The Digital Disruption Wave catches all in its path. No less, internal auditors are waking to a new reality of added complexities.
At the 2016 National Conference held in Kuala Lumpur, Institute of Internal Auditors Malaysia (IIA Malaysia), the leading body for the internal audit profession in the country, has urged internal auditors to up-skill themselves with the necessary knowledge and skill-set to manage these growing challenges.
In the opening address, Lucy Wong Kam Yang, the President of IIA Malaysia, said, “Malaysia has a blueprint to achieve a Smart Digital Nation Status by 2020. This is spearheaded by Malaysia Digital Economy Corporation (MDEC).”
As part of this Smart Digital Nation ecosystem, it is therefore imperative that internal auditors must embrace digital technology and navigate through the changes required, to improve their ability to provide value to their organisations by performing audits relating to information and digital technology. Wong asserted that, “We want to navigate rather than to be swept away by the waves.”
“Internal Auditors now need to equip themselves with the knowledge to provide IT and Cyber Assurance. An IT and Cyber Assurance programme has to cover Cyber Security Governance Structure, Security Setup, Threats and Vulnerabilities, Crisis Management Programme, Business Continuity Planning and Disaster Recovery Planning,” continued Wong.
She added that, “To effectively transform to cover these areas, internal auditors need to conduct risk assessment of IT areas, perform data analytics, carry out continuous auditing, obtain resources for IT/Cyber Assurance, participate in IT systems development projects, perform IT governance review, review outsourced IT services and get updated on current and emerging technology.”
YBhg Tan Sri Haji Ambrin bin Buang, Auditor General of the National Audit Department was on hand to officiate the conference. He remarked that, “The public sector in the last decade has embarked upon the technology era, with explicit development of infrastructure and services to support and shape how technology helps create value for the government. There are new regulatory requirements that the government are racing to catch up, leading to new and emerging laws on tax, privacy and data handling.”
He further explained that, “However, along the way, the public sector has been faced with many challenges. Foremost is the implementation stage of technology. Breach of data is also something that both public and private sector should worry about.”
Indeed, internal auditors are perfectly placed to be change agents in any organisation, public or private. They are expected to not just be the “check and balance”… such controls can be easily automated, probably at a more efficient rate, by the multitude of middleware and software available in the market.
Instead, where internal auditors’ most valuable role comes in is the element requiring human judgment. That means when they proffer recommendations to improve policies, rules, workflows, processes and behaviours from both governance at the board level to the oversight at the ground level, in the age of the digital revolution.
Just look at some of the worlds’ most recognisable businesses today. Their products are not physical but intangible and completely ensconced in the digital sphere.
To stay relevant, internal auditors then must surely armour themselves differently and take on greater responsibility to face today’s digital threats and opportunities.
