In planning this year’s programme of technical guidance activity we decided to tackle the topic of digitalisation. This blog is an introduction into the subject on how audit functions may need to adapt when their organisation ‘goes digital’.
In case you’ve missed it, we are currently in the digital age! The age is defined as “an economy based on information computerisation” and it started in the 1970s with the advent of personal computers.
Exciting? Maybe if you are a millennial, born into a world of technological opportunity where social media and the internet are as normal as brushing your teeth, but sometimes it’s still a little scary if you are old enough to remember pulling the choke out when starting your car, rewinding a cassette tape or having to find a phone box if your car broke down!
All organisations are digital, it would be hard to find a business operating today without technology of any kind, but ‘going digital’ takes it to the next level. Embracing technology and intentionally setting about a digital transformation is not just about plugging in more boxes, increasing the IT function and adding the word digital to some weird sounding job titles. It disrupts traditional business models and changes the culture of the organisation (yes culture again!), the very heartbeat of strategy and the everyday activities that keep the blood pumping.
In their publication, The Digital Workplace, Deloitte include a useful framework (see below) to show how, as organisations embrace technology, people do their job by collaborating, communicating and connecting with others using a variety of digital tools, underpinned by governance, risk and compliance, which enables business needs to be delivered.
This may not seem new to some but the digital revolution introduces this as the new normal for everyone, from the marketing director and financial controller to the purchase ledger clerk and IT help desk. Not forgetting the Chief Digital Officer!
On a practical level, the increased use of technology enables employees to work anywhere, connect to information and systems via cloud based solutions, use 3D printing to produce items on demand, outsource services to a global marketplace and innovate beyond our current imagination. The possibilities that come with the Internet of Things (digital connectivity of our everyday devices) will bring the science fiction of yesterday into our lives within a few years.
Technology led organisations facilitate real empowerment of employees, allowing people to utilise data, make quick decisions, innovate, adapt and work flexibly.
So what does this mean to internal audit?
Successful audit functions adapt with their environment to remain relevant, and digital organisations either evolve gradually over time or go through strategic transformations.
Understanding the digital journey is important as whilst most risks are common there are some important differences. Gradual change may leave an organisation exposed to data breaches, being unable to attract and retain talent, not to mention becoming obsolete in their field. Conversely, digital transformations become never ending change programmes introducing value for money and delivery risks alongside cultural and people risks.
Regardless of approach, heightened risks will be faced around data/information security, cyber, business resiliance, third party management, contract negotiation, data sharing, decision governance and budgeting. Digitalisation enables decentralised controls in large organisations, questioning the traditional ‘T’ (treat, tolerate, transfer, terminate, take) adopted to manage risk in many cases and possibly leading to new assurance models for the digital age.
These strategic aims and the evolving digital profile will naturally be the foundation of a risk based audit plan and the resource requirements to deliver it.
Deloitte: The Digital Workplace: Think, Share, Do
Capgemini Consulting: The New Digital Workplace