Modernizing Internal Auditing

Stephen Harrison, Director of Internal Audit, California Water Service (NYSE: CWT)

In an interview with Applied Technology Review, Stephen Harrison, director of internal audit, California Water Service, shares his thoughts on the existing trends in the auditing space and the challenges associated with maintaining SOX compliance.

How Has Your Transition From The Position Of The Director Of Asset Management To The Director Of Internal Audit Been? What Are Some Of The New Responsibilities That You Have?

As the Director of Asset Management, I was responsible for overseeing the lifecycle of physical utility assets, including pumps, pipes, mains, and tanks, ensuring reliability and maximizing their lifespan. Transitioning to the role of Director of Internal Audit, I successfully led the team through a shift from traditional internal audit to a forward-looking, futuristic audit approach that goes beyond SOX compliance.

What Are Some Of The Biggest Challenges You Have Observed In The Internal Audit Space?

There is a significant challenge with SOX compliance. The manual documentation process prevalent in the industry is difficult to break away from and relies heavily on Excel-based records and physical evidence. Another challenge is the need to modernize and standardize SOX compliance as it ages. Automating tasks and documentation to create an efficient audit trail is now a priority. Striking the right balance in technology enablement is also a major issue. It is important to find the optimal point for technology integration to realize benefits without incurring unnecessary costs. Aspirations for technological advancements must align with practical outcomes to ensure effective investment and process reengineering.

“Auditors are true partners, actively adding value and proactively identifying potential issues to prevent them from escalating”

What Are The Current Conditions Companies Are Facing Due To The Rising Costs And Time Spent While Ensuring Compliance With The Sox Act?

In addition to the rising expenses of adhering to the SOX act, there is a need for external certification from big four accounting firms added to the financial burden for publicly traded companies. The complexity of SOX compliance extends to IT general controls, where technology implementation brought new audit requirements. The realization that technology doesn’t always lead to optimization is always a significant learning curve, as it could increase workload rather than streamline processes. Balancing efficiency and compliance proved challenging in the ever-changing landscape of SOX requirements.

How Do You See The Internal Audit Space Evolving Over The Next Few Years?

There is a shift in the internal audit function’s future, moving away from extensive focus on SOX compliance toward building out operational and non-compliance areas. These areas encompass day-to-day activities, enterprise risk management, quality assurance, and technology deployment, including user testing and assurance activities.

Two significant developments in the corporate world hold implications for internal audit. The first is Environmental Social Governance (ESG), with the SEC finalizing documentation and submission requirements in financial reports. Internal audit will play a crucial role in providing validation and assurance work for ESG-related information.

The second major development is AI and related technologies like automation and robotic process automation. AI’s application may excel in black-and-white scenarios, like assessing completed tasks based on objective criteria. However, areas with subjective elements that necessitate human judgment might fall outside AI’s scope.

What Is The Advice You Would Like To Pass On To Fellow CXOs And Peers In The Internal Audit Space?

It is important to foster a successful relationship with the external audit partner. There are three key strategies that can be applied to achieve this goal. Firstly, prioritize maintaining an arm’s length yet coordinated approach with the external auditor to minimize redundant efforts. Jointly conducting key control walkthroughs can facilitate the efficient assessment of controls and transactions, yielding quick wins.

Secondly, aligning datasets enables both parties to conduct assessments and select samples more effectively, streamlining the audit process and enhancing overall efficiency. Lastly, open and transparent communication with the external auditor is paramount, as well as remaining receptive to suggestions and alternative approaches. This collaborative give-and-take relationship facilitates finding common ground, and meeting compliance requirements.

There is a historical negative perception of auditors, but we must alter this narrative. Auditors are true partners, actively adding value and proactively identifying potential issues to prevent them from escalating. The ultimate goal is to foster a collaborative and cooperative environment.