Posts Tagged “internal auditors”
Audit International know the common expression, “you only get one chance to make a good first impression.” For internal audit, this chance often comes during the kickoff meeting. This introductory meeting will often set the tone for the entire audit. Its primary objective is to align the auditors and auditee on the audit’s scope, objectives, timeline, and expectations. The meeting provides an opportunity to establish clear lines of communication, clarify roles and responsibilities, and build rapport between the audit team and the auditee.
Here, Audit International will provide a step-by-step guide on how to conduct an effective internal audit kickoff meeting, highlighting its importance, objectives, key participants, and necessary preparations.
Preparing for the Internal Audit Kickoff Meeting
There are several steps internal auditors can take to prepare for the kickoff meeting. They include:
- Define the Audit Objectives: Clearly articulate the purpose and goals of the audit. Identify the specific areas or processes to be examined and the desired outcomes.
- Determine the Scope: Define the boundaries and limitations of the audit. Specify the time frame, departments, locations, or functions to be included.
- Assemble the Audit Team: Select auditors with the relevant expertise and knowledge. Assign roles such as lead auditor, documentation reviewer, and subject matter experts as necessary.
- Conduct Pre-Meeting Research: Familiarize yourself with the auditee’s processes, policies, and applicable regulations. Review previous audit reports, findings, and corrective actions.
- Prepare an Agenda: Outline the topics to be discussed during the meeting. Allocate sufficient time for each agenda item and prioritize critical issues.
- Send Invitations: Distribute meeting invitations to the key participants, including auditors, auditee representatives, management, and any other relevant stakeholders. Provide the agenda and any reading materials.
The Internal Audit Kickoff Meeting Process
If you have prepared well for the kickoff meeting it should go smoothly. Keep in mind that auditees may have some anxiety about the upcoming audit. They will often have preconceived notions that they audit may be an exercise in the internal auditors trying to play “gotcha!” It’s important to alleviate these fears and clearly communicate the purpose of the audit.
They may also have concerns about the schedule of the internal audit work and see the audit as a distraction from their day-to-day duties. Indeed, we all have busy schedules and they may view the audit as providing extra work on top of their already full days. For this reason, it’s also important to be transparent about the scheduling of the audit work and to work to make the audit as painless as possible for the process or unit that is being audited.
The following are some steps to take during the kickoff meeting to help allay these fears, set expectations, and communicate clearly to the auditees:
- Introduction and Opening Remarks: a. Welcome all attendees and introduce yourself and the audit team members. b. State the purpose of the meeting and the audit’s importance to the organization. c. Outline the meeting’s agenda and expected outcomes.
- Review of Audit Objectives and Scope: a. Present the audit objectives, scope, and expected deliverables. b. Provide an overview of the audit methodology and explain any unique approaches or tools to be used. c. Discuss the audit timeline, key milestones, and any dependencies.
- Roles and Responsibilities: a. Clarify the roles and responsibilities of the audit team members. b. Define the roles and expectations for auditee representatives, including the provision of requested documentation or information.
- Communication and Information Sharing: a. Establish channels and protocols for communication throughout the audit process. b. Discuss the frequency and format of progress updates, status meetings, and any interim reporting requirements. c. Specify the confidentiality of information shared during the audit and any data protection measures.
- Document Review and Access: a. Discuss the documents, records, or systems that auditors may require access to during the audit. b. Explain the need for auditee cooperation in providing necessary documentation promptly. c. Address any concerns regarding sensitive or confidential information.
- Q&A and Discussion: a. Provide an opportunity for auditees to ask questions or seek clarification. b. Encourage open dialogue and address any concerns or challenges raised. c. Seek input from auditees regarding specific areas of focus or potential risks.
- Closing Remarks: a. Summarize the key points discussed during the meeting. b. Reiterate the importance of cooperation and commitment from all parties involved. c. Establish the next steps and confirm any follow-up actions or meetings.
Post-Kickoff Meeting Actions
Congratulations, you’ve conducted a great internal audit kickoff meeting. The internal audit team and the auditees are now on the same page and everyone knows what do expect during the audit. The initial work involving the kickoff meeting isn’t done, however. To set the upcoming audit on the right path there is still some work to do. Post-kickoff meeting activities include:
- Documentation and Reporting: Document the meeting minutes, including the key discussions, decisions, and action items. Distribute the minutes to all attendees for review and confirmation.
- Follow-up Actions: Assign responsibilities for any action items identified during the meeting. Set deadlines and establish accountability to ensure timely completion.
- Ongoing Communication: Maintain regular communication with auditee representatives to address any queries or provide clarifications as needed. Share progress updates and adhere to the agreed-upon reporting schedule.
Conducting a well-executed internal audit kickoff meeting is a crucial step towards a successful audit process. It establishes a foundation for effective communication, collaboration, and understanding between auditors and auditees. By clearly defining the audit objectives, scope, roles, and responsibilities, the kickoff meeting ensures a focused and efficient audit process. Preparing adequately, following a structured meeting agenda, and documenting the discussions and action items contribute to a productive engagement. By leveraging the guidance provided in this article, organizations can maximize the value derived from internal audits and drive continuous improvement within their operations.
If you have executed the kickoff meeting well, the auditees will be all smiles when you arrive to conduct the actual audit.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc. across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com
Audit International realise that for many internal auditors, the audit committee is a bit of an enigma. Most of you help the chief audit executive (CAE) or other internal audit leader with materials and content to provide to this subgroup of the board of directors. Much of your work, in summary fashion, ends up there. But, for the most part, we only know what happens behind the closed doors of the boardroom if your CAE conducts a post-meeting debrief. Yes, we know that the audit committee is important. We know that they take our work seriously. But what do they really want from us?
For internal audit leaders themselves, the meetings can be intimidating. The majority of audit committee members are experienced executives from other companies and often serve on other boards. They are generally savvy, informed individuals, who spend a part-time role executing governance duties for the organization where we work. So, while they might, at times, be proactive—meaning, they raise questions or lines of inquiry based on something they initiate—mostly they are reactive, responding to what is presented to them. That means the onus is often on internal audit leaders to help them in their role by carefully choosing what to share with them.
Yet walking the fine line between providing too much detail and maximizing the little time we have with the audit committee can be tricky. Internal audit leaders often express anxiety about meeting with the committee. It can be difficult to anticipate what they may find important versus what they would consider a waste of time. Indeed, internal auditors can be forgiven if they just want to shout the famous Spice Girls refrain: “Tell me what you want, what you really, really want!” So, let’s give that a try: What does the audit committee really, really want?
First, What the Audit Committee Doesn’t Want
During an Internal Auditors career, you report functionally to an audit committee on separate occasions, with different companies. You might foolishly think that you would give them lots of information and let them decide what was important. It’s a trap that is easy to fall into. It takes time, experience, and some good mentors to gain the wisdom to realize that is absolutely the wrong tactic.
It is an evolutionary process to slowly realize that reporting to the audit committee is not about what you want to tell them. It’s only about what they need to know. To cite an often-used phrase: “be brief, be insightful, and be gone.” Keep it short, share the needed knowledge, and let others take their place on the agenda. It’s not about you; it’s about your audit committee members.
What the Audit Committee Does Want
Here are ten things that Audit International have learned that the audit committee of the board wants from internal audit. We hope they work for you when it is your turn to directly interact with the audit committee.
1) The essence of the quintessence: This phrase, “the essence of the quintessence,” was shared by a chief operating officer of a bank once, and it stuck with us. Basically, he was expressing that he and the other execs were busy folks and they want to get right to the bottom line. Don’t just tell me what you are telling me, but tell me why you are telling me. Get to the essence of the quintessence! And that’s what the audit committee wants too! So, if you feel you really must share something with the audit committee, ask yourself why it is so important that they know it. If you can start your phrase with, “this is important because …,” then they probably need to know it. They want the bottom line and the why. The rest is superfluous.
2) Not how you did something, but what you concluded: Have you ever asked someone how their vacation went and they start by telling you about the car ride to the airport? You are being polite, but all the while you wish they’d just answer the question. You want to know about the experience at the destination, not how they got there. Well, the same is true with the audit committee. All the work we did to arrive at our conclusions is important to us, but not to them. They only want to know the conclusion. So, cut to the chase. They trust you did all the right work to get there.
3) Your opinion, not just the facts: Internal auditors follow standards, confirm everything, and don’t spout wild, unsupported views on subjects. We are methodological in our pursuit of facts and the truth. So, when we have made a conclusion, we are usually armed with supporting facts. If not, we tend to refrain from going out on a limb with an opinion. Resist the urge, however, to stick only to the facts. You are not a robot; you are a person with a brain. You have a range of experiences to draw upon and see more of the organization than most anyone else. So, does the audit committee want a Joe Friday, “just the facts ma’am,” approach? Not really. They trust you have done the work and want to hear your views on various topics. If they ask your opinion, trust your instincts and give it to them. If you don’t, you really aren’t adding as much value as you can.
4) Your concerns, audited or not: Whether you are new to an organization or have been there for many years, your well-honed internal audit skills will leave you with an innate ability to have concerns about certain things, whether you have actually done internal audit work on the topic or not. If you had unlimited time and resources, you’d go check out all those nagging worries, and confirm or deny them. But you don’t. The audit plan may not have prioritized it, but that doesn’t mean the concern isn’t valid.
Now, the audit committee has no desire to hear lots of speculation or theories, nor are they interested in trivial things. But, believe me, if you have a good relationship with the audit committee, they want to hear your top concerns, even if you don’t yet have all the facts. You just need to be extra careful in how you position what you say, and you do so rather infrequently. But they do want to know. As they say, that’s why you get paid the big bucks.
5) Something of substance in executive session: One experience that is among the trickiest for a CAE to navigate is the executive session with the audit committee. During the typical executive session everyone who is not a board member leaves the room and the internal auditor meets with the audit committee alone. Over the course of a few years of executive sessions with the audit committee, I can say from experience that there are two things you never want to do: one is to have something to tell them in every executive session, and the other is to have nothing to tell them in any executive session. So, the goldilocks theory applies here, you want to strike the right balance. What to bring up, how to bring it up, and what you need to do both before and after you bring it up is a whole course in and of itself. It is an art, not a science. Don’t be trivial or cavalier about what you bring up. The audit committee wants you to bring things up, and they want them to be of substance.
6) Proof you really get the business and the strategic plan – Whether it is deserved or not, a common complaint by operating leaders and managers within many companies is that internal audit does not understand the business. The last thing you want is for the audit committee to second guess your conclusions. So, if you are confident that you know the business and the strategic plan (and you’d better be), let it show. It should show up in your audit plan, your priorities, and your explanation of internal audit’s observations and conclusions. Don’t risk having the audit committee doubt you. They want comfort that you know the business and are in lockstep with the strategic plan. Give them the confidence that you do.
Another point to make here is to remember that you are a businessperson. As we go about our internal audit work, we tend to put blinders on, as if the audit plan and the audit projects are the only reason for our existence. Of course, they are not. So, when we update the audit committee on what we are doing, what hat are we wearing? An auditor’s who happens to work for the business? Or a businessperson’s who happens to be an auditor? The audit committee wants the latter.
7) That you align with second line functions: Not always, but often the only way that second line functions (risk management, compliance, security, and others) coordinate and collaborate with internal audit is if internal audit (namely the CAE) initiates the coordination and takes a lead role in it. Apart from the added cost of redundant activities, the audit committee doesn’t want a bunch of disjointed terminology, reports, and conclusions coming from the various “risk and control” functions of your organization. They want you to coordinate and collaborate across the second and third lines. If they aren’t telling you that, they are telling someone else behind your back!
8) Courage: Like everyone else in the organization, days are always going to bring obstacles, difficult co-workers, things not going according to plan, changed schedules, broken promises, and other hurdles. But, more often than many other employees in other departments, you will from time to time be called on to summon up some courage. From an obstinate audit client that is making your job difficult to a senior audit client manager that is disagreeing with you no matter how right you are—not to mention fraud investigations, hotline accusations, and executives who are doing questionable things—you are going to come across matters that are so egregious that you must raise them, regardless of the consequence. They are, hopefully, rare, but if you are in internal audit long enough, those times will arise. They will require backbone and strength of conviction, and are not for the faint of heart. But guess what, that is exactly what the audit committee wants from you: a reservoir of courage and the ability to call on it when it matters most.
9) That you understand the politics, but are not political – All organizations are political by nature. Whenever people get together and resources are scarce, win-lose games happen. Corporate politics are a fact of life. As much as we’d all like to be apolitical and let the facts drive what the right answers are, if we don’t learn how to navigate the organization’s politics, we will not be able to get our jobs done effectively. Does that mean we need to use the politics to our advantage? Sheepishly, the answer is yes, but not in an underhanded way. It’s important to know who to talk to, about what, and when; how to position what you are going to say; who needs a heads-up on what; who are the influencers in the organization; and so on. We need to know all that and leverage it to our advantage. Our audit committee members are some rather experienced and savvy businesspeople, and they are also navigating the organization’s politics to do their governance jobs. So, yes, they do expect you to understand the politics to get your job done well and know how to report things to them with an understanding of how the politics works, but they also don’t expect you to be overly political.
10) That you know when you may not be objective: Objectivity is such an important tenet to what internal auditors do and how we do it that we need to be ultra vigilant and self-aware when there is a risk of our objectivity being impaired. Audit committees expect us to be self-aware of when our objectivity might be impaired, or even the potential appearance of it being impaired. So, park that ego, realize you are subject to your own biases, and be self-aware enough to advise the audit committee when your objectivity could be impaired. They expect you to do that.
Earning that Paycheck
Even though they may not tell you directly, take it from us that your audit committee wants you to: be brief, tell them only what they need to know, share your professional opinion, be open about your concerns, leverage executive sessions properly, understand the company’s strategic objectives and strategic plan, collaborate with the second line, be courageous, know the business, navigate organizational politics, and say when your objectivity might be impaired. Easy peasy. Well, not really. But, as we concluded, that’s why you get paid the big bucks.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc. across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com
Artificial intelligence (AI) has the potential to transform the internal audit profession. ChatGPT, a large language model trained by OpenAI and based on the GPT-3.5 architecture, is an AI tool that can help internal auditors in various phases of their audit work.
Audit International are now going to discuss the benefits of using ChatGPT in these phases.
Planning
The planning phase is a critical phase of the audit process where the internal auditor defines the audit objectives, scope, and methodology. ChatGPT can be used in this phase to analyze large volumes of data and identify patterns and trends that may not be immediately apparent to human auditors. By using ChatGPT, internal auditors can save time and effort in identifying potential risks and opportunities for improvement. ChatGPT can also help internal auditors develop audit plans and testing procedures based on the insights it provides.
ChatGPT can also be used to educate internal auditors about the process under audit and its relevant risks. By inputting data related to the process, ChatGPT can provide a detailed understanding of the process and the risks involved. This can be particularly useful for internal auditors who are not familiar with the process or are new to the organization.
Further, ChatGPT can help internal auditors to identify potential areas for improvement in the audit process itself. As internal auditors input data into ChatGPT, the platform can analyze the data and suggest ways to improve the audit process. This can help internal auditors in developing more effective and efficient audit plans, testing procedures, and reporting methodologies.
Testing Phase
The testing phase is where internal auditors gather evidence to support their audit findings. ChatGPT can be used in this phase to analyze and interpret data, including financial and non-financial data. ChatGPT can help internal auditors in identifying anomalies, trends, and patterns in the data that may require further investigation. ChatGPT can also help internal auditors in identifying areas of the business where testing should be focused and can even suggest potential audit procedures based on the data it analyzes.
Reporting
The reporting phase is where internal auditors communicate their audit findings to the relevant stakeholders. ChatGPT can be used in this phase to generate automated reports that are accurate, comprehensive, and timely. ChatGPT can also help internal auditors in identifying the root causes of issues and provide recommendations for improvement. ChatGPT can even suggest remedial actions that can be taken to address the identified issues.
Monitoring
The monitoring phase is where internal auditors ensure that the management has taken appropriate actions to address the audit findings. ChatGPT can be used in this phase to monitor the implementation of the recommended actions and identify any further areas for improvement. ChatGPT can also help internal auditors identify emerging risks and opportunities that may require additional attention.
Privacy Concerns
One of the most significant concerns with the use of ChatGPT in the internal audit process is privacy. Internal auditors need to be aware of the privacy risks associated with the use of ChatGPT and take appropriate measures to mitigate those risks. It is essential to ensure that the data entered into ChatGPT is anonymized and that sensitive information is not shared or stored on the platform. Additionally, internal auditors need to ensure they have the appropriate consent and authorization to use the data in ChatGPT.
Treat it as a Tool
ChatGPT is a powerful AI tool that can help internal auditors in various phases of their audit work. By leveraging the capabilities of ChatGPT, internal auditors can save time, enhance their efficiency and effectiveness, and improve the quality of their audit work. However, internal auditors need to be aware of the privacy concerns associated with the use of ChatGPT and take appropriate measures to mitigate those risks. By doing so, internal auditors can leverage the capabilities of ChatGPT, while also safeguarding the confidentiality and privacy of sensitive data.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc. across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com
A few weeks ago, Audit International met with a self-described “introverted” business leader. This business leader confided to us that introverted individuals have a harder time climbing the corporate ladder. The individual went further in claiming that recent research shows that it is worst for women, as introverted women are seen as less assertive and lacking in leadership traits.
Conversely, the business leader pointed out that recent research also shows that introverted individuals actually make better leaders, but because they are not as assertive as their extroverted counterparts, they are not equally represented in leadership positions. That took a minute for us to reflect on. It was one of the most thought-provoking discussions we’ve had in recent weeks.
Curious by the proposition and wanting to see what statistics we could get on the topic ourselves, we set out to create several online polls. Initially, we just asked a simple question:
Do you consider yourself an introvert or an extrovert? Here are three things we learned from asking that and some follow-up questions:
People Do Not Like Binary Options on Personality Traits
In two separate polls across different platforms, we received similar feedback:
“No room for those who don’t fall into these binary groups?” was one of the first responses.
“Some people vary based on their environment,” and “I believe there should be space in between the two,” were two responses that quickly followed.
“Do you have a definition of introverts and extroverts?” was the last question.
Even when we tried to foolishly define the terms we were met with a big, “it depends.”
Lastly, we received the one-word response that took my approach in a different direction: “ambivert.”
The Power of the Ambivert
A full 70 to 80 percent of internal audit professionals considered themselves introverts when only given two choices on the introvert vs. extrovert spectrum. However, in follow-up polls, when the ambivert option was introduced, the results were different. Vastly different. Nearly half of the introverts from the initial polls now classified themselves as ambiverts. Ambiverts were now, in two separate polls, the largest group.
So, what does that mean?
Maybe we’re being foolish again, but here is our theory: Introverted ambiverts are those who usually keep to themselves and don’t brag about their accomplishments, but when the stars align and the spotlight is on them, they shine.
When Audit International first started in the internal audit profession, we worked with two introverted gentlemen. They generally kept to themselves in the day-to-day audit process. But, when they led projects, they had absolute killer instincts.
In that group, they audited the Latin America region, so depending on the country visited they would switch from English to Spanish or Portuguese and back to English with pure finesse. Audit clients would be at ease with their approach and communication style. Anyone who had only known them for that period would swear they were extroverted individuals. But they were not. They were ambiverts.
And that is the power of the ambivert: Killer instincts when it matters.
Extroverts Are Disproportionately Represented in Leadership Positions
Back to the business leader’s proposition that introverted individuals get the short end of the stick when it comes to leadership positions. Was that the case? Based on my poll results, yes.
Extroverts represented approximately one-fourth of the sample population of internal audit professionals. However, they represent one-third of those professionals in leadership positions. Introverts, excluding those with ambivert traits, represented over a third of the sample population of internal audit professionals, but only 10 percent of those in leadership positions. These statistics can be even more accentuated when it comes to female leaders.
A burning question then came to mind. Do extroverts make better leaders? Would that be the reason they are overrepresented in those positions?
Audit International set out to attempt to answer that by asking the community about their experience with their previous leaders. Were their best leaders introverts or extroverts? For this last poll, we purposefully left the ambivert option out.
The results? Extroverts were slightly at an advantage, 53 percent versus 47 percent. In other words, the “best” leader being an introvert or extrovert had close to the same likelihood as the flip of a coin.
How come we don’t have more introverted leaders if they are just as good as extrovert ones?
We don’t have any statistics there but, in my opinion, it’s likely because extroverts are seen as better communicators, and being a good communicator is a sought-out trait in effective leaders.
Should Introverts Lose all Hope?
No. Introverts in some circumstances may have an advantage over extroverts. Another reason is that in [internal audit], passion for the role is important to the impact that you can have on the organization. An introvert has to put a bit more effort into the work than an extrovert does, and I’ve seen several times where this translated to the level of commitment and effectiveness to the role.”
It might even be concluded that an introvert displays more active listening skills and empathy, which is also essential in leadership roles.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc. across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com
With one in five people pledging to pursue career goals and ambitions in their New Year Resolutions, Audit International have researched career experts advice on achieving these in 2023.
New Year, new (career) you! More than 20% of people toasted the start of 2023 with some form of New Year’s resolution and one in five of those pledged to pursue new career goals.
But with January now over, many of those good intentions may have already fallen by the wayside. If that sounds familiar, you’re not alone. In fact, people will typically ditch their ‘New Year New Me’ resolutions by the second week in January.
If that strikes a chord, don’t despair. Audit International has taken some insights from careers experts on their top tips on getting your career back on track.
Re-evaluate your current career choices :
For those with an established job, or who have taken time out of work to start and raise a family, it can be daunting to consider a new industry or completely change career path. However, it’s never too late to take your role in a different direction or re-enter education.
“If you’re looking to change careers in 2023, it’s important to evaluate your previous experience up until now. Consider which parts of your current or past job roles have brought you the most satisfaction or fulfilment, as this can help guide your new career path,”.
Adopt a continuous learning mindset :
Passing all of your exams is an amazing achievement, but that’s when the real learning starts. “Don’t assume you know everything now. Listen and ask questions and make notes and look things up. Every day is a school day!”
Work on your soft skills :
To get ahead in your career it’s also important that you develop soft skills that complement your technical prowess. “As part of your role, you will be expected to provide advice to clients and companies on any number of specific issues they may be experiencing, so developing strong soft skills including clear and concise communication, empathy, and the ability to make decisions to help resolve conflict will be key to your continued success.”
Develop a killer network:
Natural networking is everything. LinkedIn bombing everyone you think might be useful to you is annoying and will rarely achieve anything. Show an interest in everyone you meet and connect in a more genuine way. Try not to just focus on people you think are ‘important’.
Be authentic :
As an accountant, you are well-organised, a skilled number-cruncher and have a keen eye for detail. But as your career progresses and you become a team leader, you will need to focus more on management and people skills. If you get promoted to a management role without any formal training, it can be easy to act like the type of manager you’ve seen in the past. “People buy people, so be yourself, not the manager you think you should be”.
Focus on developing relationships :
Accountancy is a task-oriented job and it’s easy to get lost in the daily grind of completing tasks and hitting deadlines. But the real value you add as a manager is building relationships with staff and being an enabler and facilitator for the team. That means getting to know your colleagues on a personal level and understanding their strengths and capabilities.
Keep your eyes open for growth opportunities :
Don’t get bogged down in short-term deadlines and tasks. “These need to be done for sure, but you should also look more widely to find new areas of growth and challenges that can help you advance in your career”. That could mean studying for a qualification, taking on new responsibilities, or joining a cross-functional team. “Always look for ways to build your skills and contacts and your career will progress nicely.”
Don’t limit yourself to one area :
One of the best ways to elevate your career is by making sure you don’t limit yourself to just one part of the accountancy industry. “Gaining experience in a variety of roles – especially during the first few years of your career, as you decide the areas in which you thrive and most enjoy – will build your confidence and will provide you with essential skills that help boost your long-term career prospects”.
Connect with a mentor :
Regardless of where you are in your accountancy career, having the advice of someone more experienced than you can be invaluable. If you are unable to secure a mentor through work, it is also worth approaching people that you work with who could help you, or you could even look at joining an association that could pair you with someone.
Don’t put too much pressure on yourself :
It’s always good to be ambitious when it comes to your career and education, but avoid putting too much pressure on yourself when it comes to achieving all of your goals or training courses by the end of 2023. “Comparing yourself to others or putting pressure on yourself can lead to you feeling overwhelmed or burnt out. Take as much time as you need and find flexible options that work for you, especially if there are other important childcare or work commitments to take into consideration.”
Be ready to flex. Having a long-term career plan is great. However, things change and you will get frustrated if you can’t adapt or sometimes go with the flow.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
There is currently a misalignment in the world of Internal Audit. As Richard Chambers and AuditBoard’s 2023 Focus on the Future Report reveals, there are key areas where significant gaps exist between risk levels and planned efforts. The ability to attract and retain top talent, macroeconomic factors and geopolitical uncertainty, and business model disruptions due to the evolving risk landscape were all listed as top concerns for major organizations, yet only 13-20% of businesses have meaningful plans to devote substantial resources to these issues. Internal audit teams need to be ready to identify and address this kind of disconnect to ensure that their organizations are positioned for success in 2023. In this article, Audit International will identify three top internal audit trends, the challenges they present, and how internal audit teams can leverage software solutions to deploy team resources strategically against the most pressing concerns — setting themselves, and their business, up for success.
Trend 1: Velocity of Risk and Technology Change
Teams must continually provide assurance while adapting to evolving risks, digital disruption, and regulatory changes. Today we’re seeing significant contributions from the digital revolution, climate change, and stakeholder expectations, as the speed of decisions, the amount of connectivity, and the availability of data have all increased. Companies are learning that they have to balance pressures regarding what’s coming from governments, investors, and society as a whole. Stakeholders expect companies to act legally and with a conscience, and regulators are focusing on things like climate change, data privacy, and security.
Challenges in this area hit in numerous ways. First, there is an expanded purview required from emerging technologies and related risks. Second, there are repeated shifts to audit scope that put new burdens on teams. Third, there is an increased depth and breadth of data that brings along associated issues — including data reliability, related required team efforts, and resource constraints.
Technology can help audit teams develop solutions for these issues. Audit planning software accelerates risk and change responses from teams. With this preparation, teams can create risk-based audit plans with risk metadata to allow for efficient execution and continuous assurance.
Trend 2: Growing Internal Audit Talent Gap
Staff shortages, changing attitudes towards work, and a pre-existing skills gap are increasing talent risk and influencing how internal audit teams approach their work. Many teams are reporting that they are losing talent and struggling to replace them. Meanwhile, for the remaining team members, expectations are growing. They want to do more, and we need to keep them engaged. We have to support the folks that we have and give them opportunities to work in cybersecurity, sustainability, and other areas of interest.
The challenges created by the talent gap are as expected. Due to greater cost-cutting and efficiency demands often put in place by organizational leadership, teams are being asked to do more with less as headcount may be frozen or cut. There are the aforementioned difficulties retaining people and improving their skills, plus there are increasing specialization and training needs for team members.
A technology solution in this area is software with resource planning capabilities. This can help teams manage, optimize and retain talent by deploying resources more strategically, and it allows teams to improve individual and overall skills, efficiency, and experiences.
Trend 3: Align With the Business Objectives
The highly competitive corporate landscape and economic disruptions are driving the internal audit profession to refocus efforts on improved strategic alignment. Richard Chambers speaks often about auditors needing to become agents of change. When contemplating initiatives like cybersecurity, diversity, equity, inclusion, and third-party risk management, executive teams and audit committees all want better strategic alignment from internal audit teams. Internal audit must understand and embrace stakeholder needs and challenges so that we can better support their strategic initiatives.
The challenge for internal audit teams in this area is aligning audit with business priorities, which isn’t always as simple as that might seem. Plus, there is an increased requirement to validate internal audit resources. We have to start thinking in new ways, provide more value propositions, and be able to deliver more in less time.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
In 2023, organizations may face new and expanded cybersecurity and compliance mandates, which could vary from location to location and from one industry to the next. As a result, your organization may be looking to obtain a certification or will need to pass an audit for a specific set of standards or requirements.
While recognition for demonstration compliance or receiving certification is a great reason to celebrate, the process leading up to that is often time-consuming and sometimes dreaded, especially if you must undergo an audit first.
But audits don’t have to be as frustrating as they once were. With the right resources and tools, you can pass your next audit with ease. Here are five tips from Audit International to help:
Know your current program state.
Don’t wait until the audit is underway to find out where you might have gaps or weaknesses. Go ahead and assess your current compliance state so you know what you need to address before your real assessment gets underway. Consider using a cybersecurity compliance platform that automates these assessments for you and look for a platform that gives you real-time compliance scoring, so you’re never caught off-guard if something isn’t functioning as you intended or you’ve overlooked an important control or other security measures.
Document and evidence.
You can do everything correctly and score 100 on your current assessment, but if you don’t have a document repository that puts everything you need right at your fingertips in one place, or if you can’t supply all the necessary proof and evidence an auditor may want, you likely won’t get credit for what you’re doing right. Put away those binders of dusty old printouts you haven’t looked at since your last audit. Instead, use a cybersecurity management platform to track and retain all of your evidence and documentation all in one place for easy, shareable access with your auditors.
Put teamwork to work for you.
Instead of chasing down who’s responsible for which compliance requirement and trying to understand what they’re doing and how well they’re doing it, use a compliance management platform to help you automate task assignments, track progress, send alerts when those tasks are complete, and assign new tasks as they pop up. A platform like Apptega can even externally alert your auditor when your team has completed an evidence request or other necessary task.
Communicate across your organization.
One of the challenges in building a compliance culture is often that program managers speak industry lingo and not the same language that people in different roles within the organization can understand and relate to their day-to-day responsibilities. Instead of scrolling through hundreds, maybe even thousands of rows of data to find what you need for your next compliance conversation, consider using a compliance management platform that has a pre-built library of reports you can quickly draw on for your next engagement, whether that’s your C-suite, an auditor, or your tech team.
Don’t go at it alone.
While you can meet all the requirements on an audit prep checklist, the reality is when you work on a program, it’s easy to overlook issues an outside eye might catch. Before your next audit, go beyond a self-assessment and consider working with an outside compliance consultant to take a closer look at your existing program and help you seek out and address issues before your auditor finds them.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Audit International are stating the main Risks and Actions companies are putting on their 2023 internal audit plans. The past year concentrated attention and shone a spotlight on the increasing fragility of organizations. With a complex set of risks manifesting simultaneously, audit committees are prioritizing some of the most serious implications resulting from the ongoing war in Europe and a triple squeeze of supply chain, workforce and inflation pressures.
According to data from Gartner’s 2023 Audit Plan Hot Spots report, which identifies the key risks and recommended actions for Audit to benchmark their efforts against in the coming year, 81 percent of Chief Audit Executives polled have cyberthreats on their agenda to cover in audit activities over the next 12-18 months, with an additional 13 percent tentatively planning to do so. Even in a year with a high number of varied and seemingly imminent risks facing organizations, cyberthreats remained an agenda topping item for Audit Committees and senior executives as the drivers of the risk shifted from a generalized focus on inadequate security controls to specific need to prepare for highly sophisticated state-sponsored cyberthreats and new cyber breach disclosure requirements. Even as some risks remain perennial threats, shifting drivers can change the nature of the risk and need for updated mitigation and coverage plans.
Cyberthreats, however, are not the only vulnerability an organization faces in an increasingly fragile world. In developing this year’s report, the need for Audit to support their organizations through rethinking their approach to resilience in the face of growing fragility became evident as a key theme underlying several top organizational risks. These risks are generally under-covered in audit plans for 2023, in some cases less tangible and immediate than the category of risks that have been urgently prioritized as a result of the headline events of this year.
Resilience-related risks are manifesting with real world and high-velocity consequences all the same, and Audit needs to understand the risk indicators, urgency drivers and the right questions to ask the business to ensure that rethinking resiliency is on the agenda in 2023.
Below I review three such risks and strategies for Audit on how to approach them.
Climate Degradation
Nearly six in ten CAEs have no specific plans to provide assurance over climate degradation next year. This in and of itself is a key risk indicator for most organizations, as a failure to refresh business continuity plans related to climate risks puts an organization at higher risk for a key infrastructure failure and related loss of productivity among other risks.
While CAEs generally express limited confidence in their climate coverage plans, rethinking resilience means going beyond sustainability reports and identifying vulnerable assets. Audit departments need to incorporate in their plans the inevitability of increasingly severe weather events and mitigation strategies for the loss of key infrastructure, both their own and that of key third parties, such as suppliers.
Culture
Even more challenging for Audit is culture, traditionally a key source of resilience for many organizations that now is fraying under the weight of new working models (hybrid/remote), social and political polarization and a general lack of connection felt by employees who are reporting witnessed misconduct at rates 30 percent lower than pre-pandemic.
Despite such challenges, only 16 percent of CAEs are revisiting culture in light of shifting sociopolitical expectations of their workforce, investors and the media for next year, and just 10 percent report they are highly confident in providing assurance in this area. Internal Audit needs to push the business on reassessing how employee expectations and engagement are monitored in a hybrid and remote world, while policies related to political and social issues need to be formulated now and not in real time during a crisis.
Organizational Resilience
Ultimately, rethinking resilience means covering organizational resilience as a dedicated risk that is part of the audit coverage plan. Organizational resilience, broadly defined, is an organization’s ability to withstand shocks. This is likely to become ever more important in the face of new and ongoing geopolitical tensions, which can abruptly trigger a set of interconnected but differentiated risks to manifest simultaneously. While refreshing scenario planning and mitigating against change fatigue are necessary steps in this process, building true organizational resilience requires a view into the interconnected risks facing an organization and developing resilience-related initiatives across the enterprise.
With less than half of CAEs definitely planning to cover organizational resilience next year and just 32 percent highly confident in providing assurance specifically on matters of resilience, it’s clear there is more work to do in establishing this as a top audit priority. Chief Audit Executives can regain momentum by launching activities that encourage collaborative discussions between business units on interrelated risks and reviewing plans to address change fatigue within their organizations at a time when events over the past two years have likely dramatically diminished capacity in this area.
While these resilience-related risks feel less tangible and urgent than mitigating against “clear and imminent” dangers like supply chain vulnerabilities and state-sponsored cyberthreats, they are important and increasingly acute risks in their own right. Viewing them through the lens of rethinking what it means to be a truly resilient organization can be a useful framework for starting the right conversations within the Audit Committee and formulating effective coverage in next year’s audit plans.
Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
Audit International recommend five ‘Under the Radar’ Areas to Audit that May Not Be on the Audit Plan.
As internal auditors, we all have a “spidey sense” of what we should be auditing.
Sure, we should, of course, conduct comprehensive risk assessments that drive our audit plan, and many of the usual suspects will end up on that plan: cybersecurity, regulatory compliance, financial reporting, third-party relationships, and you know the rest.
But there are things, we would strongly profess, that should be audited, even if we aren’t formally auditing them and they never make it to the actual audit plan. Just by being aware—casting that web, if you will—you should constantly informally “audit” a few critical areas.
What might be some of those things we should (lower case) audit, even if we aren’t (upper case) Auditing them? Here’s Audit Internationals take on five:
1
Culture: Are Disconnects, Even if Subtle, Surfacing?
So much has been written and said about doing culture audits and internal audit’s potential role in doing such a review. Perhaps, however, your organization doesn’t support internal audit doing a full-blown culture audit. Does that mean you throw your hands up and do nothing with the topic? Heck, no!
Look, we are among the very few in the organization who have the benefit of both grasping the desired culture and viewing the entire company because of our day-to-day work. So, why not leverage that and tune into what is going on around us and notice the organizational behaviors, actions, and attitudes that are consistent with, as well as (importantly) counter to, the desired culture.
So, what’s an internal auditor to do?
Some caveats, though. First, be sure you completely understand the desired culture, both what is formally stated through things like the organization’s listed core values as well as what is implied in the “how things are done around here” subtleties. The formal and the informal culture are equally important. Then, as you go about your work in various departments and interact with people at all levels of the organization, be cognizant of behaviors, language, demeanor, protocols, and other elements that seem inconsistent with what you expected.
Now, if you witness such imbalances, and you’ll know because it will make you a bit uncomfortable, talk with close colleagues or discuss it amongst your team. If something seems amiss, continue to keep your eyes and ears open and provide your internal audit function leadership with examples of what you are witnessing. If there are culture issues in a particular area of your organization, it is likely manifesting itself in a number of other issues as well. Your internal audit function leadership will guide you on what to do and may provide guidance on the next course of action. Chief audit executives will need to consider when and how to elevate such delicate issues. Yes, it’s a sensitive topic, but something that might be critical to address. Your spidey sense will guide the way.
2
Employee Engagement: Are People Checking Out?
While it has been a topic in the corporate world for more than 20 years, at least since the Gallup Organization and their Q12 employee survey instrument brought it into the lexicon, “employee engagement” has re-emerged these days. By now, we’ve all heard the new buzz phrase “quiet quitting.” While it’s a catchy label that has been slapped on what is, in essence, just disengagement, it’s not to be taken lightly. Employees who have become disengaged in your company’s mission, vision, and values don’t have passion to do their best. This should be deeply problematic to executive leaders and, in turn, to you. It is a significant and costly drain on everything your organization does.
So, what’s an internal auditor to do?
Just like with the culture topic, we, as internal auditors, interact with more of the organization across all levels (along with HR) than most anyone else in the entire organization. Therefore, we have our finger on the pulse when it comes to engagement and its evil twin, disengagement. Do we have a general sense though the course of our internal audit work that people care or if they are they just going through the motions? Sure, we do.
We don’t need to be scientific about it, and we don’t have to call anyone or any function, department, or location out, per se, but if we see that there is a trend developing toward greater levels of disengagement, let it be known. Make it a part of what we absorb about the organization on a daily, weekly, and monthly basis. Elevate the concerns, whether to HR, department levels, or even the senior management. In other words, don’t ignore it.
3
The Physical Facilities: Are Things in Disrepair?
As much as we may not all be going into a physical office as much anymore, many employees will still spend at least some time in the office or at company facilities. And, the physical state of the office location, branch, facility, or building space is important. Not only can facility disrepair be unhealthy or unsafe, but it can also just negatively affect employee psyche or customer impressions. Pay attention to what things look like and what is the state of the physical environment around you. It may signal deeper problems or an overall neglectful view of the business.
We all have stories about what we’ve witnessed. I remember walking past a locked closet and smelling a damp odor. I could have just ignored it, thought it was just me, or figured that someone else was probably aware of it. Instead, I decided to mention it to the facilities manager of the location. And, lo and behold, behind the rightfully locked door a roof leak had infiltrated the space and it was a wiring closet. It could have been a big problem if it were ignored for any length of time.
So, what’s an internal auditor to do?
Keep your eyes and ears open as you go about your work. Does something seem amiss regarding the physical location? Mention it to someone who could do something about it. What’s the worst that could happen? They tell you “thanks, we are aware of it.” At best, you help address an issue before it gets out of hand. Sometimes we all become blind to our physical surroundings because we’ve just been there for so long. But a fresh set of eyes and ears might just help the organization out and make employees and customers even more appreciative of the physical space they show up to and that the organization spends so much money on. Internal audit can have a unique perspective of noticing what gets unnoticed.
4
The Parking Lot Check: Is Fraud Hiding in Plain Sight?
Closely related to the physical state of the facilities is the state of the employees. Ever see a change in someone’s habits that don’t sync-up with what has gone on in the past, and you wondering “what’s up with that?” Perhaps someone is showing up to the office in a new luxury car, expensive clothes, or talking about some lavish vacation they went on?
Most often, there is a great explanation, and it is none of our business. But, also, any of us who have been around the block a few times will also know that, occasionally, these changed behaviors are clues that something is amiss and that someone may be on the take. You could call this “doing a parking lot audit.” So many frauds and embezzlements have left a trail of these clues as the perpetrator wanted to channel their ill-gotten gains into the fruits of luxury and apparent success. It’s not an outright indicator or fraud, of course, but it might be a red flag to dig deeper, especially if things weren’t adding up already.
So, what’s an internal auditor to do?
Just keep your eyes and ears open, being observant to uncharacteristic behaviors, purchases, and chatter could provide clues to someone who is taking advantage of their position and situation to pilfer from your company. No, don’t go around accusing people of things where you have no proof, of course. But eyes open and be vigilant. And, if you see something, say something to a trusted colleague within your internal audit department. If necessary, elevate it within your department and, if warranted and approved, do some follow-up in a clandestine manner. You may just catch something in its preliminary stages and head it off at the pass, so to speak. Most people steal from the company in small increments, and it escalates from there if they feel they are getting away with it undetected. But, in hindsight, there were usually always clues … perhaps no further away than in the parking lot.
5
Hotline Activity: Is Volume Up, or Has Volume Decreased?
Most internal audit functions have some role in monitoring their organization’s whistleblower hotline for employees, and sometimes also third parties, to file complaints. This may seem like a no-brainer, but you’d be surprised how often small complaints (that point to bigger problems) go unnoticed. Your internal audit function may have complete ownership of managing what comes though, you may partner with someone else in the organization, such as compliance, human resources, or legal, or you just get things passed to you for review or investigation as needed from one of these organizational partners. Regardless, you need to have some role in monitoring the volume of activity. What types of activity are coming through? Are there recurring issues? What are the trends? It doesn’t take an audit, but it does take awareness. Changes in volume can be very telling, and that could be changes in either direction (increased or decreased volume).
Increases in activity might spell some brewing issues of a more macro sense and, alternatively, decreases in volume may spell a level of distrust in the confidentiality of the hotline or a perceived lack of seriousness with which reported items might be getting addressed.
So, what’s an internal auditor to do?
It doesn’t have to be you, so long as someone in your internal audit function is attuned to the trends, both in terms of volume and types of activity. And, if there are notable changes in the trends, up or down, it might be time for a deeper understanding of what might be going on. This could be a signal of troubles brewing that are inconsistent with the desired culture.
—-
To be clear, internal auditors don’t need a formal audit plan initiative to keep abreast of important developments in the organization. It’s not easy, I know, as the formal audit plan has us busy enough, but a little observation may go a long way. Head up, eyes and ears open, use all your senses and leverage your well-honed intellectual curiosity and professional skepticism. Do some ad-hoc auditing of things you might not be able to (upper case) Audit and don’t necessarily make it to the formal audit plan. The organization will be better for it, and you will enhance your engagement and contributions innumerably.
As popularized in the Spiderman comics of yesteryear and said in more recent movies, “with great power comes great responsibility.” Wield it judiciously!
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
There is a common joke among physicists that fusion energy is 30 years away … and always will be. You could say something similar about artificial intelligence (AI) and robots taking all our jobs. The risks of AI and robotics have been expressed vividly in science fiction by the likes of Isaac Asimov as far back as 1942 and in news articles and industry reports pretty much every year since. “The machines are coming to take your jobs!” they proclaim. And yet, all of us here at Audit International still head to the office or log in from home each weekday morning.
The reality is less striking but potentially just as worrying. Most people expect that one day some sort of machine will be built that will instantly know how to do a certain job—including internal auditing—and then those jobs will be gone forever. More likely, is that AI and smart systems start to permeate into everyday tasks that we perform at work and become critical parts of the business processes our units and companies conduct. (Indeed, many professions and industries have already been greatly disrupted by AI and robotics.)
Technology companies have been so successful over the last 30 years because of the common mantra of “move fast and break things.” And that was maybe just about acceptable when it meant you could connect online to your friend from high school and find out what they had for breakfast or search through the World Wide Web for exactly the right cat meme with a well-crafted string of words.
When the consequences now might mean entrenching biases in Human Resources processes, or mass automated biometric surveillance, not to mention simply not even understanding what a system is doing (so called ‘black boxes’), the levels of oversight and risk management need to be much higher.
The Regulatory Environment :
There is some existing regulation which covers aspects of this brave new world. For example, in the European Union, article 22 of the General Data Protection Regulation (GDPR) on automated individual decision-making, provides protection against an algorithm being solely responsible for something like deciding whether a customer is eligible for a loan or mortgage. However, the next big thing coming to a company near EU is the AI Act.
The proposal aims to make the rules governing the use of AI consistent across the EU. The current wording is written in the style of the GDPR with prescriptive requirements, extraterritorial reach, a risk-based approach, and heavy penalties for infringements. With the objective of bringing about a “Brussels effect,” where regulation in the EU influences the rest of the world.
Other western jurisdictions are taking a lighter touch than the EU, with the United Kingdom working on a “pro-innovation approach to regulating AI,” and the United States’ recent “Blueprint for an AI Bill of Rights” moving towards a non-binding framework. Both have principles which closely match the proposed legal obligations within the AI Act, hinting at the impact the regulation is already having.
Much of the draft regulation is still being discussed, with a final wording soon to be agreed. There are disagreements across industries and countries on whether some of the text goes far enough or goes too far. For example, whether the definition of “AI” should be narrowed, as the current wording could encompass simple rules-based decision-making tools (or even potentially Excel macros) or even expanded to greater capture so-called “general purpose AI.” These are large models which can be used for various different tasks and therefore, applying the prescriptive requirements and risk-based approach of the AI Act can become complex and laborious.
The uncertainty over the final wording has given companies an excuse to not make first moves to prepare for the changes. Anyone who remembers the mad rush to become compliant with the GDPR will remember the pain of leaving these things to the last minute. The potential fines, which may be as high as 6 percent of annual revenue depending on the final wording, could be crippling and have a cascade effect on a company’s going-concern.
What Can Internal Auditors Do?
As internal audit professionals we can start the conversation with the business and other risk and compliance departments to shine the light on the risks and upcoming regulations which they may be unaware of. It is our objective to provide assurance but also add value to the company and this can be done through our unique ability to understand risks, the business, and provide horizon scanning activities.
Performing internal audit advisory or assurance work, depending on the AI risk maturity level at the organization, can highlight the good practice risk management steps that can be taken early to help when the regulation is finalized. These steps could include:
1) Identify AI in Use: To be able to appropriately manage AI risks throughout their lifecycle stakeholders need to be able to identify systems and processes which make use of them. Agreeing on a definition of AI and developing a process to identify where it is in use is the first step. This would include whether it is being developed in-house, is already in use through existing tools or services, or acquired through the procurement process.
2) Inventory: Developing an inventory which includes information such as the intended purpose, data sources used, design specifications, and assumptions on how and what monitoring will be performed is a good starting point and can be added to, based on your company’s unique characteristics and any specific legal requirements that are implemented in the future.
3) Risk Assessments: Since a key aspect of the AI Act is it being “risk-based,” it is important to have a risk assessment process to ensure you take the necessary steps as required in the regulation, based on the type of AI used. For example, what level of robustness, explainability, and user documentation is necessary based on the risk tier provided. It is also important to consider the business and technology risks of using the AI. For example, machine learning using neural networks requires large training datasets, which can raise issues of data protection and security, but may also perpetuate biases that are contained in the datasets. Suitable experts and stakeholders should be involved in the development and assessment of the risk assessment process.
4) Communications: One area that is often forgotten is communication. It is all well and good having a policy or a framework written down but if it isn’t known and understood by the relevant stakeholders it’s worth less than the paper it’s printed on. Involving key stakeholders during the development of your AI risk management processes can help develop a diverse platform of champions throughout the business who can act as enablers as the requirements are communicated and regulation finalized.
5) On-going monitoring: Risk management is not a one-off exercise and this is no exception. Use cases, technology, and the threat landscape change over time and it is important to include a process for on-going monitoring of AI and the associated risks.
The machines may not be coming to take our jobs just yet, but the risks are already here and so are the opportunities to get ahead. There may be a long and winding road in front, as we all prepare for a world where AI is commonplace and new regulations and standards try to shape its use, but each journey starts with a step and it’s never too early to get going.
“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”
