THOUGHT LEADERSHIP | THE INFLUENCE OF ARTIFICIAL INTELLIGENCE ON THE FUTURE OF THE INTERNAL AUDITING PROFESSION IN SOUTH AFRICA: PART 1 of 2
Context and background
We are at the cusp of the fourth industrial revolution. The world has already borne testament to the disruption of entire industries by non-conventional competitors. Uber has disrupted the taxi industry without owning a single vehicle while Airbnb continues to disrupt the hospitality industry without owning any real estate. Organisations are therefore compelled to continually scan the environment and strategically position themselves to effectively respond to these disruptions.
Of equal importance, is the discovery of innovative ways to extract and unlock additional value for stakeholders by enhancing efficiencies through the automation of processes and transformation of business and operating models.
The progress and advancements in Artificial Intelligence (AI) brings with it a plethora of opportunities and innovative solutions. For instance, AI can be used to predict heart attacks, convert an image of food into a listing of ingredients, lip-read, outsmart world poker champions and provide customer service. Organisations are more frequently showcasing AI capabilities in their product and service offerings as well as acquiring AI start-ups to facilitate and accelerate innovation.
Against the backdrop of these advancements is a key societal implication; namely, the displacement of professions.
Researchers predict that professions will be transformed across the globe and that professions which are primarily routine or predictive in nature are not the only ones that may be at threat. Skilled professionals such as lawyers, pharmacists and scientists are at risk of being made redundant. Consequently, other professions which require professional judgement, such as internal auditing, could be made redundant and therefore displaced.
The purpose of this research was to explore the influence of artificial intelligence (AI) on the future of the internal auditing profession in South Africa (SA). This was conducted by focusing on the following three areas:
Research design, methodology and approach
The research adopted a qualitative approach using semi- structured interviews. A purposive sample of 12 Chief Audit Executives (CAEs) spread across various industries was selected. Table 1 below summarises the profile of the CAEs interviewed.
These CAEs have experience and exposure to the following industries: financial services (banking, insurance, asset management, and pension, provident and retirement funds), transport and logistics (freight, passenger and aviation), hospitality (casinos and hotels), media and advertising, petroleum, retail, healthcare, pharmaceutical, telecommunications, consumer goods, mining, manufacturing, information, communication and technology, and real estate.
Thematic analysis was used to analyse the interview data.
Transforming to an automated internal audit approach
Interviewees have seen many transformations in their tenures from laborious and tedious manual internal auditing approaches to largely sophisticated and efficient processes. Notable enhancements identified by them include:
- The use of automated working papers which facilitates the audit fieldwork and review processes, expedites audit report preparation, and creates an electronic database of past engagements which is easily accessible for future reference.
- The integration and adoption of other technologies to enhance audit efficiencies such as drones to conduct stock counts or assist with insurance claims.
- The implementation of continuous auditing methodologies with the idea of moving into real-time assurance
- The proliferation and use of data analytics software (e.g. SAS and IDEA) which allows internal auditors to test entire populations instead of samples. This is however dependent on whether the data is available, and that data integrity can be ensured. The resultant benefits are threefold:
- enhanced assurance coverage and quality with a move to provide absolute assurance (within certain parameters) as opposed to reasonable assurance;
- the reallocation of resources in focusing their efforts on other matters, or limiting focus to the exceptions and outputs that are derived from the data analytics; and enhanced audit turnaround and subsequent cost savings.
The above-mentioned enhancements are limited to internal audit’s budget and resources, and to the extent that the organisation being audited has digitised their processes. The view is that data analytics is the starting point leading into continuous auditing methodologies and eventually reaching the AI spectrum.
Understanding and appreciating the capabilities of AI
Participants were of the view that the current influence of AI on the internal auditing profession within SA is still in its infancy and thus has not made an impact in a meaningful way, if at all. Consensus was that there will be a significant change in the foreseeable future with these types of “disruptive technologies” as it is a topic that has been gathering momentum and piquing interest from the internal audit community and the organisations they serve. There is also uncertainty as to how AI can be practically embedded within the internal auditing profession.
All participants stated that internal auditors do not yet understand and appreciate the capabilities of AI, from being a possible disrupter of the profession to how it can be leveraged in enhancing work performed by internal audit, as well as from an organisation’s perspective.
Consequentially, internal auditors are not yet equipped to utilise AI within their processes, or from the organisation’s perspective, to identify AI specific or related risks. Participants conceded that risks currently affecting their organisations, at a strategic and operational level, are being reported to the respective committee(s) and the board. These risks do not necessarily present as a line item on the risk register titled “AI risks” but are indirectly manifested through other risks reported e.g. the advancements of competitor technologies as a risk to the organisation’s business model, through Information Technology General Controls (ITGC) reviews, and other specialist IT engagements.
Some participants stated that the role, experience and qualifications of an internal auditor will inevitably change. Other’s views differed in that internal auditors are internal control specialists and not necessarily specialists in other disciplines, hence these specialist skills need to be outsourced or co-sourced. Moreover, internal auditors need to leverage the collective intelligence within their organisations, while maintaining independence and objectivity. What this means is that the first, second and third lines of defence need to be consulted in assisting with risk identification and mitigation strategies. It becomes much easier to sell internal audit as a value-add by working in collaboration and as a collective. Such processes optimise combined assurance efforts. In sum, to be able to provide an acceptable level of assurance, the right people with the right skills should be a requisite.
Further, internal audit should be involved in their organisation’s projects by questioning and challenging management on new systems, technology and processes, and the impact that these may have on the overall internal control environment. Assurance can be provided pre- implementation and post-implementation. Being involved in these projects affords internal audit the opportunity to gain a deeper understanding of new processes, their controls and whether they are adequate and effective in terms of risk mitigation and achieving its desired objectives.
The possibility of AI conducting internal audit engagements
Many participants agreed that AI will be more independent, unbiased and impartial in conducting internal audit engagements than humans. If designed adequately, AI provides an enhanced, more efficient output as opposed to an individual who may be fatigued or even distracted during the audit fieldwork process translating to certain instances of control failure or non-compliance being inadvertently overlooked. They did however caution on the following:
- The AI capability will need to be programmed by a human which may raise independence and objectivity concerns if that individual is not from the third line of defence i.e. an independent third party. The “rule setter” or “algorithm programmer” thus needs to be meticulously vetted and selected.
- AI will provide results based on how it was set up. AI generates outputs only on what it has been programmed to do. The question remains, will the algorithms cater for all eventualities?
- AI can be useful in enhancing the quality of a review but at some point, human judgement, due care and professional scepticism will be required to form an opinion or draft a conclusion.
Lastly, internal audit essentially reviews the processes and systems within the organisations they service, hence internal audit is expected to stay close to organisational developments, and if the organisation itself has not reached a level of maturity in terms of adopting AI capabilities, then internal audit cannot lead on AI matters if the organisation itself is lagging.
About the researcher and supervisor
Shuaib Jooman is the Governance Lead at GRIPP Advisory operating out of the Johannesburg office. He has, and continues to deliver, internal audit, risk, compliance, governance and board advisory engagements across various industries including financial services, logistics, FMCG, retail, hospitality, gaming, manufacturing and media. He has consulted both locally and internationally in both the private and public sectors. The inspiration behind his research stems from his internal audit experiences and how the profession has transformed over the years and continues to evolve as the lines are being blurred between human and machine.
Professor Yaeesh Yasseen is the Head of the Accounting Division in the School of Accountancy at the University of the Witwatersrand, Johannesburg. His research area extends to the creation of value added knowledge that fosters integrated thinking in both the accountancy profession as well as its stakeholders.
This thought leadership piece was adapted from a research article submitted to the Faculty of Commerce, Law and Management, University of the Witwatersrand, in partial fulfilment of the requirements for the degree of Master of Business Administration (Protocol number: WBS/BA0407882V/993). Images by Gerd Altmann and Pete Linforth from Pixabay.
Researcher: Shuaib Jooman | Supervisor: Professor Yaeesh Yasseen