Corporations
that are increasingly embedded in a digital convergence environment must build
business processes based on reliable data processing frameworks. Today the
competitive advantage of some organizations is based on their capacity for
innovation and use of electronic processes.
In this
digital environment both the internal audit as well as the internal controls
area must have and be proficient in the use of Data Analytics tools in order to
support data collection and also their evaluations.
I have
observed, by participating in some events on the subject and also in some of
our projects that audits are investing in the ability to collect data, but not
so much, in their ability to analyze the data collected. I also see that most
of the time auditors and internal control specialists are being spent behind a
computer screen, which I think is a mistake.
There are
excellent tools to perform the data collection in the format that the auditor
wants parametrizable in various forms and models, however, this process will be
effective if there is also capacity for analysis by the auditor. The investment
must be in the tool and also in the human being to be proficient in the
analysis of the data, including the peripheral data.
Now all
of this will pay off if the organization's database is truly reliable. ERP
platforms are great vectors for loss of integrity if not well structured,
including your access process. In a survey conducted by KPMG in 2017 only 35%
of respondents said they had a high degree of confidence in the use of various
types of analysis in their organization, which to me came as a surprise,
expecting a higher percentage even though large companies have experienced
information integrity issues in their business processes.
Another
interesting point in this research is that executives and managers are being
asked to make decisions based on information generated by algorithms they did
not create and that do not fully understand them either.
With this
in mind, let's go back to internal audit and control and understand the
challenges they must face to conduct your assessment work in this new digital
environment.
First of
all, it is very important that internal auditing and internal controls have in
their team professional with information technology knowledge, in order to be
able to act in the evaluation of governance and IT management as well as to
support the operational professionals of internal audit and control.
The next
point is to form an opinion about the degree of confidence that will be placed
in the processing of information through digital systems, data management and
its security, as well as in the analysis models used by the managers. For this
my suggestion is to observe the three points below:
1. Assess
whether database management has the appropriate governance and control system
to quickly identify any possible breach of integrity, confidentiality, and
completeness.
2.
Evaluate whether the analysis models and the algorithms used are doing the
right things in the right way, achieving the desired results.
3.
Evaluate whether electronic accesses and interfaces between processes are
consistent and appropriate for the context. Both analysis models and data
sources must be able to be replicated in a sustainable manner.
I have no
doubt that the use of more complex systems by corporations, including the use
of Artificial Intelligence for business decisions, is an integral part of the
new corporate environment, bringing new risks and new challenges to the whole
management.
Auditors
and internal control specialists should be aware of all of those changes and
innovations, preparing themselves and getting the appropriate proficiency to
create value for the corporation through the execution of their work
0 comentários:
Postar um comentário