Internal Audit and the Internet of Things


The world may be connected by tangible bridges, roads and pathways but since ‘smart’ became the adjective for everything from our cars and phones to essentially the way we manage our households (cough) Alexa; connectivity has redefined itself. The Internet of Things (IoT) applies to any system, app, device or platform connected to the web making for a more interlinked society than has ever existed.

This of course creates opportunities and by extension, risks.

Internal auditors are an integral cog in the wheel of defence against the potential for hacking, cyber crime and privacy issues that come with living in a world that hinges itself on the power of the internet. It is the responsibility of those working in internal audit to monitor the IoT landscape closely so as to identify and prevent those areas of risk from impacting on the business.

The digital disruption of the IoT is moving intensely faster than its innovative predecessors which once upon a time would slowly transform an industry over a number of years. Speed of business is a fact of modern life and something internal auditors need to be able to keep pace with in order to be effective. The work of auditors is utilising technology more than ever both due to the IoT and with the advent of machine learning, AI and automation. Thus candidates coming into the internal audit space must be able to demonstrate the relevant knowledge of how to apply the technology in practice.

From the technical to the strategic, there is now a greater expectation for internal auditors to take on a more strategic business partner role in their organisations. That ‘trusted advisor’ function is more than just a buzzword thrown around the audit piece; it in fact defines the type of individual companies and stakeholders require to fill an internal audit role. The internal audit team are a key component in evaluating strategic risks affecting the business, cue those presented by the IoT. Businesses are relying on their internal audit function to raise the areas of opportunity associated with the IoT as well as the potential risks.

It is up to the internal auditors to determine that their management is employing efficient practices for identifying, evaluating and responding to financial and operational risks. Candidates, therefore, who can hold a conversation with C-level people and who have a solid understanding of the business will be most in demand. The focus of internal auditors needs to be on the “’solution’ level of the continuum” according to a white paper published by global consulting firm, Protiviti. How they can add value in this way is to facilitate positive change and internal best practices around the new risk that the IoT represents.

Referred to as the fourth industrial revolution, the Internet of Things is at its core a digital disruption and one that could rejuvenate the old school mentality within which internal audit has long been compressed. The challenge for both audit and compliance professionals is the speed at which the Internet of Things is evolving, as the associated risks and controls advance along with it. Internal auditors need to stay ahead of the curve and keep up with the developments of the IoT in order to spot the indicators of change and its related impact on their organisation.

It is impossible to predict definitively how the Internet of Things will shape the face of business, just as we couldn’t have foreseen how the Internet itself would transform the way of doing things. However, as far as working in internal audit alongside this digital disruption, it is simply a test of the fundamental skills required. The IoT will encourage more strategic thinking, greater business acumen, effective relationship management and a more agile internal auditor.

Back to article list