Join the dots
Transcription
Join the dots
iia partner sponsored Feature Join the dots In the kingdom of the blind the one-eyed man might be king, but today’s technology means that any one-eyed – or blinkered – internal audit team will be falling well behind the leaders and missing out on huge opportunities for their own roles, their function and for their businesses. If you are spending too much time doing admin, yet still lack the data and oversight you require, you need to think seriously about your future. About ACL T here’s nothing back office about internal audit any more. Businesses have woken up to their need for assurance on an ever-increasing range of critical areas – from regulations compliance to supply chains and organisational culture – and are willing to value those who can provide this assurance appropriately. At the same time, heads of internal audit have risen to the challenges this has created and are keen to contribute at the highest levels. The IIA has supported these developments and Richard Chambers, president of IIA global, recently stressed that internal auditors need to find innovative ways to enhance their team’s efficiency and implement and enhance methodologies that will enable more continuous risk monitoring. All in all, it’s becoming ever clearer, and more generally accepted, that internal audit should be a value-added adviser to the business. Most internal audit departments, however, are struggling to maximise the real potential of these changes. Far too many are attempting to meet these new demands – and reap the opportunities – while still relying on Excel spreadsheets, Microsoft Office and email. While the best tools may not make a top-class audit team, it is a waste of time hiring the best internal auditors and then asking them to rise to these challenges armed only with the data and communications equivalent of a stone axe. Three simple questions should help to ACL delivers technology solutions that are transforming audit and risk management to give organisations unprecedented control over their business. To contact the team: info@acl.com +44 (0) 1189 49 7434 www.acl.com/uk identify whether your team should re-think how it uses technology. How does your current audit management system handle process change? If you still work mainly on Microsoft Office, how much time do you spend updating, organising, managing and sharing spreadsheets and Word documents? Does your use of technology demonstrate to the audit committee and board that you need a seat at the top table? If your answers to these questions suggest that your organisation might be hiring race horses and hitching them to donkey carts, then it’s time to change your approach to data analytics and communication technology. And, like any other technological investment, you need to get it right. First, it’s vital that the change must be led from the top of the internal audit function (not delegated to someone junior with technical aptitude but little strategic experience or the authority to lead it). Second, set goals, allocate resources and measure progress – most successful technology initiatives are led by a “champion” appointed by the head of internal audit.Third, align the technology shift with internal audit’s strategic objectives. Fourth, build a seamless end-to-end internal audit process – you need a logical, cyclical flow of interrelated activities.The software should be lean, yet comprehensive, but not too complex or expensive to implement. Fifth, abolish silos – your processes must interrelate with multiple functional processes, particularly risk and control management and compliance. Sixth, integrate data analysis and automated testing into audit processes. Seventh, spread the vision of technology-driven internal audit and governance, risk management and compliance (GRC) – you need to deliver a business case demonstrating how technology can transform your processes and contribute to risk and compliance processes. And, eighth, spread the benefits of data-driven internal audit and GRC – data analysis in audit can provide precisely quantified findings and insights. Use this information to exceed management’s expectations and support arguments for continued investment in internal audit technology. Dublin Airport Authority (daa) Kevin Goulding is group head of internal audit at Dublin Airport Authority (daa), which not only manages Dublin and Cork Airports in Ireland, but also runs an international aviation academy and provides duty free services and airport management consultancy across the globe. Half its revenue comes from commercial activities and property rental and half from aeronautical sources. When Goulding joined daa in 2012 the internal audit function had no data analytic capabilities in internal auditing. He was keen to change this. His first step, after comparing several options on the market, was to put in a desktop version, which he says was easy to implement and install and helped the team progress quickly from basic to more sophisticated tests. Next he introduced a server solution, which, once he had proved to the IT team that it didn’t create security problems, enabled more complex analytics. “We now do nightly and weekly analytics tests that are automatically emailed to relevant managers at the airports and elsewhere – for example, it checks for duplicate invoices and payments, invalid tax numbers, transactions from suspicious dates, and performs certain types of ratio analysis, which has thrown up some interesting results,” Goulding says. Other more sophisticated tests are being added . He then turned his attention to evolving the way his team used paperwork. He was aided by the fact that the audit management system in place when he joined was out of date and that version was no longer supported, so needed updating or replacing. “It had become an end in itself – you could spend all your time filling in fields rather than doing the audits,” he recalls. In 2014 he reviewed four products, but found that many were geared to larger internal audit departments that could afford to spend more time on administration than his lean team. The product he chose interacts seamlessly with the analytics tools, he says, and has already provided efficiencies. “We’re now working on creating a dashboard to interact between the two,” he explains. “The system is intuitive and user-friendly. It’s cloud-based, which was new to us, but has proved cost-effective because we haven’t had to spend time and money on servers. It required very little consultancy and most of the training was done in-house. We’re now evolving a suite of tailored reports, but the ones we are currently using were relatively easy to set up.” Goulding has no doubt that the new systems have increased his team’s efficiency. “If I send two people to our operation in, e.g. Barbados, I can see online where they’ve got to on the audit and what they’ve found, without picking up the phone. We used to come back from overseas with piles of photocopies. Now we can add this information straight to the system wherever we are – and it is available instantly to everyone in the audit department.” Furthermore, executive management and the audit committee were impressed at seeing better, more insightful audit data. “Scheduled analytics are a great way to show how internal audit is adding value, because they illustrate weaknesses in processes and controls, and demonstrate how time and money can be saved,” Goulding says.