Why internal auditors need to weigh in on digital transformation
GOING digital isn’t easy, especially when scaling digital projects across the enterprise. New digital projects usually mean adopting new processes, which involves taking on new (and often huge) risks.
Hence, mid-sized businesses and large enterprises should always have internal auditors weigh in on digital transformation plans and have them support digital goals.
According to a recent PwC report, internal auditors don’t require deep technical knowledge to begin engaging in their organization’s digital initiatives.
Auditors bring a thorough understanding of risk and process — which is a valuable lens that decision-makers sometimes lack. Internal audit can also connect the dots on risks across multiple digital initiatives throughout an organization.
However, PwC’s consultants do believe that as organizations climb the digital maturity curve, internal audit staff do need to gain a few digital skills or at least some digital acumen to support the organization’s goals.
“You don’t need every single team member to be data scientists, but you need the team to be on board with the direction you are going. And then you need a few with the energy, passion, and knowledge around the topic to drive it forward,” pointed out Syngenta International AG Head of Internal Audit and Financial Compliance Sara Merian.
Internal auditors can play an advisory role
The job of internal auditors is quite dynamic. It not only involves keeping the organizations’ books balanced but also requires them to ensure checks and controls are in place to support any deviations in processes or practices.
As the internal audit team gains digital competencies, it can support the organization’s digital transformation goals by helping evaluate new technology solutions.
Internal auditors can take stock of how information flows with the solution that has been proposed, the risks that may arise from it, and the controls needed to mitigate those risks.
According to PwC, dynamic internal audit functions must embrace new technologies by providing advice and assurance that appropriate controls are in place as their organization adopts new technologies.
PwC’s study also suggests that progressive internal auditors must identify technologies that can automate some of the tasks they perform on a daily basis so as to enable themselves to focus on bigger, more strategic evaluations that benefit the larger organization.
Internal auditors can help with data governance
“Algorithms are in themselves their own worst enemy. I don’t know whether the algorithm that was built has been tested or whether third parties looked at it. I don’t even know whether external auditors were involved,” said Edison International and Sykes Enterprises’ Audit Committee Member Vanessa Chang.
“If you use the technology tool to go through contracts and drive revenue, accounts receivable, cash, and deferred revenue, how do I know that the algorithm was correct?
“Who audits that? Who tests it? And importantly, how do I know it’s locked down so that someone can’t come in and change it? That’s where I get concerned,” continued Chang.
To put Chang and hundreds of thousands of other concerned audit and compliance professionals at ease, internal auditors must evolve to take responsibility for data governance in the digital age.
PwC’s consultants understand that internal auditors cannot get involved in every project that the organization takes on.
However, they believe that leaders must change their mindset to involve auditors wherever possible and think about the risks from new digital projects early on.
Doing so will ensure that control considerations get embedded into the digital transformation plan for the organization and ensure that risks are mitigated seamlessly as the business climbs the digital maturity curve.