills, regulatory knowledge, and business strategic sourcing.
acumen and empowered by technology that employs
intelligent automation, we help our clients innovate Our strategic sourcing service offering is designed to
approaches to achieve their strategic objectives while assist organisations seeking to improve internal audit
effectively assessing and managing business risk. quality and oversight, increase value while optimising
costs, enhance risk and controls management, and focus
Achieving effective internal audit capabilities requires on core competencies.
a significant level of investment in skilled resources,

Internal audit outsourcing services: We advise companies

on identifying critical business risks, implementing effective
controls and compliance processes, identifying better
practices, reducing the cost of operations, and realising profit
improvement opportunities. KPMG leverages progressive
and innovative approaches to deliver cost-efficient assurance
and tangible business improvement results, such as
Dynamic Risk Assessments, industry-specific audit offerings,
automation governance approaches and enablers, and data-
driven auditing.

Internal audit/ Internal control co-sourcing services:

Co-sourcing can provide the opportunity to tap into specific
skill sets, industry knowledge and global resources on an as-
needed basis. We can provide the specific skills needed on-
demand — achieving a level of flexibility that can be critical in
effectively dealing with a range of operational issues.

Data-enabled Internal Audit and Control Transformation:

We assist Internal Audit and Control functions on their Data-
enabled Internal Audit and Control transformation journey
by establishing a framework and developing solutions that
automate the tracking and reporting of prioritised controls
and risk indicators. This would allow Internal Audit and
Control functions to achieve in-depth and real-time coverage
of process controls across various processes.

Transforming Internal Audit and Control through Digital Innovation 20

Contacts

Tomi Adepoju
Partner and Head,
Tolu Odukale
Partner and Head,
Bimpe Afolabi
Partner,
Risk Consulting Internal Audit, Governance, Risk and Data and Analytics enabled Internal
KPMG in Nigeria Compliance Services Audit (DAeIA)
T: +234 803 402 0952 KPMG in Nigeria KPMG in Nigeria
E: [email protected] T: +234 803 403 5541 T: +234 803 409 7229
E: [email protected] E: [email protected]

Seun Olaniyan
Associate Director,
Stephen Sanwo
Manager,
Adeolu Taiwo
Experienced Senior Associate,
Internal Audit, Governance, Risk and Data and Analytics enabled Inter- Data and Analytics enabled Inter-
Compliance Services nal Audit (DAeIA) nal Audit (DAeIA)
KPMG in Nigeria KPMG in Nigeria KPMG in Nigeria
T: +234 812 831 8821 T: 01 271 8955 T: 01 271 8955
E: [email protected] E: [email protected] E: [email protected]

Contributors

Oluwakorede Odukomaiya
Associate,
Data and Analytics enabled Internal Audit (DAeIA)
KPMG in Nigeria

home.kpmg/ng
home.kpmg/socialmedia

© 2022 KPMG Advisory Services, a partnership registered in Nigeria and a member firm of the KPMG global organisation of
independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights
reserved.

The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.