The Role of Internal Audit in Digital Trust
What Is Digital Trust?
In the words of PwC. “If the lifeblood of the digital economy is data, its heart is digital trust—the level of confidence in people, processes, and technology to build a secure digital world.”
Why Is Digital Trust Essential?
Today, the gold standard of corporate governance is reliable internal control over financial reporting. Good financial reporting is an indicator of good corporate governance today.
If we believe PwC is right, then the application of automation and artificial intelligence will result in effective, secure and reliable performance across all business processes. Digital trust will impact not only financial reporting, but the overall strategies, conduct and performance of an organization.
Assessing and providing assurance on digital trust in an enterprise is critical. Failure to achieve it will have far greater political, economic, financial and social impacts than failures in financial reporting. Digital trust is clearly a goal worth pursuing.
What’s the Role of Internal Audit in Digital Trust?
I have had the opportunity to ask this question to groups of internal auditors and audit executives around the world. Their answer has been unanimous and unequivocal.
Without exception, they tell me the demand for and importance of internal auditors will increase. Artificial intelligence in all its forms along with automation brings with it vastly increased risk.
Internal audit will play a pivotal role in achieving digital trust. More audits and more auditors are essential.
Will Digital Trust Disrupt Internal Audit?
I don’t disagree that Internal Audit will play a critical role in a world where digital trust is a value-adding differentiator. I do not agree that more auditors and more audits as we know them today are the answer.
What Drives Digital Trust Today?
Most automobiles today have the automation and intelligence to manage most of the risks associated with their safe and reliable operation, including in some cases the driver. Imagine you have just purchased a new, highly automated automobile. It might be a self-driving electric vehicle or have a traditional engine with advanced intelligence and automation. But you can expect that every system in the vehicle from the “infotainment” system, to the braking system have a high degree of intelligence and automation and a dashboard that continuously monitors the performance of every critical system to provide alerts and advice up to and including talking over control of the vehicle.
Now imagine that the manufacturer of your new intelligent vehicle sends you a letter advising you that the sophisticated intelligent and automated features demand significantly more maintenance more frequently and they have significantly increased their staff levels of mechanics and technicians in dealerships to accommodate the anticipated demand.
Forgive me for comparing internal auditors to mechanics, (I am a fan of both groups) but I think the point is clear. That’s not going to happen. There will likely be fewer mechanics, not more, and there will be highly trained and highly skilled technicians.
Predictive Maintenance Replaces the Audit Universe
I recently visited my dealer for routine scheduled maintenance. I parked in the service bay and walked up to the technician to explain what I thought needed to be done. She had already written up the work order. Data in my digitized “key” was transmitted to her computer as soon as the car entered the service bay. The intelligence built into the vehicle and its sensors will provide them with a snapshot of the performance of the vehicles systems and critical components.
Internal Audit—Disrupted But More Critical Than Ever.
Here are my predictions for the future:
- We have reached the limits of after the fact tests of internal control effectiveness paradigms and the standards and practices that underlay them. More audits of today’s “control activities” won’t effectively or efficiently produce digital trust.
- Bots will replace most control activities and “bots” will require predictive maintenance, not audits.
- Control “effectiveness will be measured against process or business performance, not against “control objectives.”
- Internal audit will play a major role in the upfront design and ethical application of automation and intelligent technology.
- Digital trust will come from effective design and monitoring processes and reliable system and business performance will be the test of audit effectiveness. Digital trust must be designed into intelligent systems up front, not audited at the back end.
- Expect significant disruption in the paradigms of risk and control management as we know them today.
As always, I am interested in your views.
Join Us at GRC Insider in Las Vegas from March 17-21
Meet me and the SAP GRC team at GRC Insider in Las Vegas from March 17-21.