There is One Way Traffic – Downhill

Downhill blog
3 min read

The Instagram of Risk Blog Series: First Coffee, Then Audit

At the beginning of November, I attended the Charted Institute of Internal Auditors event in London, where MetricStream was exhibiting. I had the opportunity to network with the delegates and attend the keynote session. This was my takeaway.

Listening to the main presentation, set on a stage in a room full of financial professionals was anything but jaded. The presenter had the room in tears of laughter as he compared some people in the industry as cliff divers, the adrenaline rush as you look down and see the water below looking incredibly far away can make you run a mile. In a similar setting, the telltale signs of so many companies that got their accounts wrong and had to declare bankruptcy was a revelation, but no laughing matter.

You can say that hindsight is a wonderful thing, but a closer look at these failed companies balances sheets and annual reports would make the hairs on the back of your neck stand up. With falling share prices, falling short of analyst’s expectations, or sudden change of management, there are several ways you can disappoint shareholders. However, when you add creative accounting to the mix, then it is a poison chalice.

But who stands to be framed when companies are in serious trouble with deceiving accounts? Is it the management team or the auditors? Is it the investors or the bankers? Or should the blame be shared between them all?

Let’s compare this to an iceberg, only 10% of it is above the water, the rest of it is submerged under the sea, and this is very much like the accountings of a firm. On the surface everything looks fine, but if you dig a bit deeper you will unearth several surprises that are not what they seem.

The audit profession is subject to strict oversight and ultimately CEO’s and directors of companies will take full responsibility. This is where the buck stops. Audit teams need to become more agile, and they need to consider several factors especially when considering internal controls, including third party risk, cyber security, data governance, and data compliance.

Auditors who use the latest technology within their own teams are well equipped to understand the associated risks with security issues and system failures.

When dealing with a company’s financial records, auditors need to be aware of other indicators that may cause a company to nosedive:

  • Cost becomes an asset
  • Unusual stock adjustment
  • Massive accrual of income
  • Goodwill
  • Deteriorating quality of assets over the effective lifetime
  • Bad debt provisions
  • Conflict of interest

Having an audit program that is aligned to organizational goals and prepared for multi-dimensional risks while preserving the trust of every stakeholder will shape your audit universal.

Companies need to create agility and collaborate across teams to optimize audit productivity and allocate resources based on the highest risk impact.

There is a lot to be said about the right technology and choosing the right provider, which includes:

  • Protecting the business and meeting regulatory requirements
  • Migrating from manual processes to automated workflows
  • Driving consistency across the organization
  • Recurring audit planning and execution integrated with resource & time management
  • Centralizing GRC Library of risk, control, auditable entities with relationships
  • Automating workflows that include review and approval of key activities

The secret is to leverage a centralized risk framework, as audit planning is central.

With the right data, wrapped in a dashboard you can generate a draft or even final audit reports with review and approval workflows. You can gain real time access to audit data with status reports. With risk assessments, you can document, manage, and assess risk across the origination.

The right audit platform accelerates audit cycles, helps improve audit strategies, reduces audit costs, and enhances auditor productivity.

And of course, you can provide external auditors and regulators with access to audit data for pre-defined time periods.

At MetricStream, our audit team community has transformed their departments by embracing the latest technology. They are truly the Instagram of Risk.

That reminds me, until the next time we meet, stay away from cliff diving.

This blog is the second in the Instagram of Risk blog series. Read the first blog where Suneel summarizes the key takeaways from the in-person events of the Oct 21 GRC Summit held in London, Copenhagen, and Zurich.