NEXT GENERATION IA IN PURSUIT OF INNOVATION...Internal Audit, Risk, Business & Technology Consulting...
Transcript of NEXT GENERATION IA IN PURSUIT OF INNOVATION...Internal Audit, Risk, Business & Technology Consulting...
Internal Audit, Risk, Business & Technology Consulting
Protiviti Perspective provided by Nikhil K., New Delhi
NEXT GENERATION IA – IN
PURSUIT OF INNOVATIONOctober 28, 2019
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
INTRODUCTIONS
2
Managing Director, Protiviti
Andrew Struthers-Kennedy
Senior Manager, Protiviti
Jared Bourcier
Image Image
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
SESSION TOPICS
1
2
3
Innovation in Internal Audit – Why & How?
Components of Next Gen
Emerging Technologies and Approaches
INNOVATION IN AUDITWHY? WHAT? HOW?
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
ON THE MINDS OF EXECUTIVES
5
2019 RANK 2018 RANK RISK ISSUEYOY
TREND
1 10Existing operations meeting performance expectations, competing
against “born digital” firms
2 6 Succession challenges and ability to attract and retain top talent
3 4 Regulatory changes and regulatory scrutiny
4 3 Cyber threats
5 2 Resistance to change operations
6 1 Rapid speed of disruptive innovations and new technologies
7 7 Privacy/identity management and information security
8 9 Inability to utilize analytics and big data
9 5Organization’s culture may not sufficiently encourage timely
identification and escalation of risk issues
10 12 Sustaining customer loyalty and retention
Source: Executive Perspectives
on Top Risks for 2019
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
THE CHALLENGE…
6
Is IA using enterprise data efficiently to conduct risk assessments and continuous monitoring?
Has IA added resources and skill sets to address increased expectations from stakeholders?
Has IA started to increase use of technology to enhance the internal audit function?
Is IA still performing (and reporting) audits and reviews in the same way as in years past?
Is IA positioned to respond to changing key business risks associated with digital transformation initiatives?
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
ESSENTIAL OBJECTIONS OF NEXT GEN IA
7
A range of innovative approaches, tools and governance enablers,
including a culture of innovation to…
Improve assurance by increasing the focus on key risks… in time1
Make internal audit more efficient2
Provide deeper and more valuable insights3
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
WHERE THINGS STAND
8
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
WHERE THINGS STAND
9
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
NEXT GENERATION INTERNAL AUDITCompetencies, qualities and components to effect change
Next
Generation
Internal Audit
IA Strategic Vision
Resource & Talent
Management
Aligned AssuranceAdvanced Analytics
Process Mining
Machine Learning (ML)
Artificial Intelligence (AI)
Continuous Auditing Dynamic Risk Assessment
High Impact Reporting Agile Audit Approach
Robotic Process
Automation (RPA)
Organizational
StructureNext-
Generation
Internal
Audit
PROCESS MININGDATA DRIVEN INSIGHTS
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
PROCESS MINING FOR AUDIT INSIGHT
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
PROCESS MINING DEMO
Uses data from enterprise systems to visually reconstruct how
processes actually perform… what is actually happening, creating a
complete process map
AUTOMATION IN AUDITINCREASED EFFICIECNY AND EFFECTIVENESS
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
AUTOMATE EVERYTHING?
15
• Brainstorm candidates
• Evaluate for technical feasibility and business value
• Prioritize automation opportunities
• Follow the path of least resistance to automation
• Evaluate through POC… prove what’s possible
• Scale
Follow a disciplined approach to automation…
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
PURSUING RPA… HOW TO START
Opportunity
Assessment
Initiate
Program
Pilot
Deployment
Proof of Concept
Deploy, Operate
& Monitor
Roadmap
Identify automation
candidates and
completing a Proof of
Concept…
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.17
USE CASES FOR INTERNAL AUDIT
Artifact Gathering
Admin / PMO / eGRCControl Activities
Testing
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
RPA IN ACTION…
18
RPA In
Action
Use case on evaluating & prioritizing automation candidates and
demonstration of the bots-in-action for control testing
AGILE FOR INTERNAL
AUDITFLEXIBLE & RISK RESPONSIVE
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
AGILE FOR AUDIT?
20
• Our POV… focus on delivering quality product
faster and more efficiently, with improved
stakeholder engagement
• Instill an agile mindset and empower personnel to
innovate and find way to do things better
Broad Range of Definitions for Agile in IA…
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
AGILE AUDIT… WHAT AND WHY?
21
Product
Backlog
A
B
C
F
Sprint
Backlog
D.1
D.2
D.3
D.4
Sprint
Planning
Daily
Scrum
SprintSprint
Deliverable
E.1
E.2
Sprint Review
&
Retrospective
IA D
eliv
era
bleD.5
Product and Sprint Backlogs (Risk
Areas) Drive Work
Real Time Deliverables and
Feedback
Iterative and Incremental Fieldwork
/ Testing
Plan Work Review
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
AGILE AUDIT… WHAT AND WHY?
22
Source: Protiviti 2019 Internal Audit Capabilities and Needs Survey
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
EXAMPLES OF AGILE IA
23
Focus on Benefits vs. Strict Adoption
More focused “sprint-like” delivery of
audits – shortening time-to-report
An iterative “follow-the-risk” type
approach to audit delivery
Iterative, high-touch, and flexible reporting process
Integrated (cross-functional) teams
formed into “pods” delivering a series
of audits (backlog)
Increased involvement of IA and
business leadership (standup and sprint
review meetings)
Audits broken down into sprints with
focus of delivery of results and direct
feed into reporting
Emphasis on data gathering in advance of project
INTERNAL AUDIT TOOLKITWHAT’S OUT THERE?
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
THE IA TOOLKIT
25
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm
and does not issue opinions on financial statements or offer attestation services. All registered trademarks are the property of their respective owners.
THOUGHT LEADERSHIP
26
Q&A
© 2019 Protiviti – Confidential. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not
licensed or registered as a public accounting firm and does not issue opinions on financial statements or
offer attestation services. All registered trademarks are the property of their respective owners.