My last blog post identified what I thought were some of the more significant topics and trends of 2014. Many of those trends will continue into 2015, and ongoing progress will be made in internal audit’s focus on a broader set of risk areas than those that have traditionally been subject to audit. It is also a pretty safe bet to predict that auditors are going to use technology more effectively and extensively — and at the same time take the opportunity to rethink audit processes overall.
In this post, I look at some areas and innovations that I think are going to be in the spotlight during the coming year and will make a difference to the world of audit, risk management and compliance.
Audit, risk and compliance demanding a platform for collaboration
upwardNew technology will be a driver for increasing collaboration and integration between audit, risk management and compliance functions. We’ve heard a lot in the past year or so about taking an integrated enterprise view of GRC and moving away from functional and departmental silos.
This seems to make a lot of sense in principle, but for many organizations the reality is that this can be hard to achieve. In larger organizations operating in multiple regions and sectors, the range of regulatory and compliance requirements can be overwhelming in scope and specialization. The areas of specific risk management can seem endless. Trying to take an integrated approach in which these requirements are put into the context of overall risk management and assessment activities requires a lot of effort.
This is where technology has the potential to be a huge enabler. But like any technology implementation, there are risks that these implementations can go well off track and fail to meet expectations. Trying to stitch together existing legacy applications is likely to be an exercise in frustration. So the answer does seem to be that there needs to be a new breed of technology used for the multiple aspects of risk management and compliance — that combines relative simplicity with scalability and, in particular, usability by a wide range of roles and functions.
IT and data risks are in the spotlight
Technology overall and its application across the business will continue to evolve at ever-increasing rates. The volumes and types of data that are of value to an organization and must be protected will continue to grow.
Last year provided plenty of examples of the damage that can be done by security breaches and technology failures. Security of data and applications will continue to be very hot topics and will themselves require the use of effective technology applications to help manage the risks.
The cloud is sought as a solution to security risks
2014 saw the beginning of a big shift in attitudes about data and application security risks and cloud-based storage and processing. Organizations that would not contemplate moving critical data and applications to cloud platforms suddenly began to change their views.
Much of this shift occurred due to the realization that cloud platform providers have everything to lose if they cannot provide security and confidence. When organizations looked at their own security systems it became clear that they were probably even more at risk and more expensive to maintain than using a cloud provider. Passing risk onto a third-party all of the sudden seems like an attractive proposition.
Automation and analytics moving from fable to foundational
Those internal audit departments that have been slow to embrace technology are getting moving on doing what their leaders have been saying should be done for the past five years: use technology to transform audit quality and productivity. Data analysis is a big part of this, although just one technology aspect of overall audit transformation.
Auditors will be a more proactive in advocating the use of data analysis and automation in risk and compliance functions, so that auditors can then take account of this usage in their own audit planning and risk assessment.
Audit, risk and compliance finally getting access to next gen technology
One of the barriers to greater use of technology in both audit and risk management areas has been the cost and complexity of implementing software. This is one of the reasons that generic software such as Excel and Word is still widely used — clearly not an ideal solution, but preferable to the frustrations and disappointments that some audit teams have experienced.
Things have changed a lot in the past year in terms of the availability of new audit and risk management technology that is cost effective, quick and easy to deploy, and genuinely intuitive to learn and use. You can expect this trend to continue through 2015.
Greater value delivery is getting noticed
Through all of the above, audit and risk professionals will make real progress in the ways in which they take advantage of technology offerings to provide greater contributions and be recognized for the value they deliver to their organizations.
It should be a good year!
In this post, I look at some areas and innovations that I think are going to be in the spotlight during the coming year and will make a difference to the world of audit, risk management and compliance.
Audit, risk and compliance demanding a platform for collaboration
upwardNew technology will be a driver for increasing collaboration and integration between audit, risk management and compliance functions. We’ve heard a lot in the past year or so about taking an integrated enterprise view of GRC and moving away from functional and departmental silos.
This seems to make a lot of sense in principle, but for many organizations the reality is that this can be hard to achieve. In larger organizations operating in multiple regions and sectors, the range of regulatory and compliance requirements can be overwhelming in scope and specialization. The areas of specific risk management can seem endless. Trying to take an integrated approach in which these requirements are put into the context of overall risk management and assessment activities requires a lot of effort.
This is where technology has the potential to be a huge enabler. But like any technology implementation, there are risks that these implementations can go well off track and fail to meet expectations. Trying to stitch together existing legacy applications is likely to be an exercise in frustration. So the answer does seem to be that there needs to be a new breed of technology used for the multiple aspects of risk management and compliance — that combines relative simplicity with scalability and, in particular, usability by a wide range of roles and functions.
IT and data risks are in the spotlight
Technology overall and its application across the business will continue to evolve at ever-increasing rates. The volumes and types of data that are of value to an organization and must be protected will continue to grow.
Last year provided plenty of examples of the damage that can be done by security breaches and technology failures. Security of data and applications will continue to be very hot topics and will themselves require the use of effective technology applications to help manage the risks.
The cloud is sought as a solution to security risks
2014 saw the beginning of a big shift in attitudes about data and application security risks and cloud-based storage and processing. Organizations that would not contemplate moving critical data and applications to cloud platforms suddenly began to change their views.
Much of this shift occurred due to the realization that cloud platform providers have everything to lose if they cannot provide security and confidence. When organizations looked at their own security systems it became clear that they were probably even more at risk and more expensive to maintain than using a cloud provider. Passing risk onto a third-party all of the sudden seems like an attractive proposition.
Automation and analytics moving from fable to foundational
Those internal audit departments that have been slow to embrace technology are getting moving on doing what their leaders have been saying should be done for the past five years: use technology to transform audit quality and productivity. Data analysis is a big part of this, although just one technology aspect of overall audit transformation.
Auditors will be a more proactive in advocating the use of data analysis and automation in risk and compliance functions, so that auditors can then take account of this usage in their own audit planning and risk assessment.
Audit, risk and compliance finally getting access to next gen technology
One of the barriers to greater use of technology in both audit and risk management areas has been the cost and complexity of implementing software. This is one of the reasons that generic software such as Excel and Word is still widely used — clearly not an ideal solution, but preferable to the frustrations and disappointments that some audit teams have experienced.
Things have changed a lot in the past year in terms of the availability of new audit and risk management technology that is cost effective, quick and easy to deploy, and genuinely intuitive to learn and use. You can expect this trend to continue through 2015.
Greater value delivery is getting noticed
Through all of the above, audit and risk professionals will make real progress in the ways in which they take advantage of technology offerings to provide greater contributions and be recognized for the value they deliver to their organizations.
It should be a good year!
By John Verver
John Verver, CA, CISA, CMC is vice president,
product strategy and alliances with ACL and a longtime proponent of the role of
technology in audit, compliance and continuous controls monitoring.
He is currently a member of the advisory board of
the Continuous Auditing Research Laboratory at Rutgers University.
www.acl.com
www.acl.com