digitization - what does this mean to internal audit?

© 2016 Protiviti Inc.

CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.

DIGITIZATION – WHAT DOES THIS MEAN TO INTERNAL AUDIT?



A REMINDER…

You can download a copy of the presentation via the Resources Area on your

screen.

Following the webinar, all attendees will receive a link to a copy of the presentation and

recording.

There will be a Q&A session at the end of the webinar. Please submit your questions by

clicking on the Questions Area on your screen.

If you are having trouble hearing the audio through your computer, a separate phone line is

available for your use.

• US/Canada Line (844) 498-5681

• International Line (574) 990-1348

• Conference ID 64233125

2



CPE CREDITS AND SUPPLEMENTAL INFORMATION

We are offering 1.5 CPE credits for this webinar

To be eligible to receive this credit, please ensure you answer at least four (4) out of the

five (5) polling questions

You will receive the CPE certificate via e-mail approximately two (2) weeks after the

webinar date

In the Resources Area, you can save/print a copy of today’s presentation

If you are having trouble hearing the audio through your computer, a separate phone line is

available for your use.

• US/Canada Line (844) 498-5681

• International Line (574) 990-1348

• Conference ID 64233125

3



TODAY’S SPEAKERS

4

Ari Sagett is a Managing Director in Protiviti’s Chicago office. Ari has more than

14 years of experience helping global clients maximize the value of governance

processes and evaluate and understand the risks associated with their use of

technology. As part of the Central Area IT Audit Leadership Team, Ari has

extensive experience in all facets of the audit lifecycle and has managed a variety

of projects for clients in multiple industries.

[email protected]

Tyler Chase is a Managing Director in the Houston office of Protiviti where he is a

leader in performing internal audit and risk management engagements. He

specializes in enterprise risk management, risk assessments and audit planning,

IT audit, and energy industry risk management and internal audit. Tyler is a

graduate of Texas A&M University.

[email protected]



TODAY’S SPEAKERS

5

Tony Noble is the New York based VP of IT Audit for Viacom Inc., a role he has

held for 18 years. He has 30 plus years of IT experience ranging from Computer

Operations in large data centers to IT Audit. He has been employed by major

organizations, such as, UPS, Coopers & Lybrand and the former Chase Manhattan

Bank during his 27 years as an IT auditor. He was a member of the ISACA

International Knowledge Board in 2015 and the Chair of the COBIT 5 for

Assurance Guide Task Force which was published in May 2013.

[email protected]

Mark Peters is a Managing Director and leads our IT Audit practice in the UK.

Mark specializes in supporting clients through outsourced or co-sourced internal

audit support arrangements. He has worked in a diverse range of industries

including Financial Services, Energy & Utilities and Consumer Products in advisory

and internal audit roles for some of the world’s premier global organisations. Mark

has over 25 years experience in IT audit, IT risk management, systems

implementation and security. Prior to joining Protiviti, Mark spent 12 years within

the IT Advisory Team at KPMG.

[email protected]



TODAY’S AGENDA

Q&A

Digitization

and Internal

Audit

Digitization

Risks

What is

Digitization?

6



WHAT IS DIGITIZATION?7



DIGITIZATION OVER TIME

8

• 2400s – Abacus Invented

• 1930s – First Computer

• 1970s – First Personal

Computer

• 1990s – Emergence of the

Internet

• 2000s – Emergence of

Mobile Computing

• 2010s and Beyond –

Peer-to-Peer Businesses,

Smart Devices,

Blockchain, and Digital

Currencies

Technological advancements have dramatically changed the way we live, interact

and do business.



MEANING OF DIGITIZATION

Digitization is the usage of technology

and digital advances, such as analytics,

mobility, social media and smart

embedded devices, to radically improve

performance or reach of enterprises.

With digitization, companies across

industries are racing to migrate

“analog” approaches to customers,

products, services and operating

models to an “always-on”, real-time and

information-rich marketplace.

9



DRIVING FORCES OF DIGITIZATION

Real-time, online

reporting of

customer account

activity.

Purchased devices are

ready for immediate use.

Organizations have

continuous access to

customer data.

Transactions are approved in

minutes.

Customer Expectations…

10



ACCELERATED TRANSFORMATION

Meeting Expectations…

Companies must adapt and accelerate.

It is more than just process automation

– this requires transforming entire

business operations.

11



REDEFINING COMPANY VALUES

1

2

3

4

8

7

6

5

Customer Experience

Digital Culture

Channel Options

Regulatory

Governance

Real-Time Responses

Business/IT Agility

Behavioral

Analytics

Secure Access

12



TECHNOLOGIES ENABLING DIGITIZATION

MOBILE

Mobility serves as the cost of entry

in the consumer market.

Businesses seeking optimization

are already on board with mobile

technologies.

SOCIAL

Social technologies allow for rapid

creation and sharing of knowledge

over social networks, enhancing

collaboration and information

distribution across a business.

ANALYTICS

Big data empowers analytics,

which generates

unprecedented insight to

enable real-time boardroom

decisions.

CLOUD

Cloud computing offers

agility, breaking down the

barriers of geography and

cutting the costs associated

with physical server

maintenance.

INTERNET OF THINGS (IoT)

Environment in which objects, animals, or people are provided with unique identifiers and the ability to transfer data over

a network without requiring human-to-human or human-to-computer interaction.

13



DIGITIZATION RISKS14



DIGITIZATION MEANS EVEN MORE IT RISK

1

2

3

Firms are using digital technologies to adapt their business models and

create new business opportunities.

This has exponentially increased the amount of data produced and

collected by companies.

For internal audit, it means that IT risk now spans the breadth of a firm’s

operations.

15



FOUNDATIONAL IT RISKS

Cybersecurity Data PrivacyUser

Administration

Change

Management

IT Governance

Connecting

with

Customers/

Clients

Data

Management

Records

Retention

Regulatory

Compliance

Third-Party/

VendorsFraud

Foundational IT risks are amplified in business functions and are risks that may not

have received priority attention in the past (e.g., marketing, customer service, etc.).

16



EMERGING RISK AREAS

Emerging risk areas demand increased attention as organizations continue to

pursue digitization opportunities.

Digital

Culture

Digital

Disruption

Connecting

Broadening

Data

Governance

Evolving

Technology

Trends

Globalization

of IT

17



DIGITIZATION MATURITY STAGES

BEGINNERS EARLY MAJORITY EARLY ADOPTERS LEADERS

Pharmaceuticals

& Healthcare

Manufacturing/IP

STAGE BEGINNERS EARLY MAJORITY EARLY ADOPTERS LEADERS

Definition Industries in this category

will adopt digitization later

than other industries. These

industries approach

digitization with a high

degree of skepticism and

after the majority of

industries has adopted it.

Individuals in this category

have adopted digitization

after a varying degree of

time. This time of adoption is

significantly longer than the

Leaders and Early Adopters.

This is the second fastest

category of industries who

adopt digitization. These

industries have the highest

degree of opinion leadership

among the other adopter

categories.

Leaders are the first

industries to adopt

digitization. They are willing

to take risks, have the

highest social class and

have great financial lucidity.

FMCG

Energy & Utilities

Hospitality

TelecomRetail

Financial Services

High

Technology

18



Uber Case Study

BUSINESS IMPACT: DIGITIZATION IS DISRUPTING TRADITIONAL MODELS

UBER CASE STUDY

In 2012, revenues for San Francisco’s yellow cab

industry were approximately $250M.

Within a year, Uber expanded the yellow cab market

cap by approximately 110%.

Uber, introduced in 2012, cut San Francisco’s yellow

cab industry revenues to half ($125 million) by

the end of 2013.

Uber now has 64% of the existing market share in

San Francisco and is disrupting other geographies

internationally.

“I’m predicting that over the

next 10 years, we will see a

number of very significant

disruptions in financial

services, let’s call them Uber

moments.”

– Antony Jenkins, Former

CEO of Barclays

19



INDUSTRY EXAMPLE: DIGITAL DISRUPTION OF FINANCIAL SERVICES

New Financial

Transaction

Giants

Traditional

Financial Services

Startups and

Emerging

Disruptive

Technologies

20



WHAT LIES AHEAD FOR DIGITIZATION?

Digital transformation

initiatives will be

consolidated into one vision

and function.

Digital transformation will

become the key strategic

thrust for most CEOs.

Digital transformation will

require new skills and shifts

in IT investments.

Artificial intelligence (AI) will

drive new digital

transformation revenue

streams.

Big data analytics will serve

as the foundation of digital

transformation.

IoT will be a catalyst for the

expansion of digital

transformation to all corners

of the economy.

WHAT LIES

AHEAD FOR

DIGITIZATION?

21



DIGITIZATION AND INTERNAL AUDIT22



INTERNAL AUDIT PERSPECTIVE

• How can the process,

measurements, and

controls be modified or

enhanced?

• What are other companies

doing?

• Are you missing out

on some best practices?

PAST

INSIGHT OVERSIGHT FORESIGHT

PRESENT

• Is the process operating as

planned?

• Are controls, resources,

and performance measures

adequate and operating

effectively?

• Are policies being adhered

to as intended?

FUTURE

• Where is this process

going? Can it scale as the

company grows?

• Will current controls be

adequate in the future?

• What planned or future

adjustments should be

considered?

23



OPPORTUNITIES FOR INTERNAL AUDIT

Stakeholders are open to new ways of consuming

insights.

Internal auditors are looking to build their skills to work

effectively in this new world and underwrite their future

value to the organization.

The speed of changes and proliferation of data are

creating new opportunities for internal audit to add

valuable insights.

24



DELIVERING VALUE

Internal audit needs to deliver value as organizations evolve.

Review the lifecycle of transformation (e.g., strategy, execution, ROI, security) to help ensure the

company has made investments that will have positive outcomes and will remain safe and secure.

EXAMPLES

Social Media Cloud Computing

25



DIGITIZATION’S IMPACT ON AUDIT PLANS

Example

Audits to

Consider

Cybersecurity Audits

1. Data loss detection evaluation

2. Incident response plan review

3. Insider threat and vulnerability analysis

Information Governance and Data Privacy Audits

1. Information accountability review

2. Personal information mapping review

3. Employee behavior tests

4. Data destruction audit

Mobile Technologies and Applications

1. Data encryption assessment

2. Mobile device management audit

3. Application development security risk assessment

Current Systems and Vendor Audits

1. Systems vulnerability assessment

2. Vendor preparedness review

26



TRANSFORMING THE AUDIT PROCESS

AUDIT DATA

ANALYTICS

CONTINUOUS

AUDITING

BIG

DATA

Effective Audits and

Fraud Detection

Identifying Multitude of

Behaviors

Continuous Assurance

27



QUESTIONS FOR INTERNAL AUDIT TO CONSIDER

Does the current-state internal audit plan consider digitization risks?1

Does IT leadership have a good understanding of the potential control

impacts associated with digitization?2

Does the internal audit function understand digitization?3

Do our auditors have the right skills to effectively evaluate digitization

risks and controls?4

Does the organization understand the impacts that digitization may have

on data privacy, cybersecurity and other regulatory compliance

obligations?

5

28



TWO IMPORTANT POINTS

Internal audit needs to integrate an awareness and

recognition of digital threats into everything audit — whether

this means checking on data sensitivity or auditing for

proper information governance protocols.1

Provide assurance over the organizational threats posed by

digitization. Failing to do so could make the company’s

leadership too risk averse leading to decisions that

decrease competitive advantage.2

29



Q & A

Let us know how we did on this webinar. Click on the

Survey icon in your attendee console to give us feedback.