Post on 05-Jun-2020
Embracing Innovation in Internal Audit Pritesh Dattani Group Head of Audit
October 2015
Agenda
• Understand what innovation is and how it relates to internal audit
• Learn why auditor innovation is necessary for auditors to continue meeting primary stakeholder expectations and stay relevant
• Recognize the importance of considering innovation in the annual risk assessment and audit plan
• Realize the potential barriers to innovation
• How innovation and greater strategic auditing strengthens the Internal Audit value proposition and brand
2
What a business needs to do to survive
3
Satisfy your customers and stake holders
Lower unit Cost
Innovate
Definition of Innovation
4
The process of translating an idea or invention into a good or service that creates value or for which customers will pay.
Source : Wikipedia
The initiative shown by a person for his ability to dissent from the normal sequence of thinking to the extreme contrary.
Innovation
It is to come up with something new or re-introduce the old but in a new way.
To deal with familiar objects / things in an unfamiliar way.
The ability to configure and set up something new, merge the old or new views in a way, use of imagination to develop and adapt views to satisfy the needs in a way or do something new in a tangible or intangible way
5
6
Invention
Innovation
Vs
Inventions that never made the mainstream
7
Invention by mistake
8
Penicillin Post it
Ideas that made millions
9
Mark Elliot Zuckerberg
The Ten best places where innovation ideas come
10
9. While attending to a boring presentation
8. While walking at night
7. While practicing physical exercise
6. While reading
5. While attending a boring business meeting
4. Before sleeping and after waking up
3. In the car
2. While taking a bath
1. In the rest room
10. The work place
Innovation v Internal Auditing
11
Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an
organization’s operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk management,
control, and governance processes.
The process of translating an idea or invention into a good or service that creates value or for which customers will pay.
Most Difficult and Most Constant
12
CHANGE In peoples behavior
Example of Resistance to Change
13
When the Brothers Right first flew their airplane the
Press did not cover the news for months When
Characteristics of Innovators
14
• They search for alternative methods and solutions and don’t suffice with one method or solution.
• They have a strong will and determination.
• They are persistent and they have clear goals to be achieved.
• They ignore others negative comments
• They depend upon themselves
Characteristics of Innovators
15
• They are eager to learn.
• They are curious.
• They are patient
• They don’t stop thinking, even during leisure time.
• They are not scared of failure
• They don’t love routine
• They are positive and optimistic
16
Characteristics of Innovators
• They are cable of analyzing.
• They are brave and adventurous.
• They don’t care about regulatory ceremonials
• Their papers are untidy and disorganized.
• They love to travel and wander in different places.
• They love to have fun and play.
• They tend to forget a lot
17
CAN AUDITORS INNOVATE?!
Frustration & Motivation Phrases
18
• Good idea but …
• Not practical
• Very naive
• It costs a lot
• Premature
• Imaginary & Ideal
• It needs more study
• Our problem is different
Good …what next?
How can it work
What are its characteristics
How to overcome shortcomings
Seems interesting
How to convince others
Traditionally
19
Planning
Fieldwork
Reporting Evaluation & Closing
Follow-Up
Risk Assessm
ent
Audit Plan
Getting it right –an effective internal audit risk based plan?
20
Internal Audit should include, in its audit plan, not only core audit and compliance
areas but also work on initiatives that result in process improvement and/or reduce
costs/increase efficiency. Listed below are key areas for IA to consider:
• Social Media
• Cybersecurity
• Anti-Bribery / Anti-Corruption
What it took to be a successful Internal Auditor (IA) and Audit department
• We know what IA did to be successful – Know internal processes and controls and test them… period! Things you see at this stage:
• Know the balance sheet
– Statistical Sampling
– Do walk through of processes
– Look for revenue recognition issues
– Cash reconciliations
– Physical inventory counts
– Ghost employee tests
– Don’t forget add IT Auditor then integrate with audits… now we call it an integrated audit…..
– All this is fine blocking and tackling for an IA department but it doesn’t make you awesome…… or separate you from the “pack”!
21
Then came Technology
• Leading Audit shops adopted technology to “do more with less”…just like the business! Progress!
• ACL to download and test entire populations….find the needle in the haystack
• Test system controls with a few transactions…..comforting to know standard transactions worked in the system.
• Find money and be the hero testing…..this made some shops hero's and enemies at the same time.
• Cut travel by testing remote locations (aka remote testing or “desk audits”)
• All valid wins for IA but the business had to innovate the same way…. IA playing follow the leader?
22
Then came SOX
23
As they say in a country song …one step forward and sometimes two steps back. We saw an over reaction to making every control key and testing all of those controls. On the plus side was IA was given the budget and resources for the new mandate also referred to as the “full employment act for auditors”. Auditors needed in mass to document and test….. External firms and existing firms bulked up on this sometime mundane testing….. Today we need to make this less than 5% of the plan for the department. Good way to learn the basics but not a place to stay beyond 2 years or provide sustainable “value” to the business!
2015 and Beyond
• IA has spent the last 10 + years creating company internal controls with the business and then working to consolidate them to be reasonable. Aka cutting controls to make sense for the “real world”
• PWC’s “State of the Internal Audit Profession” cites quality and innovation as key to adding value
• Finding issues from standard audits that wow the business are rare wins for IA departments. The next evolution has to be a revolution.
24
Radical or required – you decide
• Why finish the audit just because we started it? Biggest waste of time. If issues are clear and agreed on then move on….
• How come marketing analytics can find a buyer/customer better than we can find inefficiencies? Not enough investment in data mining and analysis….. Needs to be key for IA in next 3-5 years. Leverage dashboards to stay current or leading with the business, not laggards.
• Rotation based on time since last visit is dead? How does this live on. No real findings but management feels better? Explain why this must change to the people asking for the same reviews.
• Does audit have real time risk indicators to select audit areas? Plan built in prior year? Co- creating management reporting that tells impending risks? If we are so smart why can’t we make this happen? Independence is not compromised by creating or co developing reports!
25
Revolutionary Mindset Changes
• Why auditors should rotate into areas they audit? Best people to fix an area are those who have an independent but knowledgeable understanding of the area. Do the audit, join the team, fix the issues then come back to IA.
• Audit Chair invited to risk assessments? Are we still doing surveys? Audit Chair should hear either directly from the business leaders or at minimum hear how you made the plan for the year.
• Auditors and ERM – co ownership or overall ownership; can we get past independence?
• Risk Assessments – why different views from IA, ERM group, Sales & Marketing, Manufacturing, etc. Level of detail …maybe, KPI triggers.. Maybe but overall risk is risk…(why different languages for the same risk???)
• Compliance and Audit why are they two departments? Merger needed? Ok lets here the independence chatter Isn’t audit just a different type of compliance function, aka internal vs. external?
26
Trends in the business that Audit should be doing today!
• In every audit you should consider some of these issues
• Do a cost benefit analysis for every control or change your team is suggestion; know the price of your recommendation; speak like a business owner.
• Consider what to reduce what you would audit next time.
• CAE’s look at areas without any issues and determine if you can remove it from the plan and do something completely different. “Look for that ‘Restart’ opportunity”
27
Potential Barriers to innovation
• I work for the CFO she/he doesn’t want anything different.
• Budgets are constrained by the business environment.
• External firms are not producing these process type people for me to hire.
• Ok then:
• Tell the CFO after you get the new process working. Raise the bar on your people and show successes to them.
• Allow vacant positions savings to be used to buy tools.
• External firms do what sells and if they figure out how to be innovative they will be talking to the CFO about the entire department budget …..
28
Start of the journey …
• Allowed for quick closure to audits.
• Co created management reports/dashboards to identify and manage risk(s)
• Invest a larger percentage of the compliance budget on technology.
• Hiring non accountants for the IA department.
• Rotated people into the business to fix issues with a full return policy
29
Questions
Thank You
30