From the GAM Conference: Changing Priorities, Analytics in Auditing and More

This week, Protiviti is joining the best and brightest thought leaders from Fortune 500 companies at The Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, FL. For nearly 40 years, GAM has been the premier experience for internal audit leaders to explore emerging issues and exchange leading practices for positive outcomes. The theme for the 2017 conference is Fostering Risk Resilience. Two Protiviti leaders, Brian Christensen and Jordan Reed, will be conducting panel discussions on stakeholder expectations and the Internet of Things, respectively. We are covering these events and more from the conference here on our blog and on Protiviti’s social media platforms. Subscribe to our blog and follow us on Twitter for timely podcasts and analysis of this year’s conference topics.

 

On Day 2 of the conference, Protiviti Managing Director Jordan Reed shared some thoughts on the panel discussion titled “The Internet of Things: What Does This Mean to Internal Audit?” Jordan led the panel together with Jeff Rowland, Vice President, Audit Services at USAA. Below in Jordan’s own words are highlights from the discussion. For more on why the Internet of Things matters, and the risks and expectations arising from it, read the recently published Protiviti white paper (download).

Share on Twitter

Also hear Protiviti Managing Director and The Protiviti View blog host Jim DeLoach share his view on stakeholder expectations as reflected in the Global Internal Audit CBOK Stakeholder Study.

Share on Twitter

Finally, Protiviti Managing Director Matt McGivern discusses the current state of data analytics in internal auditing, including findings from Protiviti’s latest internal audit survey. Listen below.

Share on Twitter

Assessing the Expectations of Internal Audit Stakeholders at The IIA GAM Conference

This week, Protiviti is joining the best and brightest thought leaders from Fortune 500 companies at The Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, FL. For nearly 40 years, GAM has been the premier experience for internal audit leaders to explore emerging issues and exchange leading practices for positive outcomes. The theme for the 2017 conference is Fostering Risk Resilience. Two Protiviti leaders, Brian Christensen and Jordan Reed, will be conducting panel discussions on stakeholder expectations and the Internet of Things, respectively. We are covering these events and more from the conference here on our blog and on Protiviti’s social media platforms. Subscribe to our blog and follow us on Twitter for timely podcasts and analysis of this year’s conference topics.

 

Panel Session at the 2017 IIA GAM Conference:
Stakeholder Expectations (Updates from CBOK Stakeholder Studies)

Today at The IIA 2017 GAM Conference, Brian Christensen, Executive Vice President, Global Internal Audit for Protiviti, participated in a panel discussion before more than 1,000 conference attendees, on the expectations of internal audit stakeholders and how internal audit can continue to improve its performance. The panel was moderated by Paul Sobel, Vice President and Chief Audit Executive, Georgia-Pacific LLC. Panelists were Angela Witzany, Chair, IIA Board of Directors and Head of Internal Audit at Sparkassen Versicherung AG; Larry Harrington, Vice President, Internal Audit at Raytheon Company; and Brian Christensen, Executive Vice President, Global Internal Audit at Protiviti.

Following are some highlights from Brian’s comments:

  • Are we in the so-called “golden age” of internal audit? Membership in The IIA is at an all-time high. Conferences and programs are near capacity. As internal auditors, we are part of the conversation in the boardroom and management circles. And internal audit has been rated one of the 10 best professions to start a career. But, it’s important to ask, what can we do better? How do we remain relevant and serve our constituents better? Answering these questions was the goal of the 2016 Global Internal Audit Common Body of Knowledge (CBOK) Stakeholder Study.
  • Stakeholders agree that internal audit is focused on the most significant areas in their organizations. Internal audit is keeping up with changes in the business and is communicating well with management and the board.
  • Internal audit needs to further leverage its positive reputation for quality in other areas of the business where it can add value.
  • Management and the board want internal audit to “move beyond its comfort zone” to help organizations bring internal audit perspective on strategic initiatives and changes – digitalization, cybersecurity, Internet of Things and more. Change is all around us. In light of these many changes, what are new and emerging risks that organizations need to understand and manage? Internal audit can and is expected to provide information and insights to board members and management on these new risks.

Brian also offered some calls to action:

  • As internal auditors, we need to rise up to the expectations of our stakeholders. We’ve been told we’re doing a great job, but we can do more, and our stakeholders want us to do more.
  • We need to break out of historical thinking and approaches. We’ve earned a solid reputation – we now need to build on it.
  • We need to focus on and embrace the four C’s – Culture, Compliance, Competitiveness, Cybersecurity.
  • We need to ask ourselves: Where do we want to be in five years? In 10 years? How do we continue our “golden age”? The answer: Take on bold ideas and new concepts.
  • Finally, we need to own the discourse to fulfill the expectations of our stakeholders.

We have a great opportunity – not just for ourselves, but to create a path for those behind us. Stakeholders have given us a road map to success. Let’s fulfill our destiny and continue our golden age.

Listen to Brian Christensen summarize the highlights:

Share on Twitter

Prioritizing Risks and Demonstrating Strategic Risk Savvy

May is International Internal Audit Awareness Month. We are Internal Audit Awareness Month logocelebrating with a series of blog posts focused on internal audit topics and the daily challenges and future of the internal audit profession.

 

Brian ChristensenBy Brian Christensen
Global Leader, Internal Audit and Financial Advisory

 

 

 

In my last post, I argued that internal auditors should go beyond assurance to serve as strategic advisers to executive management and directors.

This begs the question: Which risks do we focus on? CBOK survey respondents were adamant that they want to see internal audit more directly involved in advising on strategic risks – more than half said so. What they didn’t say is that they want internal auditors to take their eyes off the operational, financial and compliance risks. It’s just that strategic risks are the focus of both senior management and the board, and so it makes sense that, as the internal audit function aligns with the needs of these key constituents, it includes strategic risks in its line of sight.

Traditionally, auditors have done a good job analyzing financial risks. Recent years have seen the move into operational and compliance risk assurance as well. Compliance is a very hot topic with serious reputational underpinnings, so, unsurprisingly, there is a resounding affirmative that we need to continue to respond to that. Where there’s room for growth is in the strategic risk arena: If a company is going through a large ERP implementation, for example, the internal audit function can best add value and demonstrate its understanding of strategic risks by serving in a proactive consultative capacity to the project planning committee.

Not only are stakeholders expecting internal auditors to weigh in on a broader variety of risks, but they are increasingly looking for more timely and, sometimes, even real-time feedback. Audit plans need to be dynamic and audit processes agile enough to adapt on the fly to changes in the risk landscape.

That means that audit tools need to be equally agile. We’re seeing an increased demand for data analytics. A lot of great tools have come out in recent years that enable auditors to mine and report on entire data sets, instead of testing limited samples.

Internal audit’s role in identifying and analyzing risk has become a corporate imperative, even at companies with a separate risk management infrastructure, such as a chief risk officer or chief privacy officer. The difference between these “chiefs” and the chief audit executive (CAE) is that, in most organizations, the CAE reports to the board but also has more frequent face time with directors. This underscores how critical it is for the internal audit function to demonstrate an understanding of strategic risk and be an engaged, familiar face around the company, particularly with its leaders.

So how do we do that? We knock on executives’ doors, ask questions about the company’s direction, inquire about new markets and products, stay curious and informed, and connect the information received from different sources so that executives trust our “big picture” acumen and intuition and engage in this conversation with us. This, in turn, gets us invited more often to the table.

Relationships are key, and I will pick up the topic in my next post. You can access our April 6 webinar here.