Optimising forward-looking information for the board

0
288

By Brian Christensen – Executive Vice President, Protiviti

 

 

 

Staying ahead of disruptive changes is not easy for boards of directors to manage these days. Until recently, disruptive innovations generally took a decade or more to transform an industry. Today, industries can be entirely remade by agents of disruption in half that time, or even less, as the half-life of business models continues to compress.

This shrinking interval leaves board members precious little time to react, let alone anticipate potential disruptions that could emerge without warning. To sniff out the threats and opportunities zeroing in on their industries and organisations, boards need to optimise all of the resources at their disposal, including internal audit reports and information.

The most valuable internal audit information is delivered by functions that routinely produce data-driven insights about the strategic risks confronting the business. When internal audit functions deploy advanced analytics, they can harness relevant data points to deliver a contrarian perspective that opens the eyes of audit committee and other board members to what they do not yet know.

As such, boards and audit committees should challenge their chief audit executives (CAEs) to optimise the internal audit function’s use of data analytics to help them obtain sharper, timelier insights on operational risks, marketplace conditions, competitors and other strategic risks.

New research on the data analytics capabilities within internal audit functions indicates that CAEs can benefit from some prodding and support on this count. Most internal audit functions have achieved a relatively low maturity level of integrating data analytics into the audit process. Only three per cent of internal audit executives describe their analytics capability as ‘optimised’, while nearly three out of four describe their analytics capability either as strictly ad hoc or as a collection of repeatable processes, according to Protiviti’s 2017 Internal Audit Capabilities and Needs Survey. As CAEs strive to develop their function’s analytics capabilities, internal audit stakeholders who already have benefited from analytics are demanding more data-driven insights from internal audit.

The need for boards to receive more relevant, data-driven and forward-looking insights regarding strategic risks is also intensifying. The price of lacking this access is painfully evident in the growing number of organisations with seemingly sound strategies and growth plans that have struggled or even ceased to exist when disruptive changes impact their industry.

By challenging CAEs to deliver more data-driven insights regarding strategic risks, boards can improve their odds of recognising and responding to the market opportunities and emerging risks associated with major disruptions earlier and more effectively than the competition.

Four ways to optimise internal audit insights

In a recent global survey of internal audit stakeholders conducted as part of The Institute of Internal Auditors’ ongoing Common Body of Knowledge research, seven out of 10 board members and executive decision-makers reported that they want internal audit leaders to focus on strategic risks in addition to operational, compliance and financial risks in the audit plan.

Internal audit functions that fulfil this requirement are better positioned to deliver the type of insights and analyses that boards need to stay ahead of the disruption curve. To that end, audit committee chairs and other board members should consider challenging CAEs to execute the following four activities:

1. Understand the critical assumptions underlying the business model

Management’s assumptions about markets, customers, competition, digital and other technology, as well as regulatory behaviour and other external factors, are fundamentals that shape the organisation’s strategy. Because the organisation’s business model is typically designed to function within the business environment envisioned by management, a dramatic shift in any of these drivers would likely require a swift re-evaluation of the model’s continued validity.

Given their independent status and continuous scrutiny of activities and risks throughout the enterprise, internal audit functions are well-positioned to monitor the strategic fundamentals of greatest interest to boards. When CAEs understand the business model’s key pillars, they can think more strategically when working with the audit committee and executive management to formulate audit plans and analysing risks.

Although auditors have traditionally focussed on operational, compliance and reporting issues, they must think more strategically. For CAEs and other internal audit leaders, this means being able to access and understand the contrarian points of view within and outside the organisation that are relevant to the sustainability of the business. To have their CAEs think along these lines, board members should consider asking internal audit leaders what concerns them when they listen to earnings calls of the company and its competitors – and also what critical business-model assumption concerns them the most in terms of disruptive threats in the marketplace.

2. Apply scenario analyses to evaluate situations that could threaten critical assumptions

Analysing different scenarios can help executive teams and board members understand and identify the factors that directly influence the failure or success of the business model. Scenario planning and analysis focusses attention on the potential sensitivity of changes in any of the fundamental business model assumptions. Industries that lack strong entry barriers may be especially susceptible to technological shifts, for example. As a result, these companies are more likely to face new and unexpected sources of competition.

Since internal audit is one of the organisation’s key risk management functions, it can help identify an event (or combination of events) that could invalidate one or more of the entity’s critical assumptions. Boards should challenge CAEs to conduct scenario analyses that centre on identifying potential emerging or underestimated risks. For example, consider asking CAEs which fundamental assumptions look too good to be true based on internal audit’s work and consideration of plausible and extreme scenarios.

3. Evaluate competitive intelligence

To facilitate the timely recognition of change, the gathering and assessment of competitive intelligence provides executives and board members with a valuable frame of reference concerning the effectiveness of organisational processes and customer experiences, the company’s response to market changes, and other strategic focal points. The most effective forms of competitive intelligence are aligned with the most critical assumptions underlying the strategy and business model while offering relevant perspectives and insights about evolving conditions through a range of quantitative and qualitative measures. Leading competitive intelligence capabilities also tend to access and analyse non-traditional information and data that often offer a contrarian view to conventional wisdom and entrenched management biases. Internal audit is well-suited to assist the organisation’s efforts with analysing competitive intelligence to more effectively mitigate the impact and likelihood of negative disruption.

4. Distil and demystify timely information for board members

The board must receive timely, quality information regarding strategic risks. This information should be unfiltered and devoid of any sugar-coating. When this information relates to customer experience, for example, it should contain candid insights directly from customers concerning their interactions with the company. Data-driven insights on new and emerging strategic risks from internal audit are valuable on this count because they provide evidence-based clarity from an independent source. The more forward-looking these data-driven insights are, the better informed the board and executive management will be.

Maturing audit analytics capabilities

By applying data analytics to larger portions of their function’s audits, CAEs and their audit staff can generate data-driven insights on more aspects of organisational risk and the company’s progress toward its strategic objectives. The continuous auditing and monitoring technology tools that help produce analytical insights also will reduce the amount of manual information-gathering that internal audit conducts. In turn, these efficiency gains can enable CAEs to allocate more expertise to focus on the areas and issues of greatest concern to executive management and the board.

For these reasons, CAEs and board members alike should make data analytics a critical component of the internal audit function. This means sustaining a consistent effort to advance the internal audit function’s analytics capabilities beyond ad hoc activities to an optimised maturity level. Boards can assist this maturation process by encouraging CAEs to take the following actions:

  • Seek out opportunities to expand internal audit’s knowledge of sophisticated data analytics capabilities so that the function has a more comprehensive and precise understanding of what is possible with analytics, what similar organisations are doing with analytics and what progress is needed to advance these capabilities.
  • Consider the use of ‘champions’ to lead the analytics effort and, when appropriate, to create a dedicated internal audit analytics function. Internal audit analytics champions help bridge the gap between the analytics function and operational auditors while encouraging greater analytics use throughout the internal audit function. Compared to other organisations, those with analytics champions and dedicated analytics functions in place deliver more value, experience higher demand for their analytics services, and obtain better access to higher-quality data.[1]
  • Identify new data sources, both internal and external, that can enhance internal audit’s view of risk across the organisation. Increase the use and reach of data-based continuous auditing and monitoring to perform activities such as monitoring fraud indicators, key risk indicators in operational processes, and information used in strategic decision-making activities conducted by the senior executive team and the board.
  • Seek ways to increase the level of input audit committee members and other key stakeholders provide when developing, using and expanding analytics tools and when determining what data should be monitored by these tools.
  • Implement steps to measure the success of data analytics efforts and consider the most effective ways to report success and value to the audit committee, the board and other key stakeholders.

As the pace of industry disruption quickens, there is growing recognition that an ‘analogue’ approach to auditing can no longer suffice as a long-term strategy if the function is to help executive and board-level decision-makers anticipate, analyse and respond to relevant strategic threats and opportunities. The good news is that the technology tools and data exist to help CAEs and their internal audit functions operate in a more digital, data-driven and real-time manner. Structured data is particularly plentiful in all organisations – and can, and should, be harvested by internal auditors to uncover the valuable insights, efficiencies and issues buried within it.

What’s more, roughly two out of three internal audit functions already use some form of data analytics in their audit process. Of course, advancing a fledgling analytics capability to a more mature state that delivers timely, relevant insights to the board and executive team is not easy. However, analytics can prove to be a game-changer in helping board members and senior executives stay ahead of disruptive trends looming on the horizon.

 

About the Author:

Brian Christensen is an executive vice president of Protiviti and global leader of the firm’s Internal Audit and Financial Advisory practice. He has more than 30 years of experience in helping companies increase the value of their internal audit function. Christensen is a frequent speaker on audit and risk topics at industry conferences as well as an expert source for the media.

He holds a bachelor’s degree in accounting from the University of Wisconsin and is a long-time member of The Institute of Internal Auditors (IIA).

Footnote:

1. Protiviti’s 2017 Internal Audit Capabilities and Needs Survey