The Power of Small Changes in Pursuing Digital Transformation: A Retail Perspective

By Rick Childs, Managing Director
Consumer Products and Services Industry Leader

 

 

 

Adaptability has always been critical to retail success. But in the digital era, where disruptive change is constant, many retailers find it difficult to evolve fast enough to remain competitive — let alone relevant. That is especially true for companies burdened by the weight of legacy business models, inefficient back-office processes and outdated technology infrastructure. A proof point: The massive wave of brick-and-mortar store closures seen so far in the first half of 2017 involving many well-known retailers that simply didn’t adapt fast or well enough to change.

Most retail executives recognize that their businesses need to embrace digital transformation if they are to survive. These leaders yearn to get ahead of the curve — or at least, ride along with it comfortably — but struggle to create a viable digital strategy. One reason for the struggle is that digital transformation is a nebulous concept. It’s vast and complex and evolving. Discovering and defining what digital transformation means and looks like for the business is a journey for any organization, particularly one encumbered by a legacy business model with longstanding brand promises.

To bring digital transformation into focus and develop viable business strategies around it, it helps to understand the four key drivers for pursuing this type of change:

  • Improving customer engagement
  • Digitizing products and exploring new business models
  • Improving decision-making
  • Driving operational efficiencies

These are major challenges for any business, but retailers are under relentless pressure to deliver consistently on all fronts. Many become fixated on trying to develop and execute a sweeping digital transformation program but end up overwhelmed and falling further behind the curve instead. That’s because a do-everything-at-once approach is not realistic. It places additional stress on an already hectic business and results in the company overlooking the value of achieving substantive change through smaller, value-adding steps.

One example of an incremental step is the move to mobile technology for retail audits. While not one of the flashiest digital transformation initiatives and not necessarily a strategic move by any means, it nevertheless allows technology to be used to create more efficiency in back-office processes. And greater efficiency can increase operational effectiveness for the entire organization.

More than a decade ago, Protiviti forecasted that internal audit functions in retail would expand their use of mobile audit technology to streamline processes, increase analytic capabilities, and supplement traditional store audits with continuous monitoring and standardized store self-audits. In our most recent report on this topic, we note that “… the adoption rate and maturity of mobile audit technology have increased to the point where retailers not actively pursuing mobile store audit technology initiatives risk falling behind regulatory and shareholder expectations.”

Here’s a quick look at some of the ways that this simple but important technology change in the back office aligns fundamentally with the four drivers of digital transformation:

  • Improving customer engagement: Internal audit’s “customers” are business owners. Mobile technology for store audits helps to streamline and accelerate the audit cycle. That helps to improve the experience for auditees and keep them engaged in the process. And by making the audit process more efficient, the business can address risks and make improvements to external customer-facing processes more quickly, ultimately creating value for the retailer’s external customers, too.
  • Digitizing products: An automated mobile solution for store audits can eliminate paperwork, delays and errors. Audit findings also can be analyzed sooner; data is entered only once at the store into a web-based reporting system that delivers real-time results.
  • Improving decision-making: Store audit technology can provide management with instant feedback on current store performance as well as real-time insight into compliance trends. Organizations can use that insight to detect and resolve ongoing problem areas before they become insurmountable issues, and improve the company’s overall performance.
  • Driving operational efficiencies: As we note in our store audit technology report, “Self-assessment, coupled with improved productivity from a mobile reporting solution, not only allows auditors to physically audit more stores, but also effectively increases audit reach to all locations by providing convenient, easy-to-use means of comprehensive store-level data collection and analysis.” This is what operational efficiency is all about.

While the retail industry’s general adoption of mobile technology for store audits has been years in the making, increased regulation and compliance changes over the past 10 years have created more of a pressing need for a digital solution. It’s an important reminder that real change takes time and is brought about by necessity, even in an era of rapid digital disruption. It is also a reminder that each thousand-mile journey begins with a single step.

Strategic back-office technology improvements are one such step. Such changes can add significant and lasting value to retail businesses in multiple ways. They can also help retailers become more agile, creative and adaptable — qualities that are essential to achieving digital transformation on a broader scale.

Manufacturers Must Focus on Workforce Planning to Accelerate Digital Transformation Efforts

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

 

 

 

Global manufacturing has been expanding, new orders are up, and the sector is experiencing an uptick in job growth. Even U.S. manufacturing appears to be on the rebound; in March, the industry posted its strongest two-month advance in three years. Leading the way in output were manufacturers of fabricated metals, machinery and plastics, paper, and rubber production.

Despite this growth, employment in the U.S. manufacturing sector remains far below the heights seen during the latter half of the 20th century. Technology advancements are a factor, of course. Some of the manufacturing segments mentioned above are among those that have been greatly expanding their use of robotics to enhance productivity, for instance.

While robotics, artificial intelligence and other advancements are making manufacturing companies less reliant on human workers for certain tasks, they are also creating new jobs that require specialized skills. Robotics engineers, big data analysts, 3D printing specialists and cybersecurity experts are just some examples of new positions in the modern manufacturing workforce. Many companies are also now seeking workers to help “teach” robots how to collaborate safely and effectively on the factory floor.

Demographic Trends, Succession Challenges Creating New Risks

Demand and competition for workers with advanced technical and specialized skills, such as programming, analytics and problem-solving, will only increase as manufacturers accelerate their efforts to automate and digitize. Skilled production roles, such as machinists and technicians, will also remain difficult to fill. And as manufacturers seek to recruit, train and retain qualified talent for both new and more traditional roles, two demographic trends are challenging those efforts:

  • Baby boomer retirements: These workers are leaving the manufacturing workforce in greater numbers and taking decades of hard-to-replace knowledge and skills with them. (Pension freezing and the decline in other retirement offerings have helped to hasten the exit for many.) Even though a lot of the expertise baby boomer workers possess will not be relevant in the next wave of the Industrial Revolution, companies will still suffer from losing people who have a deep understanding of the business and industry that can only be learned over time.
  • The new generation’s lack of interest in manufacturing jobs: Many millennials simply cannot visualize a career path in an industry that they associate with monotonous assembly lines, low-paying and less-skilled jobs, and lack of innovation. Some leading companies are working hard to change the millennial mindset about manufacturing. They’re using high-tech and high-touch approaches to showcase just how rewarding manufacturing careers can be — and that talented, tech-minded millennial workers are, in fact, eager to work in the industry. GE’s multimillion-dollar campaign to rebrand itself as a 21st century “digital industrial” company is one well-known initiative. However, these efforts alone cannot solve a labor problem decades in the making.

To be sure, new business models, changing demographics and the persistent supply-and-demand problem in the hiring market contribute to the high number of open jobs in manufacturing and widening talent gaps in many companies. Manufacturers must also recognize how their own workforce planning practices can exacerbate these problems. Lack of attention to succession planning is a prime example.

In fact, many manufacturers have already started to realize that minimizing — or completely overlooking — the importance of succession planning in the past is creating risk for them today as well as for the future. Industry executives who took part in the latest Executive Perspectives on Top Risks Survey from Protiviti and North Carolina State University’s ERM Initiative cited the following as a top risk for their businesses in 2017: Our organization’s succession challenges and the ability to attract and retain top talent may limit our ability to achieve operational targets.

Learning From the Past

As manufacturers seek to modernize their operations so they can compete in Industry 4.0, they face the risk of not being able to meet their objectives due to a shortage of skilled labor. Now is the time for companies to acknowledge potential missteps in workforce planning and adopt leading practices. If they don’t, they risk not being able to align the talent they need to succeed in an Internet of Things world.

Manufacturers should move swiftly to preserve remaining institutional knowledge by establishing mentoring programs that pair baby boomer employees with both Generation X and millennial workers. Identify areas in the organization where succession planning is critical, and create formal programs with milestones and performance measurements. Provide internships that will allow students to learn firsthand about career opportunities in modern manufacturing, and help the company position itself as an employer of choice with up-and-coming talent.

Also, be sure to promote these initiatives internally and externally. Study how peers in the industry — and in other sectors facing serious talent shortages like IT and healthcare — use outlets such as social media to shine a light on their culture, workforce and operations. Showing that the company actively invests in the development of its workforce and values its talent can help the organization retain existing employees with valuable skills sets and experience, as well as improve its chances of recruiting the highly skilled professionals it needs to succeed in the future.

IT Audit Webinar: Your Questions Answered

By Gordon Braun, Managing Director
IT Audit

 

 

 

Following up on a recent blog post discussing the results of the 6th Annual IT Audit Benchmarking Study from ISACA and Protiviti, I want to revisit the subject by answering some of the audience questions we were unable to address live during the webinar, which I co-hosted with my Protiviti colleague David Brand and ISACA director Ed Moyle.

(I want to stress that we receive many great questions during our webinars but they may not always be answered in the limited window allowed by our webinar time constraints. I invite you to subscribe to our blog as we often follow up with these questions here.)

Q: How can growing organizations move from a reactionary approach to IT risk management to a more proactive approach and get ahead of emerging risk issues?

To be proactive, I think it is very important to invest in relationship-building activities with IT. Find a way to get invited to IT meetings and town halls and get added to key IT distribution lists. If you are not being included in those meetings, if you are not receiving IT organization announcements/distributions, and if you are not generally being considered a part of the IT “family,” you need to revisit your approach and take action to change your relationship status.

The goal should be to establish an ongoing dialogue so that internal audit knows what projects are in the pipeline and what technologies may be emerging in order to be appropriately  involved at the earliest stages of these projects. I’ve seen a lot of IT audit organizations struggle with this. It’s hard to see the risks around the corner if the IT auditor does not know in which direction IT is headed. Too often, IT audit is reacting well after the fact, and that’s not a good position to be in.

I also suggest that IT auditors partner with enterprise risk management to maintain a good understanding of the strategic direction of the company. An IT auditor needs to understand the direction of an organization in order to identify risks associated with the future demand for technology, as well as the technology skill sets likely to be required.

For IT, the most important incentive for building a strong relationship with IT audit is the value IT audit can bring to that organization, and IT audit should be able to communicate that benefit. IT auditors are not only good evaluators, but they are individuals that can help the IT organization be successful in achieving its objectives. When reporting on IT, it is important to consider the context in which IT is operating. How information is presented — whether it is perceived as collaborative and constructive — can have a significant impact on the IT / IT audit relationship.

Q: Do you see more IT audit shops leveraging continuous auditing to focus on some of the challenges highlighted in the survey?

I see the second line of defense doing more continuous monitoring and then IT audit shops allowing for flexibility in the IT audit plan to allow for a shift based on the findings of continuous monitoring activities. As issues are identified in the second line, top-performing audit shops are able to shift activities and focus on emerging or more urgent items that require attention.

Q: Should the IT audit director report directly to the audit committee?

Not usually. While we are seeing the IT audit director attend more audit committee meetings, the line of reporting is typically up through the chief audit executive.

Q: Where does the responsibility for IT risk assessment live with the IT organization or the IT audit function?

Certainly, IT has to be responsible for managing its own risk. But it is very common today to have a specific IT risk assessment process occurring through the internal audit organization. As technology, automation and digitization become a more integral part of our lives, boards and management are going to want more assurance around the tech environment, and that starts with an effective risk assessment process.

A coordinated or collaborative activity is the smart approach. It is best practice that IT does its own risk assessment. The trouble starts when there is a significant disconnect between the assessment results coming from IT and IT audit. Parallel assessments are perfectly legitimate and expected but there should be some effort to coordinate, collaborate and understand/reconcile any major differences.

Ultimately, you want to have an efficient risk management and IT governance process that delivers results that are easily understandable and interpreted by executive management and the board.

You can access the archived version of the webinar and more Q&As from it here.

The Role of the Business in Ensuring a Successful ERP Implementation

By Ronan O’Shea, Managing Director
Global ERP Solutions Practice Leader

 

 

 

As organizations implement new enterprise resource planning (ERP) systems as part of digitization, process improvement and platform modernization, it is becoming increasingly critical not just for IT, but also for the business units themselves, to understand their central role in the overall success of these initiatives. The implementation of an enterprise system, or any other major IT system, should never be viewed as just an IT project because, ultimately, it is a business project with business objectives.

Even when a project is supported by a strong system integrator, it is critical for business stakeholders to assume responsibility for key activities before, during and after the implementation. Failure to do so can lead to project delays, budget overruns, business disruption and low user adoption, among other things.

There are seven key responsibilities that businesses need to understand and accept in any successful system implementation. They are:

Program Management and Governance – Although most system integration firms provide project management capabilities, common gaps include oversight of internal business and IT resources, management of other vendors, and engagement with company leadership. Proper oversight requires a more robust approach, from the establishment of a project management office (PMO) structure and assignment of roles, to the establishment of a comprehensive program-wide plan and a “single source of truth” for program status.

Business Process Readiness and Solution Design – Systems integrators are usually technical experts, not business process experts. Businesses should define the vision and operational expectations of a new system with regard to each business process. Specifically, the business must ensure that the technical solution the system integrator proposes will satisfy the business process vision and future-state goals. To meet operational expectations, the business should design process models for the end-to-end future state of each business process that the new system will impact. This will help system integrators focus on blueprinting rather than designing future processes, which typically is not their core expertise.

Organizational Change Enablement – As the solution design is established, the organizational impact of system and process changes must be determined to ensure that the anticipated benefits are realized. Training alone is not sufficient. Ultimately, the goal is a change enablement plan that will raise awareness with key stakeholders, obtain their buy-in and ensure their commitment to support the changes and the performance improvement objectives of the initiative.

User Acceptance Testing (UAT) – The final and most important phase of system testing, UAT, is designed to ensure that the system does what it was designed to do and that it meets user expectations. UAT must go beyond prior functional and technical testing phases. UAT scenarios should cover all business processes end-to-end, include all critical real-life data variations and be validated by process owners.

Data Conversion – This critical aspect is often overlooked by the business, but it is one of the most critical implementation processes, and a common source of project delays. No two systems are alike, and data from one system will rarely map cleanly or directly onto a new system. Data quality issues in legacy systems can also cause delays. Realistic data is critical to UAT. The business, supported by IT, typically owns data conversion design, mapping, enrichment, validation and cleansing. Start the data conversion process early.

Data Governance – To ensure that master data and transactional data are employed appropriately and consistently throughout the organization from go-live forward, the business should develop a comprehensive data governance program that includes a framework of organizational roles, a “data dictionary,” defined metrics and documented policies.

Business Intelligence (BI) and Reporting – BI and reporting should not be left as an afterthought, with the presumption that they can be addressed after go-live.  For most users, the primary benefit of an enterprise system is ease and accuracy of reporting. Ensure that the BI and reporting requirements are fully incorporated into the design phase of the implementation and tracked throughout. The ease and flexibility of reporting is highly dependent on the quality of the architecture and design. The efficiency and integrity of the business process is dependent on the availability of information at the right time and place.

Enterprise systems can bring remarkable efficiencies and return on investment, or be massive failures – and the business, not the integrator or IT, is ultimately responsible for the outcome. For a more in-depth analysis of these and other implementation challenges, download our recently published white paper, Understanding the Responsibilities of the Business During an ERP System Implementation.

Top Technology Challenges for Internal Audit: Results From Protiviti’s IT Audit Survey

By Gordon Braun, Managing Director
IT Audit

 

 

 

Process automation and digital transformation are near the top of most corporate agendas, and the IT audit function has never held a more crucial role. The results of the 6th Annual IT Audit Benchmarking Study from ISACA and Protiviti illustrate the increasingly integrated role IT audit leaders and professionals are assuming in regard to technology initiatives in their organizations.

I had the opportunity, along with my colleague David Brand and ISACA director Ed Moyle, to discuss the results at length in a recent webinar. You can view an archived version by registering here. In the meantime, I wanted to give you a quick rundown of the top technology challenges expressed by respondents, and how those challenges compare with the previous year’s results.

No surprise on the top tech challenge: Nearly all organizations are struggling with data privacy and cybersecurity. It’s an area where boards want assurance — even with an understanding that assurance can never be 100 percent, regardless of the amount of money spent. The challenge for IT audit, therefore, lies in determining the right amount of IT audit time and focus to be dedicated to cyber risk and ensuring coverage is in alignment with the risk appetite and priorities of the organization. Though cybersecurity is always a business issue, the risk is typically assigned to IT. IT audit’s effectiveness in this area is strongly related to the experiences and discreet knowledge that the IT auditors in the group bring to the audit. There continues to be a strong push for education and for using the right tools, frameworks, approaches and resources; all are critical elements to ensuring IT auditors to stay in front of the cyber risks they are auditing.

Emerging technology (automation, digitization, cloud, etc.) remains a top challenge for IT auditors, though not ranked as high as last year. Effective IT governance in the face of emerging tech remains a goal for many organizations, and those that ignore it or get it wrong are going to struggle. IT auditors can help their organizations in this area by challenging the effectiveness of IT governance from both a design and operating perspective — this healthy and critical evaluation of the  alignment between the business and IT is required in today’s environment. In organizations with enterprise risk management (ERM) functions, there may be a natural overlap in interest between IT governance and ERM and IT auditors are well-positioned to seek out this partnership to share and receive perspectives from the ERM group.

Infrastructure management, regulatory compliance, and budget/cost concerns all moved up the list this year — a risk triumvirate that I think contributed to the return of third party/vendor management as a top-ten challenge, after dropping below the top ten last year. Infrastructure management and third-party vendor management are closely related as organizations increase reliance on infrastructure as a service (IAAS) and software as a service (SAAS) providers in an attempt to reduce their IT footprint. To ensure maturity in third-party risk management and ease related challenges, IT audit should be involved in the early stages of significant infrastructure projects, evaluating the processes and controls around third-party vendor management, ensuring upfront due diligence activities are completed, and reviewing service level agreements (SLAs) and contracts before they are signed. There are a number of efforts in the market to provide IT auditors with more avenues for assurance for these relationships – an area I fully expect will continue to see growth.

Missing from this year’s top-ten list is big data — a surprise, to say the least. In all my conversation with colleagues, big data remains a top priority, and is closely tied to many of the other top ten challenges. Its absence on the list, in my opinion, has more to do with the temporary elevation of other priorities, and a growing familiarity with the features, risks and benefits of big data, rather than any lessening of focus. Big data also looms large in this year’s Internal Audit Capabilities and Needs Survey, so the conversations around it are certainly not over.

Last, but certainly not least, staffing and skills cut across every other top technology challenge mentioned. Although it dropped slightly from last year’s ranking, it remains a top-five challenge — a reflection of the critical need for internal audit functions to hire and train tech-savvy auditors capable of understanding IT risks. This is particularly relevant for addressing the top challenge of cybersecurity, where expertise is key to gaining the cooperation and trust of IT. Co-sourcing, or even outsourcing of IT audit, can provide that expertise without straining internal resources. Each organization must decide on whether and how to augment its skills based on its specific level of reliance on technology.

Clearly, there is much to unpack from this year’s IT Audit survey results, and we will continue to analyze the findings and track progress in how companies address them. For the full ranking of challenges and a more in-depth analysis, visit our 6th Annual IT Audit Benchmarking Study page.

 

Answer Fundamental Questions and Beware of Overconfidence Before Moving to the Cloud

By Rick Childs, Managing Director
Consumer Products and Services Industry Leader

 

 

 

For any business, migrating to the cloud is an essential step in the digitization journey. The baseline cloud benefits, such as reduced costs, greater efficiency and enhanced customer service, are important objectives to strive for, of course. The latter is especially attractive to consumer products and services companies. But there are many considerations, in addition to the benefits, that businesses must keep in mind when shifting to the cloud if they are serious about achieving true digital transformation.

To begin with, companies must have a thoughtful — and even an aspirational — strategy behind any cloud migration project if they are to realize measurable value from it. Protiviti’s white paper, Cloud Adoption: Putting the Cloud at the Heart of Business and IT Strategy, emphasizes this key point: Executives need to recognize cloud adoption as a strategic business issue, not an IT issue. To ensure that such a move will enable true business and IT transformation, executives must have clarity on what they expect the cloud to accomplish for the organization. They also need to understand their digitization priorities within their specific industry and regulatory contexts.

Consumer products and services companies leading the cloud race

Cloud adoption is accelerating across all industries, but for consumer products and services companies the pace is quicker. According to Protiviti’s latest annual Technology Trends and Benchmark Study, nearly two in three companies today are now focused on investing in cloud adoption. For consumer products and retail companies that participated in the study, that number is 80 percent. These businesses also reported that they are currently focusing on and investing in digitization.

Interestingly, despite being on the forefront of cloud adoption, consumer products and services companies don’t appear to be overly concerned about risks that may accompany such a dramatic move. Executives from these businesses who responded to the Executive Perspectives on Top Risks for 2017 survey from Protiviti and North Carolina State University’s ERM Initiative did not cite the following as a top five risk for their industry, even though it was fourth on the overall list of top risks in the survey:

Rapid speed of disruptive innovations and/or new technologies may outpace our organization’s ability to compete and/or manage the risk appropriately, without making significant changes to our business model.

On the surface, this finding seems positive: Consumer products and services companies believe they have a handle on this top risk. However, it might also be a signal of overconfidence. And overconfidence is a risk in and of itself, and could potentially undermine the success of any digital project. To help those feeling confident test their preparedness, a recent issue of The Bulletin suggests that executives ask themselves the following questions:

  • Directionally, do we know as an organization where we’re going and why?
  • Are we prepared for the journey we are undertaking?
  • Do we possess the ability, will and discipline to cope with change along the way?

Pondering these questions can help organizational leaders think more critically about their goals, the risks associated with the changes they want to undertake, and whether they fit within the risk appetite of the company. Answering these questions will also help them to think more critically about what to move the cloud, how and when, to realize the most value for the company.

For example, back-office operations are often overlooked as potential candidates for cloud migration in favor of more customer-facing functions. This oversight could result in the business missing out on some significant benefits, like building greater resiliency into its core operations. The inverse is another common mistake: Rushing to migrate a back-office function and then realizing, too late, that the legacy technology supporting it can’t be cloud-enabled. Yet another pitfall is jumping on the cloud bandwagon before properly considering privacy, security or compliance issues.

Even more questions to consider

In addition to the “soul-searching” questions above, organizations should seek to answer some other key questions to help them develop their cloud strategy:

  • Why should we adopt the cloud?
  • What are the business needs, and what are the outcomes we expect?
  • What are the use cases?
  • What portions of the business should we move to the cloud, how, and when?
  • Which cloud model is most appropriate for this initiative and for our organization (e.g., private, public, hybrid, or multi-cloud)?
  • What is the economic and operational value proposition?
  • How would this project impact IT’s approach to its current business model?
  • What vendors should we work with?

The bottom line of this discussion can be summed up in a word: preparation. Well-placed confidence, clear business-driven goals and a well-thought-out strategy will position organizations to execute their cloud migration project successfully, achieve the desired value from them, and be another step ahead in their digital transformation journey.

Assessing the Expectations of Internal Audit Stakeholders at The IIA GAM Conference

This week, Protiviti is joining the best and brightest thought leaders from Fortune 500 companies at The Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, FL. For nearly 40 years, GAM has been the premier experience for internal audit leaders to explore emerging issues and exchange leading practices for positive outcomes. The theme for the 2017 conference is Fostering Risk Resilience. Two Protiviti leaders, Brian Christensen and Jordan Reed, will be conducting panel discussions on stakeholder expectations and the Internet of Things, respectively. We are covering these events and more from the conference here on our blog and on Protiviti’s social media platforms. Subscribe to our blog and follow us on Twitter for timely podcasts and analysis of this year’s conference topics.

 

Panel Session at the 2017 IIA GAM Conference:
Stakeholder Expectations (Updates from CBOK Stakeholder Studies)

Today at The IIA 2017 GAM Conference, Brian Christensen, Executive Vice President, Global Internal Audit for Protiviti, participated in a panel discussion before more than 1,000 conference attendees, on the expectations of internal audit stakeholders and how internal audit can continue to improve its performance. The panel was moderated by Paul Sobel, Vice President and Chief Audit Executive, Georgia-Pacific LLC. Panelists were Angela Witzany, Chair, IIA Board of Directors and Head of Internal Audit at Sparkassen Versicherung AG; Larry Harrington, Vice President, Internal Audit at Raytheon Company; and Brian Christensen, Executive Vice President, Global Internal Audit at Protiviti.

Following are some highlights from Brian’s comments:

  • Are we in the so-called “golden age” of internal audit? Membership in The IIA is at an all-time high. Conferences and programs are near capacity. As internal auditors, we are part of the conversation in the boardroom and management circles. And internal audit has been rated one of the 10 best professions to start a career. But, it’s important to ask, what can we do better? How do we remain relevant and serve our constituents better? Answering these questions was the goal of the 2016 Global Internal Audit Common Body of Knowledge (CBOK) Stakeholder Study.
  • Stakeholders agree that internal audit is focused on the most significant areas in their organizations. Internal audit is keeping up with changes in the business and is communicating well with management and the board.
  • Internal audit needs to further leverage its positive reputation for quality in other areas of the business where it can add value.
  • Management and the board want internal audit to “move beyond its comfort zone” to help organizations bring internal audit perspective on strategic initiatives and changes – digitalization, cybersecurity, Internet of Things and more. Change is all around us. In light of these many changes, what are new and emerging risks that organizations need to understand and manage? Internal audit can and is expected to provide information and insights to board members and management on these new risks.

Brian also offered some calls to action:

  • As internal auditors, we need to rise up to the expectations of our stakeholders. We’ve been told we’re doing a great job, but we can do more, and our stakeholders want us to do more.
  • We need to break out of historical thinking and approaches. We’ve earned a solid reputation – we now need to build on it.
  • We need to focus on and embrace the four C’s – Culture, Compliance, Competitiveness, Cybersecurity.
  • We need to ask ourselves: Where do we want to be in five years? In 10 years? How do we continue our “golden age”? The answer: Take on bold ideas and new concepts.
  • Finally, we need to own the discourse to fulfill the expectations of our stakeholders.

We have a great opportunity – not just for ourselves, but to create a path for those behind us. Stakeholders have given us a road map to success. Let’s fulfill our destiny and continue our golden age.

Listen to Brian Christensen summarize the highlights:

Share on Twitter