Digitize internal control

A business priority and a matter of trust

Automation and digitalisation remain one of the top priorities in the company strategy, as confirmed by the PwC Global CEO Survey 2022.

In terms of risk management, our previous surveys also highlighted strong expectations to progress in digitalisation, in a context where more than two thirds felt that they did not have the right information to manage risks.

The latest PwC Global Risk Survey highlights significant challenges for risk functions, with more than 72% of respondents reporting a lack of access to appropriate technologies for risk management activities.


Digitizing risk management, starting with internal control, which affects all employees in their daily operations, is no longer an option.

Regulation must not be the only spur of digitalisation

Digitizing internal control brings many benefits. This allows internal control teams to focus on the essential and added value of controls while strengthening their role as business partners. More generally, it is a way for internal audit to broaden its coverage while focusing on high-stakes areas.

Despite these expected benefits, obtaining budgets to automate internal controls, acquire tools and deploy them remains a challenge. An example of a missed opportunity is investments in Governance, Risk and Compliance Management (GRC) systems.

When decisions are made, they are often based on price criteria, forgetting that these systems are also the showcase of internal control: many purchases are made at the expense of richer features and user experience.

However, progress is being made to digitize internal control. French regulations, particularly on Sapin 2 accounting controls and payment terms, lead companies to initiate projects around the automation of transactional controls. Other organizations launch projects in response to fraud, often related to the management of banking data or access in information systems (IS).

Regulation and fraud should not, however, be the primary motivation of internal control digitization projects. The main challenge is to gain operational efficiency by relieving teams of the multiple small control tasks that weigh on them. It is above all essential to sustain important controls without depending on the availability of operational staff, who must manage multiple priorities.

In fact, 65% of respondents in the Global Risk Survey report increasing technology spending on risk management.


Move from opportunistic tactics to a global and shared strategy

Without a comprehensive strategy, most of the digital initiatives led by the internal control departments have so far been mostly tactical and opportunistic. For example, teams have implemented segregation of duties analysis tools, deployed projects involving data analysis, or implemented CRM solutions integrated or not with other risk management functions.

The challenge now is to establish, in coherence with the other directions of the company, a strategy of digitalisation capable of taking all the benefits of past and future investments. This means connecting to major IS initiatives: setting up data lakes, migrating ERPs, or even transforming the finance function.

In fact, already more than 50% of respondents to the Global Risk Survey have established a multi-year roadmap for technology investments, and 40% say they are moving towards this longer-term vision.

Recognizing that the big night of digitization has not yet arrived, we will have to move forward step by step, demonstrating the value at each step and giving ourselves the means to quickly ramp up when the first initiatives have proven themselves.

Our recommendation: think big, start small, scale fast.

Driving high value use cases with affordable technologies

A global digitization strategy is based on the development of use cases with high added value. This approach enables progress to be made towards integrated and continuous management of internal control.

To achieve this, internal control departments can rely on existing technologies, most of which are affordable and available in SaaS mode. These tools make it possible, for example, to develop data analysis services at a lower cost, making it easier to carry out controls and to automate control via workflows or dynamic monitoring dashboards.

Agile tools also exist to conduct in-depth analyses of internal control, be it process mining or access and segregation of duties analysis - a key topic given the complexity of companies' application bases.

In any case, thinking user experience is key in investment decisions for the majority of survey respondents (60% already make it a priority). The second priority is that these technologies integrate well into the capabilities of the organization.

Digitalisation of internal control, a challenge of trust

Faced with the increasingly high expectations of stakeholders, internal control must also be digitized - as must all the company’s functions - to help create trust.

Technology is at the heart of this trust. The PwC France and Maghreb teams, supported by the global network and its partners, invest to evaluate the technologies available in terms of their accessibility and their interest for each of the customers.

This approach helps organizations respond to two inseparable challenges: creating trust and leading complex transformations for sustainable results.

© 2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity.
Please see www.pwc.com/structure for further details.

The PwC Store uses open source software.