TOMORROW'S ERM TODAY: Disruptive technology risks are becoming a critical concern for internal auditors.

Author:Wright, Charlie
Position:Risk Watch - Enterprise risk management
 
FREE EXCERPT

As enterprise risk management (ERM) programs continue to mature at organizations around the world, internal auditors are now facing a new challenge. Technology risks are evolving and changing so rapidly, it is difficult for management to assess the new threats and adjust its strategies to manage and mitigate them. Applications that use disruptive technologies, such as artificial intelligence, advanced robotics, 3D printing, blockchain, and the Internet of Things, are being designed quickly and often generate new high-growth markets. Internal auditors are struggling to stay abreast of the most recent developments and identify new internal controls that add value.

Additionally, the exponential growth of computing power has enabled organizations to capitalize on the use of mobile devices and leverage the ubiquity of the internet to reach their markets almost instantly. While this is an exciting and challenging opportunity for marketers and business managers, it has injected new risk considerations for internal auditors.

Business Advances

Digitalization of data has created opportunities to improve data analytics, use algorithms to facilitate cognitive intelligence, and create bot applications that perform automated tasks. The essence of the risks and controls has not changed as much as the underlying technology. The processes still need to adhere to organizational policies and procedures, change management practices are still a vital component in transitioning to new tools and processes, and system and access controls must be enforced.

However, some controls that were important in the past now take on a new level of criticality. Automated algorithms result in less transparency of the underlying process. When data is used and shared through these processes, accuracy, and completeness become a necessity. An organization needs very specific controls to ensure a bot does not proliferate erroneous data. Information security and access control processes must treat the bot as if it were a person and only allow access to appropriate data. Checks and balances must be integrated into the process to ensure the results are accurate, service level agreements are met, and contracts are adhered to.

Advanced materials, 3D printing, and autonomous vehicles are other advances that are transforming the business landscape. New businesses created by these technologies need to follow established governance processes and design risk management and internal controls...

To continue reading

FREE SIGN UP