© institute of internal auditors 2019 connect with the iia ... presentations/unlikely...
TRANSCRIPT
![Page 1: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/1.jpg)
© Institute of Internal Auditors 2019 1CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 2: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/2.jpg)
Unlikely Allies:Leveraging Internal Partners to Increase Audit’s Effectiveness and InfluenceKEN RAMALEY / RAMALEY GROUP
APRIL 1, 2019
© Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 2
![Page 3: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/3.jpg)
ObjectivesIdentify key internal partnerships that can be brought to bear on specific audits to amplify messaging
Understand audit’s role in connecting disparate functions within the organization
Increase audit’s organizational influence based on broad strategic alignment
© Institute of Internal Auditors 2019 3CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 4: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/4.jpg)
Introduction – The “Who Cares” ProblemAudit work in Customer-Facing areas tends to focus on customer-facing concerns
Enterprise-level risks correlating to these observations may reside elsewhere Delivery may not align with “brand promise” (marketing) Product/need matching may not align with profitability (finance/product) or with customer retention
efforts (customer experience / brand)
Client management may downplay significance of findings in discussions with audit
© Institute of Internal Auditors 2019 4CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
Opportunity: Engage “unlikely allies” to help client management understand significance of observations and drive prioritization of remediation efforts
![Page 5: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/5.jpg)
Finding Unlikely AlliesPlanning Phase
When planning your audit, identify WHO will be impacted by various risks that are driving the audit’s scope and prioritization
Exception Assessment Phase
Once exceptions have been identified, understand WHO in the enterprise will be most impacted by the deficiency and enlist support appropriately
© Institute of Internal Auditors 2019 5CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 6: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/6.jpg)
Planning PhaseWhen planning, most audit departments assess risk using a chart like the one below
© Institute of Internal Auditors 2019 6CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
This simplified chart identifies the types of risk that are driving the prioritization of different functions within the entities
The same risk drivers can help to identify unlikely allies as particular pieces of the enterprise are reviewed
![Page 7: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/7.jpg)
Planning Example
© Institute of Internal Auditors 2019 7CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
In this example, we see Financial, Reputation, and Fraud Risk associated with the activity “Ticket Sales”
Who are our possible allies?
![Page 8: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/8.jpg)
Planning EngagementOnce allies have been identified during the planning phase, they can be engaged:
1. Reach out to function impacted by audit client operations
2. Discuss the types of activities executed by the client and ask for perspective on risk
3. Identify expectations (possibly auditable standards)
4. Collect documentation supporting expectations and existing relationships / reporting provided by client to impacted area
5. Obtain commitment to partner if any deficiencies are observed
© Institute of Internal Auditors 2019 8CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 9: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/9.jpg)
Exception Assessment PhaseAny time an exception is found, the auditor’s first question is “How big a deal is this?”
Audit will have an opinion on severity, but other impacted areas will be able to provide support and perspective that will assist auditor judgments
Steps for exception assessment:
1. Trace exception back to pre-review risk assessment for a clue as to severity
2. Using the same linkages established in planning phase, engage unlikely allies for support
3. Present exceptions to client, together with feedback from allies (can have a joint meeting if desired)
4. When writing final audit issue, incorporate impact assessments provided by allies
© Institute of Internal Auditors 2019 9CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 10: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/10.jpg)
Exception Assessment Example #1During a review of customer-facing sales practices, the audit department determined that sales people were “going the extra mile” by helping their new customers log into the company’s website to demonstrate how to use its features.
Among other things, the sales team was creating the customer’s new password, and clicking past all of the “opt in” screens that appear during first login.
While the customer was immediately emailed a link indicating that a password had been created, the customer was not required to change password, nor were “privacy opt in” boxes popped up on any subsequent login.
Client management was delighted at the high website adoption rate of salespeople in those facilities that executed this practice
Information Security, Compliance, Marketing, and Customer Experience teams were all quite distressed to learn about this concern and rapidly formed a coalition to change the practice.
© Institute of Internal Auditors 2019 10CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 11: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/11.jpg)
Exception Assessment Example #2During a call center review, an audit team identified that a “Frequent Guest” loyalty product had points that expire without notice to the customer. The policy of point expiration was clearly stated in paragraph 23 of the 4-page “terms and conditions” document.
When the observation was initially presented to the call center manager (client), she indicated that since her team was following the policy, there would be no problem.
The audit team contacted the product owner (potential unlikely ally), who explained that the only reason the product was profitable was due to “breakage” and that if the points didn’t expire, reward levels would have to be lowered dramatically.
The audit team then contacted the brand marketing department (another unlikely ally), who had advertised the program as having “easy to redeem points” that “never expire”.
VP of Marketing was outraged to learn that this product was not aligned with the promises being made and asked for a highest severity audit issue to be assigned to marketing, product, and fulfillment teams until such time as the policy was revised and new practices were executed.
© Institute of Internal Auditors 2019 11CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 12: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/12.jpg)
Exception Assessment Phase Learnings Building a coalition of allies increases likelihood of audit-identified concerns being addressed
Acting to bring diverse segments of the company together puts audit in a “collaborative” role rather than more traditionally “combative”
While audit will always have independent, informed perspectives on severity (and may need to overrule even “allies”), this approach keeps audit’s credibility and influence high
© Institute of Internal Auditors 2019 12CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 13: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/13.jpg)
Group Exercises / ExamplesAudit Finding:
During a period of low business volume, call center associates who have not been trained on certain product sets will be assigned to answer questions about those products. In testing, 15/50 basic questions about product pricing were answered incorrectly.
Business Response:
They were not off by much, and we know that customer hold time is a major driver of dissatisfaction, so this is the right choice – it can’t be an issue!
Who are some allies who may want to weigh in on this?
© Institute of Internal Auditors 2019 13CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 14: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/14.jpg)
Group Exercises / ExamplesAudit Finding:
An audit of the new product launch department identifies that they fail to execute the “communicate new product parameters to IT” step in a timely manner consistent with their policy on 30% of product launches.
Business Response:
The products are still launching on time and we have not had any significant IT issues associated with our launches.
Who are some allies who may want to weigh in on this?
© Institute of Internal Auditors 2019 14CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 15: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/15.jpg)
Next Steps Integrate “WHO CARES?” into enlisting allies during planning / risk assessment
Integrate “WHO CARES?” into enlisting allies during exception assessment
In ongoing management discussions, fish for challenges in OTHER GROUPS that may impact them
© Institute of Internal Auditors 2019 15CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
![Page 16: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/16.jpg)
Questions and Answers?
© Institute of Internal Auditors 2019 16CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977
For additional information or further discussion, contact:Ken [email protected]
![Page 17: © Institute of Internal Auditors 2019 CONNECT WITH THE IIA ... Presentations/Unlikely Allies.pdf · Audit work in Customer-Facing areas tends to focus on customer -facing concerns](https://reader031.vdocuments.us/reader031/viewer/2022040704/5e00f559a23fb476465dce44/html5/thumbnails/17.jpg)
Thank you for your time and attention!IIA CHAPTER CHICAGO | 59TH ANNUAL SEMINAR
© Institute of Internal Auditors 2019 17CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI | #IIACHI | WWW.FACEBOOK.COM/IIACHICAGO | HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977