On a recent trip to Paris, I arrived at the airport on the first day of a taxi strike protesting Uber, the rival upstart that has upended historical urban transportation services. With no taxi service available, I ended up taking the Metro from the airport to the station closest to my hotel. Suffice it to say, it was no treat trudging the last mile on city streets with luggage in tow, even in a city as beautiful as Paris.
The experience got me to thinking, however, about disruptive innovation and the risks it poses to organizations beyond obvious issues of competition. It also got me thinking about how disruptive innovation could impact internal audit and our areas of responsibility.
The Uber phenomenon has sparked considerable debate among economists and academics about whether the on-demand taxi service fits the definition of disruptive innovation. Even the author of the theory, Clayton Christiansen, has weighed in, co-authoring an article for the Harvard Business Review where he explains why the Uber model isn’t disruptive innovation.
But the bigger picture here is less about defining what model a rival business fits into, and more about how the break
–neck speed of today’s technology and innovation is making risks associated with technology-driven competition more prevalent than ever. Certainly, the biggest risk is failing to respond to disruptive competition no matter what it is labeled.
Internal audit must be cognizant of its role in helping the organization prepare for competitive threats. Christiansen’s seminal work on business disruption, The Innovator’s Dilemma, which has guided businesses for two decades, not only identifies where competition can emerge and how to respond to threats, but also warns of the danger of inaction.
An organization must create a system or process to identify risks associated with disruptive competition as well as the risks associated with renovation and innovation within the organization designed to stave off such challenges from upstarts. In other words, a strategy of adopting cutting-edge technology or innovating business models carries its own risks, and a good internal audit function must provide assurance on how such strategies fit into the organization’s overall risk appetite.
This is essentially a balancing act that must be carefully choreographed in cooperation with management and the board.
In the 1990s, internal audit faced its own test where the practice of outsourcing work was viewed as a threat to the profession. Today, most internal audit functions embrace the concept, often using co-sourced or third-party services to ease workload or fill in talent gaps in specialized audit areas. A recent CBOK report on third-party service use confirms that the practice is now commonplace.
The lesson from this example is that a profession can adapt to and incorporate technology or new business models once viewed as threats.
But the speed of technological change, and therefore competitive threats, today are happening at light speed compared to the 1990s. In a recent guest column in The Washington Post, Vivek Wadhwa warned that Christiansen’s parsing on whether Uber fits into the disruptive innovation model is beside the point. Google, Space X, Apple, and others are using technology to innovate in ways that will rewrite competition across multiple industries, according to Wadhwa, a fellow at the Rock Center for Corporate Governance at Stanford University. Disruption is no longer something that can be handled by a new division or department, Wadhwa wrote.
This again poses an opportunity for internal audit to provide insight and foresight to its stakeholders. As the area most likely to have an enterprisewide view of the organization, internal audit can offer a valuable perspective to help develop strategies and process to address disruptive innovation. I should note here that internal audit can benefit from disruptive innovation. Bethmara Kessler, the innovative CAE at Campbell Soup Co., preaches the benefits of “disruptive chaos” within the internal audit function. She warns that internal audit can become irrelevant if it doesn’t embrace and encourage innovation in internal audit’s approach to its work.
I’d like to hear your thoughts on internal audit’s role in addressing this increasingly dynamic risk.