Today’s CAEs feel locked into a corner. Read how comprehensive risk analytics tools and change management programs hold the key for change.
Ever since the Enron scandal, chief audit executives (CAEs) have been preoccupied with managing downside (financial) reporting risks. Their focus has been on implementing and monitoring internal controls that enable their organizations to comply with the Sarbanes-Oxley Act and other (anti-fraud) legislations.
As a result, they haven’t had the time or the resources to properly focus on other types of risks to provide insights and add value. This situation was further exacerbated by the financial crisis, which engendered even more regulations, while at the same time, CAEs saw their budgets cut as their organizations looked to save money.
Today, CAEs are trapped in what I describe as a ‘catch-22’ situation. They are expected to provide insights and recommendations to their executive teams and boards on the upside and outside risks, as well as on the downside risks facing their organizations. However, they no longer have the capability to do this after having to concentrate on downside risk and cost-cutting for near-on two decades.
So, how can CAEs escape from the corner that they’ve been pushed into? If you are a CAE, this is my advice to unlock yourself:
1. Review which technologies and tools can improve the efficiency of your current activities. This will help you create better insights, at a lower cost, generating more value for the board and executive management.
- Some basic audit activities can now be automated while new analytics tools provide much more insight than sample testing.
- With these tools, you can immediately identify any pain points within a business process so that you can see what is going wrong — instead of what might go wrong – which is all that could be done in the past.
- By making greater use of technological tools, you can then free up more of your budget to develop your team to perform more value-added activities.
2. Use comprehensive risk analytics tools to predict where opportunities and threats might arise for the organization in future, based on correlations and patterns in data.
- An example might be suggesting a new market for the business to enter or predicting when certain machinery should have preventative maintenance to prevent an outage, instead of the reactive modus operand
3. Transform your internal audit department by undertaking a change management program. This could involve retraining existing employees (not respraying) and hiring additional staff with new skills, such as data scientists.
- I believe that CAEs should have at least one data scientist in their team who can develop valuable insights relating to upside and outside risk.
- However, it is the change management process that should be central as the third line of defense role of the CAE will create a pervasive overhaul of the activities and organization.
4. Share the discoveries that you make about upside and outside risk with both the management team and the board.
- The more insights you provide, the more value you will add to the organization and the more likely you are to be included in the organization’s strategic decision-making process going forward
- This will boost the credibility of both you and your team, and could also result in the team receiving extra budget for skills development.
- More importantly, the team will be recognized as a trusted partner in strategic transformation initiatives.
Today, trust is the principal currency of business. EY teams have developed Trust by Design – a groundbreaking new approach which revolutionizes risk by instilling a risk-optimization mind-set and embeds trust into services and products from the outset. Trust by Design helps organizations make the right strategic decisions to facilitate the growth and future success of their business.
Trust also presents huge opportunities for the internal audit function since it is a natural guardian of trust. Going forward, CAEs should be focusing on whether their organization is executing its strategy in a way that accurately reflects its risk appetite while simultaneously reinforcing trust. This will help them finally escape that catch-22 conundrum.