How Digital Transformation changes the perspective of an IIA

21 November 2019

Giridhar LS

GIRIDHAR LS Key Experiences

8 years plus of audit experience and 15 years plus of IT consultingexperience

Lead the data Extraction, Transformation and Loading (ETL) acrossMENA

Executed / managed Information Systems Audit of major clients(Banks, Insurance and multinationals) with complex IT environment

Lead MENA innovative projects in the areas of RPA and customanalytics in the audit practice.

Managed various assignments relating to ERP reviews, applicationcontrols, SAS 70 / SSAE16 reviews, IT due diligence and fraudanalytics

Qualifications / Certifications

▪ B.Com▪ Chartered Accountant ▪ ISO 27001 Certified Lead Auditor▪ Certified information Systems Auditor (CISA)▪ Certified risk in information systems and controls (CRISC)▪ RPA UiPath Level 3 Advanced Training Diploma

▪ IMT on Artificial Intelligence and other disruptive technologies

▪ 19 Annual Regional conference in IIA

▪ SEWA Banking conference

▪ ICAI Dubai Chapter

▪ ICAI Abu Dhabi Chapter

▪ Association of National Accountants of Nigeria

Speaker in last 6 months

About me

2

What I will be covering

3

▪ Changing dynamics of an IA function

▪ Why is it important?

▪ Current Challenges for an IA

▪ Understand ML, Analytics and RPA

▪ What can an IA do differently

▪ RPA Audit Considerations

Changing dynamics of an IA function

GOVERNANCE

• Strategic insight aligned

with organization’s

expectations

• Resourcing with

technology & Audit

experience

FUTURE TECHNOLOGIES

• Intelligent automation / RPA

• Artificial Intelligence

• ML driven analytics

APPROACH• Continuous reporting to key stakeholders

• Dynamic auditing

Why is it important?

▪ Stakeholders expectations: Maximizing the use of technology to coverthe population without compromising quality

▪ Peer Pressure: Competitors continue to do more with less resources withthe deployment of technology

▪ Business Partner: Right insights help stakeholders see the key risks thatwill help them make informed decisions

▪ Changing technology landscape: Requirement of IA to be well versedwith better and faster ways to achieve the results

▪ Regulatory Expectations: Requirement of IA to be able to quantify therisk across the population to evaluate the impact under different scenarios

Current Challenges for an IA

Excel predominantly used even in scenarios where there are sophisticated systems in place

Systems not sophisticated enough to provide the right data for analysis

Advanced technology used like machine learning, blockchain etc that are very technology driven

Traditional auditors lack the skillset to do a deep dive using future technologies

Investments in future technologies

Executive Summary of Future of Financial Reporting Survey

50%

POSSIBLE ROOT CAUSE

Sophisticated ERP / systems used in a basic manner and reports are manually created

Datawarehouse stores limited data points

Data from too many systems are they are not integrated

Reporting very manually driven

Multiple sources of truth

SOURCE INPUTS

Responses from 977 international senior finance professionals with 81% from senior roles

23 different industries

Around 14% from the Middle East

Statistics

75% of CFOs are yet to make the move to real-time reporting in the board room.

69% of CFOs rely on spreadsheets to plaster over their reporting process

50% worry that all documents and disclosures have not been updated with latest changes to accounts

40% of respondents were unable to agree that their data is always trustworthy and accurate.

71% of respondents depend on spreadsheets for collecting data across the majority of their business units..

50% of respondents said reporting involved huge amounts of manual checking every time a change is made

40% of boardrooms do not have a complete view of the business.

60% of respondents said they spend too much time cleaning and manipulating data

25% of organizations have reduced their finance headcount over the last three years.

Source: Insights from the FSN Modern Finance Forum on LinkedIn Survey on “Future of Financial Reporting” towards end of 2017

AI & Machine Learning

8

9

ML refresher

Types of Analytics

Deployed across industries

Deployed across data driven industries

Deployed across tech / internet companies

ML Types

Idea of input data / classification and know what to expect but need output on new data sets

Do not know how to classify the data and you want the algorithm to classify the data for you

Have a lot of data but interaction required to reach an objective

Deep Learning

Deep Learning Types

Example ML

Additional searches possible

Analytics

11

12

Analytics and IA

Possibilities

Population Coverage

Possibility of continuous auditing

Reduced timelines and focus on more areas simultaneously

Help to achieve more in the limited budget

Integration with other trends like RPA

Analytics touchpoints

Scripting for repeatability and scalability

Visualizations provides a birds eye view of the potential risk

Significantly reduces audit timelines

Integrating various other data points into the main data like ERP

Helps to make this process autonomous

New risks through discovery

Data Collation

13

Analytics Key Concepts

Different data formats / systems

Limited data dimensions from ERP / accounting systems

Lack of integration to real time happenings i.e. economic index etcMany FTE’s involved i.e. MIS, IT etcERP data usually downloaded in excel and analysis happens from there

Individualistic approach to data i.e. Lack of complete perception

Coping with data bias

Datapredictability

CHALLENGES from data sideTraditional Using Analytics

Risk Assessment

• Understanding obtained at high level

• Interviews drive the approach

• Insights drive the interviews

• Time can then be spent on high risk areas

ControlTesting

• Sample based testing

• Review is limited to the known

• Analyze total population andreview the outliners

• Identify patterns that do not figure out in a traditional testing

Repeatability

• Heavy effort required from execution to reporting

• With RPA and analytics, this can be generated on the fly

▪ Developing an approach or model

▪ Acquiring the right skills on analytics

▪ Selecting the right tools andtechnologies

CHALLENGES for an IA

Case Study Demo

Robotic Process Automation (RPA) / Intelligent AutomationKey Concepts Refresher

15

RPA – Key Concepts in a video

Source: Softmotive Robotic Process Automation from YouTube

ROBOTS making a better place for humans

My Inspiration as a kidQuick Facts

Year 1985TV serial Small WonderROBOT Android RobotAGE 10 years oldName V.I.C.I. (Voice Input Child Identicant)

ROBOTIC PROCESS AUTOMATION / INTELLIGENT AUTOMATIONKEY CONCEPTS IN A NUTSHELL

CRITERIA

• Decision based – Rule based vs

Decision based

• Data source – Unstructured vs

Structured

• Data Type – Image vs Number

• Stability – Frequent releases vs

Few releases

• Complexity – Simple vs

Complex

• Standardization – High vs Low

• Risk – High criticality vs Low

criticality

ACCURACYThe right result, decision

or calculation the first

time.

AUDIT TRAILFully maintained logs

essential for compliance.

RELIABILITYNo sick days, services are

provided 24/7 and 365

days a year.

OFFSHORINGGeographical

independence without

business case impact.

PRODUCTIVITYFreed up human resources

for higher value-added

tasks.

SCALABILITYInstant ramp up/down to

match demand peaks

and troughs.

RETENTIONShifts towards more

stimulating tasks.

CONSISTENCYIdentical processes and

tasks, eliminating output

variations.

LOW RISKNon-invasive technology

RPA can be overlaid on existing

systems, allowing creation of a

platform compatible with

ongoing developments in

sophisticated algorithms and

machine-learning tools.

19

What can an IA do differently

2. Process modifications

Asses the impact of new risks to be introduced

through digital transformations.

Consider the effect of digital transformation on

process, controls, and reliability and accuracy of

data.

1. Effective challenge of digital transformation

Involvement in the digital transformation strategy to assess

impacts on the internal audit plan,

Advise the organization through appropriate risk and control

decisions.

Determine the balance for challenge of new

technologies vs. implementations / controls

New technologies

challenge processes

Continue to have a seat at the table at key forums

Develop a plan for the audit period

We suggest that internal audit organizations continue to be actively involved and have a seat at the table. Digital transformation has the opportunity to provide extensive

value to the firm, and the risk and control experience of internal audit can help highlight the enabling technology and its potential impacts & considerations.

3. Impact to existing audit strategy

Evaluate testing strategy modifications, affect

availability and collection of audit evidence,

Corporate Social Responsibility

“It’s not a faith in technology, It’s faith in people.” -Steve Jobs

Digital Innovation has advanced more in the last 30 years than in the last 2000. And it’sbuilt to continue. I believe that once process efficiency is attained through RPA, theorganisation can spend a lot more time on their greatest asset, people. A globalreimagining of jobs of the future will become a mandate. And, the most important taskon hand is to create something technology can’t – a human culture.

CONTACT US:

+971504146718

www.robotechsolutions.ae

Giridhar.ls@robotechsolutions.ae

Question me about…

• How to identify which processes requireautomation?

• How to implement automation solutions?• What aspects to consider in an RPA cost

benefit analysis?• What is the RPA decision making process?• What aspects to present in Board

Proposals to aid decision making for RPA?