BCAS – IIA

PRESENTATION –
BY SHAILESH
HARIBHAKTI
24/05/2019

AI + ML DRIVEN INTERNAL AUDITING

MY BELIEFS
WORLD OF ABUNDANCE

• NEW RULES – MORE FROM LESS - FASTER

NO WASTE. NO DAMAGE TO ENVIRONMENT
• CONTINUOUS AUDITING & CONTINUOUS
IMPROVEMENT LEAD TO PROCESS
ASSURANCE
• COMPLAINT ANALYSIS IS MOST VALUABLE
TOOL
VALUES ALL
PROFESSIONALS SHOULD
IMBIBE
• PRIDE
• DETERMINATION
• INTEGRITY
• AMBITION
NEW PARADIGM OF DATA
FLOW
DATA FLOWS FROM: -
• BANK TRANSACTIONS
• TAX PAYMENTS / SOURCE / ADVANCE / ASSESSMENT
• GST  INVOICE UP/DOWN LOAD / ITC CAPTURE / PAST
BENEFITS CAPTURE
• CREDIT CARD USAGE  ACCOUNTING GENERATOR
• PAYMENT APPS USAGE  ACCOUNTING GENERATOR
• REGULATORY FILINGS COMPLIANCE TRACKERS
• CASE FILINGS BEHAVIOUR
• RETURNS  CONTINUOUS KYC
• ALL DECISION MAKING WILL BE DATA SCIENCE DRIVEN
• ALL THESE FLOWS REQUIRE IMMEDIATE CAPTURE
VISION OF AN ENTERPRISE
PORTALISED
• CONTROLS PORTAL :- IFCR, IA FINDINGS, KEY AUDIT
MATTERS, MANAGEMENT LETTERS, NOTICES FROM
REGULATORS / AUTHORITIES

• TAX PORTAL : - DIRECT / INDIRECT

• LEGAL PORTAL

• OPERATIONS PORTAL
MARKET READY
• DUE DILIGENCE READY

• PROACTIVE FORENSICS TO SUPPORT M & A &

MARKET BASED RESOURCES

• INFORMATION MEMORANDUM READY

 INDIA STORY
• GREAT AAA PROFESSION - EVOLVING AUTOMATED IT ENABLED
ACCOUNTING ASSURANCE CONTINUOUS – ACTIVE CAPTURE OF
ECONOMIC FLOWS

• GOING DIGITAL / BIOTECH / NANOTECH SINGULARITY – ESG

WITH A BIAS FOR ESG

• FASTEST GROWING MARKET – HANDSETS / DIGITISATION / IT

LED DISINTERMEDIATION. (ISRAELI – TECH COS. SUPER ACTIVE)

• CAS & SMES – TARGETS OF BANKS / NBFCS [BAJAJ FINANCE

DAILY SMS]

• IT EVOLUTION PATH -> FARMING OF LABOUR -> CENTRES OF

EXCELLENCE - APP BUILDING SI / SUPPORT - DATA FLOW
TRACKING - CREDIT DECISIONING – TRAILING DATASETS- AUTO
PROCESSING – BIG DATA – DIGITISATION – AI – ML .
 INDIA STORY (CONTD..)
• NON DATA ENTRY DRIVEN DATA
CAPTURE/PERSONALISATION / TWEAKING / MONITORING /
OPTIMISING / RE INVENTING / TAX DETERMINATION
(THOMSON REUTERS)

• EDUCATE / EMPOWER / EXPOSURE (PRESENTATION)

• LITERATURE ACCESS / GLOBAL SEMINARS / WEB /

KNOWLEDGE ACQUISITION / CONTINUATION
NETWORKING / CONVERSATION/ BOLD RISK TRACING –
IMPLEMENTATION FOCUS.
SUSTAINABILITY DEFINED

• SUSTAINED / RISK ADJUSTED / TOP QUARTILE METRIC

PERFORMANCE

• 11 MONTHS NEVER ENOUGH TO COMPENSATE 12 MONTHS’

PLAN – DO IT NOW, DO IN TIME

• CONTINUALLY

• FIND NEW CUSTOMERS

• FIND & IMPLEMENT

• SOLUTIONS NOT IDEAS

• LOOK INWARDS & OUTWARDS

• PUNISHMENT OF TEAM MORE SEVERE

• BE RESILIENT
• ANALYSE ALL CUSTOMER OUTCOMES
• COMPETITION SHOULD BE SCARED OF US NOT WE
BY THEM
• EVERY ACTIVITY – STP – STRAIGHT THROUGH
PROCESSING
• READ EWS – EARLY WARNING SIGNALS
CONTINUALLY
• CLEAR & CONSCIOUS PURPOSE (RESPONSIBILTY)
(INTEGRITY)
• STAY ON COURSE EVERY SINGLE DAY
• DEMAND MORE FROM YOURSELF AND OTHERS
• MAKE WINNING A HABIT [ PRIDE ]
 GOVERNANCE REQUISITES
• ESTABLISH MORALITY OF PROCESS

• ESTABLISH RELEVANCE

• ENGENDER CONTRIBUTION BY ALL

• PROMOTE VALUE ADD CONTINUALLY

• PERFORM DILIGENCE CONTINUALLY

• SEPARATE ROLES OF MANAGEMENT & SUPERVISION

• ENGAGEMENT SHOULD BE DEEP

• OPERATIONAL DASHBOARDS FOR MGMT TO KEEP ON TRACK DISTINGUISH

BETWEEN BUSINESS FAILURE VS FRAUD INTERFACE BETWEEN OWNERS +
EXECUTIVES

• MANAGE RISK & ADVOCATE !

• CONTINOUS EDUCATION

• EMBRACE FUZZY LOGIC

• TRANSPARENCY , TRUST , TECHNOLOGY – ARE KEY DRIVERS

Better Internal Audits with
Artificial Intelligence & Machine
Learning
INTERNAL AUDIT WORKFLOW OVERVIEW
• Filters & Patterns
• Be in the path of Data Always
• Throw out Early Warning Signals & Explore further risks
• Continuously redefine Audit Universe by deploying ML on Past
Implemented Findings
Examples: Nykaa, LTFS, Blue Star, Torrent
Implementing AI / ML
driven Internal Audits
1. CONTEXT
“The internal audit activity should monitor and
evaluate the effectiveness of the organization’s
risk management system.” —IIA-Standard
2110.A1 The documentation goes on to further
explain:
• “The internal audit activity should assist the
organisation by identifying and evaluating
significant exposures to risk and contributing
to the improvement of risk management and
control systems.” —IIA-Standard 2110 –Risk
Management.
Use the power of AI to find deviant patterns.
Implementing AI / ML driven
Internal Audits (Contd..)
2. UNIVERSE DEFINITION

Each company defines the components of their Audit Universe by

distinctly identifying:

• Corporate Structure, and accountability frameworks

• Internal subdivisions & External Components

• Programs of operations

• Activities within each program

Essentially, the boundary outlined by the Audit Universe identifies all

things that can, and are subject to the supervision of the organization. It
is within this audit universe that all internal audits and assessments are
conducted, thus leading to step 3.
Implementing AI / ML driven
Internal Audits (Contd..)
3. CONDUCTING AN INTERNAL AUDIT 101

Planning and undertaking IA requires a human’s review of a

large corpus of unstructured data. This is where AI excels.

Auditors want to identify and understand the risks and controls in

the operations they’re called to audit through a few different
lenses. These variants in perspective are used to comb for
potential issues in processes, and involves inspecting entities:
• By Control Objectives, Strategic objectives
• By Frequency of risk occurrence
• By Type
The reason for these different views is simply to look for problems
/ patterns.
 WHAT IS NOT
HAPPENING TODAY
• Quantifiable overview is not available. Numbers are hard to
generate.
• The process is dependant on non-quantifiable human
decisions. E.g. Learning from Employee Email analysis.
Controls are ineffectively associated.
• Knowledge transfer is poor —leading to silos of knowledge
and heavy reliance on key staff members.
• Some programs are over-evaluated while others are rarely
audited. The only risks addressed in audit are financial risks.
Critical factors such as technology risk and ESG non
Compliance risks are ignored. The goal of the assurance
function is to demonstrate process performance and expose
problems, rather than to just check a box and say you did an
audit.
Use of AI TOOLS to:
• Automatically identify risks, controls, and other key
entities within the audit universe.
• Map out a knowledge graph of entity relationships to
accompany the risk summary.
• Map and relate risks and controls to documents within
the audit universe
• Segment off the risk statements having high similarity,
in an effort to identify areas of possible audit efficiencies,
and
• Reveal a roll-up of the risks by program,.
CONCLUSIONS
• CREATE A VIGIL MECHANISM
• POWER IT WITH AI / ML
• ENHANCE SEARCH FOR TOOLS, PLATFORMS,
EVALUATIONS & PRESENTATION /
DASHBOARDING PRACTICES
• CONTINUOUSLY CHALLENGE STATUS QUO &
EVOLVE RAPIDLY
• BE AHEAD!
THANK YOU