When looking at innovation, it may seem daunting to involve audit properly to protect the organization. With any new effort, there are a lot of unknowns. In traditional project processes, there should be enough time to discover major issues and handle the risk revealed. Innovation, though, wants to move quicker. As a result, the increased speed can mean risk is not properly identified and reviewed. Therefore, it is important for audit to proactively become involved in innovation efforts as the organization attempts to improve its ability to compete.
Be Engaged With the Effort
Innovation is proactive and, in some respect, aggressive. Therefore, audit cannot take a passive approach to innovation. Rather, it needs to be an active participant, whether we are talking about an innovation team or an overall, organizationwide effort. Let us look at 2 ways audit can engage proactively.
Serve as a Mentor
Too often, audit is seen as the opposition, especially within IT. Most of us do not like when someone is watching over our shoulders, and that is effectively what audit is asked to do. However, audit can also serve to guide a team in risk identification and mitigation, as well as ensure that required regulations and compliance are met during the project process and not afterwards, when it is significantly more expensive.
In other words, an auditor serves as a mentor to innovation efforts so that any work that is done takes into account the controls and requirements with which the organization must comply. This reduces the possibility of rework to retrofit solutions, which can result in unexpected cost and delayed realization of proposed solutions. Since innovation often seeks to find the product or optimization before a competitor does, delays can invalidate the effort altogether.
Leverage Knowledge and Experience to Provide Solutions
Generally speaking, a broad range of subject matter expertise is critical for innovation efforts. Audit brings its own set of skills and knowledge, often in areas that other team members do not have a strong competency in. As a result, it is important for audit to help the efforts by providing solutions based on that knowledge and experience. For instance, if a team is starting down a track that will result in cumbersome controls (such as manual ones) when an alternate path would still move the team forward and protect the organization, an auditor can guide the team to the second path.
This Is Not Thinking Outside the Box
Neither of these are new competencies within audit. Rather, they are existing competencies that any auditor assigned to a project should already have. We are simply applying them to an innovation effort within an organization. Generally speaking, this is a good approach. Look at what audit’s role is in the project cycle, and apply that role appropriately to the innovation work. However, it is important for audit to be more active (proactive) than in a traditional project. In this way, audit will be able to meet its goal of protecting the organization while also being seen as a partner, not an obstacle, in the innovation effort.
Read K. Brian Kelley’s recent Journal article:
“Innovation Governance: What Is Innovation?,” ISACA Journal, volume 2, 2019.