Tag Archives: data analytics

Digital Reporting, Dashboards Help Execute Store-Level Audits in Real Time

Posted on by

By Rick Childs, Managing Director
Consumer Products and Services Industry Leader

 

 

 

Retailers are under increasing pressure from all directions these days. In May, Credit Suisse estimated that a record 8,600 stores will close in 2017 and that 25 percent of U.S. shopping malls will be shuttered by 2020. At the same time, retailers are facing increasingly complex regulations on everything from public health to environmental issues. All of these pressures are creating a need to consistently and continually measure execution at the store level. Timely, accurate and actionable store-level audit data has never been more important.

In our recent report on mobile audits, we explored how internal auditors are applying web-enabled tools to engage stakeholders, automate workflows, improve decision making and drive operational efficiencies. I revisited these change drivers in a recent blog post, advocating for small but meaningful changes in retail digitalization. But with retailers having to make increasingly difficult decisions with less and less lead time in order to stay competitive, I wanted to address two even more important, and often overlooked benefits of digitalization: analytics and reporting.

Traditional paper-based store data collection is time-consuming and has always been fraught with inefficiency and error. Data collected on paper has to be compiled — via fax, scan, or physical transfer — and manually keyed into a computer before it can be analyzed. Digital data, on the other hand, is available in real time, and responses can be standardized for greater consistency to meet both operational and regulatory compliance objectives.

Web-enabled store audit tools provide accurate and actionable data, in real time. Audits performed via mobile app, for example, are updated automatically, eliminating the need to fax, transcribe or email audit results. The reduced cycle time from data entry to reporting eliminates information bottlenecks. Dashboards and other digital reporting tools allow market managers to make informed decisions on the fly, confident that they are working with the latest information, and that all users are looking at the same data — eliminating awkward spreadsheets and version control issues inherent in paper routing.

Application reporting permissions are synched to job titles — an important control given the dynamic organizational hierarchies in retail. At the same time, companies can track a store manager’s performance across multiple locations, or location performance relative to other locations.

Just-in-time feedback encourages user engagement with operational applications, remediation, electronic follow-up and reminders. By accelerating the audit cycle, management can make informed decisions about low-performing stores and implement meaningful change. Trend information can be used by asset protection and store operations to identify negative activity at the stores and potentially across districts and markets.

With this kind of instant reporting gratification, the older, slower, less accurate analog store audits seem well on their way out, and they should be. Digital store audits improve consistency, minimize interpretation, increase the number of locations that can be covered, generate action items immediately and enhance communication to the field.

The graphical interfaces of real-time reporting tools convert mind-numbing columns of numbers into color-coded dashboards for an easily read picture of performance, with drill-down capability to the store and indicator level.

At this point, the question is no longer whether retailers should adopt digital audit technology, but how quickly they can get it done, and what are the risks to their retail organizations if they don’t.

 

 

Manufacturers Must Focus on Workforce Planning to Accelerate Digital Transformation Efforts

Posted on by

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

 

 

 

Global manufacturing has been expanding, new orders are up, and the sector is experiencing an uptick in job growth. Even U.S. manufacturing appears to be on the rebound; in March, the industry posted its strongest two-month advance in three years. Leading the way in output were manufacturers of fabricated metals, machinery and plastics, paper, and rubber production.

Despite this growth, employment in the U.S. manufacturing sector remains far below the heights seen during the latter half of the 20th century. Technology advancements are a factor, of course. Some of the manufacturing segments mentioned above are among those that have been greatly expanding their use of robotics to enhance productivity, for instance.

While robotics, artificial intelligence and other advancements are making manufacturing companies less reliant on human workers for certain tasks, they are also creating new jobs that require specialized skills. Robotics engineers, big data analysts, 3D printing specialists and cybersecurity experts are just some examples of new positions in the modern manufacturing workforce. Many companies are also now seeking workers to help “teach” robots how to collaborate safely and effectively on the factory floor.

Demographic Trends, Succession Challenges Creating New Risks

Demand and competition for workers with advanced technical and specialized skills, such as programming, analytics and problem-solving, will only increase as manufacturers accelerate their efforts to automate and digitize. Skilled production roles, such as machinists and technicians, will also remain difficult to fill. And as manufacturers seek to recruit, train and retain qualified talent for both new and more traditional roles, two demographic trends are challenging those efforts:

  • Baby boomer retirements: These workers are leaving the manufacturing workforce in greater numbers and taking decades of hard-to-replace knowledge and skills with them. (Pension freezing and the decline in other retirement offerings have helped to hasten the exit for many.) Even though a lot of the expertise baby boomer workers possess will not be relevant in the next wave of the Industrial Revolution, companies will still suffer from losing people who have a deep understanding of the business and industry that can only be learned over time.
  • The new generation’s lack of interest in manufacturing jobs: Many millennials simply cannot visualize a career path in an industry that they associate with monotonous assembly lines, low-paying and less-skilled jobs, and lack of innovation. Some leading companies are working hard to change the millennial mindset about manufacturing. They’re using high-tech and high-touch approaches to showcase just how rewarding manufacturing careers can be — and that talented, tech-minded millennial workers are, in fact, eager to work in the industry. GE’s multimillion-dollar campaign to rebrand itself as a 21st century “digital industrial” company is one well-known initiative. However, these efforts alone cannot solve a labor problem decades in the making.

To be sure, new business models, changing demographics and the persistent supply-and-demand problem in the hiring market contribute to the high number of open jobs in manufacturing and widening talent gaps in many companies. Manufacturers must also recognize how their own workforce planning practices can exacerbate these problems. Lack of attention to succession planning is a prime example.

In fact, many manufacturers have already started to realize that minimizing — or completely overlooking — the importance of succession planning in the past is creating risk for them today as well as for the future. Industry executives who took part in the latest Executive Perspectives on Top Risks Survey from Protiviti and North Carolina State University’s ERM Initiative cited the following as a top risk for their businesses in 2017: Our organization’s succession challenges and the ability to attract and retain top talent may limit our ability to achieve operational targets.

Learning From the Past

As manufacturers seek to modernize their operations so they can compete in Industry 4.0, they face the risk of not being able to meet their objectives due to a shortage of skilled labor. Now is the time for companies to acknowledge potential missteps in workforce planning and adopt leading practices. If they don’t, they risk not being able to align the talent they need to succeed in an Internet of Things world.

Manufacturers should move swiftly to preserve remaining institutional knowledge by establishing mentoring programs that pair baby boomer employees with both Generation X and millennial workers. Identify areas in the organization where succession planning is critical, and create formal programs with milestones and performance measurements. Provide internships that will allow students to learn firsthand about career opportunities in modern manufacturing, and help the company position itself as an employer of choice with up-and-coming talent.

Also, be sure to promote these initiatives internally and externally. Study how peers in the industry — and in other sectors facing serious talent shortages like IT and healthcare — use outlets such as social media to shine a light on their culture, workforce and operations. Showing that the company actively invests in the development of its workforce and values its talent can help the organization retain existing employees with valuable skills sets and experience, as well as improve its chances of recruiting the highly skilled professionals it needs to succeed in the future.

2017 Technologies Driving GRC Change

Posted on by

By Scott Wisniewski, Managing Director
GRC Tech Advisory Solutions

 

 

 

Digital transformation was probably one of 2016’s top buzzwords, meaning many different things to different analysts, journalists and vendors. For me, it represents real and significant investments in modernizing IT infrastructures, including those that support GRC activities and processes.

Consider the trends we’re immersed in. Enterprises are adopting cloud and mobile technologies at an extraordinary rate in the hopes of driving greater productivity and collaboration, and organizations of all sizes are launching data initiatives involving the collecting and analyzing of massive amounts of data in order to drive better business decisions and improve customer experience. At the same time, the rapidly evolving regulatory environment, such as the EU’s impending Global Data Protection Regulation (GDPR), is putting pressure on legal, compliance, security and IT departments to invest in a range of new data initiatives, consulting services and technologies.

In response to the trends, organizations are rethinking their GRC infrastructures, hoping to gain a much broader and deeper understanding of risk drivers and the bigger GRC picture. Further, to make GRC work effectively in increasingly complex and highly distributed organizations, GRC leaders recognize they must embed GRC into the everyday activities of the business.

The combined impact of all these activities will make 2017 the year that GRC practitioners will:

  • Acknowledge that effective GRC cannot be achieved via a single technology or application. Instead it will depend on a new, complete architecture. A single GRC application today may expose operational risk, but it cannot develop and present the type of complete GRC picture that regulators and boards are now demanding. Developing such a picture requires the combination of traditional GRC applications and new tools to:
    • Extract data from internal systems, such as information security and ERP
    • Consume external content, such as regulatory content feeds
    • Incorporate performance metrics, such as sales and financial results
    • Collect and consolidate market and credit risks as well as the risks identified by business intelligence tools and other analytics

With all these new tools in place, organizations will finally be able to build new presentation layers that provide a complete – and far more useful – picture of their GRC profile.

  • Take advantage of increased information sharing and collaboration to improve governance. As part of their digital transformations, many enterprises are focused on developing new and more effective ways to share information and collaborate. The ability to manage and track this activity will enable GRC programs to incorporate affirmative governance components, such as corporate culture and business achievements. It will also enable the embedding of GRC program elements, such as activities assigned to Line 1 business owners, into the enterprise applications they access every day, encouraging them to more consistently follow governance best practices as they engage in their daily activities.
  • Improve risk decision-making by using data analytics. Thanks to an array of new technologies – in-memory computing, visualization tools, mobile reporting services, etc. – organizations can now rapidly aggregate and analyze huge volumes of data from systems across the enterprise. Data scientists are also developing new methodologies and business rules to aggregate and optimize data for analytics more effectively. As a result, organizations will finally be able to automate many GRC tasks, such as risk scoring assessments, thereby automatically exposing potential risk hot spots that previously went undetected until the damage was done.

I have never been more optimistic about the evolution of GRC. As assurance professionals, lines of business and IT work together to implement new strategies and new supporting technologies, we will transform GRC from mere operational risk management to a function that can protect organizations while actually helping them to be more successful.

Embracing Analytics in Auditing: New Protiviti Survey Takes a Look

Posted on by

In a digital world, the time for internal audit functions to embrace analytics is now. This is the most significant takeaway from Protiviti’s 2017 Internal Audit Capabilities and Needs Survey, released today. The results show that chief audit executives and internal audit professionals increasingly are leveraging analytics in the audit process, as well as for a host of continuous auditing and monitoring activities.

Learn more by watching our video below. For more information and our full report, visit www.protiviti.com/IASurvey.

Digital Transformation, Data Governance, and Internal Audit

Posted on by

Ari Sagett

By Ari Sagett, Managing Director
Internal Audit and Financial Advisory

 

 

Digital advances, such as big data analytics, mobility and smart connected devices are radically changing not just business processes, but entire operations. Companies across industries are racing to migrate analog approaches to customer interactions, products, services and operating models to an automated, always-on, real-time and information-rich marketplace. For internal audit, this means that IT risk is no longer limited to the traditional audit focus areas, but now spans the breadth of a firm’s operations (including areas that may not have been featured prominently in internal audit’s annual audit plan). And as companies store and process higher volumes of data in support of these automated routines, data governance remains critical.

Accordingly, internal audit departments need to consider the elevated risks this wave of digitization and automation may bring to day-to-day enterprise operations. Take customer service, for example. If routines are automated and customer service representatives now have lots of personally identifiable information on customers stored on workstations and network servers, then the risk profile of that department is elevated, and internal audit should evaluate controls to ensure that these potentially lower priority business functions are being considered and addressed in the context of technology risk.

We explored these challenges in our September 14th webinar, Digitization: What Does This Mean for Internal Audit. A recorded version is available on our website. More than 1,000 practitioners logged in for the live broadcast, which isn’t surprising considering that technology and data concerns topped the list of internal audit priorities in our 2016 Internal Audit Capabilities and Needs Survey.

Big data has also given rise to new, or emerging, risks. Cybercriminals are working both inside and outside of companies to capitalize on the massive and growing universe of valuable personal and private information. Regulators are promulgating policy and guidelines governing the security and privacy of the expanding universe of valuable and sensitive data. New technology-driven competitors are changing the competitive landscape. And older companies are trying to become more agile and innovative, replacing in-house data centers with cloud infrastructure.

As organizations embark on the digital transformation journey, it is incumbent upon the internal audit function to work with operational managers, risk managers, senior executives and the board to provide assurance that organizations continue to have the right controls, data governance, and compliance practices in place. In some cases, the internal audit function may serve a valuable role in educating stakeholders about the nuances of digitization and the associated risks.

Of course, all of these new responsibilities are over and above the traditional core functions, which cannot be neglected. Chief audit executives should ask themselves the following questions:

  • Does the current internal audit plan consider digitization risks?
  • Does IT leadership have a solid understanding of potential control impacts associated with digitization?
  • Does the audit team understand digitization?
  • Do our auditors have the right skills to effectively evaluate digitization risks and controls?
  • Does the internal audit function understand the impacts that digitization may have on data privacy, cybersecurity and other regulatory compliance obligations?

There is no doubt that by embracing digitization, organizations can maximize opportunities and drive competitive advantage. By providing assurance over the organizational risks posed by digitization, the internal audit department can give senior management and the board the information and confidence they need to embrace the digital future.

Is your internal audit team ready for the digital transformation? Share your thoughts in the comment section below.

Internal Audit and the Internet of Things

Posted on by

Jordan Reed MD HoustonBy Jordan Reed, Managing Director
Internal Audit and Financial Advisory

 

 

Depending on whom you ask, the business disruptor known as the Internet of Things (IoT) is either the launch pad for an indispensable digital future, or a Pandora’s box of unfathomable risks that have only begun to present themselves. Either way, that’s a lot to lay on a technology trend that only 13 percent of consumers had even heard of, as recently as 2014.

As with most disruptive change that has come before, the IoT poses both opportunities and threats. The internal audit function, as the line of defense tasked with scanning the horizon to ensure that emerging risks are known and accounted for in strategic plans and control frameworks, must now consider both the industry implications and the specific organizational challenges.

Small wonder it ranks among the top five priorities in Protiviti’s 2016 Internal Audit Capabilities and Needs Survey. Judging by the packed house for our June 1 webinar on this topic, a number of you agree. We crammed a lot into that hour, and I’ll only be able to whet your appetite here. But here’s a taste, and some questions to take back to your organization.

To be clear, IoT is the term used to describe the online exchange of data gathered from uniquely identifiable objects, animals and people, without human-to-human, or human-to-computer, interaction.

This is the world of wearable technology — fitness trackers, heart monitors, insulin pumps, and other “smart” devices, like remote home thermostats. It exists primarily in the cloud, and also includes engine sensors, diagnostic controls and transdermal, and even ingestible, medical devices.

Risks, of course, include personal privacy, data security, system integrity and more. Conversely, companies face the risk of failing to adapt to a fundamental shift in the competitive environment. But there are also opportunities for risk mitigation through advances in predictive analytics and continuous auditing.

The archived version of the webinar offers a rich and informative discussion, with many good questions from our audience, who felt the content was timely and pertinent. In the meantime, here are some questions for internal auditors to take back to their organizations:

  • How is IoT deployed in our organization today? Who owns IoT or the respective components of IoT?
  • Have we considered the risks associated with our IoT presence? How have those risks been quantified and controlled?
  • Do we know what data is collected, stored, and analyzed? Have we assessed potential legal, privacy and security implications?
  • Do we have contingency plans for internet-connected “things” that are hijacked or modified for unintended purposes?
  • To what extent are third parties acting on our behalf? Do we have the right processes and SLAs in place to appropriately monitor those third parties?
  • What role does IoT play in our current strategy as an organization? How are we measuring the achievement related to any goals associated with strategic objectives?
  • What is the risk of not considering or further leveraging IoT possibilities? Are we using data analytics to its full potential?

This risk is clear and present. Disruptive innovations that once may have taken a decade or more to transform an industry are now occurring much faster. To stay ahead of the disruption curve, internal audit must quickly discern the vital signs of change and the related implications to the business model of their organization.

The IoT and the related risks will continue to evolve and we will continue to track those risks and developments here on our blog and in upcoming publications, so check here and on our website often.

Global Instability, Cybersecurity on the Minds of Manufacturing and Distribution Industry Executives

Posted on by
Protiviti and North Carolina State University’s ERM Initiative teamed at the end of last year to survey directors and executives across a wide spectrum of industries for our fourth annual Executive Perspectives on Top Risks report. We are drilling down, over a series of blog posts, to provide insight into these executive perspectives within key industries and how these risks may have evolved since the survey was conducted. This post focuses on the manufacturing and distribution industry.

 

Sharon Lindstrom

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

 

 

 

Not surprisingly, economic conditions and financial market volatility top the list of manufacturing and distribution concerns for 2016, and the degree of concern is higher than in prior years. Manufacturers, to a greater extent than many other industries, depend on global sourcing so it’s no wonder that manufacturing executives would be more concerned than usual, given the widespread and growing uncertainty about the financial stability of key U.S. trading partners around the world on whom U.S. manufacturers depend for everything, from polymers and resins to product assembly.

In addition to supply chain concerns, manufacturers worry about sales. Global instability makes it harder to predict where production and inventory will go. Top of mind at the moment: the concerns over Great Britain’s withdrawal from the European Union, as well as economic turmoil in China and Brazil.

Cyberthreats surged into the top five risks for manufacturers for the first time this year. We interpret that as a growing concern for critical systems and infrastructure that we haven’t seen previously in this sector. The concern is indicative of a growing awareness by directors and executives of the vulnerability of networked devices in an increasingly connected global economy with increasingly sophisticated data harvesting and analytic tools.

Unlike, say, retailers, who might be primarily concerned with protecting customer data, manufacturers are primarily concerned with protecting trade secrets and the integrity of networked production equipment. Within manufacturing IT, we’re seeing more focus on security architecture, specifically related to robotics and embedded technology communicating machine-to-machine via the Internet of Things.

Given these changes, it is perhaps not surprising that manufacturers cited recruiting and retaining top talent as one of their top 5 concerns. There is an increased demand for accurate and timely analytics with which to counter market uncertainty – and personnel capable of extracting actionable intelligence from the overwhelming and growing amount of available data. Automated manufacturers are also aware that they need a higher level of cybersecurity expertise to thwart potential disruption and maintain a competitive edge.

Finally, regulatory risk appears in the top five again, as it has for three years in a row. Manufacturers have a significant and fairly consistent compliance burden when it comes to occupational, environmental, health and safety requirements. More recent concerns have included ethically sourced materials and labor. Regulatory challenges change over time, of course, but history suggests that compliance with regulations will remain a fundamental performance concern for executives and directors.

You can read the key findings and additional commentary in our manufacturing-specific report, which you can access here. The entire survey is available here.