auditing and emerging technologies · 2019-04-23 · • adoption of smart auditing procedures. •...
TRANSCRIPT
AUDITING AND EMERGING TECHNOLOGIES
Presented By:Ayesha Bin Lootah –Director of Internal Audit – Dubai TourismIIA Board Member
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
OUTLINE
1. Introduction & Top Trends 2019.
2. Reality and Concerns.
3. Emerging Technologies Audit toolkit. - Audit toolkit (AI, Blockchain, Big Data).
- Consideration in Risk assessment.
- Use Case Analysis & Proof of Concept (PoC).
- Return on Investment (RoI).
- Governance.
- Information Security.
- Data Privacy, Regulation, & Compliance.
4. Enabling Audit by Emerging Technologies.
5. Next Steps…
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
“We implement what we plan, and we pursue actions not theories. The rapidly changing world requires us to accelerate our pace of development, for history does not recognize our plans but our achievements”
H.H. Sheikh Mohammed Bin Rashid Al Maktoum, Vice President and Prime Minister of U.A.E. and Ruler of Dubai
INTRODUCTION AND TOP TRENDS - 20191
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
INTRODUCTION
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS - VIDEO EVERYWHERE
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS – THE EDGE
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS – ARTIFICIAL INTELLIGENCE
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS – ARTIFICIAL INTELLIGENCE
• Revenues from the artificial intelligence (AI) market worldwide from 2016 to 2025 (in million U.S. dollars).
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS - 5G MOBILE
• 82% of mobile operators respondents are busy with trials and testing of 5G technology.
• 82% of mobile operator respondents rated ultra-low latency (ULL) the chief technical driver for 5G, followed by decreased cost per bit (76%), and increased network capacity (71%).
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS - BLOCKCHAIN
• Worldwide spending on Blockchain solutions is expected to grow from 1.5 billion in 2018 to an estimated 11.7 billion by 2022.
• Market capitalization of Bitcoin from 1st quarter 2013 to 1st quarter 201 (in billion U.S. dollars)
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS - BLOCKCHAIN
• FinTech - Global FinTech investments increased steadily between 2014 and 2017 from $19.9bn to $39.4bn at a CAGR of 18.5%. This trend accelerated in the first half of 2018 when $41.7bn was invested across 789 deals.
• Supply Chain & Logistics - World Trade Organization (WTO) estimates that the reduction of barriers throughout the supply chain could potentially increase global gross domestic product by 5% and escalate total trade volume by 15%.
• Identity Management: The ID2020 initiative continues to promote and support Blockchain technology to help the 1.1 billion people who live without an officially recognized identity.
• Retail & E-Commerce: Business value is projected to reach $164 billion by 2030.
• Healthcare: Blockchain in the healthcare sector is projected to reach $134 billion by 2030.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
BLOCKCHAIN – TOURISM SECTOR
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
2019 TOP TRENDS – BIG DATA
• Big data market size revenue forecast worldwide from 2011 to 2027 (in billion U.S. dollars)
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
BIG DATA – TOURISM SECTOR
REALITY AND CONCERNS?
2
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
REALITY AND CONCERNS?
• What types of skill sets does the profession
need to remain relevant?
• What factors would impact assurance
engagement risk?
• What would an assurance provider’s
ongoing responsibility entail once a smart
contract is released into a Blockchain?
• Will we conduct analytical procedures with
AI existence?
• What about testing of transactions?
EMERGING TECHNOLOGIES AUDIT TOOLKIT
3
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - AI
• Human Factor: • Ethics – (human error in development) (ie. AI algorithms). • Algorithm biases. • Meaning making (output): hard skills such as coding, analytics, and data
science are critical to AI, but so are soft skills such as collaboration, empathy, and meaning making .
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - AI
• Black Box: • Black box is “a usually complicated electronic device whose internal
mechanism is usually hidden from or mysterious to the user; broadly: anything that has mysterious or unknown internal functions or mechanisms
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - AI
• Mapping COBIT to Strategy: A Visual Representation of How to Apply COBIT® 2019 in the Auditing of AI
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - AI
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
CONSIDERATION IN RISK ASSESSMENT
Risk Category Risk Cover
Information &Data Security
Confidentiality of dataData corruptionData security breachesSecurity of dataOpen dataPersonal Data & Data PrivacyInformation IntegrityInformation AvailabilityBig Data
Risk Category Risk Cover
Digital &EmergingTechnology
Confidentiality of dataSecurity of dataNetwork link failureCyber attack, social engineeringattacks (such as phishing, baiting,scareware, tailgating, etc.)Configuration changesObsoleteCabling failureSoftware bugsHardware failureAutomation & Artificial Intelligence
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - BLOCKCHAIN
• The Oxford Blockchain Ecosystem map.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - BLOCKCHAIN
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT - BLOCKCHAIN
• Key Criteria:
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
USE CASE ANALYSIS & PROOF OF CONCEPT (POC)- BLOCKCHAIN
• Blockchain Strategy Framework (Oxford).
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT – BIG DATA
• What to check in Big Data Projects?• Clear project charter, objectives, stakeholders. • Organization value, RoI, Proof of Concept (PoC).• Data management platform (application, infrastructure, communication, cloud..etc). • Use cases – hypothesis, statistical methods, Statistical accuracy of output (valid?). • Compliance with local international data laws (privacy (PII), third party data,
consensuses). • Statistical reliability of target output. • Information and data classification (open, confidential, sensitive, secret). • Input data quality and data consistency. • compatibility with core infrastructure for scaling up (scalability). • Compliance with information security requirements (technical and governance). • Data Analytics Platform. • Results of behavioral analytics (decision making). • Integration points (DAP, DMP, BI tools, dashboards). • Prototypes. • Technical assessments (VAPT, Stress testing..etc). • System life cycle design (SDLC). • High availability. • Three tier architecture.• Use case automation (human error in development). • Migration.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
RETURN ON INVESTMENT (ROI)
• Return on Investment (RoI):• How much will an AI project cost?• How long will the integration take before the software is ready to use?• How will it be able to be used to drive value?• Will it be able to do what you want?• Do you know for sure that the software is going to achieve the outcome
that you set out to achieve?• Did the project achieve its objectives? (performance, accuracy, cost,
automation, process improvement, decision making.etc)
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
PERFORMANCE MEASUREMENT
• Performance Measurement & KPI Measurement: • Efficiency. • Speed. • Process (lead time).
• Accuracy. • Cost .• Effectiveness.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
GOVERNANCE
• Governance of emerging technologies: • Establishes accountability, responsibility, and oversight.• Helps to ensure that those with interaction with emerging technologies
have clear responsibilities and possess the necessary skills and expertise.
• Helps to ensure that emerging technologies activities and related decisions and action are consistent with the organization’s values, ethical, social, and legal responsibilities.
• Ensure having clear strategy and objectives. • Governing infrastructure requirements. • Ensure health and safety measures are considered (ie. IoT, AI, ML..etc.).• Ethical considerations. • World wide regulations are being developed.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
INFORMATION SECURITY
• $ 500 Million to over one billion – Media reports surrounding 2018 mega-breaches have speculated that each company involved could face a potential fine of 500% million to over 1$ billion if regulators uncover associated GDPR violations.
• In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time.
• In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers.
• In 2017, 147.9 million consumers were affected by the Equifax Breach.
• In 2018, 53% cyber security professionals responded with an insider-related attack.
• Global Cyber Security Index 2018 – UAE has ranked 33 (global rank), regional rank (5) with a total score 0.807
In 2017, 147.9 million consumers were affected by the Equifax Breach
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
INFORMATION SECURITY & RESILIENCE
• Technical & Security Assessments. • Review of technology stack. • Vulnerability Assessment. • Penetration Testing. • Privilege access management and access review. • Robotics (algorithms review) through data scientist• Strong password, two factor authentication, SSO. • Application low level design and architecture review. • Identity management and access review.• Configuration Review. • Security Architecture. • Communication and encryption. • Data masking and hashing. • Source code review. • Integration review (API..etc). • Antivirus and malware protection. • Back up, and data retention. • Stress testing and load balancing. • Patching. • High availability. • WAF.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
DATA PRIVACY, REGULATION, AND COMPLIANCE
• Regulating the unknown?
• Compliance with Data Privacy Laws (applicable, local and international; ie. GDPR).
• Regulation compliance –Information Security.
• Financial laws and policies (trading, IPO’s, ICO’s, stock market).
• Anti-money laundering. • Taxation.
ENABLING AUDIT BY EMERGING TECHNOLOGIES
4
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
ENABLING AUDIT BY - AI
• Virtual auditing agents: the EDGAR Agent (accounting firms). • Fraud detection and prevention. • Violation and exception prediction. • Decision making frameworks.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
ENABLING AUDIT BY - AI
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
ENABLING AUDIT BY - BLOCKCHAIN
• Authenticated smart contracts.• Enhanced security. • Financial Statement Auditing (the distributed ledgers are self
audited, and immutable). • Audit accuracy. • Smooth arbitration (external audit, and financial investigations).• External confirmation is no longer needed. (Confirmation is done
through the distributed nodes).
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
ENABLING AUDIT BY - BLOCKCHAIN
• The business value-add of Blockchain will grow to slightly more
than $176 billion by 2025, and then it will exceed $3.1 trillion by
2030. (Gartner)
• How the big players are reacting to Blockchain innovations:
• May 2016, Deloitte’s first Blockchain lab was launched.
• Begging of 2017, Ernst & Young (EY) became the first advisory firm
to accept Bitcoin for its services.
• November 2016, PwC launched Vulcan Digital Asset Services to
enable digital assets to be used for everyday banking, commerce and
other personal currency and asset-related services.
• September 2016, KPMG launched its Digital Ledger Services — a
suite of services designed to help financial services companies realize
the potential of Blockchain.
NEXT STEPS…
5
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
EMERGING TECHNOLOGIES AUDIT TOOLKIT
• Adopt and adapt existing frameworks and regulations.• Adoption of smart auditing procedures. • Explain and communicate proactively about emerging technologies
with stakeholders. • Explain and communicate proactively about emerging technologies
with stakeholders. • Become informed about emerging technologies design and
architecture to set proper scope.• Focus on transparency through an iterative process. Focus on
controls and governance, not only algorithms.• Involve all stakeholders. • Become informed about AI design and engage specialists as
needed. • Document architectural practices for cross-team transparency.
Dubai Tourism
-Confidential
Dubai Tourism-Confidential
REFERENCES
• https://uaecabinet.ae/en/details/news/mohammed-bin-rashid-uae-is-an-incubator-of-innovation-and-future-technology
• https://www.communicationstoday.co.in/wp-content/uploads/2019/01/IHS-Markit-2019-Trends-Report.pdf
• https://www.forbes.com/sites/danielnewman/2018/09/11/top-10-digital-transformation-trends-for-2019/#2060acf33c30
• https://www.statista.com/statistics/800426/worldwide-blockchain-solutions-spending/• https://fintech.global/2018-is-already-a-record-year-for-global-fintech-investment/• https://na.theiia.org/periodicals/Public%20Documents/GPI-Artificial-Intelligence-Part-III.pdf• http://www.isaca.org/Knowledge-Center/Research/Documents/Auditing-Artificial-
Intelligence_res_eng_1218.pdf?regnum=496716• https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledo
cuments/blockchain-technology-and-its-potential-impact-on-the-audit-and-assurance-profession.pdf• https://www.forbes.com/sites/insights-kpmg/2018/09/19/for-auditors-blockchain-has-blockbuster-
potential/#28ebb1676cb6• https://cointelegraph.com/news/how-blockchain-is-reshaping-external-audit-crypto-developments-by-
pwc-kpmg-ey-and-deloitte• http://rabida.uhu.es/dspace/bitstream/handle/10272/14419/Auditing_with_Smart.pdf?sequence=2• https://www.pwc.com/us/en/about-us/new-ventures/pwc-blockchain-validation-solution.html• http://rabida.uhu.es/dspace/bitstream/handle/10272/14419/Auditing_with_Smart.pdf?sequence=2• https://www.aon.com/getmedia/51bff3db-20ea-46dd-a9aa-1773cfe089ce/Cyber-Security-Risk-Report-
2019.pdf.aspx• https://www.itu.int/en/ITU-D/Cybersecurity/Documents/draft-18-00706_Global-Cybersecurity-Index-
EV5_print_2.pdf• https://www.varonis.com/blog/cybersecurity-statistics/• https://emerj.com/ai-executive-guides/predicting-roi-artificial-intelligence/
THANK YOUANY QUESTIONS?
Email: [email protected]