Innovative Thinking on Development of Internal Audit of Commercial Banks in the New Era

: In the new era, Internal audit of Commercial Banks is facing more risk challenges, This paper analyze the difficulties and shortcomings encountered by internal audit in the process of innovation development, On the one hand, Internal audit function is facing unprecedented challenges, with arising business involvement and regional cooperation, cross-business and cross-region risks are growing even complex, the regulatory requirements turning much strict by enhancing comprehensive supervision on more penetrated aspects, together with the self strategic transformation of commercial bank. On the other hand, Internal audit encountered more difficulties, with limited information and communication from the regulators, talents needs to be improved both structurally and professionally, concepts and methods is on the urgent need of upgrading. This paper also explores the development direction and ideas of internal audit to actively respond to complex risks and regulatory changes, further clarifies the path of internal audit to promote innovative development in the future period, and realizes mutual promotion and effective integration of risk prevention and control with the function of internal audit by exploring more paths for internal audit to realize concurrent innovative development, finding more methods for self improvement in order to meet the fast development of banking business, building a strong mechanism for system standardization and team operation.


Introduction
Chinese President Xi Jinping pointed out that "we should deepen the reform of the audit system, emancipate our minds, keep pace with the times, innovate audit concepts, reveal and reflect new situations, problems and trends in all fields of economy and society. We should strengthen the auditing institutions self-construction, establish audit spirit, innovative standardization, and audit credibility, and perform sound audit work through self reform and innovation in the new era." in a Chinese National Central Audit Committee meeting. President Xi's above-mentioned judgments not only points out that strengthening audit innovation is the inevitable path to realize the scientific development of audit profession, but also guide internal audit to grasp the development characteristics of the times, deeply understand the mission and tasks entrusted by the organization, deeply analyze current risks and challenges, reflect the difficulties and shortcomings in audit implementation, and enhance the ability of performing audit duties through scientific planning, unswervingly take the long march of internal audit in the new era.

Risk Challenges Faced by Internal Audit of Commercial Banks
At present, it is an crucial period for commercial banks to promote strategic transformation and further develop towards integration, internationalization and collectivization.
Traditional and new business interpemetrationly accelerates. Cross-risk, integration risk and systematic risk presents are more complex symptom. Strict regulatory supervision, Increasing pressure of risk prevention and control together with challenges from external environment demand that internal audit should adapt to the new situation more actively and play a vital role in guaranteeing organization risk prevention and control and playing the constructive role of bank transformation and development.

Cross-business, Cross-market and Cross-region Risks Are More Complex
With the accelerated pace of financial innovation in commercial banks, the complexity of some emerging businesses has increased, especially the nesting of interbank and wealth management businesses, illegal leveraging, chain-adding, regulatory arbitrage etc. are more prominent. Regulators require banks to focus on preventing and controlling cross-financial risks, which has become a huge challenge faced by internal audit under the current situation [1].
Firstly, the externalization of in-balance-sheet business. In recent years, the risk prevention and control mechanism of bank off-balance-sheet business has not fully adapted to the pace of business development and product innovation. Some potential credit risks embodied in in-balance-sheet loans and bank acceptance bills, are accepted through off-balance-sheet financing. The substantive risks have not been effectively alleviated. Cross-business risk transmission will lead to greater reputation risks [2].
Secondly, explicit risk goes implicit. Some risks in the process of bank innovation and development may come from the illegal operation of bank cooperative institutions or from the complex nested transaction structure of financial products. The traditional banking risk monitoring system is difficult to effectively identify and monitor such new risks, and the risk assessment is on a more difficult level.
Thirdly, risk contagion will be expanded. Inter-industry cooperation is becoming more and more frequent due to the integrated operation of banks. The impact of potential business risks is not confined to a certain market or industry, but intertwined and infiltrated in various industries and financial sub-markets, through equity control, asset restructuring, capital transactions, product structure and other factors [3], so the risk contagion is greater.

Higher Regulatory Requirements of Comprehensive Supervision with Full Caliber, Functionality and Penetration
At present, the supervisory authorities are constantly strengthening the overall coordination of financial supervision. Especially after the merger of the China Banking and Insurance Regulatory Commission, the focus and inspection methods have undergone significant changes. The introduction of a series of new regulations indicates that the supervisory authorities are gradually strengthening the full-caliber, full-coverage, functional and penetrating supervision, and is also a sign that internal audit will undertake more supervisory and auditing tasks with wider scope and higher standards [4].
Firstly, the scope of regulatory focus has shifted from soly banking to a wider group business. Since 2017, the People's Bank of China, the Banking Insurance Regulatory Commission and the Securities Regulatory Commission have continuously issued policy documents with the main tone of "strong supervision and strict supervision". For example, the Securities Regulatory Commission focuses on standardizing the bond trading behavior of fund subsidiaries, the Banking and Insurance Regulatory Commission focuses on tackling financial chaos, frequently issuing large fines, strengthening the restrictions on equity investment of insurance funds as well as asset and liability management of insurance subsidiaries, and so on. In the past, internal audit mainly faced the supervision of banking business by Banking Regulatory Commission, while the current traditional banking business has gradually expanded to non-banking business such as financial leasing, fund, insurance, etc. It is necessary to strengthen the audit response to the supervision of diversified group business.
Secondly, the level of supervision concern has changed from branch operation to head office management. In recent years, a series of governance inspections by regulators not only require banks to investigate the operational problems at the branch level, but also pay more attention to the deep-rooted causes behind the irregularities and the management defects of the head office. This requires internal audit to focus on sorting out the problems of the head office management system involved in the operation of branch irregularities, to control the risks from the source of internal control and risk management process, and to strengthen the effectiveness of top management, such as system constitution and process improvement.
Thirdly, the way of regulators inspection has changed from self-oriented inspection to closed-loop inspection rectification. In the past, regulators mainly aimed at a certain business area, and required banks to conduct self-examination. At present, the regulators have changed to organize a wide range of comprehensive inspection, paying more attention to the rectification and accountability, and intensifying supervision review. Recently, the Bank and Insurance Regulatory Commission directly assigns audit planning tasks to the internal audits of certain banks, requiring that rectification and accountability to be included in the audit areas.

All-round and Multi-dimensional Strategic Transformation Auditing and Evaluation Are More Difficult
Under the background of the new era, the overall strategic transformation of commercial bank's organizational structure, operation mode, resource allocation and channel layout have been accelerating. It is more difficult for internal audit to carry out overall audit evaluation and support services, which requires internal audit to raise awareness from two aspects.
Firstly, we should scientifically understand the new requirements of the transformation and development of banks on the internal audit. The promotion of the bank transformation development strategy will expand the service content and coverage of internal audit. From strategy to implementation, the governance parties expect that internal audit will not only evaluate and reveal the existed risks, but also give insights into the potential risks that may arise in the future, and provide more global, directional and decision-making support.
Secondly, we should scientifically recognize the new challenges of the transformation and development of banks to the internal audit thinking. At present, large domestic banks are carrying out global strategic planning, building a comprehensive compete function financial service platform, and realizing strategic linkage and coordination at a wider and higher level [5]. This is a complex and arduous system engineering to integrate management and reform institutional mechanisms in the process of continuous development and innovation. It is also a big challenge for internal auditing to innovate ideas and methods and find out the optimizing entry and integration points for better audit service.

Difficulties in the Implementation of Internal Audit of Commercial Banks
With the gradual expansion of the business extension of commercial banks, the risk management situation is more severe, and the regulatory requirements are more prudent and diversified. How to effectively perform internal audit duties to assist banks in risk prevention and control is the primary subject facing by the internal audit department [6]. In particular, audit innovation is still in the stage of continuous exploration and development. The linkage between regulatory supervision and internal audit, professional talent reserve and audit technology innovation have become the three major difficulties that restrict the development of internal audit innovation in the new era.

The Communication Between Internal Audit and Regulation Authority Is Not Close Enough
At the meeting of the National Central Audit Committee, President Xi Jinping fully emphasized the importance of the coordination between supervision and auditing, that is, "to strengthen the leadership of the national audit work, to strengthen the guidance and supervision of internal audit work, to motivate the strength of internal audit, and to enhance the joint force of internal audit and supervision." However, from the internal audit practice, the communication linkage between regulators and auditors is still not close enough.
On one hand, the accuracy of internal audit understanding on regulatory policies is still insufficient. Under the background of strong supervision [7], various new regulation policies were published. How to accurately understand the new policy intentions, analyze and interpret the changing trends and impacts, sorting out and evaluate the requirements for internal audit, and accurately grasp the audit scale and judgment criteria of emerging businesses without fully policy guidance with regulators, is still a problem for auditors [8]. On the other hand, the information sharing intensity of the linkage between supervision and internal audit is still insufficient. Regulators have information advantages in the areas of banking counterparties, cross-bank capital flows, and customer multi-bank financing, while internal audit has limited means to review implicit guarantees, capital flows and over-financing. In practice, the information sharing and integration between internal audit and supervision need to be improved urgently. Especially, the communication mechanism for major innovative business and risk matters has not yet formed, which is not conducive to reducing the regulatory vacuum caused by information asymmetry, and the effect of supervision policies trasnmission received by internal audit will be greatly reduced.

The Lack of Professional Talents in Innovative Business Auditing
In the new era, the auditing objects in the process of innovative business development are more diversified, and the complex risk of variable characteristics also put forward higher requirements for the audit team performance ability [9]. From the aspect of team structure and professional competence, internal audit is generally faced with the problem of insufficient staff and structural contradictions. The effective staff number, professional quality, knowledge structure and age echelon of the team are difficult to adapt to audit duty requirements. Especially, there is a serious shortage of personnel who are familiar with innovative business areas and can master data and information technology. In the development of financial innovation and transformation, it is sometimes difficult for the internal audit to offer professional risk control suggestions. From the aspect of team building and personnel training, Internal audit in banks usually construct audit teams according to business lines. In the point of view on correlation analysis of cross-business line risks and comprehensive formation of audit judgment, the existing audit team's professional ability is insufficient. It is necessary to further strengthen internal audit through the methods of rational allocation of audit resources, building flexible inter-division teams, cross-department operation management mechanism as well as the selection and cultivation of compound talents.

Audit Technology and Methods Need Innovation and Upgrade
Under the increasingly stringent supervision, the concepts and technological innovation of internal audit have been greatly impacted. On the one hand, the innovative ideas and perspectives of audit analysis are not enough [10]. Off-site analysis is mainly confined to business lines and operation processes. The level of off-site analysis capability in high-risk auditing fields such as drawer agreement, excess profit transmission of inferior financial products, multi-layer nesting of entrusted external financial product etc. still needs to be improved.
On the other hand, the effect of the whole process audit approach is not obvious [11]. The scope of pre-warning and in-event monitoring is limited, it can not effectively establish the "risk map" of the audited institutions and the "risk portrait" of the financing customers. The audit findings are still deficient in depth analysis and warning timeliness, which to some extent affects the effect of risk management and control. The ability of audit inspection needs to be improved in the areas of revealing major substantive risks, finding case clues and reflecting deep-seated problems in the mechanism and system still needs to be improved. Audit inspection work needs to be further standardized from inspection contents and methods to problem handling and follow-up rectification.

Realization Path of Innovative Development of Internal Audit in Commercial Banks
Faced with the increasingly stringent external regulatory environment and urgent internal need for professional upgrading, internal audit should closely follow the pace of transformation and development of commercial banks, constantly optimize and improve audit concepts, technical methods and operational mechanisms, and actively explore ways to adapts to bank operations in a more valuable, comprehensive and forward-looking manner.

Establishing the Concept of Audit Innovation to Safeguard Bank Business Healthy Development
At the present stage, internal audit should set up an audit concept that meets the needs of regulators and risk prevention and control [12], give full play to the performance effect of grasping the overall situation, focusing on key points, enhancing value and assisting decision-making, so that the actions of internal audit can be seen, the voice can be heard, results can be used by more parties, and escort the development of banking business.

Internal Audit Should Expand the Overall Trinity Perspective and Take a Comprehensive View of Business Risks
Based on the perspective of group management, studies the impact of the overall governance structure and policy transmission mechanism, internal control and risk management system and grasps the management and governance defects of group commonalities. Based on the perspective of financing customers, evaluates the effectiveness of the construction of panoramic risk view on financing customers on and off balance sheet, captures the transmission and transformation of various risks among different businesses of the same customer, and forms a dynamic and global audit scope. Based on the perspective of business whole process management, identifies the imported, crossing and sudden risks that may arise from the opacity of transaction structure and risk chain in financial innovation, potential risks outside of regulation focus arising from business divorcing from real economic needs, pseudo-innovation and arbitrage behavior, evaluates the soundness and operational efficiency of risk related joint control mechanism, and supervises the capacity of risk warning and risk disposal on relevant business chain and capital chain in order to both control risks and promote innovation.

Internal Audit Should Focus on the Audit Services and Deepen the Effectiveness of Audit Work
Internal audit should devote more supervision resources to the fields where problems occur frequently, with limited risk control and sever impact, and give full play to the role of "radar station" and "X-ray machine". On the one hand, we should focus on the key areas that are prone to high risk and vulnerable to external "hunting", such as carrying out financial products in excess of authorization, modifying the return on financial product contracts and specifications, illegal transferring investment to third party, enlarging leverage, multi-layer nesting, issuing guarantees for financial products, signing drawer agreements, etc. On the other hand, special governance should be carried out in view of the frequent cases and new risk incidents. Thus, continues to strengthen supervision and investigation of high-risk businesses posts and abnormal behaviors of employees, strictly check the implementation of bank accounts reconciliation, bypassing order, outlet management, technical control, authorization management, etc.

Internal Audit Should Focus on High-quality Audit and Play the Role of Value-added Services
The function of internal audit has gradually changed from the mode of supervision and prevention to providing value-added services. The role of internal audit "guardian" has been changed to the role of internal control optimizing "doctor" and management decision making "adviser". On the one hand, the value of internal audit lies not only in finding scattered problems, but also in seeing through the appearance to perceive the essence, by analyzing the deep-seated causes of system, mechanism behind the findings [13], internal audit should put forward suggestions for improvement from the aspects of system, process and mechanism, so as to promote business development and to realize business management objectives. On the other hand, prevention in advance can significantly reduce risk losses and rectification costs. Internal auditors should improve the level of risk prediction and prevention, should not only look inward but also outward, pay attention to both the present and the future situation, and enhance their sensitivity into new situations, new trends and new businesses, so as to better perform the role of internal auditing.

Internal Audit Should Lay a Solid Governance Audit Foundation to Assist in Making Strategic and Decisions to Promote Organization Transformation and Development
Organization strategy is the "gravitational field" of common convergence. Internal audit stands at a relatively independent and objective perspective, and is an indispensable part of assisting strategic decision-making. Internal audit should not only fulfill the responsibility of high quality supervision and control for board of directors and managements, it is also necessary to strengthen the service of bank operation transformation, involve into more business fields, group levels and different dimensions, provide more "relevant risk reminder" and "constructive supervision opinion" from the group and governance level, and focus on the smooth implementation of the overall strategic deployment of the whole bank.

Innovate Audit Methods to Provide Strong Support for Professional Optimization and Upgrading
With the development of bank integration, internationalization and informatization, The need for audit to carry on engagements across professions and borders, requires internal audit to constantly adjust and change audit methods, innovate supervision methods, and make the following four changes to further improve the quality and level of internal audit.

Off-site Audit Is the Core Driving Force for the Future Development Reform of Internal Audit
The first is to focus on both on-site and off-site audit. Innovation has always been the driving force for the development and advancement of internal audit, while off-site audit is the core driving force for the future development reform of internal audit. On the one hand, we should innovate audit practice through the breakthrough point of system integration, technical innovation and practical application, accelerate the construction of a comprehensive audit information application and management platform, comprehensively master the skills of information technology and take effective utilization, and improve the integration of audit information system, the intelligence of information analysis and the remote control of supervision and inspection [14]. On the other hand, we should take advantage of existed IT resources, improve the internal audit data collection mechanism, make good use of the records from each business line information system, increase the comprehensive comparison and correlation analysis capability between different business lines' data and financial data, internal and external data as well as cross industry and cross field data, and truly play the role of off-site audit "eagle eye" and "radar".

The Transformation from Audit Inspection to
Supervision Integration Under the background that the new regulation of supervision "boxing combination" has been launched, internal audit should play a trilogy of supervision-audit linkage, integration and innovation, and comprehensively promote its own professional transformation and innovation progress. For the role of supervision and audit integration, internal audit should raise awareness of supervision and audit linkage in solving business operation difficulties and potential risk prevention, actively explore regulatory professional guidance, especially for the key areas such as bottom asset penetration level, financial product net worth management, financial product standardization transformation, and seek for a unified policy and compliance boundary. For the role of supervision and audit coordination, internal audit should strictly implement the requirements of series special supervision governance by regulators, deepen the rectification and inspection through the coordination of internal self inspection and supervision inspection, actively report on the implementation of regulatory requirements, absorb regulatory opinions and feedback, timely transmit the latest regulatory requirements to all levels of institution. For the role of supervision and audit innovation, internal audit should deeply study the latest regulatory policy guidance and potential impact of emerging businesses, assist business departments to find a balance point between business innovation and risk prevention and control, and encourage banks not only control risks but also seize opportunities while serving the economy and industrial structure upgrading.

Internal Audit Shift from Inspection to Closed-loop
Control Whether supervision and inspection can form closed-loop control directly determines by the strictness and effectiveness of internal audit work, and is also the fundamental solution to the "chronic diseases" such as lagging inspection, repeated investigation and violations. Internal audit can take advantage of the opportunity of large-scale comprehensive supervision and inspection in recent years to further improve the accuracy of audit by using supervision and rectification findings.
On the one hand, internal audit should establish a "database of findings". Based on the typical violations of the regulatory inspection. by accumulating the typical violations, reversely deduces the audit verification and entry points in order to locate risk clues [15]. On the other hand, establish the "database for problems not been rectified". Internal audit should review the problems not been rectified in combination with the audit engagements, verify the latest situation of rectification, and at the same time look for the similar problems such as failure of internal control, poor risk management, insufficient system construction etc.

Optimizing the Audit Operating Mechanism to Provide Solid Guarantee for Enhancing the Force of Internal Audit
Internal audit needs to optimize the management mechanism of audit operation, further promote standardizing audit and quality audit, enhance the core competence of audit performance, stimulate and maintain the vitality of internal audit by promoting the following "three construction".

Internal Audit Should Strengthen the Standardization of Audit System
Establishing and improving the internal audit mechanism is an important cornerstone to guarantee the risk prevention and control of banks and corporate governance, so that the audit department can truly have the complete foundation of goals, standards, criteria and authority. First of all, internal audit should improve the whole process quality control mechanism, re-integrate the system and process of audit standardization, through improving the project evaluation mechanism, revising and perfecting the professional practice norms of internal audit, issuing new audit quality control standards, so as to realize the whole process quality control of audit project procedures, methods, reports and rectifications. Secondly, we should consolidate the foundation of institutional transformation. At present, the internal audit structure, institutional settings, functional positioning need to be reconstructed and adjusted according to the latest regulatory requirements and the innovation development of organization, so as to achieve the best suitable audit practices for banks. It is necessary to carry out relevant research synchronously and gradually move towards the internal audit goal.

To Strengthen the Construction of Flexible Team
Internal audit should explore flexible team operation from horizontal and vertical dimensions. Vertically, the whole internal audit system is like a pair of hands. Each internal audit sub-branch is one of the ten fingers of the internal audit system. The internal audit headquarters needs to fully stimulate the work enthusiasm of each branch and enhance the internal audit unified power. We can focus on the implementation of matrix management system through project integration, audit object integration, team integration and report integration, so as to reduce the resource occupation and frequency of field audit, to achieve the audit effect of "joint team formation, field work integration, multi-dimensional output, multiple reports", also to maximize the value of audit resources. Horizontally, internal audit have similar work objectives with departments of internal control and compliance, risk management, legal affairs and supervision etc. They all have some overlaps in wok functions. Internal audit should strengthen communication and cooperation with these departments to obtain information and resource sharing, especially make full use of information technology tools and methods to create more favorable conditions for achieving audit objectives.

Internal Audit Should Strengthen the Building of
Internal Audit Professional Team With moral character as the premise, ability as focus, we should forge a average aged and multi-professional background audit team to better adapt to the requirements of internal audit in the process of bank innovation and development. On the one hand, on the basis of learning and training, we should enhance the professional "combat" ability of "audit special forces", train the strategic thinking, dialectical thinking and innovative thinking of team members, enhance the training system of new knowledge, skills and abilities of internal auditors, actively use audit cases and simulation teaching method to improve the training efficiency and effectiveness. On the other hand, we should strengthen the cooperative "combat" capability of the "audit group army" through practical exchanges, work on the two-way exchanges of internal auditors between headquarters and branches and inter-departments, and cultivate more compound talents, backbone talents and leading talents, and form a cadre force with complementary advantages, which will not only "dare to show the sword, dare to uncover" for major violations of discipline, but also to draw inferences from one instance and trace the origin to promote the improvement of organization system and mechanism.

Conclusion
This paper shows that internal audit of commercial banks are now facing the challenges and difficulties in adequately performing their duties. In order to meet with both the internal and external current increasing demand, the function itself is on the urgent edge of finding more paths, methods and build more mechanism to provide the solid guarantee of risk prevention, to provide strong support for business optimization, and to keep pace with the innovative development of commercial banks.