Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
The future of Internal Audit impacted by data science
Prof. Dr. Rob Fijneman RE RA
KPMG/Tilburg University
—
Amstelveen, 11 December 2019
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Profile Rob Fijneman
IM, Accountancy, IT auditing, Ph.D
Started in 1986 @ KPMG, partner since 1997
Corporate clients and IT governance focus
2014-2019 BoM, Head of Advisory, interim CEO
Professor IT auditing Tilburg University and Tias since 2004
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Agenda
Dilemma’s
Internal Audit and data science
Data science
Digitizing – name of the game
Closing remarks
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Digitizing – the second machine age (2014)
Sensors to be placed everywhere (Long Range
transmission protocols, LoRA). Every knowledge
domain gets digitized
Access to knowledge is democratized
Entrepeneur developers combine information freely
Industry boundaries do not matter
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Digitizing – some further developments
From SMAC (Social Mobile Analytics Cloud) to ……
All types of continuous monitoring and auditing tools
available. IA can be robotized.
Disruptive technologies (IoT, Robotics, AI) develop
exponentially
From structured data to unstructured data (sensor data,
social media, customer profiles)
Platform concepts (winner takes it all, focus on US and
Asia)
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Data science – some insights
Data science is a concept to unify statistics, data
analysis, machine learning and their related methods
2012 stimulated by HBR calling ‘data science the most
sexiest job of the 21th Century”
Objective is to understand and analyze actual
phenomena with structured and unstructured data
It employs technologies and theories from different
domains like mathematics, statistics, computer science
and information science
Is it new or long existing, different views
Since 2013 launch of several formal international bodies
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Data science – audit of “data & analytics” and audit with “data & analytics”
Data & analytics as a tool to signal and analise business
trends and to validate controls both ITGCs and
application controls,
Fitting the solution into the IT infrastructure and running
(ERP) systems
The data & analytics solution also need to be validated
itself (is it reliable and consistent)
We could move towards 100% data validation
Supporting the concept of continuous monitoring and
auditing
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Data science – it is all about the quality of the data
Extensively prepare and clean your data
Take time to get to know your data and its environment
Data transformation and analysis
The above activities do not work as a straight line, it
requires investments
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Data science – some examples
D&A used during risk analysis phase: risk indicators,
patterns
D&A used to validate controls. Revenue cycle of a
wholesaler of baked goods. Audit objectives supported
by D&A: is revenu complete, are the sales booked in the
right period, any indications of irregularities (fraud
indication), which clients get higher discounts
D&A for performing substantive procedures
It supports the scenario’s of CM/CA. IA testing the
1st and 2nd line of defense CM activities and IA
performing CA.
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Internal Audit and data science – flow of activities
Identify business problem, business IA
Clean/validate data, data analyst
Define analytics question, both business IA and data
analyst
Identify minimum data needed, data analyst
Request data, data analyst
Transform data, data analyst
Generate outcome, data analyst
Answer business question, business IA
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Internal Audit and data science – common body of knowledge
Merging the business, audit and data science
knowledge
All auditors need to understand the basics of D&A
(therefore we have courses Digital auditing and the like)
Working together between specialists requires a
common ground of understanding (overlapping
knowledge domains)
D&A as a CoE within IA
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Internal Audit and data science – many initiatives in education
Tias IT auditing running a specialist track for Data &
Analytics
VU and Erasmus focusing on Digital auditing
Jheronimus Academy of data science interacting with
Audit curricula like IT auditing and financial auditing
Jheronimus Academy delivering ‘’tailor made” data
science courses to companies
Tilburg University kicked off Data driven audit course for
Financial auditors recently
Etc. Etc.
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Dilemma’s: balancing between “the audit of” and the “audit with” data & analytics
How to embed data science and data & analytics in the
auditing standards and filing requirements?
Evolving the common body of knowledge of both
(internal) auditors and data scientists: can we create
common ground?
How to ensure that data & analytics delivers audit
evidence?
Data & analytics requires a technical environment with IT
general controls operating effectively, how to get there?
Business knowledge needed to deliver meaningful
analytics
© 2019 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved.
Closing remarks
Be clear on the “blind spots”’, how to mitigate these?
Embrace diverse skill sets in your team and introduce
relevant career paths
Start the journey, Technology does not wait (trial and
error is allowed)
Be clear on your role as Internal Audit: CoE for data &
analytics to stimulate the business and/or CoE for audit
purposes
It will be a digital transformation of your audit function
Thank [email protected]
+31 6 53392036
+31 20 6567450
Insights derived from KPMG practices and client cases, Tilburg University Accountancy,
Tilburg University Executive Master of IT auditing and curricula of Jheronymus Data
Science Institute in Den Bosch
Amsterdam Business School
Prof. dr. Frank Verbeeten MBA, UvA
Finance & IA in the
Digital Age
Amsterdam Business School
Agenda
Developments in organizations
Finance involvement in transformative digital strategies
Impact of digital on Finance
• SSC/outsourcing
• Technologies applied in Finance
Finance professional competencies
Challenges in Finance transformation
What’s next?
Amsterdam Business School
Developments in organizations
‘It’s a VUCA-world’
• Volatile, uncertain, complex, ambiguous
Impact of digital on companies
• Impact on (digital) strategy and business model
• Finance as ‘economic conscience’ and ‘decision shaper’ involved?
Impact of digital on Finance
• SSC/outsourcing
• Robotics & Data analytics
Amsterdam Business School
Finance involvement in transformative digital strategies
Amsterdam Business School
What about other departments?
Finance involvement in transformative digital strategies
Amsterdam Business School
Are activities outsourced or structured in SSCs?
Impact of digital on Finance
Amsterdam Business School
Impact of digital on Finance
1= Not at all (0%)
2= Hardly (<25%)
3= Somewhat (25-50%)
4= To a large extent (50-75%)
5= (Almost) complete (>75%)
Amsterdam Business School
Impact of digital on Finance
Amsterdam Business School
Finance professional competencies
https://www.youtube.com/watch?v=KmMx1g9J40U
Amsterdam Business School
Finance professional competencies
Amsterdam Business School
Challenges in Finance transformation
Amsterdam Business School
What’s next?
What was required?
What is required?
Soft-controls:Back to the future
IIA Conferentie
Muel Kaptein - 11 December 2019
30
Volwassenheidsmodel Internal Audit Soft controls 1. Initial 2. Infrastructure 3. Integrated 4. Managed 5. Optimizing
A. Planning en
methodologie
B. Scope
C. Technieken
D. Rapportage
E. Kennis en
vaardigheden
SC staan in een
individueel jaarplan,
maar niet
opgenomen in audit
methodologie.
SC-model ontbreekt
SC opgenomen in
auditjaarplan en op
onderdelen beschreven
in audit methodologie.
Er is een basis
SC-model
SC onderdeel van
audit meerjarenplan
en toegesneden SC-
model is geïntegreerd
in audit methodologie
SC en toegesneden SC
model zijn onderdeel
van audit visiedocument
en vast onderdeel van
iedere audit en
werkprogramma
SC en toegesneden
SC-model zijn
geïntegreerd
organisatiebreed in
GRC en
risicomanagement.
SC-instrumenten
soms meegenomen
in entity level
controls
SC onderdeel Root
Cause Analyse
SC onderdeel hard
controls testing
SC object van audit
in kader van proces
overstijgende
thema’s
Auditen van SC self-
assessments van
business
SC
meegenomen
in bestaande
technieken
Periodiek gebruik van
gestandaardiseerde SC
auditmethodieken, zoals
interviewvragen, enquête
en observatieprotocollen
Periodiek gebruik van
op maat gemaakte SC
auditmethodieken
Continu gebruik van
SC auditmethodieken,
zoals real-time data-
analyse
Afwisselende mix aan
audittechnieken wordt
weloverwogen ingezet,
met ruimte om te innoveren
en experimenteren
Vrijwillige en
vrijblijvende
mondelinge
terugkoppeling van
gebreken
Schriftelijke, vrijwillige en
vrijblijvende rapportage
over gebreken
SC vast onderdeel in
schriftelijke rapportage
over gebreken
SC vast onderdeel
in schriftelijke
rapportage over
gebreken die
meewegen in rating
Schriftelijke (externe) vaste
rapportage over gebreken
en kwaliteiten die
meewegen in rating
(a.d.h.v. benchmark)
Eén auditor
heeft cursus
SC gevolgd
Alle auditors hebben
uniforme SC training
gevolgd
SC zijn onderdeel van
opleidingsplan en PE,
zowel kennis als
vaardigheden
SC is onderdeel van
PE, zowel kennis als
vaardigheden, waarop
wordt getoetst en
beoordeeld
Multidisciplinaire auditors
onderhouden
uiteenlopende, specifieke
SC-kennis en
vaardigheden
2000 2019 The future