The internal audit profession continues to evolve from its traditional role of record examination and identification of policy violations to a role that is more consultative and proactive and aimed at risk mitigation. As part of this evolutionary process, internal auditors are focusing more of their efforts on the risk assessment process and a top-down approach to audit scoping to ensure the most current risk and scape is reflected.
To facilitate top-down risk management, internal audit is moving away from a focus on documents and toward a focus on data. This data-centric approach brings technology to an enterprise-wide risk management program and supplements periodic or annual audits with continuous auditing that reflects the dynamic risk environment of the modern organization.