Page 17 - Internal Auditor M.E. (English) - June 2018
P. 17

conversations with colleagues




         What do you think are top challenges that our stakeholders
         are dealing with these days?                             “Some of the best chief
         Digitization is the number one challenge our stakeholders are
         dealing with.  Internal audit’s stakeholders will continue to   audit executives are like
         deal with many challenges such as achieving the organization’s
         growth targets, reliability of financial reporting, optimizing   sparring partners to senior
         the supply chain, complying with complex regulation and
         other challenges.  But these days they think about all these   management; it’s someone
         challenges in the context of new technologies and the
         potential disruption of their business model.  For example,   they trust and who can
         when it comes to growth targets, CEOs think about how
         they can use technology to create new revenue channels.   challenge the way they are
         Similarly, CFOs would ponder the impact of blockchain on the
         intercompany transactions and other financial reporting areas.   managing business risks”
         This means that the business processes of organizations will
         change and with that will come a new set of risks. However,   So how can internal audit functions align their team,
         the classical risk universe won’t go away; it will be enlarged by   methodology and outcomes to these expectations?
         an onslaught of digital risks.                     This requires a significant change in the skill sets of the team
                                                            and the tools used by the internal audit function.  The skill
         Given these challenges, what is the value that stakeholders   set at leading internal audit functions have already been
         expect to get from their internal audit function?   evolving. Looking back at audit functions I worked with 15

         Stakeholders are expecting us to audit these digital risks as   years ago, the majority of team members had 5 or less years
         well as audit the digital agenda. Further, boards are asking   of experience.  Today, these same functions have evolved
                                                            to include a majority of team member with 15 – 20 years of
         internal audit to identify risks that are not on the board’s   experience. These team members are able to challenge the
         agenda nor on management’s radar. This means supporting   business in a way that someone with 5 years of experience
         risk identification and not just focusing on auditing   can’t.  Also the reality in many organizations is that the
         management’s mitigation/response to risk.          likelihood of a recommendation being accepted when put
                                                            forward by a senior team member is higher than when a less
         In addition, there is an expectation to limit the amount of
                                                            experience member puts the same recommendation forward.
         time spent focusing on the past.  Internal audit needs to focus   This skill model doesn’t mean that junior team members
         on the present and provide advice on risks before they occur   are not required, it just means that they cannot form the
         by getting involved at the right time. There is limited value   backbone of the internal audit function.
         coming in after the fact and telling management about what   As for the tools, internal audit obviously needs to go digital
         went wrong on a completed $10 million project. Most likely   to keep up with the business. This means efficient analytics
         they already know what went wrong.                 delivery and optimized operations through further process
         Finally, the somewhat surprising trend we’re seeing at several   standardization.  In today’s world almost all processes leave
         major organizations is that stakeholders are asking internal   a digital footprint that can be audited.  This means less
         audit to challenge the business to see if they are doing things   time to execute the work but also better quality findings as
                                                            100% of the population has been audited. But going digital
         the right way. Let’s take a strategy audit as an example: It’s not   is more than mining for data around duplicate payments or
         just about looking at the strategic planning process and how   duplicate addresses in the supplier master data. It also needs
         well the execution is going, it is now about asking “if we use   to address the present (with real time analytics) and the future
         strategy #1 will it work given our organizations’ processes,   (using predicative analytics). In addition the internal audit
         risk and control frameworks?”. Here internal audit challenges   department needs to digitalize / automize their own processes
         the way strategy is put into reality. All that being said, internal   as much as possible. This means the split if work between
         audit will still need to make sure it gives appropriate attention   the “Human” and the “Machine” needs to be redefined. The
         to core assurance areas.                           human focusses on the qualitative part of the work, defining

          JUNE 2018                                                           INTERNAL AUDITOR - MIDDLE EAST     15
   12   13   14   15   16   17   18   19   20   21   22