Join the dots

iia partner sponsored Feature
Join
the dots
In the kingdom of the blind the one-eyed man might
be king, but today’s technology means that any
one-eyed – or blinkered – internal audit team will be
falling well behind the leaders and missing out on
huge opportunities for their own roles, their
function and for their businesses. If you are
spending too much time doing admin, yet still lack
the data and oversight you require, you need to
think seriously about your future.
About ACL
T
here’s nothing back office about
internal audit any more. Businesses
have woken up to their need for
assurance on an ever-increasing
range of critical areas – from regulations
compliance to supply chains and organisational
culture – and are willing to value those who can
provide this assurance appropriately. At the
same time, heads of internal audit have risen to
the challenges this has created and are keen to
contribute at the highest levels.
The IIA has supported these developments
and Richard Chambers, president of IIA global,
recently stressed that internal auditors need to
find innovative ways to enhance their team’s
efficiency and implement and enhance
methodologies that will enable more
continuous risk monitoring. All in all, it’s
becoming ever clearer, and more generally
accepted, that internal audit should be a
value-added adviser to the business.
Most internal audit departments, however,
are struggling to maximise the real potential of
these changes. Far too many are attempting to
meet these new demands – and reap the
opportunities – while still relying on Excel
spreadsheets, Microsoft Office and email. While
the best tools may not make a top-class audit
team, it is a waste of time hiring the best internal
auditors and then asking them to rise to these
challenges armed only with the data and
communications equivalent of a stone axe.
Three simple questions should help to
ACL delivers
technology
solutions that
are transforming
audit and risk
management
to give
organisations
unprecedented
control over their
business.
To contact
the team:
info@acl.com
+44 (0) 1189 49 7434
www.acl.com/uk
identify whether your team should re-think how
it uses technology. How does your current audit
management system handle process change? If
you still work mainly on Microsoft Office, how
much time do you spend updating, organising,
managing and sharing spreadsheets and Word
documents? Does your use of technology
demonstrate to the audit committee and board
that you need a seat at the top table?
If your answers to these questions suggest
that your organisation might be hiring race
horses and hitching them to donkey carts, then
it’s time to change your approach to data
analytics and communication technology. And,
like any other technological investment, you
need to get it right.
First, it’s vital that the change must be led
from the top of the internal audit function (not
delegated to someone junior with technical
aptitude but little strategic experience or the
authority to lead it). Second, set goals, allocate
resources and measure progress – most
successful technology initiatives are led by a
“champion” appointed by the head of internal
audit.Third, align the technology shift with
internal audit’s strategic objectives. Fourth,
build a seamless end-to-end internal audit
process – you need a logical, cyclical flow of
interrelated activities.The software should be
lean, yet comprehensive, but not too complex
or expensive to implement. Fifth, abolish silos
– your processes must interrelate with
multiple functional processes, particularly risk
and control management and compliance.
Sixth, integrate data analysis and automated
testing into audit processes. Seventh, spread
the vision of technology-driven internal audit
and governance, risk management and
compliance (GRC) – you need to deliver a
business case demonstrating how technology
can transform your processes and contribute
to risk and compliance processes. And, eighth,
spread the benefits of data-driven internal
audit and GRC – data analysis in audit can
provide precisely quantified findings and
insights. Use this information to exceed
management’s expectations and support
arguments for continued investment in
internal audit technology.
Dublin Airport Authority (daa)
Kevin
Goulding is
group head of
internal audit
at Dublin
Airport
Authority
(daa), which
not only manages Dublin and
Cork Airports in Ireland, but also
runs an international aviation
academy and provides duty free
services and airport management
consultancy across the globe.
Half its revenue comes from
commercial activities and
property rental and half from
aeronautical sources.
When Goulding joined daa in
2012 the internal audit function
had no data analytic capabilities
in internal auditing. He was keen
to change this. His first step, after
comparing several options on the
market, was to put in a desktop
version, which he says was easy
to implement and install and
helped the team progress quickly
from basic to more sophisticated
tests. Next he introduced a
server solution, which, once he
had proved to the IT team that it
didn’t create security problems,
enabled more complex analytics.
“We now do nightly and
weekly analytics tests that are
automatically emailed to relevant
managers at the airports and
elsewhere – for example, it
checks for duplicate invoices and
payments, invalid tax numbers,
transactions from suspicious
dates, and performs certain
types of ratio analysis, which has
thrown up some interesting
results,” Goulding says. Other
more sophisticated tests are
being added .
He then turned his attention to
evolving the way his team used
paperwork. He was aided by the
fact that the audit management
system in place when he joined
was out of date and that version
was no longer supported, so
needed updating or replacing. “It
had become an end in itself – you
could spend all your time filling in
fields rather than doing the
audits,” he recalls.
In 2014 he reviewed four
products, but found that many
were geared to larger internal
audit departments that could
afford to spend more time on
administration than his lean
team. The product he chose
interacts seamlessly with the
analytics tools, he says, and has
already provided efficiencies.
“We’re now working on creating
a dashboard to interact between
the two,” he explains.
“The system is intuitive and
user-friendly. It’s cloud-based,
which was new to us, but has
proved cost-effective because we
haven’t had to spend time and
money on servers. It required
very little consultancy and most
of the training was done
in-house. We’re now evolving a
suite of tailored reports, but the
ones we are currently using were
relatively easy to set up.”
Goulding has no doubt that
the new systems have increased
his team’s efficiency. “If I send
two people to our operation in,
e.g. Barbados, I can see online
where they’ve got to on the audit
and what they’ve found, without
picking up the phone. We used
to come back from overseas
with piles of photocopies. Now
we can add this information
straight to the system wherever
we are – and it is available
instantly to everyone in the
audit department.”
Furthermore, executive
management and the audit
committee were impressed at
seeing better, more insightful
audit data. “Scheduled analytics
are a great way to show how
internal audit is adding value,
because they illustrate
weaknesses in processes and
controls, and demonstrate how
time and money can be saved,”
Goulding says.