© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION – WHAT DOES THIS MEAN TO INTERNAL AUDIT?
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
A REMINDER…
You can download a copy of the presentation via the Resources Area on your
screen.
Following the webinar, all attendees will receive a link to a copy of the presentation and
recording.
There will be a Q&A session at the end of the webinar. Please submit your questions by
clicking on the Questions Area on your screen.
If you are having trouble hearing the audio through your computer, a separate phone line is
available for your use.
• US/Canada Line (844) 498-5681
• International Line (574) 990-1348
• Conference ID 64233125
2
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
CPE CREDITS AND SUPPLEMENTAL INFORMATION
We are offering 1.5 CPE credits for this webinar
To be eligible to receive this credit, please ensure you answer at least four (4) out of the
five (5) polling questions
You will receive the CPE certificate via e-mail approximately two (2) weeks after the
webinar date
In the Resources Area, you can save/print a copy of today’s presentation
If you are having trouble hearing the audio through your computer, a separate phone line is
available for your use.
• US/Canada Line (844) 498-5681
• International Line (574) 990-1348
• Conference ID 64233125
3
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TODAY’S SPEAKERS
4
Ari Sagett is a Managing Director in Protiviti’s Chicago office. Ari has more than
14 years of experience helping global clients maximize the value of governance
processes and evaluate and understand the risks associated with their use of
technology. As part of the Central Area IT Audit Leadership Team, Ari has
extensive experience in all facets of the audit lifecycle and has managed a variety
of projects for clients in multiple industries.
Tyler Chase is a Managing Director in the Houston office of Protiviti where he is a
leader in performing internal audit and risk management engagements. He
specializes in enterprise risk management, risk assessments and audit planning,
IT audit, and energy industry risk management and internal audit. Tyler is a
graduate of Texas A&M University.
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TODAY’S SPEAKERS
5
Tony Noble is the New York based VP of IT Audit for Viacom Inc., a role he has
held for 18 years. He has 30 plus years of IT experience ranging from Computer
Operations in large data centers to IT Audit. He has been employed by major
organizations, such as, UPS, Coopers & Lybrand and the former Chase Manhattan
Bank during his 27 years as an IT auditor. He was a member of the ISACA
International Knowledge Board in 2015 and the Chair of the COBIT 5 for
Assurance Guide Task Force which was published in May 2013.
Mark Peters is a Managing Director and leads our IT Audit practice in the UK.
Mark specializes in supporting clients through outsourced or co-sourced internal
audit support arrangements. He has worked in a diverse range of industries
including Financial Services, Energy & Utilities and Consumer Products in advisory
and internal audit roles for some of the world’s premier global organisations. Mark
has over 25 years experience in IT audit, IT risk management, systems
implementation and security. Prior to joining Protiviti, Mark spent 12 years within
the IT Advisory Team at KPMG.
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TODAY’S AGENDA
Q&A
Digitization
and Internal
Audit
Digitization
Risks
What is
Digitization?
6
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
WHAT IS DIGITIZATION?7
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION OVER TIME
8
• 2400s – Abacus Invented
• 1930s – First Computer
• 1970s – First Personal
Computer
• 1990s – Emergence of the
Internet
• 2000s – Emergence of
Mobile Computing
• 2010s and Beyond –
Peer-to-Peer Businesses,
Smart Devices,
Blockchain, and Digital
Currencies
Technological advancements have dramatically changed the way we live, interact
and do business.
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
MEANING OF DIGITIZATION
Digitization is the usage of technology
and digital advances, such as analytics,
mobility, social media and smart
embedded devices, to radically improve
performance or reach of enterprises.
With digitization, companies across
industries are racing to migrate
“analog” approaches to customers,
products, services and operating
models to an “always-on”, real-time and
information-rich marketplace.
9
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DRIVING FORCES OF DIGITIZATION
Real-time, online
reporting of
customer account
activity.
Purchased devices are
ready for immediate use.
Organizations have
continuous access to
customer data.
Transactions are approved in
minutes.
Customer Expectations…
10
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
ACCELERATED TRANSFORMATION
Meeting Expectations…
Companies must adapt and accelerate.
It is more than just process automation
– this requires transforming entire
business operations.
11
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
REDEFINING COMPANY VALUES
1
2
3
4
8
7
6
5
Customer Experience
Digital Culture
Channel Options
Regulatory
Governance
Real-Time Responses
Business/IT Agility
Behavioral
Analytics
Secure Access
12
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TECHNOLOGIES ENABLING DIGITIZATION
MOBILE
Mobility serves as the cost of entry
in the consumer market.
Businesses seeking optimization
are already on board with mobile
technologies.
SOCIAL
Social technologies allow for rapid
creation and sharing of knowledge
over social networks, enhancing
collaboration and information
distribution across a business.
ANALYTICS
Big data empowers analytics,
which generates
unprecedented insight to
enable real-time boardroom
decisions.
CLOUD
Cloud computing offers
agility, breaking down the
barriers of geography and
cutting the costs associated
with physical server
maintenance.
INTERNET OF THINGS (IoT)
Environment in which objects, animals, or people are provided with unique identifiers and the ability to transfer data over
a network without requiring human-to-human or human-to-computer interaction.
13
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION RISKS14
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION MEANS EVEN MORE IT RISK
1
2
3
Firms are using digital technologies to adapt their business models and
create new business opportunities.
This has exponentially increased the amount of data produced and
collected by companies.
For internal audit, it means that IT risk now spans the breadth of a firm’s
operations.
15
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
FOUNDATIONAL IT RISKS
Cybersecurity Data PrivacyUser
Administration
Change
Management
IT Governance
Connecting
with
Customers/
Clients
Data
Management
Records
Retention
Regulatory
Compliance
Third-Party/
VendorsFraud
Foundational IT risks are amplified in business functions and are risks that may not
have received priority attention in the past (e.g., marketing, customer service, etc.).
16
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
EMERGING RISK AREAS
Emerging risk areas demand increased attention as organizations continue to
pursue digitization opportunities.
Digital
Culture
Digital
Disruption
Connecting
Broadening
Data
Governance
Evolving
Technology
Trends
Globalization
of IT
17
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION MATURITY STAGES
BEGINNERS EARLY MAJORITY EARLY ADOPTERS LEADERS
Pharmaceuticals
& Healthcare
Manufacturing/IP
STAGE BEGINNERS EARLY MAJORITY EARLY ADOPTERS LEADERS
Definition Industries in this category
will adopt digitization later
than other industries. These
industries approach
digitization with a high
degree of skepticism and
after the majority of
industries has adopted it.
Individuals in this category
have adopted digitization
after a varying degree of
time. This time of adoption is
significantly longer than the
Leaders and Early Adopters.
This is the second fastest
category of industries who
adopt digitization. These
industries have the highest
degree of opinion leadership
among the other adopter
categories.
Leaders are the first
industries to adopt
digitization. They are willing
to take risks, have the
highest social class and
have great financial lucidity.
FMCG
Energy & Utilities
Hospitality
TelecomRetail
Financial Services
High
Technology
18
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
Uber Case Study
BUSINESS IMPACT: DIGITIZATION IS DISRUPTING TRADITIONAL MODELS
UBER CASE STUDY
In 2012, revenues for San Francisco’s yellow cab
industry were approximately $250M.
Within a year, Uber expanded the yellow cab market
cap by approximately 110%.
Uber, introduced in 2012, cut San Francisco’s yellow
cab industry revenues to half ($125 million) by
the end of 2013.
Uber now has 64% of the existing market share in
San Francisco and is disrupting other geographies
internationally.
“I’m predicting that over the
next 10 years, we will see a
number of very significant
disruptions in financial
services, let’s call them Uber
moments.”
– Antony Jenkins, Former
CEO of Barclays
19
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
INDUSTRY EXAMPLE: DIGITAL DISRUPTION OF FINANCIAL SERVICES
New Financial
Transaction
Giants
Traditional
Financial Services
Startups and
Emerging
Disruptive
Technologies
20
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
WHAT LIES AHEAD FOR DIGITIZATION?
Digital transformation
initiatives will be
consolidated into one vision
and function.
Digital transformation will
become the key strategic
thrust for most CEOs.
Digital transformation will
require new skills and shifts
in IT investments.
Artificial intelligence (AI) will
drive new digital
transformation revenue
streams.
Big data analytics will serve
as the foundation of digital
transformation.
IoT will be a catalyst for the
expansion of digital
transformation to all corners
of the economy.
WHAT LIES
AHEAD FOR
DIGITIZATION?
21
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION AND INTERNAL AUDIT22
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
INTERNAL AUDIT PERSPECTIVE
• How can the process,
measurements, and
controls be modified or
enhanced?
• What are other companies
doing?
• Are you missing out
on some best practices?
PAST
INSIGHT OVERSIGHT FORESIGHT
PRESENT
• Is the process operating as
planned?
• Are controls, resources,
and performance measures
adequate and operating
effectively?
• Are policies being adhered
to as intended?
FUTURE
• Where is this process
going? Can it scale as the
company grows?
• Will current controls be
adequate in the future?
• What planned or future
adjustments should be
considered?
23
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
OPPORTUNITIES FOR INTERNAL AUDIT
Stakeholders are open to new ways of consuming
insights.
Internal auditors are looking to build their skills to work
effectively in this new world and underwrite their future
value to the organization.
The speed of changes and proliferation of data are
creating new opportunities for internal audit to add
valuable insights.
24
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DELIVERING VALUE
Internal audit needs to deliver value as organizations evolve.
Review the lifecycle of transformation (e.g., strategy, execution, ROI, security) to help ensure the
company has made investments that will have positive outcomes and will remain safe and secure.
EXAMPLES
Social Media Cloud Computing
25
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
DIGITIZATION’S IMPACT ON AUDIT PLANS
Example
Audits to
Consider
Cybersecurity Audits
1. Data loss detection evaluation
2. Incident response plan review
3. Insider threat and vulnerability analysis
Information Governance and Data Privacy Audits
1. Information accountability review
2. Personal information mapping review
3. Employee behavior tests
4. Data destruction audit
Mobile Technologies and Applications
1. Data encryption assessment
2. Mobile device management audit
3. Application development security risk assessment
Current Systems and Vendor Audits
1. Systems vulnerability assessment
2. Vendor preparedness review
26
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TRANSFORMING THE AUDIT PROCESS
AUDIT DATA
ANALYTICS
CONTINUOUS
AUDITING
BIG
DATA
Effective Audits and
Fraud Detection
Identifying Multitude of
Behaviors
Continuous Assurance
27
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
QUESTIONS FOR INTERNAL AUDIT TO CONSIDER
Does the current-state internal audit plan consider digitization risks?1
Does IT leadership have a good understanding of the potential control
impacts associated with digitization?2
Does the internal audit function understand digitization?3
Do our auditors have the right skills to effectively evaluate digitization
risks and controls?4
Does the organization understand the impacts that digitization may have
on data privacy, cybersecurity and other regulatory compliance
obligations?
5
28
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TWO IMPORTANT POINTS
Internal audit needs to integrate an awareness and
recognition of digital threats into everything audit — whether
this means checking on data sensitivity or auditing for
proper information governance protocols.1
Provide assurance over the organizational threats posed by
digitization. Failing to do so could make the company’s
leadership too risk averse leading to decisions that
decrease competitive advantage.2
29
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
Q & A
Let us know how we did on this webinar. Click on the
Survey icon in your attendee console to give us feedback.