It was a full house at the IT Internal Audit Conference 2017, held on 23 November at KPMG’s Canary Wharf building. This increasingly popular event, now in its seventh year, brought together senior internal auditors and other finance professionals from different industries and geographies to understand the risks facing IT internal audit (ITIA) and the critical contribution they can make to their businesses.
Morning session
The morning session started with cyber, an area which has somewhat fallen off the radar. And yet the cyber threat is rapidly growing: incidences and amounts involved have soared as organised crime applies old-fashioned theft, fraud and extortion to the online world.
Although the nature of cyber crime has changed dramatically over the past two decades, the key to prevention still sits with basic controls, agilely and constantly adapted to the changing nature of the threats faced.
Breakout sessions followed. The most popular was on innovation in internal audit, which considered how modern organisations could best organise their internal audit (IA) functions to generate the new ideas needed to keep ahead of risks.
The session on independent programme assurance concluded that IA leaders should be concentrating on building agility into the heart of their audits. The group considering governance, risk management and compliance focused on the power generated when these three functions were fully integrated. Finally, the digital session looked at how to enable true disruption by ensuring digital is at the heart of everything an organisation does.
Afternoon session
After lunch it was back to plenary sessions, starting with technology and privacy. While GDPR has brought this conundrum to the fore, the broader question is how technology impacts privacy as both an enabler and a barrier. The advice? Do not put technology first but start by setting out the organisations policy objectives. Taking this route can help minimise issues with different and conflicting regulations, and enables the organisation to better communicate with its customers so they can appreciate the benefits of their sharing data.
Practical demonstrations of the power of data & analytics followed. In the first example, drilling down through the typical steps in an order-to-cash process exposed anomalies and helped IA get optimal coverage of specific populations in its testing. In the second, predictive analysis was applied to payment card fraud. By considering where the card was abused, where it had been compromised and which cards were likely to be compromised in the future, the algorithm forecast which cards might be subject to future fraud.
The conference ended with a panel discussion on how artificial intelligence (AI) will enable organisations to solve problems. Most organisations are already developing or using AI – although their finance may be unaware of this. Meanwhile IA is wary of using AI due to an inability to audit it. The burning question IA must face is how to gain comfort over AI as its use grows in the organisation, with the reassuring evidence that the best results come from combining machine learning with human interaction.
Download all the presentations from the event below:
Our audit insights
Something went wrong
Oops!! Something went wrong, please try again
Get in touch
Discover why organisations across the UK trust KPMG to make the difference and how we can help you to do the same.