Exploring Emerging Risks in Internal Audit

AuditBoard
11 Jul 202522:59

Summary

TLDRIn this episode of Speaking of Risk and Audit, Richard Chambers interviews Mike Levy, CEO of Cherry Hill Advisory and former VP of Internal Audit. They discuss Cherry Hill’s focus on emerging risks, AI governance, cyber risk, and preparing internal audit functions for the IIA’s new global standards and topical cyber requirement. Mike highlights common pain points—talent shortages, documentation gaps, and risk assessments done only at a point in time—and recommends co-sourcing, upskilling, and practical, documented approaches to quality assessments. He also explores AI’s dual role as a powerful productivity tool and a potential threat if used without proper training and controls.

Takeaways

  • 😀 AI has a significant role in internal audit, but it comes with both risks and opportunities. It can automate mundane tasks but requires expert oversight.
  • 😀 The internal audit landscape is evolving, with emerging risks such as cybersecurity and AI, making it challenging for auditors to stay ahead of the curve.
  • 😀 Internal auditors must not only identify and report risks but also recommend practical solutions, which requires a blend of technical expertise and strategic insight.
  • 😀 Upskilling and education within internal audit teams are vital to adapt to rapidly changing technologies and business landscapes.
  • 😀 The biggest challenge in internal audit is balancing technical expertise with strategic recommendations, ensuring both are aligned to deliver value.
  • 😀 Many internal audit teams face resource limitations, which makes the use of AI and automation tools critical to expand their coverage and scope of work.
  • 😀 AI tools, such as chatbots or documentation assistants, can significantly save time in repetitive tasks like reporting and observation formatting.
  • 😀 Relying on AI without the necessary foundational knowledge could harm internal audit's value within an organization, especially for early-career professionals.
  • 😀 Seasoned auditors have the necessary skills to validate AI-generated content, whereas less experienced auditors might blindly trust AI outputs, creating risks.
  • 😀 The future of internal audit hinges on effective training programs that ensure younger practitioners can use AI responsibly and enhance their decision-making processes.

Q & A

  • Who are the main participants in this podcast episode?

    -The podcast features Richard Chambers, Senior Advisor for Risk and Audit at AuditBoard, and Mike Levy, CEO of Cherry Hill Advisory and former VP of Internal Audit at Student Transportation of America.

  • What is Cherry Hill Advisory, and what does the firm specialize in?

    -Cherry Hill Advisory is a global risk advisory practice focused on emerging risk topics and internal audit quality. The firm works with chief audit executives to address challenges such as cyber risk, regulatory compliance, AI governance, and quality assessments under the new Global Internal Audit Standards.

  • What upcoming role will Mike Levy take on with the IIA?

    -Mike Levy will be joining the IIA Standards Board, where he will help shape and refine internal audit standards globally.

  • According to Mike Levy, what are the main emerging risks keeping Chief Audit Executives (CAEs) awake at night?

    -The top emerging risks include cybersecurity threats, AI governance, regulatory changes, and the ongoing talent shortage in the internal audit profession.

  • Why are many internal audit functions hesitant to adopt AI, according to the AuditBoard survey discussed?

    -Over 60% of survey respondents expressed that their hesitation stems from not fully understanding AI or how to implement it safely and effectively within their organizations.

  • How does Mike Levy recommend internal auditors start using AI?

    -He suggests starting small, using simple, secure AI applications within existing third-party platforms, and gradually building familiarity and confidence before implementing large-scale AI systems.

  • What are the benefits of preparing early for an external quality assessment (EQA) under the new standards?

    -Preparing early allows internal audit functions to move beyond compliance and use the assessment to demonstrate their strategic value, enhance quality, and better communicate their contributions to executive management and audit committees.

  • What are the new ‘topical requirements’ in the Global Internal Audit Standards, and why are they significant?

    -Topical requirements, such as the cybersecurity topical requirement, aim to create uniformity and consistency across audits of specific subjects. They complement existing frameworks like NIST or ISO by ensuring consistent quality and documentation standards.

  • What common issue does Mike Levy observe when internal audit teams try to comply with the new topical requirements?

    -Many teams already perform the necessary activities but fail to document them adequately, which can lead to nonconformance during a quality assessment. Proper documentation is essential to demonstrate compliance.

  • How should internal audit teams adjust their risk assessment processes to stay relevant amid fast-changing cyber threats?

    -Levy recommends moving away from annual, point-in-time risk assessments toward more continuous and dynamic assessments that reflect rapidly evolving risks such as identity-based attacks and deepfake frauds.

  • What strategies can CAEs use to address IT talent shortages within internal audit functions?

    -Levy advises using co-sourcing models to supplement in-house teams with external experts, while also investing in training and upskilling high-performing staff to build long-term technical capability.

  • What does Mike Levy identify as both the biggest promise and the biggest threat of AI in internal auditing?

    -He believes the automation and efficiency AI offers are its greatest promise, but overreliance without adequate understanding poses the biggest threat. Inexperienced auditors may misuse AI outputs, undermining audit quality and credibility.

  • How can internal audit functions responsibly integrate AI into their work?

    -They should ensure proper governance, data security, and training for team members, emphasizing critical evaluation of AI outputs rather than blind reliance, especially for early-career professionals.

  • What overarching message does Mike Levy convey about the future of internal auditing?

    -He emphasizes adaptability, continuous learning, and proactive engagement with emerging technologies and risks as essential for maintaining relevance and delivering value in a rapidly evolving landscape.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Browse More Related Video

All Things Internal Audit AI Podcast: Generative AI Uses for Internal Audit

7 Deadly Internal Audit Sins

Internal Auditor Interview Question 1

Kasus Materialitas dan Resiko Audit PPAk UGM | Kelompok E

Overview of testing internal controls

PERENCANAAN AUDIT - Strategi Audit Keseluruhan dan Program Audit

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
AI in AuditInternal AuditRisk ManagementEmerging RisksAI ChallengesTraining in AuditAudit PracticesTech ExpertiseRisk CoverageInternal ControlsAI Tools