In the intelligent enterprise, governance, risk and compliance (GRC) professionals must focus on the effective use of intelligent technology to manage risk says Lauren Berrington, chief audit executive at Bidvest.
Speaking at the ITWeb GRC event hosted in Bryanston Johannesburg today, Berrington reiterated the value of intelligent technology within the auditing domain saying it can monitor patterns, predict outcomes, assess risks and incidents, suggest or implement corrective actions, raise alerts, among other things.
GRC within the IT space in business continues to be pressurised by the advent of digital technologies including cloud, AI, IOT, machine learning and robotics, she said.
However, rather than be overwhelmed by having to figure out how to audit these technologies, the IT auditor can actually leverage these intelligent technologies to avoid being hard-pressed for time and resources, especially skills.
To illustrate her point, Berrington introduced ALICE - Bidvest’s commercially available digital auditor designed by GRC-focused professionals as a cloud-based platform with embedded intelligence and a full spectrum of cognitive systems to serve as a digital workforce for governance.
First introduced in 2017, ALICE represents Bidvest’s solution to several challenges it experienced as a major enterprise including its size (over 300 companies, 900 sites covering 29 industries), along with decentralised, siloed operational and business divisions – and limited IT skills among broader employee base.
ALICE was developed to provide Audit-as-a-Service in the IT space and provide IT managers with online real-time alerts.
“It is female because it can multitask,” Berrington quipped. “The platform can adapt reporting to different audiences, is always available, fully independent, comfortable in all IT environments, is scalable. Her background is in data science, machine learning and IT, which means her work is progressive and predictive.”
In 2018 Bidvest engaged with external partners, including Dimension Data and Standard Bank, to fully test out ALICE and its ability to ‘jump through regulatory hoops in the financial services sector’, to add value to organisations that have a massive user base, those with global presence and to see if it was able to scale remotely.
Berrington said the engagement was very successful, with partners inquiring as to the platforms additional use cases outside of IT.
In Bidvest alone, the IT of all 351 companies must be audited and it used to take on average two-and-a-half-year per IT audit.
Today ALICE can facilitate continuous auditing of all companies, if and when required.
The platform is commercially available and with AI and embedded learning techniques, continues to make a significant difference to the IT audit profession. Its central repository can be adjusted to accommodate changes to legislation and it can link to all data sources within a business and highlight several issues such as outdated licenses, access to systems and infrastructure, payroll management and others.
Berrington believes that while the IT audit profession is actually thriving, and has evolved with the emergence of technology to remain relevant, there is scope to do more and collaborate.