Top executives within organizations are always thinking about how they expand beyond their role. For chief audit executives (CAEs) specifically, the demand and necessity to do so has ebbed and flowed over the past decade, but it has picked up steam in recent years because of the increased expectation on CAEs to deliver more value. The ways CAEs can do this include being more strategic, having more of a business risk mindset rather than pure audit, and bringing business acumen to the table. But right up there with those three mandates is increasing adoption of technology by internal audit departments.
CAEs are facing a whole new set of challenges than just a few years ago. The regulatory changes thrust upon organizations is a huge challenge for trying to stay responsive, especially in highly regulated industries such as health care, banking, financial services, and oil and gas. And just this year, the Federal Reserve began requiring that banks with more than $10 billion in total assets have internal audit functions report straight to the CEO. NASDAQ is also considering making an internal audit function a requirement for being listed. Not to mention that more and more company information assets are being outsourced to places such as call centers, data hosting centers and back office processors. Though the financial cost for outsourcing may be modest, the data and intellectual property made available to these partners—R&D codes, medical data, and customer financial records—is invaluable.
Benefits and types of technology
So, how can technology help? The universe of risks has expanded to thousands of lines in Excel. From SKU to inventory to customer data files, there is just a massive amount of stored data (Big Data) to analyze. Where technology helps is in sorting through all of that information and analyzing what is most important.
Despite the tools available, the rate of adoption is fairly low and increasing at a slow pace. According to Grant Thornton’s third-annual CAE survey, 46 percent disagreed with the statement that their organization is using a governance, risk, or compliance (GRC) tool effectively; 78 percent are not using a tool at all.
Here are the main types of technology CAEs should consider:
Implementing or increasing the rate of adoption of technology within your audit department primarily relies on talent. The best strategy is to have an empowering CAE who has broad and significant experience and hires technically talented people, many times who are more recent college graduates, to help revolutionize the function by more quickly leading the way to embracing technology. As a profession, we’re simply not moving the meter fast enough and we need motivation—something that can be driven by talented people who are eager to change things through the use of technology. If you hire the right skilled people and empower them to make that change, within 2-5 years you’ll be looking at a very different type of department.
In the meantime, you must provide training in these technologies so that every employee is proficient in technology to a reasonable degree. Not everyone needs to be an expert, but every employee in your department should at least be trained in the concepts around data analytics, IT risk, and cybersecurity. Of course there will be a subset of experts within that group, but it’s vitally important that none of your employees misses a risk or an event. Everyone should be able to identify where use of technology can be used to help mitigate risk and enhance control evaluation and monitoring.
In this new era of increased regulation and stricter demands on CAEs, internal audit departments will have to think about how to continue to modernize their practices and optimize their ability to deliver the increased value their stakeholders demand. One of the best ways to do this is through increased adoption of technology—by every employee in your department. It is only by doing this that the internal audit function can be elevated to a more strategic function within the organization.
Warren is the National Governance, Risk and Compliance Solution Leader and the Market Leader of the Chicago Business Advisory Services Group at Grant Thornton LLP. He has over 20 years experience working with multi-national, entrepreneurial, and high-growth public companies, including boards of directors and audit committees. Warren brings experience to the business risk consulting and internal audit services areas from both the public accounting firm and industry perspectives. He leads many Sarbanes-Oxley consulting, internal audit services and SAS 70 projects for a wide-array of publicly traded and private businesses with international operations. He has worked extensively with international internal audit, Sarbanes-Oxley and business consulting assignments in Europe, Russia, China, Southeast Asia, Central and South America and Canada. He has lectured on governance, risk and compliance.
Warren began his career with Arthur Andersen in the external audit practice and later in the internal audit services practice. Later, he joined DEKALB Genetics Corporation, a $500 million multi-national public company, as the Vice President of Internal Audit and Worldwide Consulting. Subsequent to DEKALB, Warren was a Managing Director at American Express Tax and Business Services and a Partner in the related attest entity of Altschuler, Melvoin & Glasser LLP and worked in the attest and business consulting areas.
Bachelor of Science in Accountancy -University of Illinois at Urbana – Champaign.
Warren writes a regular column, Internal Audit Revolution, for CCI.