New technologies, cyber threats and new regulations — such as the sustainability requirements recently announced by the Securities and Exchange Commission — are furthering complicating an already massive and murky risk environment for finance chiefs. When it comes to artificial intelligence, for example, it’s becoming more common for organizations to turn to their CFOs to figure out where to invest in such technologies and how to implement them across the organization, as well as how to minimize their potential risks.
Tapping internal audit as a close, strategic partner can help finance chiefs to better understand and strategize regarding those risks, but it’s crucial for the two teams to be in alignment, said Anthony Pugliese, CEO and president of The Institute of Internal Auditors.
“The CFO has a lot of reliance that can be placed on internal auditors to help, not to go in and tell them everything that's wrong, but to tell them what needs to occur to mitigate any risks that are seen, he said in an interview.
Splitting the risks
Businesses are still eyeing AI’s potential, with many geared to spend millions on its development in the next few years, CFO Dive previously reported. However, the spotlight on the technology has led to increasing worries on the part of audit teams — in a recent report by the IIA, digital disruption, particularly due to AI, ranked fourth on a list of 16 risks internal auditors believe their organizations are facing. Cybersecurity, business continuity and human capital represented the top three risks, according to the report by the Lake May, Florida-based professional assocation.
CFOs, who are being tasked more and more to drive digital transformation initiatives, are likely to share such worries — the return on investment promised by AI, plus identifying a truly beneficial use case for the technology, have shot up on the list of concerns for finance chiefs in recent months, CFO Dive previously reported.
When it comes to easing the potential disruption of new technologies, however, it can help CFOs to think of their internal audit team as a strategic advisor, rather than the “police” inside the organization, Pugliese said.
“They share the risks, and if the CFO relies on them, there's a lot of comfort that can be given at a much lower cost, almost all the time,” Pugliese said of the relationship between finance chiefs and internal auditors.
Pugliese has served as CEO and president for the IIA for three years. His previous roles have included serving as EVP, membership, technology and learning for the Association of International CPAs, and he held various roles during a nearly 20-year career at the American Institute of Certified Public Accountants — including as its chief operating officer, according to his LinkedIn profile.
While a trusted relationship between audit and finance is critical, it’s still important for there to be a separation, he advised. “We don't encourage a direct reporting line into the CFO because independence is impaired, because they'd be auditing the areas of the person they work for a lot of the time,” Pugliese said.
However, to ensure their organizations can continue to operate smoothly and that they can best tackle challenges, such as new risks associated with emerging technologies, both teams do need to be on the same page.
“What would be really bad is if a CFO thought sustainability reporting was the biggest risk they had, and it appeared nowhere on the internal auditors plan,” Pugliese said. “And in that scenario, we're not adding a whole lot of value to that CFO’s life or the CEO, because he or she's worrying about that as well.”
Post-pandemic risk management
A strong relationship between the CFO and internal audit teams is also critical as the way both teams think about and approach certain risks has begun to change. For example, while business continuity was identified as the second-highest risk on the minds of audit leaders in the IIA’s recent report, Pugliese doubts it would have been in the top three prior to the pandemic.
“I think before the pandemic, it was, you know, what happens if we get hit by a hurricane? And does everyone have their act together?” he said of how leaders thought about business continuity. After the pandemic and its “pervasive” impact on everything from business operations to supply chains, both auditors and finance chiefs are looking it from a different perspective.
“It's looking at the whole universe of what keeps an organization up and running, and third parties become the most critical,” Pugliese said. “I mean, you can't make products if your suppliers aren't providing raw materials.”