Friday, 3 May 2019

Internal Audit as A Disruptor!


Disruption has been one of the most used words in the last few years. It has been used by people who understand its true nature and meaning, and by those who do not. It has been used as an excuse to justify failure and as a means to motivate people and corporations to do better and rise to the challenge. But what is disruption about?

What is Disruption?
The Cambridge English Dictionary defines the verb “disrupt” as follows: to prevent something, especially a system, process, or event, from continuing as usual or as expected.

In business, the term “disruption” and the theory behind it took off with the definition offered by Harvard Business School’s Clayton Christensen in his 1997 book “The Innovator’s Dilemma”. He explained it as follows:
“Disruptive Innovation describes a process by which a product or service takes root initially in simple applications at the bottom of a market and then relentlessly moves up market, eventually displacing established competitors.

A Harvard Magazine article provided more explanation of the concept:
“Disruptive products are typically “cheaper, simpler, smaller, and, frequently, more convenient to use.” They tend to reach new markets, enabling their producers to grow rapidly and—with technological improvements to eat away at the market shares of the leading vendors.”
It is important not to confuse disruption with innovation! There is a wide agreement that all disruptors are innovators, but not all innovators are disruptors. Examples of disruptive products and services include Netflix, Amazon, Skype, Laptops, cellular phones and Wikipedia. On the other hand, Uber is considered by most experts and scholars as innovative but not disruptive.

While the term “disruption” is mostly used to refer to technological advancement, it is certainly not limited to it. Disruption could come in the form of new regulations & laws, new business models, financial challenges, cybersecurity threats and others.

Internal Audit & Disruption
Many experts and thought leaders have shared their views on how Internal Audit should handle disruption. Here are some examples of what they have said:

An IIA publication entitled “Internal Audit in the age of disruption” summarizes the role of internal auditors as:

“The great challenge for internal audit executives today is to perceive disruptions in their true form. Recognizing what’s coming and providing insight to the organization on how to harness that disruptive power is truly valuable. This is nothing new for internal audit. Insight is core to the Mission of Internal Audit — to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.”

The publication provided tips and techniques for internal auditors to rise to the challenge of disruption. These are:
- Keep focus on assurance: Internal audit should continue to focus on what it does best
- Engage with Stakeholders and Subject Matter Experts: Align internal audit’s work with the expectations of internal audit’s key stakeholders. Work closely with subject matter experts who are implementing disruptive technologies and focus on the most relevant and significant issues.
- Invest in Training on Disruptive Technologies: Constantly pursue training to learn about new technologies and the complex and emerging risks being introduced to the organization.
- Put New Technologies to Work: Embrace and leverage new technologies in performing internal audit work. Internal Auditors must take advantage of machine learning and data analytics in their audit processes — real-time auditing should be a requirement as organizations implement new business processes"

It also provided the following closing thought:
“There may be a lack of synergy between internal audit and innovators or creative thinkers in the organization, but with regard to disruptive events that the organization either generates or reacts to, internal audit should be there from the beginning. 
By focusing on assurance, engaging with subject matter experts, investing in training and disruptive technologies, putting new technologies to work, and providing insight into emerging risks and opportunities, internal audit may be seen as a key asset in helping the organization to harness the power of disruption.”

An EY publication  entitled  Does a disrupted Internal Audit function mean a stronger strategic partner?” offered the following view of the internal audit function of the future:
“In light of the pace of disruption and resulting changes occurring in business today, IA needs to change what it does, how it does it and who actually performs the work.

The mandate will remain substantially the same; however, it will demand a shift in focus and IA functions must:
- Be highly connected, agile, proactive and forward-looking
- Continue to assess and challenge the efficiency and effectiveness of internal controls
- Be involved in the most strategic activities of the organization
- Harness emerging technology for better and more predictive risk mitigation outcomes
- Challenge the risk framework and view to also account for upside and outside, in addition to downside risks.”

A PwC article entitled “ It’s time for Internal Audit to disrupt itself”, called on Internal Audit to be agile in order to help anticipate and respond quickly to disruptive events:
Agile Internal Audit functions are relevant across many disruptors, including rapidly emerging risk areas, not just those areas traditionally addressed by internal audit or compliance functions.”
It has identified some features which are needed for helping Internal Audit functions to be agile and better equipped to support businesses in dealing with disruptions:
- Much tighter collaboration across three lines of defence, driving more clarity in the overall risk management process
- Investing in both business and technical IQ, formally including training on the business as part of Internal Audit learning and education.
- Creating more flexible Internal Audit processes and reporting that not only capture different approaches but also drive relevant and timely reporting to address the immediate business needs.

The above clearly demonstrated the need for Internal Audit to embrace and embed technology in its operations. Unfortunately, this is not the case today for many internal audit functions. According to PwC’s 2018 State of the Internal Audit Profession Study,  internal audit  falls into these three categories when it comes to adopting technology:
- Evolvers: 14% of internal audit functions are advanced in their technology adoption
- Followers: 46% of internal audit functions are taking notice and following the Evolvers’ technology adoption—but at a slower pace.
- Observers:37% of internal audit functions are still Observers when it comes to technology adoption. They may be constrained by lack of technology, be held back by poor quality of data within the business or have insufficient resources to invest, or the organization may simply not be ready culturally. That last group has only basic or even no technology use.

 
Be the Disruptor!
There has been no shortage of calls for Internal Audit to disrupt itself. This was not only triggered by the current disruption factors facing businesses, but also as a reflection of the poor stakeholders’ perception of internal audit and its ability to add value.
I add my voice and call on Internal Audit to be a disruptor! To be clear, I am calling on internal audit to be a “constructive disruptor” and to avoid by all means to be a “destructive disruptor”! 

Destructive Disruptor
By doing nothing and continuing to perform its routine tasks without regards to the disruptive factors coupled with the unwillingness to leave its comfort zone, internal audit becomes a destructive disruptor. Not only will it miss the opportunity to improve itself and leave the state of inertia, but it will also hinder the rest of its stakeholders from performing by denying them access to information and insight needed to enable them to make the right decisions.

Constructive Disruptor
To become a constructive disruptor, Internal Audit needs to disrupt itself first. While there is no one-size fits all approach, Internal Audit may consider these suggestions:

Mindset Reset:
The first step towards becoming a disruptor is to disrupt the mindset of internal auditors. A blog post written by a PwC global GRC and IA leader explains the mindset change as follows:
“What we need to do most urgently as a profession is to retool our own business model, to access new capabilities and technologies, and be more adaptive and timelier in the way we go about doing our job. For most internal audit functions, this means adopting a much more agile resourcing model. To provide the right advice, you need to be able to access a diverse array of skills, quickly. But it also means adopting a new mindset. A mindset that says, ‘not only do we have permission to be more proactive, our stakeholders need us to be. It’s a change in thinking that may be hard, but it’s one we need to make. If we do it, not only will we deliver greater value, but it will make our jobs more rewarding and our profession more attractive to tomorrow’s leaders.”

The change of the Internal Audit mindset is not an easy task because people, including internal auditors, tend to resist change. To effect change, there is no substitute for a strong and courageous Chief Audit Executive (CAE). He/she should be forward-looking, adaptable, agile, sees the big picture and surrounds himself/herself with staff who share his/her values, objectives and mission. A disruption of the Internal Audit function requires an honest and continuous assessment of its capabilities and needs. The CAE will need to objectively assess the current skill set and mindset of his/her staff and determine if they are suitable for the future of his/her function as a disruptor. If necessary, a drastic restructuring of the function should be executed and a clear practical plan should be developed for the improvement of the hiring and training practices. The human factor is essential in the transformation of the internal audit mindset in the digital age because digital transformation is a way of thinking according to a publication issued by Protiviti. The publication explains this and the role of technology in the transformation process as follows:
To become a leader in the digital age, it is essential to reinvent the business at its core. Beyond technology and process changes, this means the way people think and act in everything that they do needs to substantially evolve. The people aspects are much more important than the technology. That is not to say that technology is not important, but it should not be the driver nor the destination. Fundamentally, digital transformation is about people transformation.”

No More Hiding behind Independence:
Part of being a disruptor is to strike a practical balance between the assurance and advisory roles. Internal Audit can disrupt itself by breaking the habit of hiding behind the “independence” issue and come forward to offer objective and unbiased consulting services in accordance with the IIA standards and guidance. Do not be shy to go beyond the standards, if necessary, if doing so adds real value to your organization!

Adopt a New Culture:
Internal Audit can also disrupt itself by adopting a culture that demands that internal auditors learn a new “thing” every day and to invest in themselves. The recent IIA PublicationAPPROACHES TO UPSKILLING FOR INTERNAL AUDITORS” has a useful explanation of self -investment:

During his tenure as The IIA’s Global Chairman of the Board (2016‒17), Larry Harrington, CIA, QIAL, CRMA chose “Invest in yourself” as his theme. He urged internal auditors to enhance their value by undertaking professional development opportunities. Too often, employees believe that it is the sole responsibility of their employers to first determine the skills necessary for them to succeed, and second, to make the investment in and for them. This is risky thinking. Self-investment provides one of the best returns on investment. Smart professionals use the resources and guidance available to them through their employers, but ultimately realize that they own their own careers.”

 The culture should also break the circle of fear if it exists, (fear of technology, fear of upsetting stakeholders, fear of the unknown, fear of failure ...etc.). The culture should embrace real change and determination to become a disruptor. A few years back some Internal Auditors used to call themselves “agents of change” but, they changed very little if any. Thus, internal auditors should be encouraged to innovate and use their imagination to improve the way they do things. Innovation is the product of imagination, determination and empowerment! Unleash the imagination and creativity of internal auditors, push them to think outside the box and they will disrupt everybody!

Market Internal Audit as A Disruptor:
Do not be shy about it! If you want to be a disruptor, let your stakeholders know about it. Discuss your disruption plans with the audit committee and management and seek their support. Let them realize the additional value internal audit can add when it becomes a disruptor. It may not be an easy sell, but if done effectively you can reasonably ensure that your stakeholders will not disrupt your disruption activities!

Educate Stakeholders:
I consider educating the Audit Committee and management on the latest trends in technology, risk, assurance and other emerging issues a disruptive act because it helps them to reconsider how they approach issues and make decisions. Educating them may take many forms from a flash newsletter to a formal training session. The education venue should be customized to adapt to what works for the stakeholders.

Last Words
One of my favourite quotes is by Shirley Chisholm, she said: “If they don't give you a seat at the table, bring a folding chair.” In my opinion, this quote in a way summarizes and simplifies the concept of disruption. Bringing a chair to the table, even if it is a folding one, and disrupting the status quo is a much better approach than waiting to be given a seat. To become a disruptor, Internal Audit should first have the desire to play this role, take initiatives and invite itself to the party!



At the end of the day, the greatest challenge facing Internal Audit is to disrupt its stakeholders’ perception of its value and services!







-----------------------------------------------------------------------------------------------------------------------
About the Author:
Wa’el Bibi, CPA, CIA, CISA is a seasoned Audit Executive and the founder & President of Bibi Consulting (www.bibiconsulting.net), a Canadian firm that provides Internal Audit & Management Consulting Services worldwide. He is also the CEO of AdapGility Consulting, a firm connecting CAEs with Organizations (www.adapgility.bibiconsulting.net). His blog posts are available at (http://waelbibi.blogspot.ca) and he can be contacted at wael@bibiconsulting.net

Wednesday, 8 August 2018

The Future of Management Consulting

I am facilitating a discussion through Convetit on the future of management consulting. A diversified panel of experts from around the world are providing their valuable insight and thoughts.


The first theme of the discussions covered " How management Consulting is Evolving in Response to Technological Advancement& Disruption?" .The conclusion was that:The rise of small & Agile independent consultants with focused specialization is a trend to continue in the future: - Small & Agile Consultants is the trend- Focused: strict specialization on the rise- The big  Consulting firms will stay big! 


The second theme covered "Attributes of the Future Management Consultant". The panel concluded that:A Future Value - Adding Trusted Management Consultant is One With Empathy, Courage, Real Life Industry Experience and High Communication Skills!- Empathy Came As A Top Attribute!- Real Life Industry Experience is a Must!- Be Courageous!- Communication, Communication, Communication! 


We have started the third theme which is currently discussing what would management consultants do differently from now on to ensure they remain relevant.Please join the discussion and share your thoughts!


Sunday, 13 May 2018

AdapGility Consulting is Launced!




AdapGility Consulting in association with Bibi Consulting launched a new service to connect CAEs (Chief Audit Executives) to organizations that need the services of such executives on temporary/short-term basis. This is a CAE ON-CALL service available worldwide






This service will be provided under the brand " AdapGility"  (www.caeoncall.com) which refers to the two most important characteristic of a value adding internal audit activity:  

                                                           Adaptability 
                                                                   &                           
                                                                Agility

We are teaming with world-class internal audit executives worldwide to provide quality value adding service. If you are an internal audit executive and wish to explore the opportunities,please forward your resume to:


Monday, 12 February 2018

The Right Way to Start Your Day!

The right way to start your day would be by having a chat with us to discuss how you can get the best value from your #internalaudit function!

Call us today to inquire about our free high-level review of IA functions in selected cities around the world!





Tuesday, 5 December 2017

Are We Asking Too Much of Internal Audit?


Whenever there are bad news or new events, many articles and posts start to pop up almost immediately questioning "where were the auditors?" and /or offering thoughts on internal audit's role in the event. Recent examples are the never-ending cases of sexual harassments and the rise of artificial intelligence. This leads to the question;"Are auditors still an easy target?". Or, perhaps, this is done out of love to internal auditors and in recognition of their vital role? If it is the latter, it should, obviously, be welcomed by internal auditors! 
Many agree that the role of internal audit is continuously evolving as a result of increased stakeholders' expectations, the continuous advancement of new technology, the increase in business complexity, and the rapid emergence of risks. Many internal audit shops are rising to the expectations and challenges, but how many of them actually had the chance to “assess” the reasonability, practicality, and fairness of the expectations and discussed their views with the stakeholders?
They always say that with authority comes responsibility, and for the sake of this discussion I say: "with higher expectations come real empowerment of internal audit!".
The objective of this post is to ask for internal auditors’ thoughts on these questions:
-         Do you believe stakeholders are asking too much of you?
-          Are you provided with adequate tools, resources, and support to meet the expectations?
-          Have you had the chance to discuss the expectations with your stakeholders?
If I receive enough responses, I will summarize them is a separate post for the benefit of those interested in the subject.
Please share your thought.

Internal Audit as A Disruptor!

Disruption   has been one of the most used words in the last few years. It has been used by people who understand its true nature and me...