”If a single word could be used to summarise the challenges facing today’s GRC audit departments, it would be ‘change’,” says Nick Rafferty, COO at SureCloud. “Those departments are in a state of constant transformation, being asked to perform more audits than ever before, and to look at areas including IT, operations, quality assurance and third parties. They are also being asked to provide assurance on business operations and risk management, to evaluate compliance, and to advise the organisation, all with limited audit resources. Meanwhile, the wider legislative and regulatory landscapes are growing ever more complex, forcing audit teams to add more tasks to their workload.
“Yet too many of them are still managing their processes in ways that simply don’t make sense, using manual documents, spreadsheets and email chains,” he adds. “This is cumbersome enough anyway, but, as audit’s responsibilities become broader and more complex, it becomes unsustainable.
“As a result, it’s vital that organisations take an agile approach to internal audit management that is fully scalable and flexible, enables accurate and comprehensive recording and reporting and, ultimately, will support the business now and into the future.
“An agile approach to audit management must respond to multiple strategic and operational challenges. From a strategic perspective, it must clearly align with the overall business direction and structure, and have senior management buy-in from the start. Too many audit programmes fail because they are treated as ‘add-ons’, rather than an integral part of overall business aims and objectives, or because the audit department is viewed as the ‘police’ of the organisation, rather than a critical driver of good practice and growth.”
Rafferty cautions that audits must be treated as part of a continuous improvement programme, “where feedback is garnered from the business after each audit exercise to feed into future activity and findings from each exercise are also turned into concrete business adjustments”.
Nick Rafferty, COO at SureCloud