CEO's welcomeGood afternoon and thank you for joining us today. The topic for today is organisational change and digital transformation. Local authorities deliver an estimated 80 per cent of local public services and are located in and form part of the communities they serve. They are rising to the challenges they face and are transforming the way they deliver services by redesigning, reorganising and reforming. In an effort to drive swift change, organisational change and digitisation may proliferate unchecked and key controls may not be paid their due attention, increasing security and data privacy vulnerabilities. With digitisation shifting up a gear, the third line’s first concern should be whether the business model is being sufficiently adapted to meet the new digital reality. |
Chair's opening commentsLocal authorities bring their deep understanding of local needs together with technological innovations to offer better management of demand, more reliable and efficient handling of routine transactions, and greater use of shared data. Councils are continuing to lead in using technology and digital tools and approaches to improve citizen service and overcome the challenges they face. As local government’s roles and responsibilities continue to develop, with increased emphasis on community facilitation and support, commissioning and market making, communications, branding and quality assurance, organisational change and digital transformation are likely to become ever more important. |
Innovating the audit approach to a large-scale transformation and integration programme
The scale and pace of integration meant that the existing internal audit approach was no longer fit for purpose.
The following changes were adopted:
There is never going to be a better time to change what you do than during a major change programme. Moving at pace, being collaborative, and driving towards a successful outcome gave internal audit a strong mandate and being seen to respond has stood them in good stead. People who deliver change are used to change so the mindset of try something new, fail fast sat well with them, and excited the internal audit team. None of this was revolutionary, but it came at the right time with the mandate and the right mindset.
Innovation hub: GIAA set up an Innovation hub with agreed topics such as data analytics and AI to allow people to come together to experiment, work with others across government and other sectors, and learn from failure, in order to learn how to succeed.
Structure: A core data analytics team was set up within the hub, and sat inside a ‘Community of Practice’ of auditors and counter-fraud specialists using data analytics regularly. All members of the wider agency are encouraged to be data-confident so that they can identify and discuss opportunities for using data analytics with stakeholders and bring them back to the ‘Community of Practice’ or core team.
Example: Existing work had been requested in counter fraud to analyse timesheets of those claiming TOIL (time off in lieu) in a UK region. The process was manually and took three days. The same work could be completed in five seconds using scripts that automatically generate an interactive report with graphs and tables. This was then translated into a national script that took 50 seconds to run.
Insights engine: GIAA produce 1500 reports per year and wanted to review practice across them but couldn’t do this manually. Our insights engine uses AI to facilitate reading hundreds of reports in a few hours. Natural Language Processing identifies common phrases and sentiment analysis captures usage in positive and negative contexts for examples of positive and negative practice. For example, one person was able to analyse 102 Annual Opinions in a few days.
Learning from other sectors: Social media uses analysis of networks of people. GIAA translated this concept to documents, looking for trends amongst high volumes of documents. For example, network analysis on 20 documents from gov.uk recognised sub-categories, identified links between documents and highlighted the key document.
Lessons:
Slides from Iain’s presentation are available here. Please contact him at correspondence@giaa.gov.uk if you wish to discuss.
Chair's closing commentsStarting in internal audit 30 years ago was simpler. Technology is here to stay, pressures on organisations aren’t going away any time soon, and we all hope that internal audit is here to stay. Going forwards there has to be a happy union of these things and the challenge for internal audit is to ensure that we remain relevant to the needs of our organisations. The talks have been fascinating, guiding us but asking more questions of us. |
Institute's closing commentsPlease email Derek Jamieson if you or members of your team wish to join the Data Analytics Working Group. We have over 270 IA functions from all sectors and are always keen to welcome new members. You can reach Derek on email at Derek.jamieson@iia.org.uk. Our next meeting on 15th December looks at safeguarding. All organisations have to ensure that they prioritise the safety of anyone who comes into contact with their organisation. Safeguarding is particularly relevant to local authorities, charities and care organisations who work directly with children or adults at risk. There is also our South West region's 40th anniversary on 8-9 December 2021 in Bristol, which features several key sessions and thoughts from Richard Chambers, former CEO/President of IIA Global, as well as information around:
|
Q: Have you been able to maintain this approach with business as usual audits? Or did it relate purely to the transformational work?
A: We have maintained a lot. We handed back the assurance map to the first line and it hasn’t been maintained but we will be having a conversation about that. There is still much focus on the change agenda from the board and regulators. The 3+9 planning and quarterly change opinion have been maintained. Analytics products have been handed back to the first line. We are still using memos and standalone reports a bit. The broader change that has endured through the learning of joining up of lines is the common way to talk about planned work across three lines (through SharePoint) using lenses such as business unit, risk classification etc. to present to the audit committee.
Q: Could you give an example of the "exam questions" you used? Are you now using exam questions rather than terms of reference for all audit work?
A: Looking at readiness to implement a new solution and looking at the controls in place, the exam question was ‘is there sufficient evidence to support a go-live decision?’. Everyone understands the opinion internal audit is looking to give, rather than the detailed scope. We still do use Terms of Reference and risks for those who do not engage with the exam questions approach, but we find more people engage with the exam question.
Q: The documents used for the COVID-19 work in the GIAA insights engine - were these all electronic documents or did it include paper documents as well? If so, how did you enable the engine to read these?
A: It doesn’t matter. With paper documents, you can scan them then use technology called Optical Character Recognition to convert to computer recognised text.
Q: What would you suggest could be a starting point for a small internal audit team who want to benefit from digital / AI technology?
A: I would focus on data analytics first and you can quickly move into AI. Find someone passionate within your team and give them space. Tools are free. Take some past audits and revisit using tools. Lots of free training. Don’t rush, take your time and learn from people e.g. the Institute’s DA working group.
Q: Could you include some examples of the free software?
A: Look for Python and also R. Python is an interpreted high-level general-purpose programming language; R is a programming language and free software environment for statistical computing and graphics. Both are free programming languages.