Building an Audit Team in a Digital World
Ian Kirton, Senior Audit Manager of TSB Bank, delivered an insightful presentation at the IIA GAM (General Audit Management) Conference this month. His bank is undergoing a massive transformation to online banking and services, and Ian has been tasked with designing an audit department and data analytics strategy to support the cloud-based enterprise. Here are the key learnings he had to share.
Clarity of Purpose
The first and most important factor for organizations is to have a clear corporate objective, which the audit team can then align itself with in order to achieve it. This means ensuring that everyone understands the objective as well as their collective and individual roles in achieving it.
Maintain an Audit Universe
The ‘audit universe’ at TSB has grown to 106 auditable entities, including all of its systems, processes, products, strategic events and key change programmes. This forms the basis for its audit risk assessment and planning, which should be supported by internal and external information on hot topics and industry themes. Your audit universe should be updated regularly and contribute to achieving corporate objectives.
The audit team at TSB is comprised of audit professionals with diverse backgrounds in banking, regulations, risk, industry and IT. This diversity enables the team to tackle different business areas and build knowledge on those business areas. Now the team is equipped to audit TSB’s IT systems, third-party providers, chief information office (CIO) and operations.
New audit strategies, driven by the IIA’s Code of Ethics, have been developed to adapt to TSB’s digital transformation. The Code contains a self-assessment tool, which TSB utilizes annually. The self-assessment not only prepares the bank when it goes for external review but also produces a summary of activities the audit team preformed that year. This is then used to develop a one-page report of insights, root causes and themes discovered.
Data Analytic Strategy
Ian’s data analytics strategy starts with examining where you are currently. Then he looks at:
- Reinforcing the audit universe with data that allows him to spot trends and target resources to the highest areas of risk
- Using data as the vehicle to increase breadth and depth of coverage, efficiency and the targeting of adverse trends throughout the audit plan
- Developing the ability to continuously monitor key controls and undertaking regular, repetitive data audits of common activities
About Anu Sood:
Anu Sood is the Director of Product and Corporate Marketing at CaseWare Analytics and is responsible for the company’s global marketing strategy. Prior to CaseWare Analytics, Anu worked in various roles in the high-tech industry and her accomplishments range from writing software for telephone switches to launching a new global satellite communication service. Anu has extensive experience in strategic marketing, corporate communications, demand generation, content marketing, product management, product marketing and technology development.
Connect: Anu Sood