Customers
Login
Auditboard's logo

January 30, 2022 4 min read

AIG’s Naohiro Mouri Envisions the Future State of Audit Automation

Join Richard Chambers for a new episode of his Agents of Change video series, featuring conversations with internal audit leaders from some of the world’s most prominent organizations about innovation in the profession.

In this episode, Richard sits down with Naohiro Mouri, EVP and Chief Auditor at AIG, to discuss his team’s cutting-edge approach to internal audit analytics and automation that creates opportunities to add significant value to the organization, including:

  • How his tech-savvy internal audit function has stepped up to support business transformation.
  • How his team leverages automation in the audit process to share data-driven insights from full-population testing.
  • Why being relationship-centric requires the courage to be honest. 
  • What the audit automation future state will look like 10 years down the road.

Watch the full conversation, and read the can’t-miss highlights below.

Naohiro Mouri, EVP and Chief Auditor at AIG, shares how his team’s creative approaches to audit automation are providing data-driven insights for the business.

How a Tech-Savvy Internal Audit Function Supports a Transforming Business

Richard Chambers: In my book, “Agents of Change,” I took the position that internal auditors should seek to drive change in their organizations. What’s your view about internal auditors as change agents and how would you define a change agent?

Naohiro Mouri: I think being a change agent is a very important and, in my view, attractive element of being an internal auditor because internal audit covers every facet of the organization that it audits. In AIG, one of the highest expectations that we have in internal audit is to stay with the business and then help them to transform because AIG itself is transforming as a company. So we have a very important role to play to help the business transform itself.

AIG’s Cutting-Edge Approach to Analytics and Automating Audit Testing

Richard Chambers: You have been talking about some of the innovations and technology advancements that you’ve been driving in the internal audit function at AIG. Before we have any real credibility in our organizations as agents of change helping our companies and our enterprises improve, we have to start by improving internal audit — and you’ve been able to already articulate some of the things you’ve done there. Can you talk a little more about what you and your team have done around RPA and what do you think the future looks like for that?

Naohiro Mouri: The value-added process is the analytics piece: looking at the inside trends and finding things through data.

Leveraging Technology to Respond to Change

Richard Chambers: We’re coming to the point where soon it will be two years that we’ve been in the COVID pandemic.. What role has technology played in getting you and your team through these events of the past two years? Has it helped you and your organization be more responsive to change?

Naohiro Mouri: Without technology — without having the video conferencing capacity and direct access to the data — we would not be able to perform any of the functions that we do. Now, clearly technology still doesn’t enable us to look over someone’s shoulder when they’re processing something, that only happens in person. We are yet to get to that point. Other than that, the majority of the things that we’ve been doing in internal auditing can be done through technology.

Being Relationship-Centric Requires Courage to be Honest

Richard Chambers: In the book, “Agents of Change,” the four characteristics that CAEs believe an internal auditor needs to have to be an agent of change in the 21st century are business acumen, a strategic mindset, being relationship-centric, and being innovative. Are there others you would add beyond those?

Naohiro Mouri: Yes, just this one thing: No surprises to anyone. That’s probably part of being relationship-centric, but I’ve seen so many auditors fail because they felt things were right to do, but they didn’t actually talk to people before they did it. That surprised people and unfortunately put them in a very difficult position. So I always work with the team because we’re part of the team. Our job is to help achieve management’s objectives, to enhance controls, to better serve our customers. As long as you maintain that objective and clear goals, I think you’ll be fine.

Richard Chambers: Good point on no surprises. When I ask audit committee members and even CEOs what they are looking for from internal audit, the most common thing I hear is “no surprises.” They don’t like to see something happen that they didn’t have any clue was a major risk. It’s a high expectation for internal audit and one that’s tough to live up to, but it is part of the landscape and it’s something we have to be effective at.

Naohiro Mouri: One other thing, Richard — you always talk about courage or being honest. Some of the things that we deal with are painful, people don’t want to hear it, but you have to be courageous enough to put that in front of your CEO or your management team and say, “This is what I see, what do you think?” And if you can’t do that, I think people don’t recognize you as a valuable team member.

What the Audit Automation Future State Will Look Like

Richard Chambers: If asked you to pull out a crystal ball and look ahead, what are the major developments that you think over the next 10 years could happen with this profession? Or maybe what would you like to see happen for the internal audit profession in the decade ahead?

Naohiro Mouri: I want auditors to be more consultative. I expect consulting activities to be a lot bigger. Obviously everything has to be based on assurance, but assurance, like I said, can be automated. When you automate assurance, then you can use that data or information to better serve your clients by providing much more accurate and timely insight and advice. And you can really help to create the environment where audit becomes part of the process. I know that this could be a controversial conversation because we always don’t want to be part of the process, but we are, because some businesses do depend on audit to find things. Obviously controls belong to the first line, but our job is to help them to find things and then provide remediation efforts. Now, we’re not going to help them to do things for them, but through the audit process we build tools and automation consoles, and we can certainly provide those data to the first and second line.

You may also like to read

Healthcare Audit
Internal Audit

Healthcare Audit: Ensuring Compliance and Improving Patient Care

LEARN MORE
Cybersecurity Audit Essentials
Internal Audit

Cybersecurity Audit Essentials: Roles & Responsibilities, Steps, and Best Practices

LEARN MORE
Featured image
Internal Audit

Navigating Internal Audit Challenges in Retail: A Strategic Approach to Risk and Compliance

LEARN MORE

Discover why industry leaders choose AuditBoard

SCHEDULE A DEMO
upward trending chart
confident business professional