EY colleagues working together on server control

How to create adaptive automated assurance across your organisation

Photographic portrait of Hasan Ali
Hasan Ali

EY UK Risk Innovation Hub Leader

10 minute read 20 Jan 2023

Automation has the power to transform assurance and risk; businesses must ensure they implement changes that deliver the maximum value.  

In brief:
  • Businesses are facing increasing pressures from hybrid working, talent shortages and regulation, which are impacting the internal audit function capabilities. 
  • Internal audit leaders should continue to seek opportunities to leverage automation to remove complexities, streamline processes and enhance business value. 
  • By deploying strategic and tactical solutions, risk teams can develop agile processes and governance structures that can support accelerated transformations. 

Automation technologies are continuing to drive value across industries. We have seen various automation advancements in the last decade with artificial intelligence (AI) and machine learning – organisations need to think about how they deploy automation systems that can not only drive value and competitive edge but can be scaled for future growth. Adaptive automation provides an effective combination of human and machine capabilities: the control of tasks can shift between the user and the system dynamically and the level of automation can be adapted in real-time. By creating adaptive automation, businesses can improve productivity in response to changes in situations or human performance, driving operational efficiencies and realising the full business value of an automation solution.

Related article

Will the future of talent be shaped by the flow of an untethered workforce?

Work is less connected to old ideas of career, rewards and workplaces. Explore the EY 2024 Work Reimagined Survey for keys to a Talent Advantage.

Roselyn Feinsod + 2

    Against a backdrop of unprecedented market volatility, audit committees and chief audit executives are increasingly viewing risk management as a potential source of greater value. This is due to a number of key challenges businesses are facing, which adaptive automation could help address. 

     

    Primarily, the demand for flexible working practices has continued to grow, accelerated by the complex consequences of the pandemic. In fact, 80% of employees expect to work at least two days per week remotely, according to the EY 2022 Work Reimagined Survey¹. Whilst hybrid working comes with opportunities, it also presents challenges around cybersecurity and organisational culture. 

     

    Employees’ attitudes towards work and life have changed. This paradigm shift has played a large part in the ‘Great Resignation’ – a movement that has seen many employees quitting due to workload, poor culture, and lack of flexibility. This has created a new challenge where employee turnover is an increasing risk to completing audit plans and providing sufficient risk coverage. This, combined with a shortage of talent and the need to upskill for the future of work, means that talent development, retention, engagement, and succession planning have become considerable organisational risks.

     

    Proposed regulation has also further emphasised the need for the benefits of automation in a strong internal control environment. On 31 May 2022, the UK government’s response to the consultation on strengthening audit, corporate reporting and corporate governance systems, ‘Restoring trust in corporate governance and audit’², was published. Whilst legislation to implement relevant reforms is not expected until late 2023/24, some policy measures will be implemented through other regulatory interventions such as the UK Corporate Governance Code. 

    How EY can help

    In anticipation of more robust requirements, some businesses will need to achieve higher corporate reporting standards and controls, resulting in an increased pressure on leaders and audit committees to create integrated risk and assurance strategies. To prepare for the future, audit teams should review their current design system processes to identify areas for improvement and possible opportunities to leverage automation – such as improved financial reporting, better access to management information, increased cybersecurity coverage, more robust operations, investing more time with customers, all of which will have significant benefits for a business beyond meeting the regulatory compliance requirements. 

     

    Finally, the importance of environmental, societal and governance (ESG) has grown significantly over the past decade. ESG pressures have instigated a multitude of required associated disclosures and reporting measures. This has elevated the pressure on organisations to assess, manage and report on their ESG positions and associated risks. Business leaders are now positioning internal auditors as catalysts for supporting ESG goals, ensuring that governance frameworks, risk management and internal controls are operating effectively and efficiently throughout the organisation, keeping the business on track, accountable and prepared for an evolving regulatory landscape. In applying automation solutions, the business may not only make positive contributions to global issues but create competitive advantage through increased agility.  

     

    Creating adaptive automation solutions presents an opportunity for assurance and risk functions to overcome these present and potential future challenges. It also has the power to transform internal audit (IA) through an increase in productivity and agility. IA leaders could expand risk coverage helping their organisations to act faster whilst improving operational efficiencies – by freeing resources to focus on other audits and controls and reducing mental fatigue with manual repetitive workload. This would help to address the ongoing compliance burden by doing more tasks accurately with less resource.

     

    Many IA functions have already incorporated automation in their ways of working, establishing foundational data integration and analytics solutions to enhance risk assessments and reporting processes. However, automation is not without challenges. For example, if not implemented with careful planning, it can expose skills gaps, or it can cause organisations to neglect the people side of their operations.  A way forward is through the creation of adaptive automation with a flexible operating model. By combining relevant people and skill sets, with automation capabilities and innovative organisational models and frameworks, businesses can transform assurance and risk teams to create effective risk management, add value and reduce operational costs.

    Identifying the right approach

    Data from the EY Digital Investment Index (DII)³ shows an increasing number of organisations are reaching digital transformation maturity. In 2022, more businesses moved from the initial stage of “building” digital capabilities (31%) to “running” or scaling technology solutions (69%).

    The survey outlined that companies would need to continue to focus their investments on scaling technology solutions to transform their operations during the next couple of years to compete effectively across their respective industries. The question for internal audit leaders, is how can they use automation to accelerate their transformation?

    Accelerating the digital journey
    of organisations are running or scaling technology solutions.

    Of course, the answer is unique to each organisation, with different companies having varying degrees of maturity. A useful framework has been developed by EY risk professionals to determine whether businesses are on the right track when identifying the relevant steps for automation. Illustrated below is the risk framework and a use case example of how a large manufacturing business could utilise.  

    1. Detect: Assurance and risk functions typically start by implementing automation that can detect new and emerging risks. This is often viewed as the most easily achievable goals that can kickstart their internal audit and risk transformation.

    2. Predict: Through data-driven insights, automation can be used to help predict and anticipate future risks more effectively, helping assurance and risk functions adapt to a more proactive way of working whilst providing value-adding actionable insights. 

    3. Act: Once assurance and risk functions can detect and predict risks, the focus turns towards how they can act to prevent or timely mitigation of risks from affecting their organisation.

    4. Adapt: This requires assurance and risk functions to automate the adaptation to a new risk environment. The application of AI, machine learning and intelligent automation is significant here. These cognitive technologies are used to assess a new risk landscape and decide whether it affects the organisation.

    Applying this framework can help senior business leaders to identify where they are on their automation journey and an effective course of action. By working through each stage of the framework assurance and risk functions can confidently embed adaptive automation, increasing their levels of digital maturity and system autonomy to maximise efficiencies and provide focus on strategic areas that matter most across their organisation. 

    Whilst keeping an eye on the overall strategic progress of the programme, developing a gradual approach, will allow an organisation to move at its own pace. It equips businesses with opportunities to scale, by balancing uncontrollable macro forces with employee workload and performance, minimising disruption to entire business operations and systems, and delivering faster return on investment. Additionally, every time a phase is successfully delivered, trust and confidence is built in the approach, gaining momentum and morale across the workforce. 

    When developing adaptive automation, it’s important for business leaders to strike the right balance of technology and process with a multi-disciplinary team, to understand the process and buy into it, from system design through to deployment. If the team are aligned with the organisation’s needs and objectives, it will be easier to identify the relevant steps within the framework, determine quick wins and build out the technology roadmap to enhance value. Once an organisation has a clear vision of their automation goals aligned to its people, it will become much easier to accelerate transformation and embark on a journey of continuous improvement. 

    Being prepared for the future – levelling up

    As new threats arise and new regulatory requirements are introduced, risk and assurance professionals will continue to face pressure to detect, predict, act and adapt to provide their organisation with assurances on evolving risks. Therefore, investment into new technology to aid all stages of this process must continue and the evolution of any current technologies will be key to supporting this. Whilst transformation can present new challenges for IA and risk functions, it also presents opportunities.

    By deploying strategic and tactical solutions and collaborative teaming, risk and audit professionals can build confidence by helping leadership teams navigate business risks and provide proactive insights to improve performance. Through each phase of the transformation journey talent, processes and technology should be continually reviewed to ensure they meet the needs of the business. The most effective functions will be those that build flexible and adaptive operating models that provide greater coverage and assurance, but more importantly allow risk and assurance leaders to enhance an organisation’s overall value.


    How EY can help

    Summary

    Assurance and risk functions can leverage adaptive automation capabilities throughout the audit process. By using cognitive technologies and identifying a framework, business leaders can gain greater insights through more effective and efficient processes, which in turn can accelerate transformation and improve business value.

    About this article

    Photographic portrait of Hasan Ali
    Hasan Ali
    EY UK Risk Innovation Hub Leader
    Dedicated to innovation and creating a better working world for EY clients. Techie. Foodie. Dad.
    Related topics
    Consulting
    Technology
    Risk
    AI

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.