In today’s digital and connected world, exciting new technologies such as Artificial Intelligence (AI) and blockchain are turning many heads. But if an organisation wishes to run, they must first learn to crawl.
Critical functions – such as data protection, safeguarding assets, preventing fraud, and verifying financial records – rarely come across as exciting or interesting but are essential to every business.
Launched recently, the report by PwC, ACCA and INSEAD Emerging Markets Institute titled ‘Re-inventing Internal Controls in the Digital Age’ looks at how internal controls have evolved; the new opportunities that digital technologies bring to enhance these controls; and challenges in implementing change; while responding to any new risks introduced by these technologies.
Reuter Chua, national head of ACCA Singapore, observed: ”Technological disruptions and digital transformations are changing corporate structures and cultures.
“Each new wave of disruption and transformation brings with it new and emerging technologies which introduce new control risks to the business.
“Businesses with keen risk acumen and agility are the ones who will see the waves and address the risks, sooner than others; ensuring that their organisations are secure from internal and external threats.
“Those who anticipate these waves will also have sufficient runway to reap the benefits earlier, by implementing these new and emerging technologies to strengthen and enhance their internal controls.”
Technology impacts an organisation’s entire value chain.
Fortunately, companies today have a wide variety of tools at their disposal to increase the security, stability and efficiency of internal control processes.
ACCA’s report Race to Relevance notes that core elements of people, processes, technology and data thread through any activity.
Addressing each of these within an organisational culture that supports innovation and creativity is important for harnessing emerging technologies.
Emerging technologies such as drones, artificial intelligence (AI) and blockchain have the potential to transform internal controls, but companies must understand the strengths and weaknesses of each technology and work to mitigate the associated risks.
Drones are already being used for internal controls in construction, shipping, logistics and other industries.
When large assets are being constructed across a vast area, drones can help to verify existence, valuation and work in progress of the developments, check compliance with health and safety regulations and act as a deterrent to the workforce cutting corners.
Organisations that intend to use drones must be aware of the associated risks.
Aviation authorities and the industry need to work collaboratively to develop complex air traffic management systems for preventing collisions.
Cross border risks and flight paths must also be addressed.
Another concern lies with data privacy, given that drone operators collect a vast amount of data, including confidential or sensitive information about property or behaviour.
Ownership and usage of such data must be carefully addressed to ensure compliance with regulations.
Data & AI
Before any company can implement AI, they should first have robust data.
PwC’s 22nd Global CEO Survey found that 94% of CEOs felt that data on customer preferences needs were critical, but only 15% of CEOs felt that the customer data they had was comprehensive.
And these numbers have remain relatively unchanged since 2009 where 95% of CEOs found customer data critical but only 21% felt the data they had was comprehensive, highlighting a significant information gap.
Once a company has sufficiently robust data, they can then move on to the next level, AI.
AI allows companies to move from analysing past performance to predicting future risks from analysing large structured and unstructured datasets.
For example, credit card providers have long been using analytics to detect suspicious activities like large values of overseas transactions.
However, detection only happens after the transaction has occurred.
Contemporary methods based on predictive analytics are able to generate alerts and block suspicious transactions in real time.
Machine learning algorithms have taken on a more preventive role in helping credit card institutions detect fraud at early stages by analysing wider sets of data sources.
PwC’s 22nd Global CEO Survey also found that 87% of CEOs in Association of South East Asian Nations (ASEAN) member states expect AI will significantly change the way they do business in the next five years.
The report also found that 72% of ASEAN CEOs found that AI will have a bigger impact than the internet.
Mark Jansen, Data & Analytics Leader, PwC Singapore comments: “In Singapore, we are seeing more and more businesses looking at how they can leverage AI and Data to build better controls. Using smart controls powered by data, organisations can get on with business and ultimately focus on their growth agenda.”
Companies that want to use AI must deal with the fact that advanced machine learning algorithms are essentially a “black box”. The machine’s decisions are not fully explainable.
Technical approaches and model governance frameworks are being developed to increase transparency of AI-assisted decision making.
From a regulatory compliance or audit perspective, blockchain technology holds great promise. Rather than having to trust a central authority, such as a government or bank, counterparties can transact with each other directly via a decentralised ledger.
Once the transaction is validated through a consensus mechanism and added to the ledger, it cannot be altered without compromising the entire chain.
Many promising blockchain solutions are currently being developed, for example for supply chain management, trade finance, insurance, healthcare, land registries, Know Your Customer (KYC) processes, self-sovereign identity and data sharing.
However, lack of trust in the technology, especially around reliability, speed, security, scalability, interoperability and regulatory oversight, are significant barriers for corporate blockchain adoption.
Organisational challenges when implementing new technologies
Emerging technologies can greatly improve internal controls, but organisational changes often face internal resistance.
While technology should enhance the human experience, all too often employees and culture end up getting less attention than strategy and technology, which slows down the adoption of change.
Organisations need to be aware of these challenges when implementing technology.
A lack of digital skills is typically named as one of the most important barriers to getting results from investments in emerging technologies.
In addition, organisations also need to create an environment that helps people develop and flourish.
Companies that want to succeed must harness the talents and skills that cannot be replaced by automation, creating a culture where human skills like creativity, empathy and ethics thrive.
Vinika Rao, Executive Director, Emerging Markets Institute at INSEAD concludes: “While digitalisation and AI have the potential to transform internal controls, managing the man-and-machine combination optimally is becoming more important as technology advances.
“An awareness of irreplaceable value-adding human interventions and a sensitivity towards the culture of the organisation are crucial for the successful implementation of controls that keep pace with the opportunities created by technology”.
Read the full report ‘Re-inventing Internal Controls in the Digital Age’ here