Nearly a decade ago, in the book Cloud Computing - Facing the Reality, (ISBN: 9781477689264), the author, Ashwini Kumar Rath, predicted that IT systems could be accessed from anywhere, with any device and at any time. While the Cloud-Mobile-Social revolution ushered in the adoption of robotic process automation, the coronavirus lockdowns accelerated it globally. Audit functions are slow in adopting innovative solutions to improve their efficiency as seen in one of the latest industry reports by Protiviti. This is an opportunity to leap-frog the trend and adopt a tech-enabled service delivery model. Let us take a peek at an ideal digital audit process.

Note: Our reference to “audit” implies all types of assurance management processes - audit, compliance, various types of assessments, regulatory change management.

Elements of an ideal audit management solution

An audit spans several months, has multiple stakeholders, is highly collaborative, involves vendors, and very likely performed to demonstrate independence and compliance to regulations or independent standards like SOC2, NIST 800, ISO, etc. Therefore, an ideal solution for assessments, audits, and compliance must address the following 3 issues:

  1. Regulatory updates: Provide easy access to regulations from all agencies with daily updates and integrated tools to manage regulatory changes as well as related internal policies and procedures.
  2. Collaboration: Enable seamless collaboration and service delivery by vendors and professional services providers like auditors, consultants, lawyers, accountants, etc.
  3. End-to-end workflows: End-to-end workflows for business processes with dynamic access controls and a secure environment for stakeholders from multiple organizations to perform their assignments.

Any meaningful effort to eliminate the manual processes in assurance processes must comprehensively deliver these 3 requirements.

A simple architecture for an ideal audit management solution

This simple block diagram shows a scalable ecosystem with secure apps, end-to-end workflows, and access controls, enabling collaboration with end-to-end workflows.

  1. The solution must be easily accessible to clients of any size, industry, and complexity in operations.
  2. The solution must be available as SaaS or Private Deployment, based on the organization’s needs.
  3. It must be easily deployed in popular cloud environments like AWS, Google, Azure, LiquidWeb, etc.
  4. A wide range of audit, compliance, and assessment management apps must be available and easily integrated with 3rd party apps like Risk Management Systems, Customer Relationship Management Systems, Supply Chain Solutions, etc., using API to provide end-to-end solutions.

Technology is not enough - Collaboration

Collaboration is critical to the digital transformation of audit and compliance processes that transcend beyond one organization. Service providers like auditors, consultants, tech providers, etc., must collaborate with clients and deliver services using a common platform to eliminate manual data management steps using emails or document sharing tools. As cloud-mobile-social platforms enable a new era of automation using machine learning, natural language processing, augmented and virtual reality, blockchain, … audit, and compliance processes must also transform a project-based approach to a real-time tech-driven engagement. Leaders across organizations must recognize that it is time to think beyond the traditional GRC solutions and look towards new platforms that will facilitate interoperability and collaboration with secure workflows.