From Analog to Analytics: 2017 a Turning Point for Internal Audit

By Barbi Goldstein, Managing Director
Internal Audit and Financial Advisory

 

 

 

With increasing demands for broader, more accurate and more efficient risk assurance, internal audit departments have officially entered the age of analytics. According to Protiviti’s 2017 Internal Audit Capabilities and Needs Survey, two thirds of internal audit functions have begun using data analytics on at least a limited basis, with two-thirds of the remaining respondents indicating that they plan to begin using analytics within two years.

Respondents at organizations of all sizes reported that they have begun the transformation from labor-intensive manual processes to reliance on technology for things like sample selection and testing procedures. Most organizations are still early in the process. Only 16 percent said that they have a person dedicated full time to analytics, and only three percent indicated that they considered their audit analytics to be optimized.

I recently had the opportunity to review the survey results for participants in an April 12 webinar (available for streaming at the link). If you are interested in learning more about the survey results, I urge you to check it out. In the meantime, here are some action items for internal audit derived from the survey:

Recognize that the demand for data analytics is growing across all organizations and industries.

Internal audit organizations are under growing pressure to increase audit efficiency and coverage. Regulators across a wide array of industries are pushing for more use of data and quantitative inputs into the audit process, and auditors are finding that implementation of analytics allows them to provide broader assurance in less time than it would typically take to perform manual testing on a representative sample.

Seek opportunities to expand the internal audit function’s knowledge of sophisticated data analytics capabilities.

From peer-to-peer networking to engagement with industry groups and continuing education, it is critical for auditors to become familiar with the ways in which tools and techniques are being used across their industry.

Do not let budget and resource constraints and business-as-usual workloads limit internal audit’s ability to optimize data analytics efforts.

Look for practical applications you can showcase to gain buy-in from other auditors within your internal audit function. Understanding what peers are doing can also accelerate your organization’s analytic maturity.

Assign analytics champions to lead the effort.

Where a dedicated analytics function doesn’t exist, experience has shown that organizations that employ a champion network within their audit function benefit from broader analytics usage, more sophisticated techniques and greater adoption of analytics in the audit department. The ideal candidate for a data champion is someone with aptitude and interest in data analytics, and a person of influence whom others will follow.

Explore avenues to expand internal audit’s access to quality data.

Engage with stakeholders, such as IT and data governance, to understand how to gain access to data while following all applicable organizational policies and procedures.

Identify new data sources — both internal and external.

Internal auditors, because of their broad industry knowledge, risk focus and access to data and systems throughout the organization, are uniquely positioned to find and mine new data sources to analyze for risk assurance.

Increase use and reach of data-based continuous auditing and monitoring.

Once data sources have been identified, it is important for internal auditors to apply continuous auditing and monitoring tools to have a timely and accurate view of the state of risk in the organization. Visualization tools, such as dashboards, are useful for enabling real-time access to key risk indicators.

Use real-time risk snapshots to help focus audit efforts.

Related to the previous point, problem areas discovered through visualization tools, such as Tableau, can be flagged for additional research/root cause analysis.

Seek ways to increase stakeholder input when building/implementing data analytic capabilities.

Business owners understand and monitor the key risks in their business, as does risk management in its second-line role. It is important for internal audit to build relationships and work closely with the first and second lines of defense to continue to enhance their understanding of risk indicators in the business.

Implement steps to measure success of data analytics efforts.

Internal audit groups that can demonstrate tangible value will build a better business case for increased budgets and resources dedicated to data analysis. Metrics, such as logging requests for analytics in the audit process and number of audits that leverage analytics, are a good way to demonstrate the value of using analytics.

The overarching theme that emerged from this year’s survey results is that data analytics has reached a tipping point. Internal audit functions that lead by embracing analytics and continuous monitoring will grow in value and stature with their stakeholders, regulators and peers. Those that fail to adapt will struggle to keep up with the rate of change and the state of risk at their organizations.

No More Waiting Game for Manufacturers: Industry 4.0 Is Already Here

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

 

 

 

The term “Industry 4.0” isn’t new to manufacturers. What is new, for many of these businesses, is the recognition that the next wave of the Industrial Revolution is already breaking. There is no more time for “Let’s wait and see what this means for our business.” No manufacturer can afford to sit on the sidelines and watch as their industry is transformed by major innovations in digital technology — from cloud computing to big data analytics to advanced robotics to the Internet of Things (IoT). They must be in the game. And to be in it, they must transform their operations digitally.

Embracing big data analytics is an important step on the path to smart manufacturing. A new Protiviti white paper, “Big Data Adoption in Manufacturing,” explains it like this: “Big data analytics has the potential to affect every step of a manufacturing process. […] Ultimately, advances in big data analytics are expected to augment the interconnectivity of equipment on the factory floor as part of a larger movement toward the Internet of Things and greater manufacturing intelligence.”

That’s a pretty big deal. Yet manufacturers, generally, have been slow to adopt big data analytics, especially in manufacturing operations. This is not necessarily due to lack of interest, or worry about costs, privacy, security or even change itself. The real hindrance is a combination of several significant roadblocks that many manufacturers must overcome before they can implement and execute big data analytics successfully.

These common barriers include:

  • Unwieldy data and processes — Manufacturers facing this problem can take comfort in knowing it’s an issue that plagues most any company pursuing digital transformation. Certainly, there is no shortage of data being produced by the business. The challenge is figuring out how exactly to bring together that ever-ballooning volume of raw data from different systems and sources so it can be analyzed and turned into actionable insights for the business.
  • Disparate systems — This barrier relates to the one above, obviously. Integrating data is complicated by inaccessibility. It is often the case that a business’s legacy technologies have not been designed to facilitate open access to data. The complexity of a typical IT ecosystem makes it very difficult to mine quality data and convert it into a workable format for analysis.
  • Expertise shortage — Finding specialized talent to work with big data — especially professionals with knowledge of the manufacturer’s business and industry — can be a tremendous hurdle. Manufacturers are finding that talent is in very short supply, and extremely competitive to recruit and retain. Over time, as the industry becomes more digitized, manufacturers are likely to face talent shortages in even more areas of their business.

Again, these are just some of the roadblocks manufacturers face. They are not trivial, and companies will find that some are quite persistent. But a manufacturer that wants to be a relevant player in Industry 4.0 must address them sooner than later.

Make sure big data projects have a purpose

As manufacturers work to overcome big data analytics obstacles they must not forget an important aspect of their effort: keeping their business strategy in focus. I will come back to this subject and offer a few tips for success in this area in a future post, but the one I want to mention here is extremely important: Identify a specific use case.

Manufacturers should not just “do” big data analytics because they are under pressure to evolve their operations. Any big data initiative should have a clear purpose. Lack of purpose is often the root cause of a company’s struggles to harness its data effectively and turn it into meaningful insights.

Some may consider it an upside that the manufacturing industry has not moved as quickly as other industries to jump on the big data bandwagon. And it is true that manufacturers that have so far taken a “wait and see” approach with big data analytics and similar digital innovations have the benefit of learning from the missteps of early adopters, and can develop a strategy for success based on lessons learned. But they must make their move now, or they risk falling too far behind the digital curve and becoming obsolete in Industry 4.0.

 

 

From the GAM Conference: Changing Priorities, Analytics in Auditing and More

This week, Protiviti is joining the best and brightest thought leaders from Fortune 500 companies at The Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, FL. For nearly 40 years, GAM has been the premier experience for internal audit leaders to explore emerging issues and exchange leading practices for positive outcomes. The theme for the 2017 conference is Fostering Risk Resilience. Two Protiviti leaders, Brian Christensen and Jordan Reed, will be conducting panel discussions on stakeholder expectations and the Internet of Things, respectively. We are covering these events and more from the conference here on our blog and on Protiviti’s social media platforms. Subscribe to our blog and follow us on Twitter for timely podcasts and analysis of this year’s conference topics.

 

On Day 2 of the conference, Protiviti Managing Director Jordan Reed shared some thoughts on the panel discussion titled “The Internet of Things: What Does This Mean to Internal Audit?” Jordan led the panel together with Jeff Rowland, Vice President, Audit Services at USAA. Below in Jordan’s own words are highlights from the discussion. For more on why the Internet of Things matters, and the risks and expectations arising from it, read the recently published Protiviti white paper (download).

Share on Twitter

Also hear Protiviti Managing Director and The Protiviti View blog host Jim DeLoach share his view on stakeholder expectations as reflected in the Global Internal Audit CBOK Stakeholder Study.

Share on Twitter

Finally, Protiviti Managing Director Matt McGivern discusses the current state of data analytics in internal auditing, including findings from Protiviti’s latest internal audit survey. Listen below.

Share on Twitter

Embracing Analytics in Auditing: New Protiviti Survey Takes a Look

In a digital world, the time for internal audit functions to embrace analytics is now. This is the most significant takeaway from Protiviti’s 2017 Internal Audit Capabilities and Needs Survey, released today. The results show that chief audit executives and internal audit professionals increasingly are leveraging analytics in the audit process, as well as for a host of continuous auditing and monitoring activities.

Learn more by watching our video below. For more information and our full report, visit www.protiviti.com/IASurvey.

From Tiny Tech to Populism: Latest Issue of PreView Scans the Global Risk Horizon

jason-dailyBy Jason Daily, Director
Risk and Compliance

 

 

 

Imagine a DNA-programmed nanoparticle capable of hacking cancer cells, a plankton-sized carbon tube that can remove pollutants from water, or food packaging that changes color in the presence of dangerous bacteria. Nanotechnology, with a market predicted to reach almost $13 billion by 2021, has the potential to change the world, and every industry — from healthcare to the military — has a stake in its advances.

Use of Nanomaterials by Industry

With that potential, of course, comes risk. Nanotech may be applied in controversial ways — such as surveillance, or weapons capable of attacking people, plants or livestock at the molecular level. The technology is not visible to the naked eye, raising concern among some, who worry that self-replicating nanobots could destroy the planet if not properly controlled.

Nanotech is only one of the macro-level trends we’re watching as part of Protiviti’s ongoing PreView global risk series. We evaluate emerging risks according to the five global risk categories established by the World Economic Forum. In the January edition, in addition to nanotechnology, we consider the risk of a global water crisis and the “morality” of thinking machines, and we look ahead at the risk of marching populism and what cybersecurity means on a national and global scale.

WEF Global Risk Categories

The flip side of risk is opportunity. While governments and industries grapple with the shortage of fresh, clean water, particularly in developing countries, opportunities for water applications of nanotechnologies abound. As artificial intelligence increasingly replaces humans in making key decisions, opportunities to improve the underlying algorithms can translate into market share and increased profits for the early movers. And finally, with cyber the new warfare, governments and companies have an opportunity to stake a claim in the cybersecurity space by designing products, as well as policies, that protect both digital assets and societal freedoms.

Several of the topics in our current issue are a continuation from previous issues. This trend will continue, as the risks we are keeping an eye on evolve over time and their implications change, sometimes quickly. Whether continuing or newly emerging, such as populism, all of these risks are fascinating to follow, and imperative to take into consideration in mapping long-term business strategies. That’s probably one reason why our PreView series is among our most popular publications.

I encourage you to both read and share our latest issue with your board and executives, to spark discussion and help ensure these emerging risks are part of risk discussions. And, we encourage a discussion here as well. Tell us what you think in the comments.

Internal Audit Around the World: Collaboration, Technology and the Female CAE

Susan HaseleyBy Susan Haseley, Managing Director
Internal Audit and Financial Advisory

 

 

Technology is creating new areas of risk for businesses, requiring a collaborative mindset and strong relationships to manage risk effectively. At the same time, technology is creating new opportunities to improve how internal auditors manage risk – opportunities that come with the same requirements of collaboration and relationship-building. These changes to the internal audit landscape are becoming evident at a time when more women than ever before have risen to positions of senior leadership.

In our twelfth annual edition of Internal Auditing Around the World, we explore the accelerating change wrought by technology as a source of opportunity and as a source of risk. We also decided to focus this year’s edition solely on the viewpoints of women leaders in internal audit. This combination of themes yields a fresh perspective on the growing drive to collaborate – with IT, business units, senior management and external partners – to leverage specialist knowledge, harness emerging technologies and build influential relationships as trusted advisers to the enterprise.

Technology is going to completely change the way we audit,” says Kathy Swain, Vice President of Internal Audit at Horizon Blue Cross Blue Shield of New Jersey. “As more businesses are built entirely on technology, internal audit will need to follow suit.

In no area is this more true than in data analytics, a technological innovation embraced by many of this year’s internal audit leaders as a way to continuously monitor for emerging risks and potential optimizations. At Nordstrom, business intelligence serves not only to support the internal audit function, but also to share insights relevant to business decision-makers.

These insights will allow our team to become even better at what we’re already good at – risks and controls,” says Dominique Vincenti, Nordstrom’s Vice President of Internal Audit and Financial Controls. “They will also help us to underscore the direct value that the function is providing to Nordstrom in many other ways.

Some internal audit groups take a different approach – they collaborate with external partners not only to gain access to specialized expertise, but also to leverage technologies not available in-house. “We’re not necessarily making huge technology investments,” says Julie Eason, CNL Financial Group’s Internal Audit Director. “When I don’t have the tech internally, I rely on my co-sourced partners.

Last but not least, cybersecurity is a growing area of risk that has led internal audit functions to partner closely with IT. Monica Frazer, Vice President of Internal Audit for Baylor Scott & White Health, holds meetings with the chief information security officer at least once a month, and has new hires undergo extensive training in relationship-building skills. This emphasis on collaboration pays off, according to the surveys Frazer’s department holds after every audit. “We’re really viewed as a trusted business adviser,” says Frazer.

Mari Yonezawa, Chief Audit Executive at Obara Group, sums up this year’s theme well: “If auditors have strong communication skills, they can build good relationships, and the audits will go more smoothly.” Then she adds, “I think this is why women make good auditors. We tend to be effective communicators.

The full volume of our 12th edition of Internal Audit Around the World is available here – peruse at your leisure and let us know your thoughts.

Data Analytics in Internal Audit: An Imperative That Can’t Wait

May is International Internal Audit Awareness Month. We are Internal Audit Awareness Month logocelebrating with a series of blog posts focused on internal audit topics and the daily challenges and future of the internal audit profession.

 

Kyle Furtis

By Kyle Furtis
Managing Director, 
Internal Audit and Financial Advisory practice

 

 

 

Data analytics is a hot topic for internal audit departments. In our most recent Internal Audit Capabilities and Needs survey, data analytics figured among the top ten priorities for internal audit professionals, and CAEs ranked big data and business intelligence their number one priority. When we concluded that internal audit has arrived at a tipping point, it’s fair to say that data analytics is one of the items sure to cause the precipitous changes in how we, as internal auditors, do our work.

The profession is aware that businesses are now more data-driven than ever before, and that not utilizing this data can be detrimental to the proper evaluation of risks and controls and, more importantly, meeting stakeholder expectations. Even so, many internal audit departments are still struggling to come up with a formal methodology for integrating data analytics into their work. A formal data analytics program has a mission and a purpose. It also specifies how data is to be identified, acquired and analyzed to determine potential breakdowns of selected controls. But how do you begin?

One recommendation, based on observing successful data analytics programs within internal audit, is to start in areas where you’re comfortable with the data – whether it’s account reconciliations, journal entries, payables, fixed assets, payroll, human resources or threshold/limit controls. It’s easy to test data based on information you’re comfortable with. Just start in an area where enhanced visibility into the underlying data can add value to internal audit findings.

An interesting example of how to begin came from one internal audit shop I worked with. One of the required steps in each audit was for auditors to explain why they didn’t analyze data when performing testing of internal controls. The auditor’s manager and the director of internal audit were also required to sign off on the explanation. The idea was that inserting that step into the audit program forces auditors to think about data in advance of the audit, knowing that they have to answer that question. They couldn’t just give a flip answer, such as “We didn’t have the time,” or “This type of audit is not conducive to data analysis.” It really forces the internal audit staff to think about the risks, the data behind the risks, and whether some data analysis is appropriate.

For those already thinking ahead in this manner, I suggest below a high-level road map that outlines what data analytics may look like in a few years, and how to get there:

  • In Year 1, define your objectives for data analytics and set the basics: Train staff, identify tools, access and normalize data. You may need to prove the value of data analytics through strategies such as pilot and proof-of-concept programs.
  • In Year 2, identify opportunities to fully embed data analytics in internal audit. Define the data-access model, establish key performance indicators (KPIs), and integrate ad hoc analysis.
  • In Year 3 (and perhaps beyond), fully embed data analytics, broadening its use within the organization, and move toward data governance.
  • Next, engage in continuous analytics, fully integrating the analytics program and establishing standard reporting practices. Enable access to analytics reports throughout the enterprise and increase the level of data governance.
  • Finally, introduce predictive analytics. This would be a new frontier for internal auditors, as predictive analytics is not 100 percent accurate, and, as auditors, we’re used to high precision and accuracy when we analyze data – but it will yield interesting results that you can use for discussion.

Incorporating data analytics into internal audit won’t happen overnight. It’s a multistage process, with components introduced over the course of several years. As with everything, the most important step is the first one – so get started on defining your objectives now. By following the road map outlined here, the benefits of more efficient and effective audits will not be too far down the road.