DIGITAL TRANSFORMATION HOW AUDIT ADDS VALUE

Transcription

1 DIGITAL TRANSFORMATION HOW AUDIT ADDS VALUE Lindsay Dart Derek Cummings 15 March 2018 Protiviti Perspective provided by Brandon W., Houston Internal Audit, Risk, Business & Technology Consulting

2 TOP GLOBAL RISKS FOR 2018 Risk Issue Rapid speed of disruptive innovations and/or technologies within the industry may outpace the organisation s ability to compete and/or manage the risk appropriately, without making significant changes to the business model Resistance to change could restrict the organisation from making necessary adjustments to the business model and core operations The organisation may not be sufficiently prepared to manage cyber threats that have the potential to significantly disrupt core operations and/or damage its brand Regulatory changes and scrutiny may heighten, noticeably affecting the manner in which organisations products or services will be produced or delivered The organisation s culture may not sufficiently encourage timely identification and escalation of significant risk issues that have the potential to significantly affect core operations and achievement of strategic objectives Source: Protiviti and NC State University ERM Initiative, December

3 THE PACE OF CHANGE UNCERTAIN FUTURE Average tenure of companies on S&P 500 is declining rapidly (from 33 years in 1965 to less than 15 by 2025) Rapid growth of technology start-ups with multi-billion dollar valuations 6 of the Top 10 in S&P 500 are now technology companies: Apple, Microsoft, Amazon, Facebook and Google Predictions that half of S&P 500 will be replaced in the next 10 years Technology companies dominate Glassdoor Best Companies to Work For and are a magnet for talent

4 IMPACT OF DIGITISATION How will Digitisation impact me? Impact on the Business Impact on Internal Audit Strategy Competitor Landscape Industry Capabilities Risks Audit Plans Capabilities Methodologies 4

5 EMERGING TECHNOLOGIES Speech recognition Natural language recognition Machine learning Technology Partners Collaboration Tools Controls Automation Robotic Process Automation Digital Data Science / Data Visualisation Customer Experience Analytics Process Analytics Custom Development 5

6 KEY CONCERNS OF INTERNAL AUDIT TEAMS Not sure how we should audit Digitalisation Internal Audit does not comment on strategy There is no Digitalisation Programme to audit and/or the Digitalisation effort is not progressed enough for us to audit DIGITALISATION RISK ASSESSMENT TOOL DIGITALISATION AUDIT UNIVERSE DIGITALISATION AUDIT TOOLKIT These are not areas that fall in the scope of a typical Internal Audit programme Not sure the executive team would want us looking at these types of things 6

7 A FRAMEWORK TO CONSIDER Customer Engagement Digitising Products & Services Better Informed Decisions Operational Performance Exploring new ways to build strong relationships with customers Launching new, enhanced products, and exploring new business models Enhancing information available to enable timely and effective data driven decision making Creatively using technology to improve performance 1 Digitalisation Governance, Strategy & Execution Ensuring that transformation programmes are established, well defined, set up for success and supporting execution. 2 Functional Transformation & Improvement Using technology to reinvent Finance, Information Technology, Business Operations, Procurement, Risk Management and Audit. 3 Enabling an Innovation Culture Ensuring that the unnecessary barriers to innovation and change that exist within organisations are eliminated. 4 New Technologies Assessment & Implementation Supporting organisations with decision making as they consider whether or how to embrace new or emerging technologies. 5 Business Analytics & Decision Science Helping organisations manage increasingly complex data architectures and transform data into information. Source: Protiviti Framework for Digital Transformation 7

8 DIGITAL MATURITY ASSESSMENTS APPROACH Protiviti s Digital Assessment toolset has been designed to help organisations assess their digital maturity. The methodology draws on research conducted over a number of years to understand what it takes to be a leader in the digital age. This research has identified a core set of attributes that we believe Digital Leaders excel at. Our approach to Digital Maturity Assessments focuses on capabilities and / or attributes that an organisation needs to succeed, not just the initiatives that organisations have underway. This approach is designed to draw attention to the things that an organisation is NOT doing that may present issues in the medium to long term if not addressed. 8

9 DIGITAL MATURITY ASSESSMENTS CAPABILITY MATURITY MODEL Source: Protiviti Digital CMM 9

10 DIGITAL MATURITY ASSESSMENTS CAPABILITY MATURITY MODEL Digital Sceptic Digital Beginner Digital Follower Digital Expert Digital Leader Digital plans are not formalised and initiatives are managed in an ad-hoc or reactive manner. Digital plans are not fully developed although multiple digital initiatives are underway and the objectives of these initiatives are understood. A digital strategy has been developed and the organisation has a proven track record delivering on digital initiatives. Digital initiatives are typically focused on discrete aspects of Customer Journey. Digital aspects are in place and managed quantitatively enterprise wide. High levels of process automation have been achieved. The organisation has a proven track record adopting emerging technologies. The organisation has a proven track record of disrupting traditional business models. Digital aspects of strategic plans are continually improved based on lessons learned and predictive indicators. Source: Protiviti Digital CMM 10

11 DIGITAL MATURITY ASSESSMENTS BENCHMARKING / RISK ASSESSMENT / AUDIT REPORTS Source: Protiviti Digital CMM 11

12 DIGITAL MATURITY ASSESSMENTS BENCHMARKING / RISK ASSESSMENT / AUDIT REPORTS Source: Protiviti Digital CMM 12

13 IMPACT OF DIGITALISATION ON INTERNAL AUDIT INTERNAL AUDIT PERSPECTIVE INSIGHT OVERSIGHT FORESIGHT PAST How can processes, measurements, and controls be modified or enhanced? What are other companies doing? Are you missing out on best practices? PRESENT Are processes operating as planned? Are controls, resources and performance measures adequate and operating effectively? Are policies being adhered to as intended? FUTURE Where are the processes going? Can they scale as the company grows? Will current controls be adequate in the future? What planned or future adjustments should be considered? 13

14 IMPACT OF DIGITALISATION ON INTERNAL AUDIT OPPORTUNITIES FOR INTERNAL AUDIT Highlight risks and growth prospects presented by digitalisation; Help the organisation make riskinformed decisions. 1 Add valuable insights and context Relevance and ability to provide realtime insights 2 4 Automation and continuous monitoring techniques New skills and capabilities to address emerging threats 3 14

15 IMPACT OF DIGITALISATION ON INTERNAL AUDIT TRADITIONAL REVIEWS ON AUDIT PLANS Example Audits to Consider Cybersecurity Audits 1. Data loss detection evaluation 2. Incident response plan review 3. Insider threat and vulnerability analysis Information Governance and Data Privacy Audits 1. Information accountability review 2. Personal information mapping review 3. Employee behavior tests 4. Data destruction audit Mobile Technologies and Applications Current Systems and Vendor Audits 1. Systems vulnerability assessment 2. Vendor preparedness review 1. Data encryption assessment 2. Mobile device management audit 3. Application development security risk assessment 15

16 DIGITAL TRANSFORMATION OF INTERNAL AUDIT ROBOTIC PROCESS AUTOMATION 16

17 DIGITAL TRANSFORMATION OF INTERNAL AUDIT PROCESS ANALYTICS

18 IMPACT OF DIGITALISATION ON INTERNAL AUDIT IMPORTANT POINTS FOR INTERNAL AUDIT TEAMS TO CONSIDER Integrate a greater awareness and recognition of digital threats into all your business activities; Consider the impact of digitalisation across all Operational and IT Audits; Provide assurance around threats and missed opportunities posed by digitalisation; Help identify occasions to take advantage of opportunities / efficiencies afforded by new technologies; Ensure that you are not contributing to an overly risk averse executive leadership team, which could result in decisions that could cause them to fall behind competitors. 18

19 QUESTIONS FOR INTERNAL AUDIT TO CONSIDER DIGITALISATION QUESTIONS 1 2 Does the current-state internal audit plan consider digitisation risks? Does the organisation s leadership have a good understanding of the potential control impacts associated with digitisation? 3 Does the internal audit function understand digitisation? 4 5 Do the organisation s auditors have the right skills to effectively evaluate digitisation risks and controls? Does the organisation understand the impacts that digitisation may have on data privacy, cybersecurity and other regulatory compliance obligations? 19

20 2018 Protiviti Limited An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.