Tech and governance must go hand-in-hand says KPMG’s Shamit Govind

Disruption is key; so too is governance, says the head of KPMG SA’s Emerging Tech Unit.

This Future of Audit Series interview is proudly brought to you by ACCA.

“The pandemic has taught companies what they are capable of,” says Shamit Govind, partner at KPMG South Africa and head of the firm’s Emerging Tech Unit. “Everything has been accelerated. What usually took five years was done in six months.”

He believes that the future of audit will centre around reinvention and disruption, but that it’s important for governance to keep pace. “Creating a new tech is not actually that hard, but embracing the governance within which it has to operate within the organisation is important,” he says. “To ensure that the culture and the governance are set up such that the technology can actually fit in and be used from a mainstream perspective and provide a return on investment – that’s critical.”

It’s also vital to differentiate between technology developments within audit (how audit takes place) and emerging technologies on the client side. Auditors need to have a grip on both. “Yes, auditors have evolved how we work, but we also need to be auditing these emerging technologies that clients are adopting,” he says.

This requires developing emerging technology risk frameworks in advance. “At KPMG, we've accelerated the pace which our business does system implementations (SI) and our investment into the SI space,” he says. “These are the teams that we lean on to provide us with the technical experience around how to audit those fancy new technologies. Telcos, the banks and even mining houses have embraced new technologies and we've had to vastly adapt how we audit to accommodate actually auditing those technologies.”

Shamit believes securing the right skills is more critical than ever before. You’d rather ask someone who built the car to explain how it works than someone who’s only driven it, he says, on the subject of hiring more tech skills into audit teams.

Well on the way to digitisation
Thankfully for KPMG, the firm had been prioritising digital transformation well before Covid-19 struck. “Whether it was remote auditing or auditing with a few members or teams on site, whether it was counting stock, using robotics and automation or drones, or using a lot of data analytics or process mining, to do substantive tests and procedures, I think we had all of these things in place, which had been quality tested in advance of the epidemic. It just took this major catastrophe worldwide to test our investments, and make sure we actually generate return on investment, not only financially but supporting the faster adoption of key technologies in the conduct of audits. I do believe it will reset how we do things going forward.”

KPMG has been employing various technologies, such as supporting audit teams in digesting paper-based information using OCR technology, machine learning technology, robotic process automation and artificial intelligence, to get answers and accurate information, far more quickly and reliably than through traditional manual processes. “We’ve also used advanced process mining to support the audit teams to identify high risk areas, well in advance of actually starting audits,” Shamit says.

Other technologies on his radar include digital twinning and computer visioning. Digital twin technology essentially uses real world data to create computer simulations that can predict how something will perform, often integrating IoT, AI and software analytics.

“Digital twinning is something that we are investing in where we can potentially replicate what an IFRS standard prescribes and then calculate those impacts far more regularly, at regular intervals during the financial year, for example month-to-month versus, at financial year-end or half year-end,” Shamit explains. “We’re looking at investing in this tech more from an internal audit point of view, giving clients insights around those impacts to their financial statements, which helps them to prepare for external audit.”

Computer visioning, on the other hand, is a technology KPMG is exploring that uses AI training on computers to enable them to interpret and understand the visual world. “It’s using advanced camera technology to read a situation, whether it’s an actual device or an event or activity,” Shamit says. “What's so great about that is, for example, is that the camera technology can read something, interpret it and project in a digital form. If you had to do an asset count, one could use something like that to support you in counting assets remotely, for example. It's going be interesting to see where all these technologies come out and the governance frameworks we’ll need to develop within which they will need to work. All of that also has to evolve, because the world is evolving at a rapid pace.”

The client journey
Educating clients on these types of technologies and how they will be used and why is a critical step in the journey, he says, especially when it comes to integrating with internal audit.

Many of the same or similar technologies that are being tested on external audits have been deployed on internal audits, for example technologies that enable continuous auditing.

“Continuous auditing is a familiar concept in the internal audit field, where we have many detective and monitoring mechanisms to continually help identify where there are key areas to focus on or control deficiencies, alerting both management and auditors as and when things happen, versus only picking it up after the event. That’s something that is being introduced at a staggered rate for external audit. The main reason is that we have to ensure that we comply with the auditing standards,” he says.

“At KPMG, we've maintained a grounded view to help us balance the pace with which we accelerate with the pace at which each of our clients adapt to, including both the audit technology, as well client’s technology journey. Our clients are generally progressive and eager to adapt to new audit technology advances and how you are going to be executing the audits differently, where are they going to get the efficiencies and how you're going to forward-load activities to provide insight well in advance.”

With regards to other technologies outside the assurance functions which KPMG offers to its non-audit clients, the firm’s philosophy regarding digital transformation is to help “create the future” of various sectors through its advisory Connected Enterprise and Powered Enterprise offerings. “Your traditional approaches on how one would adopt reinvention, disruption or transformation, would be that you prepare a strategy around what the client would like to understand, define the “as is”, the “to be” and what needs to be captured and so on. But what’s we have done is accelerated all of that, and used all our insights from all the clients we have around the globe to “develop the future” in various sectors as part of Connected Enterprise.”

Shamit explains that this includes breaking down each sector into core processes, such as back-office finance, HR or supply chain. “We've developed the “future of” in those particular processes, mapped them, and then we have prebuilt that into solutions like SAP, Oracle, Microsoft, etc. Any of our clients can adopt these frameworks, the connected enterprise and the powered enterprise and use it to support the compliance and controls risk mitigation.”

“Because all of that's already been prebuilt, we are able to show them a future solution today as well as supporting a relatively de-risked approach.”

This, in turn, helps organisations in their assurance, as compliance requirements, testing and controls are largely pre-built into new technologies as they are adopted. “It essentially helps to create an automated control self-assessment, making audit easier, as best-of-breed compliance processes are mostly embedded in the internal systems,” he concludes.