The Power of Small Changes in Pursuing Digital Transformation: A Retail Perspective

By Rick Childs, Managing Director
Consumer Products and Services Industry Leader




Adaptability has always been critical to retail success. But in the digital era, where disruptive change is constant, many retailers find it difficult to evolve fast enough to remain competitive — let alone relevant. That is especially true for companies burdened by the weight of legacy business models, inefficient back-office processes and outdated technology infrastructure. A proof point: The massive wave of brick-and-mortar store closures seen so far in the first half of 2017 involving many well-known retailers that simply didn’t adapt fast or well enough to change.

Most retail executives recognize that their businesses need to embrace digital transformation if they are to survive. These leaders yearn to get ahead of the curve — or at least, ride along with it comfortably — but struggle to create a viable digital strategy. One reason for the struggle is that digital transformation is a nebulous concept. It’s vast and complex and evolving. Discovering and defining what digital transformation means and looks like for the business is a journey for any organization, particularly one encumbered by a legacy business model with longstanding brand promises.

To bring digital transformation into focus and develop viable business strategies around it, it helps to understand the four key drivers for pursuing this type of change:

  • Improving customer engagement
  • Digitizing products and exploring new business models
  • Improving decision-making
  • Driving operational efficiencies

These are major challenges for any business, but retailers are under relentless pressure to deliver consistently on all fronts. Many become fixated on trying to develop and execute a sweeping digital transformation program but end up overwhelmed and falling further behind the curve instead. That’s because a do-everything-at-once approach is not realistic. It places additional stress on an already hectic business and results in the company overlooking the value of achieving substantive change through smaller, value-adding steps.

One example of an incremental step is the move to mobile technology for retail audits. While not one of the flashiest digital transformation initiatives and not necessarily a strategic move by any means, it nevertheless allows technology to be used to create more efficiency in back-office processes. And greater efficiency can increase operational effectiveness for the entire organization.

More than a decade ago, Protiviti forecasted that internal audit functions in retail would expand their use of mobile audit technology to streamline processes, increase analytic capabilities, and supplement traditional store audits with continuous monitoring and standardized store self-audits. In our most recent report on this topic, we note that “… the adoption rate and maturity of mobile audit technology have increased to the point where retailers not actively pursuing mobile store audit technology initiatives risk falling behind regulatory and shareholder expectations.”

Here’s a quick look at some of the ways that this simple but important technology change in the back office aligns fundamentally with the four drivers of digital transformation:

  • Improving customer engagement: Internal audit’s “customers” are business owners. Mobile technology for store audits helps to streamline and accelerate the audit cycle. That helps to improve the experience for auditees and keep them engaged in the process. And by making the audit process more efficient, the business can address risks and make improvements to external customer-facing processes more quickly, ultimately creating value for the retailer’s external customers, too.
  • Digitizing products: An automated mobile solution for store audits can eliminate paperwork, delays and errors. Audit findings also can be analyzed sooner; data is entered only once at the store into a web-based reporting system that delivers real-time results.
  • Improving decision-making: Store audit technology can provide management with instant feedback on current store performance as well as real-time insight into compliance trends. Organizations can use that insight to detect and resolve ongoing problem areas before they become insurmountable issues, and improve the company’s overall performance.
  • Driving operational efficiencies: As we note in our store audit technology report, “Self-assessment, coupled with improved productivity from a mobile reporting solution, not only allows auditors to physically audit more stores, but also effectively increases audit reach to all locations by providing convenient, easy-to-use means of comprehensive store-level data collection and analysis.” This is what operational efficiency is all about.

While the retail industry’s general adoption of mobile technology for store audits has been years in the making, increased regulation and compliance changes over the past 10 years have created more of a pressing need for a digital solution. It’s an important reminder that real change takes time and is brought about by necessity, even in an era of rapid digital disruption. It is also a reminder that each thousand-mile journey begins with a single step.

Strategic back-office technology improvements are one such step. Such changes can add significant and lasting value to retail businesses in multiple ways. They can also help retailers become more agile, creative and adaptable — qualities that are essential to achieving digital transformation on a broader scale.

Blockchain Unchained: Bitcoin Was Just the Beginning

EdPage_croppedBy Ed Page, Managing Director
IT Consulting



These days, it seems that everyone in the financial services industry is talking about distributed consensus ledger (DCL) technology, commonly known as blockchain. The real-time transaction and settlement technology is viewed by some as the breakthrough that’s going to revolutionize electronic payments systems, and by others as the technological grenade that’s going to rip a hole in the world of banking systems as we know it. The truth is, nobody knows how things will turn out with any degree of certainty.

In my opinion, blockchain is potentially one of the most disruptive business technologies to emerge in the digital age, replacing the traditional bookkeeping system of single private ledgers kept in siloed databases and updated in daily batch settlements with a chain of shared, encrypted public ledgers, linked and validated by network consensus in real time to enable instantaneous settlement. Transactions are said to be “immutable,” because they are confirmed by the network, and cannot be altered by an individual.

In essence, blockchain serves the same function as the current system of clearinghouses and transaction networks that handle most electronic payments and money transfers, including ATM transactions, correspondent banking, credit card purchases and electronic funds transfers. And that’s just one application. Other uses range from secure document transfer and trading of stocks and bonds, to cybersecurity and internal audit.

As you might imagine with something so fundamentally different from what came before it, expert opinions on the benefits, risks and applications are all over the map and often contradictory. The technology itself fosters such contradictions.

For example, while blockchain transactions are considered to be extremely transparent, the anonymity of those transactions has raised anti-money laundering (AML) and Bank Secrecy Act (BSA) concerns — to use an analogy, while the game itself is transparent, the players are not. And despite the widespread (and accurate) belief that blockchain transactions are secure, hackers recently raided a cryptocurrency exchange, making off with millions of dollars in real cash, from transactions conducted in Bitcoin via blockchain.

I bring up the hacker attack to illustrate that while blockchain does, in fact, protect the integrity of the transaction, open ledger cryptocurrency networks remain vulnerable at the nodes, the various businesses that house customer data.

With closed or permission-based blockchains being viewed increasingly as the future in banking, such obstacles will surely be overcome, but it is important to recognize that we are in a “Wild West” period where hackers and fraudsters are trying as hard to beat the system as others are trying to build it.

Once the “frontier” aspect of blockchain wears out and it begins to find its place into the mainstream of banking technology, financial institutions will need to take other, equally important issues into consideration. Here are a few of the wrinkles that will need to be ironed out:

  • Legacy environment — The old ways may not be elegant, or what everybody wants to use, but they are so embedded in the financial services ecosystem that it will take time and effort to change. Overcoming that inertia and figuring out how to integrate old and new in a 24/7/365 transactional environment is going to be a challenge. Regardless of the time it takes, the writing is on the wall for legacy systems.
  • Vested interests — As a technology that eliminates intermediaries, blockchain has the potential to disrupt the powerful and established institutions that own, and profit from, the movement of money among financial institutions. New business models will inevitably emerge.
  • Regulation — Although transactions are transparent, the ability to track money movement in this environment is still undeveloped. Anti-money laundering (AML) is expensive for banks, and the people who launder money tend to spread their activities across multiple institutions, making tracing those activities in their entirety difficult. Blockchain has the potential to shift regulatory focus and burden away from individual institutions and to the exchange network itself. Businesses are already forming to address that need.

Although it is too early for anyone to have all the answers, financial service executives and internal auditors need to become conversant in blockchain to avoid being blindsided by this rapidly evolving disruptor. For a good primer on blockchain, I’d recommend Volume 3, Issue 2 of Protiviti’s PreView series on emerging risks. We’re going to stay on top of this topic for you. Stay tuned!

Internal Audit and the Internet of Things

Jordan Reed MD HoustonBy Jordan Reed, Managing Director
Internal Audit and Financial Advisory



Depending on whom you ask, the business disruptor known as the Internet of Things (IoT) is either the launch pad for an indispensable digital future, or a Pandora’s box of unfathomable risks that have only begun to present themselves. Either way, that’s a lot to lay on a technology trend that only 13 percent of consumers had even heard of, as recently as 2014.

As with most disruptive change that has come before, the IoT poses both opportunities and threats. The internal audit function, as the line of defense tasked with scanning the horizon to ensure that emerging risks are known and accounted for in strategic plans and control frameworks, must now consider both the industry implications and the specific organizational challenges.

Small wonder it ranks among the top five priorities in Protiviti’s 2016 Internal Audit Capabilities and Needs Survey. Judging by the packed house for our June 1 webinar on this topic, a number of you agree. We crammed a lot into that hour, and I’ll only be able to whet your appetite here. But here’s a taste, and some questions to take back to your organization.

To be clear, IoT is the term used to describe the online exchange of data gathered from uniquely identifiable objects, animals and people, without human-to-human, or human-to-computer, interaction.

This is the world of wearable technology — fitness trackers, heart monitors, insulin pumps, and other “smart” devices, like remote home thermostats. It exists primarily in the cloud, and also includes engine sensors, diagnostic controls and transdermal, and even ingestible, medical devices.

Risks, of course, include personal privacy, data security, system integrity and more. Conversely, companies face the risk of failing to adapt to a fundamental shift in the competitive environment. But there are also opportunities for risk mitigation through advances in predictive analytics and continuous auditing.

The archived version of the webinar offers a rich and informative discussion, with many good questions from our audience, who felt the content was timely and pertinent. In the meantime, here are some questions for internal auditors to take back to their organizations:

  • How is IoT deployed in our organization today? Who owns IoT or the respective components of IoT?
  • Have we considered the risks associated with our IoT presence? How have those risks been quantified and controlled?
  • Do we know what data is collected, stored, and analyzed? Have we assessed potential legal, privacy and security implications?
  • Do we have contingency plans for internet-connected “things” that are hijacked or modified for unintended purposes?
  • To what extent are third parties acting on our behalf? Do we have the right processes and SLAs in place to appropriately monitor those third parties?
  • What role does IoT play in our current strategy as an organization? How are we measuring the achievement related to any goals associated with strategic objectives?
  • What is the risk of not considering or further leveraging IoT possibilities? Are we using data analytics to its full potential?

This risk is clear and present. Disruptive innovations that once may have taken a decade or more to transform an industry are now occurring much faster. To stay ahead of the disruption curve, internal audit must quickly discern the vital signs of change and the related implications to the business model of their organization.

The IoT and the related risks will continue to evolve and we will continue to track those risks and developments here on our blog and in upcoming publications, so check here and on our website often.