The Challenges to Internal Audit in a Zettabyte World

The long-promised next generation of mobile connectivity, known as 5G, will soon be reality, with some experts predicting a quantum leap in the technology in as little as two years. Hans Vestberg, CEO of Verizon Communications, put the impact of 5G on the world in perspective when he spoke recently at the 2019 CES conference in Las Vegas. “5G will change everything,” he said.

The next generation of mobile technology will go a long way toward delivering on the promise of a fourth industrial revolution. The first industrial revolution was driven by steam and mechanization, the second by electricity, and the third by digitalization and computers. The fourth will be about connectivity.

The biggest impact of 5G will not be in faster download speeds; it will be in how 5G fuels a “connected everything” world. For example, the technology will enable a tenfold increase in the density of connected devices within a square kilometer, from 100,000 to 1 million. 

This is what makes 5G a transformative technology. It will increase the volume of data coming into organizations from billions of bytes of data, known as gigabytes, to trillions of gigabytes, known as zettabytes. Indeed, by 2020, it is estimated that there will be 50 billion connected devices generating 4.4 zettabytes of data. That would be a seismic increase from the .1 zettabyte generated in 2013.

It is hard to grasp the enormity of what 5G can mean to the volume of data that will be available to organizations. But it is easy to predict that organizations will try to leverage this powerful new business tool. And that creates a classic risk/opportunity conundrum. Collecting, analyzing, understanding, managing, protecting, and auditing today’s data already poses problems for many organizations. Imagine what it will be like when data streams expand exponentially. Cybersecurity challenges, already a significant concern for organizations, will grow as more data pours in. Complicating the issue further is the burgeoning global data privacy movement. Even in the most positive light, 5G will be a massive technological disruptor and require organizations to rethink how they gather, use, and protect data.

How will internal audit cope? Last year’s North American Pulse of Internal Audit report laid out four steps necessary for the profession to adapt and thrive in a technology-enabled world. Internal audit has to:

• Become agile.
• Pursue innovation.
• Redefine its talent.
• Inspire board engagement.

The coming 5G revolution makes the need for transformation even more urgent.

In a blog post about the Pulse report, I wrote: “Internal audit will be asked to do more, requiring us to pivot to stakeholder demands as we have done before. However, the pressures driving change and disruption today cannot be eased by simply relying on what we’ve done in the past.”

My blog post listed several actions audit leaders could take to help achieve the four transformative steps. However, nearly a year later, it appears we are making slow progress when it comes to redefining talent. An early peek at responses to the 2019 North American Pulse of Internal Audit survey, which will be released at The IIA’s General Audit Management Conference in March, suggests the profession continues to struggle with improving IT and cyber skills. What’s more, the average audit plan devotes less than 20 percent of its allocation to IT and cyber, according to the latest Pulse responses. Granted, transformation is a process that takes time, but time is running short.

Ironically, taming the 5G data tsunami will require internal audit to embrace technology unlike ever before. Artificial intelligence, robotics process automation, and other technologies offer the most obvious options for internal audit to cope with the disruption. Additionally, the profession will have to develop a very close — almost symbiotic — relationship with IT departments. Internal audit leaders must embrace this approach, and communicate their needs clearly and directly to stakeholders.

There are many actions internal audit should be taking to cope in a zettabyte world. One of the best calls to action for the profession was offered by Protiviti in its 2018 publication, “Analytics in Auditing is a Game Changer.” Protiviti challenged the profession to raise its game in embracing analytics and offered 10 analytics action items for chief audit executives and internal audit:

1. “Recognize that the demand for data analytics in internal auditing is growing across all organizations and industries, and that the trend is certain to continue.”
2. “Seek out opportunities to expand internal audit’s knowledge of sophisticated data analytics capabilities so that the function has a more comprehensive and precise understanding of what is possible with analytics.”
3. Recognize that “resource constraints, along with business-as-usual workloads, can limit internal audit’s ability to optimize its data analytics efforts.”
4. “Consider the use of champions to lead the analytics effort and, when appropriate, create a dedicated analytics function.” 
5. “Explore avenues to expand internal audit’s access to quality data, and implement protocols … that govern the extraction of data used during the audit process.”
6. “Identify new data sources, both internal and external, that can enhance internal audit’s view of risk across the organization.”
7. “Increase the use and reach of continuous auditing and monitoring to perform activities such as monitoring fraud indicators, KRIs in operational processes, and information used in the leadership team’s strategic decision-making activities.”
8. “Leveraging continuous auditing, develop real-time snapshots of the organization’s risks and incorporate results into a risk-based audit approach that is adaptable and flexible enough to focus on the highest areas of risk at any point in time.”
9. “Seek ways to increase the level of input stakeholders provide when building and using continuous auditing tools and when determining what data should be monitored by these tools.”
10. “Implement steps to measure the success of your data analytics efforts, and also consider the most effective ways to report success and value to management and other key stakeholders.”

In his 1921 acceptance speech, Nobel laureate Christian Lous Lange warned, “Technology is a useful servant but a dangerous master.” At the time, Lange was warning about the dangers technology posed in developing ever-more-powerful weapons. In this context, the warning still holds true, as we develop ever-more-powerful data-gathering technologies. 

As always, I look forward to your comments.