The Role Of Internal Audit In Digital Trust

Bruce McCuaig

What is digital trust? In the words of PwC, “If the lifeblood of the digital economy is data, its heart is digital trust – the level of confidence in people, processes, and technology to build a secure digital world.”

Why is digital trust essential?

Today, the gold standard of corporate governance is reliable internal control over financial reporting. Good financial reporting is an indicator of good corporate governance.

If we believe PwC is right, then the application of automation and artificial intelligence will result in effective, secure, and reliable performance across all business processes. Digital trust will impact not only financial reporting, but the overall strategies, conduct, and performance of an organization.

Assessing and providing assurance on digital trust in an enterprise is critical. Failure to achieve it will have far greater political, economic, financial, and social impacts than failures in financial reporting. Digital trust is clearly a goal worth pursuing.

What’s the role of internal audit in digital trust?

I have had the opportunity to ask this question to groups of internal auditors and audit executives around the world. Their answer has been unanimous and unequivocal.

Without exception, they tell me the demand for and importance of internal auditors will increase. Artificial intelligence, in all its forms, along with automation brings vastly increased risk.

Internal audit will play a pivotal role in achieving digital trust, they say. More audits and more auditors are essential.

Will digital trust disrupt internal audit?

I don’t disagree that internal audit will play a critical role in a world where digital trust is a value-adding differentiator. I do not agree that more auditors and more audits as we know them today are the answer.

What drives digital trust today?

Most automobiles today have the automation and intelligence to manage most of the risks associated with their safe and reliable operation, including in some cases the driver. Imagine you have just purchased a new, highly automated automobile. It might be a self-driving electric vehicle or have a traditional engine with advanced intelligence and automation. But you can expect that every system in the vehicle, from the “infotainment” system to the braking system, has a high degree of intelligence and automation. And it has a dashboard that continuously monitors the performance of every critical system to provide alerts and advice, up to and including taking over control of the vehicle.

Now imagine that the manufacturer of your new intelligent vehicle sends you a letter advising you that the sophisticated intelligent and automated features demand significantly more maintenance more frequently. It goes on to say that the manufacturer has significantly increased the staff levels of mechanics and technicians in dealerships to accommodate the anticipated demand.

Forgive me for comparing internal auditors to mechanics (I am a fan of both groups), but I think the point is clear. That’s not going to happen. There will likely be fewer mechanics, not more, and there will be highly trained and highly skilled technicians.

Predictive maintenance replaces the audit universe

I recently visited my dealer for routine scheduled maintenance. I parked in the service bay and walked up to the technician to explain what I thought needed to be done. She had already written up the work order. Data in my digitized “key” was transmitted to her computer as soon as the car entered the service bay. The intelligence built into the vehicle and its sensors provide the technician with a snapshot of the performance of the vehicle’s systems and critical components.

Internal audit – disrupted but more critical than ever

Here are my predictions for the future:

  • We have reached the limits of after-the-fact tests of internal-control effectiveness paradigms and the standards and practices that underlie them. More audits of today’s “control activities” won’t effectively or efficiently produce digital trust.
  • Bots will replace most control activities and will require predictive maintenance, not audits.
  • “Control effectiveness” will be measured against process or business performance, not against “control objectives.”
  • Internal audit will play a major role in the upfront design and ethical application of automation and intelligent technology.
  • Digital trust will come from effective design and monitoring processes, and reliable system and business performance will be the test of audit effectiveness. Digital trust must be designed into intelligent systems upfront, not audited at the back end.
  • Expect significant disruption in the paradigms of risk and control management as we know them today.

As always, I am interested in your views.

Learn more

Want to hear more how finance leaders are harnessing the power of technology innovations to transform their operations? Register today to attend the first-ever, complimentary online SAP Finance and Risk Management Virtual Event for an insightful experience of customers, experts, partners, and SAP executives discussing today’s pressing challenges and opportunities.

This article originally appeared on the SAP Analytics blog and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Bruce McCuaig

About Bruce McCuaig

Bruce McCuaig is director of Product Marketing at SAP GRC solutions. He is responsible for development and execution of the product marketing strategy for SAP Risk Management, SAP Audit Management, and SAP solutions for three lines of defense. Bruce has extensive experience in industry as a finance professional, as a chief risk officer, and as a chief audit executive. He has written and spoken extensively on GRC topics and has worked with clients around the world implementing GRC solutions and technology.