Day Two - IIA IC 2017 Highlights

Night has fallen and we're all heading to the Gala Party - just a few words to give my highlights of today...

President and CEO at IIA Opening address

The future for IA is awe inspiring! We should be proud of having 190,000 members and almost doubled in 15 years. Great to see our prize winners too!

The Big Shift: Reading the Signals of Geopolitical Risks

Dr Pippa Malmgren

CEOs get blindsided by qualitative risks.  We are good at quantitative risks, and need to build a holistic view.

Is China the future? One belt, one road, one circle strategy to export goods and import food.

Post Cold War there was a peace dividend and large cheaper workforce which was a boon.  Now defence spending is sky rocketing - in space there is a contest for satellite weapon systems.  Our vulnerable technology is an Achilles heel for DoS attacks - shutting down internet, electricity, etc.

IA is about to become a critical part of how our democracy works.  What will the audit chain be?  Sensors will triangulate on us in every part of our life, and how will this be governed.

Options to resolve world debts are all unpalatable, and a market view is that we need to expect the unexpected if we want to have different outcomes. Block chain is the new system and could minimise the criminal economy and increases tax revenues.

Special Interest Discussion Forum 8: Financial Services

For Culture audits first set the framework. Secondly, review the details - what behaviours and setup are needed for success: hiring the right people, training, reward and performance management.

For Data Analytics: hire the team, train them then get the tools. Aim for a few pilots, then use data repositories. Data 'culture' builds by sharing DA success stories across the IA team.

Teams need to define what data we need.  The hypothesis is the biggest challenge. Prior to each and every audit, we need to brainstorm on the hypothesis between IA and IA DA teams.

The Human Factor: Is Conduct Risk on Your Radar?

Poor conduct impacts reputation against both legal requirements and social licence.

Look out for IIA-Australia's upcoming article on culture and conduct risk.

Conduct red flags: Complaints handling; breaches of limits; treatment of whistleblowers; exit interviews; breach reporting: needs to be complete, accurate and timely.

The First 90 Days: The New CAE

As a new CAE we need to find the metric that the value tree hangs from - that is the challenge!  

The reasons for moving into IA are the exposure to Audit Committee and Board, the transferable skills and a great overview of the business.

The board really listens to IA.  Boards sit up - and the importance of this shouldn't be underestimated.  The board perspective is key.  IA can be a steady area and fall behind the organisation - you need people with a real drive to stay current.

IA need to be clear about what independence means; the different assurance provided; and, integrated assurance.  Boards and IA have different views on independence in doing our work.

IA should be part of the Exec path.  We need to bring people from around the organisation and move them through IA.  

Don't Lose Sight of Our Customer Data

Robert Wilson, CTO at Westpac explained that data would reach 44 zettabytes in the world by 2020 - that's 2,000 books thick piled up over the whole surface of the earth!

Data is in machines, we need to put it in lakes and then sift it and make it useful, whilst protecting it.

Information security risks and data sovereignty concerns question my ability to keep my data safe

The cloud risk issues can be managed on a shared network and shared storage by encryption. However, sharing of computing means data has to be decrypted. Perhaps private cloud is the answer.

Leading Organisations to Achieve Success During Periods of Uncertainty

Sam Walsh AO told us the importance of understanding systems, how supply chains work, that the customer is king and that technology is the differentiating factor.

His experience is that strategies need to have just 3 to 5 themes but the implementation is seriously hard - to achieve speedy execution you need the best people working together as owners throughout the organisation.

As individuals we need to: take personal responsibility for our path; get involved and volunteer; and, find a mentor.