Innovate or Stagnate: The call to action for internal auditors in a digital era

Arusha. Internal auditors from around the globe gathered in Arusha, Tanzania, for the landmark 10th African Federation of Institutes of Internal Auditors (AFIIA) conference, hosted by the Institute of Internal Auditors (IIA) Tanzania.

The event drew over 2,000 attendees, including board members, senior managers, and professionals from both public and private sectors, representing countries such as Ghana, South Africa, and the UK.

This year's conference, held from May 15 to 19, 2024, marked a historic moment as it was the first time the entire board of directors from the IIA, headquartered in the USA, participated fully in an African conference.

The conference kicked off with a one-day leadership workshop on May 14, led by IIA global leaders, focusing on the institute's development.

Key events included the Governance Forum and AFIIA University, leading up to the main conference, which featured extensive discussions on vital topics such as technology, governance, environmental issues, and the future of internal auditing.

IIA Tanzania President, Dr. Zelia Njeza said the conference theme: “Beyond Boundaries: Make the Difference” was meant to call upon internal auditors to reflect on the transformative power of breaking boundaries, meaning that auditors should go beyond traditional boundaries be it geographical, ideological or cultural.

A lot of things were discussed, shared and agreed upon but a message for the profession, especially in Africa, to embrace technology in the digital era was loud and clear.

Sally Anne Pitt, Chair, IIA Global, insisted internal auditors to always think differently to become trusted advisors. She explained how internal audit profession has evolved from the accounting profession focusing on financial control to becoming more involved in areas like risk and governance.

Today, internal audit have to provide assurance in areas like environment and sustainability; and governance perspectives, diversity, equity and inclusion.

Internal Audit should not be just about providing assurance of what can go wrong. It needs to also provide assurance over what can go right. To achieve that, internal auditors need a diverse of skills  and experiences to make sure they provide the best quality assurance they can.

“We need to think differently about what an internal auditor looks like and make sure we are creating a team that is the most balanced and with the richest experience we can. We need to think differently about what we do, who we are and the way we do things,” she noted.

A South African based cybersecurity expert, Mr. Tichaona Zororo who talked about cybersecurity governance highlighted how cybersecurity is a global threat with global annual losses from Cybercrime estimated to reach $8 trillion in 2023 and are projected to rise to $10.5 trillion by 2025. “Cyber hacking is a multibillion-dollar enterprise - Hackers are using AI, machine learning, and other technologies to launch increasingly sophisticated attacks,” noted Mr. Zororo.

He explained cybersecurity governance as a way to provide a strategic view of how an organisation controls its security, including defining its risk appetite, building accountability frameworks, and establishing who is responsible for making decisions. Effective governance will also ensure that cyber security activities help to support the organisation’s strategic goals.

 “Cybersecurity is a business issue and not an information technology issue, it is the responsibility of the Board of Directors and Senior Executives,” he insisted.

He stated a need for organisations to have a cyber-strategy which is a plan for an organisation to enhance the security of its key digital assets, processes and people over time. An organisation’s cyber strategy will be informed by the size and           complexity of the business; its information technology infrastructure and systems; its key personnel and core competencies; the type and nature of information it holds; and stakeholder expectations, including regulatory and contractual obligations.

“The board should regularly assess the effectiveness of cyber controls to account for a changing threat environment, technology developments and the organisation’s capabilities,” noted Mr. Zororo.

James Chotamawe, Senior Manager, IT Advisory, KPMG Tanzania delved on Artificial Intelligence (AI).  He explained how AI can be utilized to improve businesses by boosting efficiency and scalability of processes, using customer insights to inform decision making and accurately measure and report success metrics. Furthermore, AI can be utilized in real time client sentiment analysis, customer assistant and automatically generate policy documents.

The presenter noted that as AI scales, companies are faced with a growing number of risks and challenges. It is therefore important for organisations to identify and address risks early enough. Some of the top barriers of Generative AI adoption include lack of skilled talent to develop and implement, cost/lack of investment, lack of clear business case, lack of clarity on specific way to implement and lack of leadership understanding.

According to Mr. James, a key responsibility of the board is establishing an effective risk management program that evolve with emerging technologies. It is vital for board members to understand how AI affects their organization, the potential benefits and to actively oversee and mitigate related risks.

Speaking on Ethical Leadership, Ludovick Utouh, CEO, Wajibu Institute of Public Accountability and former CAG, Tanzania, noted that a country can move from high to low corruption by capitalizing on new media technologies to enhance access to information and raise citizens' awareness, and use of artificial intelligence in fraud and corruption detection, investigation, prosecution, and asset recovery.

“In system-strengthening initiatives, the focus should be put on enhancing efficiency in investigation, prosecution and asset recovery (proceeds of crime) to remove the benefits of crime,” he said.

He divulged that ethical leaders have the power to shape organizational values and culture in ways                   that prioritize integrity, transparency and anticorruption compliance by setting ethical expectations, leading by example (role modelling), creating safe reporting environment (whistle blower), emphasizing on transparency and accountability and investing in a continuous compliance education.

Iyad Mourtada from the UAE talked on combating fraud in the digital era and explained how fraud evolved over time when Internal Audit moved from offline to online          and how organizations are trying to use AI to automate the fraud risk management process.

“Organizations need to have proper balancing of their systems to be able to say how much they can accept transactions in their businesses compared to how much they can reject when it comes to dealing with fraud,” said Mr. Mourtada.

Presenting on “Future ready internal audit toward Metaverse: New risk, new business approaches, new audit approaches” Dr. Dominic Foerchler, Managing Director, Audit Research Center (ARC) said metaverse is a virtual world where everyone can take                       part, learn and practice in a non-risk environment. Metaverse will be the virtual world where Africa can take part besides all political, geographical or different monetary policies. It is a possibility to take part in a global commerce.

He said the technology “is not a far distant                         thing, it is already with us.” In Metaverse someone can pay with a digital dollar, digital Euro or digital crypto. “This is an opportunity for innovative companies in Africa.” Africa is already in Metaverse—it is called Ubuntu Land.

Dickson Agaba, Director of Internal Audit-ABSA, Uganda noted that there is a growing need for internal audit to shift from traditional, periodic  reviews to more dynamic, continuous auditing processes. According to him, adaptation is not just about survival; it is about thriving in a world of constant change. Internal audit must embrace innovation and flexibility to remain a key contributor to organizational success.

He stated that as the risk landscape becomes more complex and interconnected, Internal Audit must adapt its methodologies to address new types of risks effectively.