I would like to ask you if any of you had experience using Foresight or Future Thinking in the environment of Internal Audit?

The Audit Plan is based on the foresight or future thinking of potential risks areas based on the past track record. We categorize them in High, Medium and Low risk areas and High-risk areas are covered every year, medium ones once in two years and low risk areas are audited once in three years. So, there is cycle of 3 years in which areas are covered with coverage of high-risk ones in each of these 3 years cycle.  

Incorporating foresight and future thinking into the environment of internal audit can be highly beneficial. By considering future trends, emerging risks, and potential disruptions, internal auditors can enhance their effectiveness in providing proactive and forward-looking insights to their organizations.

 

In my experience within the area of Technology and Digital Transformation, foresight and future thinking have been applied in the context of internal audit. Specifically, as we implemented Low Code No Code platforms in our organization, it became evident that these platforms offered end users the ability to become citizen developers. While this opened up new opportunities, it also presented challenges in terms of governance, security, and internal control. The integration of various GenAI products through built-in plugins further empowered end users but also necessitated more robust governance and security controls. This situation prompted us to assess and strengthen our internal audit capabilities.

 

By incorporating foresight and future thinking into their practices, internal auditors can provide valuable insights, assist organizations in navigating uncertainties, and contribute to strategic decision-making. It is important to note, however, that the specific application of these approaches may vary depending on factors such as the organization's industry, size, and strategic objectives. Therefore, internal auditors should tailor their approach to align with the unique needs and characteristics of their organization.

Yes many time in Internal audit reporting we contemplate key risks and challenges that our organizations could conceivably face, so that we can share those perspectives with management and the board. Foresight or Future Thinking is always looked upon during the internal audit.