IT Audit

The job profile of the Data Scientist is still young, but is often searched for on the job market. They are required in many industries, such as:

• Banking and insurance 
• Trading
• Business and organizational consultancies, market researching
• Social Media, Telecommunications, online tradinging and network management
• Bio-, pharmaceutical, chemical and medical industries
• Logistics
 

 
In 2012, Tom Davenport, Professor at the Harvard Business School, has described the competence profile as following: „… a hybrid of data hacker, analyst, communicator, and trusted adviser. The combination is extremely powerful – and rare.“
In times of “big data”, Data Scientists are experts in demand, who are paid above average and enjoy great freedom in companies as “gold diggers”. Using methods of mathematics, computer science and statistics, they gain facts and knowledge from large amounts of data, the “gold of the 21st century”, and discover new business areas. In addition, they are something like interpreters. They formulate the data records into legible results and display the essential information in a comprehensible language.
Data Scientists are trained in statistics, graph theory and other mathematical fields, and are proficient in methods such as data mining, process mining, machine learning and natural language processing (NLP). Added to this is knowledge from practical computer science. Knowledge of operating systems, databases, networks and data integration tools, as well as the most important programming languages and analytics tools are mandatory. Furthermore, knowledge about the Hadoop ecosystem, social networks and other systems from the internet and big data environment is a compulsory requirement for professional practice. The competency profile is that of an all-round talent and accordingly (currently) difficult to find.
 
The Data Scientist and the financial function within the company
The question whether a controller can assume the tasks of a Data Scientist must be clearly denied in the context of the described competence profile. The current opinion in the industry is, that it is illusory to believe that controllers could also assume the tasks of a Data Scientist. However, controllers should know the job profile of a Data Scientist as well as the possibilities and limitations of Big Data. The cooperation between the tasks of a controller and a Data Scientist is an important source for the future economic success of companies.
 
The Data Scientist and Auditing
The advancing digitization also places new challenges on internal auditing in the selection of the audit methodology. Data Science offers the possibility to consider the analytics of data masses as a test step within an audit and in this way to create an additional benefit. This means, however, that the internal audit department must also acquire expertise in data science in addition to the already acquired competences, such as finance, business management and compliance. Since an individual auditor can hardly have all the competences mentioned above, these should be at least available within the team. If necessary, remember to include an external Data Scientist.
Along the lines of internal auditing, the external auditing is placed before conditions that were changed by digitization: the flood of data, the appropriate audit methods as well as the concern of finding young recruits within the auditors underline the need for efficiency gains. The surge in job advertisements for data scientists in audit centers, as well as first attempts to use artificial intelligence in this area, underscores this.

This feature blog was written by Prof. Dr. Nick Gehrke (Zapliance)

SAP Launched new Cloud version of their software with integrated analytics
Companies can now avail of new SAP technology as the software giant moves into the modern world of cloud computing. The new version will now allow their business customer perform the same accounting, financial, and manufacturing management tasks as before, but in a more modern and efficient manner. This is great news for SAP experts and financial auditors who use the software.
Customers will now avail of public-cloud deployment opposed to building and maintaining their own data centres. With extra features added they now deem the software to be “smart”. It is claimed that it will do everything from managing manufacturing processes, to tracking inventory, to paying bills, to logging payments.
This will be invaluable to large multinationals delivering complex on-prem ERP solutions for the largest organizations on the planet. Essentially it will allow these companies to handle all the “technical heavy lifting” by using public cloud products instead of their own private data centers. In addition it also offers integrated analytics package to take advantage of the increased intelligence.
The overall idea is to provide more automated insight into the company data being collected by the ERP system. The system acts as a more active contributor to assist and augment the human decision makers.
Going forward more and more companies during the hiring process are making SAP knowledge a prerequisite for their audit and accounting openings so this may very well be the next step in our technology driven world.

One of the biggest issues every successful company face in today’s business world is the prevention of fraudulent activities committed by employees. Over a decade ago the Sarbanes-Oxley Act (SOX) Compliance was introduced which requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. However with increasing new technologies is this enough to protect companies in 2017?

In a recent study conducted by one of the Big4- on average global companies lost over 5% of revenue to fraudulent actions- the majority of this done by current employees. The reason for this was due to lack of internal controls and no risk management in place. Furthermore the cost to strengthen such internal controls is a considerable investment whether it be in hiring new staff such as internal auditors or specialist fraud and forensic audit professionals. However the cost of such professionals is far less than the loss of earnings suffered by companies due to fraudulent activities conducted by employees.

Companies must also face the costly burden of implementing new software such as Governance Risk and Compliance packages. Combine this with the cost of hiring new talent in the IT Audit arena to process, analyse test and review these controls.

Using new technologies such as the cloud has allowed companies to analyse risk management procedures which look for unusual patterns such as access frequencies, duplicate payments, and splitting invoices
These cloud tools automate controls that uncover these types of preventable risks, but they can also help companies develop a road-map for identifying strategic risks.
It is vital that organisations continue to develop their internal controls, invest in technology and most importantly specialized fraud and forensic audit professionals to mitigate the increasing number of preventable risks which untimely leads to higher profit margins.

One of the new hottest tech trends for the IT Audit Market and in particular the Data Analytics Market is artificial intelligence (AI). As the consumption of data persists and the growth continues with no apparent limits, we see companies across the globe are investing not only in big data analytics hardware and software but more so in the people with the skills and knowledge to utilises them. They are also heavily investing in these hard to find individuals’ continuing education.
According to a recent article released by Forbes, the world’s biggest companies such as Google, Facebook, IBM and Amazon are heavily investing in hiring and acquiring new IT talent in the arena of data analytics.

This in turn will hopefully lead to the development of new tools for migrating data, and also analysing. The predications for the market are estimated to grow in excess of €200 billion so individuals with expertise and knowledge in these specialised fields and areas are certain to build a successful career with unlimited career options and growth.

This growth will also apply not only to individuals but also to the information-based products which are also set to increase with Fortune500 companies investing heavily in new technology and infrastructures for information gathering. The data acquired can then be either bought or sold which again will lead to further revenue generation.

How an Internal Audit function will battle cyber security issues for your company WHEN it happens in 2017?

It is no longer a question queried in a boardroom by senior management of multinationals companies. Could we be hacked? It is now an inevitable occasion of when will we be hacked and how can we combat this data breach? Given the possible exposure and risk to a company’s valuable assets and information there is a duty for the board of directors to be adequately prepared for this occasion. How can they prepare for this? One major tool available to them is an internal audit team. Internal auditing is indispensable for helping companies manage cybersecurity threats and preventative programs. Here are some suggestions on how best to prepare.

1- Ensure your audit function is adequately prepared with talent, resources and budget.
It may be the responsibility for your HR department to ensure that you have hired the “IT Audit Dream Team”. Do not hinder this by not approving budgets for hire. In the long term this will cost your company more in time and in finances. Using specialised external executive search firms such as Audit International ensure you find the right skill and industry-specific experience to best facilitate your company as this is often challenging, Therefore management should prepare their companies to prioritize developing, training, and adequately hiring resources to the internal audit team.

2- Keep communication open with your Internal Audit Team
There is vital importance of engagement between the internal audit team and the business it serves. In order to comprehend where the cyber risks are coming from, you have to appreciate how the business works. This would include assessing firewalls, networks and apps, but also understanding the company’s processes and how it interacts with customers and sellers. Cyber security risks are moving targets. Most of the exposure lies in a company’s human element. You should ensure your internal audit teams are given a clear and thorough understanding of business operations. The only way this can really happen to keep an on-going rotation of internal audit staff into the business into various functions and units. This serves multiple purposes; it ensures retention of valuable talent in the company as they are then satisfied with their own personal career progression. It is a well-known fact in the recruitment space this is one of the key drivers for auditors to leave their role which in turn ends up costing the company time and resources to replace, train and hire new audit talent. Secondly it gives your auditors a better well rounded view of the company and thus can add more value and stay in tune with the company.
3- Ensure coordination between functions- IT and Internal Audit
Another integral part of this issue is the level of coordination between the internal audit team and other key functions and this is critical to the success of tackling your cyber issues and risks. You must ensure that your internal audit teams should be given access to other members of the IT Audit team. This can include the chief information officer and chief information security officer, as well as human resources, supply procurement, and business leaders. Coordination can make or break any important undertaking — and cybersecurity is no exception.

4- Where to start and what questions to ask first?
Below is a suggestion of where your audit committee can begin and what issues need to be addressed first.
• Currently it is important to ask, what interaction and coordination does the internal audit team have with other corporate functions (e.g., information technology, information security, operations, supply chain, human resources, etc.) related to cybersecurity matters?
• What skill sets does your internal audit team have that are related to information security? Cybersecurity? How do team members keep their skills current? How do you retain team members? Do you need to hire further talent to support them?
• Does the company perform internal and/or external system penetration testing? Are the tests announced or unannounced? What role, if any, does the internal audit team play? Is there open communication between all your functions to facilitate this?
• What types of prevention, detection, and reaction/response testing does the internal audit team perform in the threat and vulnerability management life cycle? Again do you have sufficient in-house talent to tackle all these problems? Are you supporting your team enough to support this in terms of team resources and talent?
• What role, if any, does the internal audit team play during a breach? Regular meetings and coordination could play an integral part in highlighting how these functions can support each other if a breach occurs which may then lead to quicker resolution of the problem.
• What role, if any, does the internal audit team play after a breach has occurred?
• Who performs cyber-related investigations within the organization?- Do you outsource this responsibility and if so would it be worth hiring an in-house function to address these issues.