Why Internal Audit Needs Data Experts

“Data!data!data!" he cried impatiently. "I can't make bricks without clay.”

― Arthur Conan Doyle, The Adventure of the Copper Beeches - a Sherlock Holmes Short Story

A Chief Audit Executive once said to me, “almost every team follows a process, just because they don’t write it down, doesn’t mean one doesn’t exist.” It was at that moment that I realized that the lack of capability maturity or process rigor, doesn’t necessarily mean that no process exists. From that point forward I began describing the lack of written processes as “no articulated process” instead of “no defined process.” Semantics to most people, but meaningful nonetheless.

Fast forward more years than I care to admit, and I have found that the pace of business has rendered process discipline almost obsolete to many of the stakeholders I find myself working with in business environments. Blackrock’s 2024 Investment outlook sums up how volatility and, more importantly, change will impact our traditional perspectives of the business cycle:

“There’s a temptation to interpret the new regime by taking a classic business cycle view of the current environment, we believe. This misses the point: the economy is normalizing from the pandemic and being shaped by structural drivers – shrinking workforces, geopolitical fragmentation and the low-carbon transition. The resulting disconnect between the cyclical narrative and structural reality is further stoking volatility, in our view.”

In my own world I have often been tasked with the role of building out Internal Audit teams, creating processes, implementing systems, and providing structural frameworks for Internal Audit teams to be more effective. In that same respect, I work closely with business stakeholders to assess processes, gaps, and identify areas of improvement. Each year that goes by it seems like business operations are changing at an increasing rate. Team, department, and division reorganizations are more common than ever before and it is not unusual for me to be talking to a team of entirely new people within a given function within the span of 12 months.

That makes process discipline and rigor hard to establish and harder to maintain. It also raises the question of what is the value of building processes and to what extent teams should spend a great deal of time defining, writing down, and maintaining processes that may be obsolete in the span of a few months?

SaaS and data systems have a role to play here. I started my career in software development and systems integration. And while I am usually the first person to say, “define the process before building the system,” I must admit that my resolve has wavered in the past few years seeing what I have seen. The ubiquity of SaaS and data tools means that in almost all aspects of the modern business environment, we have sources that can give us information. As these tools advance, we see new and interesting ways for us to understand what is happening in business environments. Celonis, for example, a process mining SaaS tool is a great example of how we can put what is happening in our own data systems to work for us.

What this means for the Internal Auditor, however, is that teams are collecting more and more data that can be useful in understanding risk, providing assurance, and helping the business to understand how to continuously improve. It means that the future of Internal Audit is in the hands of the savvy data analyst. We all have to embrace this reality and begin training ourselves to build those bricks Sherlock Holmes mentioned in the Adventure of the Copper Beeches.

Where do we start? I recommend that Internal Auditors begin with understanding how database systems work. From metadata to the data fields used regularly in the different systems that are currently operating in your company’s environment, take the time to learn. Understand how data is stored and used by different teams and departments. Understand the layer that sits below the dashboards you probably see regularly from different teams.

Years ago, I worked in several B2B sales environments and a trick of salespeople was to keep potential sales out of their pipelines when they met their pipeline targets. This enabled them to declare a win close to period end or hide the loss if the sale never closed. However, this created volatility in the pipeline reports used by management to make critical business decisions and invest in growth opportunities. What was good for the individual, wasn’t necessarily good for the broader company. As an Internal Auditor, data can help you tell this story in a meaningful and impactful way. The risk becomes quantifiable and the outcomes can impact everything from how management makes strategic decisions to how salespeople are compensated. Without an understanding of data you could never hope to get to the bottom of something like that. And, more importantly, you find it challenging to make the case to management that something is wrong and that they should do something about it.

I propose that over the next decade, Internal Audit professionals who don’t have a strong command of data analytics will be ineffective in their roles. They will, in essence, be living in houses of straw, not brick. Do yourself a favor, keep making those bricks and start becoming your team’s data expert.

Michael Pellet is a leader in the Internal Audit space and currently Director of Internal Audit at Lyft, a rideshare company. Michael has spent the bulk of his career in the technology sector, with experience at Fortune 500 SaaS companies in operations, marketing, and audit roles. Michael was also a successful entrepreneur, which included starting and selling two separate companies as well as raising outside investment capital for a medical products company. You can learn more about Michael on LinkedIn.

Copyright 2024 - Internal Audit Next, All Rights Reserved