The evolution of Audit: The future of audit risk and regulatory expectations

The evolution of Audit: The future of audit risk and regulatory expectations

By Sophie Bottazzi, Senior Research Executive, CeFPro

As is the case in all aspects of risk and financial services, audit departments are under pressure to increase efficiency whilst continually ensuring compliance and oversight. As the industry moves towards an era of innovation and automation of processes, many are looking across the lines of defence to see how audit workloads can be minimized with continuous duplication of efforts. The automation and innovation concepts remain fluid as the industry explores potential uses, however, institutions and audit teams must maintain standards and compliance as opportunities are explored. Audit teams must also look to better understand broader changes across the industry in order to understand potential vulnerabilities and ensuring continuous audit in areas of constant change.

With these changes in mind and the continued pressures on audit departments, CeFPro have undertaken an extensive research study in order to create an intensive two-day agenda with contributions directly from the industry. Ahead of the event, CeFPro have put together just a short overview of some of the findings of this research.

All outcomes of the final research results will be presented and discussed at the Audit Risk Congress taking place in NYC on 7-8 October, 2019 – for full information visit:

Given the position of audit in a three lines of defence model, often work is duplicated, audit departments are looking to increased coordination across lines to limit this duplication and further driving the efficiency agenda. Given the relatively immature nature of the three lines of defence model, institutions are still ironing out issues with coordination across lines and ensuring that all three work together to add value and manage risk effectively. Audit function must look to align control and testing across lines to ensure robust monitoring and continuous auditing and consolidating pressure to the first line to increase efficiency. Institutions must look to develop better alignment between audit and risk departments in order to utilize an effective three lines of defence model across the industry. Alongside concerns for implementing, consolidating and managing a three lines of defence model comes challenges with ensuring independence of an audit function. Independent testing and validation is critical to an audit function, but does increased consolidation impact the level of independence? Pressure on audit departments continue to mount to meet regulatory expectations whilst providing guidance to other lines and ensuring independence.

One of the biggest discussion points across the industry is at present is that of culture and aligning with conduct agendas. The industry has seen numerous examples of the reputational fallout conduct and culture events can have on an institution with examples even over the last year. As a result, many are focusing attention on protecting their institution and ensuring effective controls are in place. With this increased focus and change, comes the auditing requirements and approaches to audit corporate culture and ethical behaviour. Institutions must ensure an effective tone from the top in order to implement a risk culture across the institution and align with conduct agendas. Management of culture is difficult for any institution with qualitative and quantitative management approaches, audit must provide assurances throughout to ensure culture is upheld.

Finally, another topic which was heavily featured in our research is the expanding capabilities of data analytics with increased automation and innovation across audit teams. Data analytics can assist in providing a holistic enterprise level picture of an institution to support audit functions. As with any large institution, data management is a continual challenge to ensure accuracy and completeness and feed data into one system for continuous auditing of full sets. Audit teams need buy in from senior management to gain access to data on a real time basis and for auditing of big data to monitor risks. Institutions must provide a secure environment that allows audit teams to read and analyse data and ensure that controls are in place to ensure accuracy. With enhanced data analytics and utilization of data, comes the use of technology to increase automation and efficiency across an institution. Audit departments must become more connected with the innovation drive and key taxonomies in order to effectively audit the use of technology and the outputs. Teams must understand data analytics and the IT outputs in order to uphold audit requirements and minimize risk across the institution.

The industry is rapidly advancing, and audit risk remains a core element of the financial services and effective risk management and oversight. Potential disruption means pressure is mounting to keep up with regulatory standards and rapidly evolving landscape with increase in automation and continued pressure to drive efficiency.

The findings of this research will be illustrated on October 7-8 2019 at CeFPro’s Audit Risk in New York City. We invite you to join your peers for two days to discuss upcoming Audit trends, technologies and regulatory requirements.

The agenda can be viewed at

For further information, please get in touch with a member of the team on +1 888 677 7007