“Audit Global One Team” Initiative Helps Internal Audit Bridge Communication Gaps as NTT DATA Expands Internationally
Company Headquarters — Japan
Number of Countries Operates in — 40
Number of Employees in Company — 75,000
Industry — IT Services/Data Communications
Annual Revenues — 1,302 billion yen (as of FY 2012; ending March 2013)
Number in IA Function — 44
Number of Years IA Function Has Been in Place — 26
IA Director/CAE Reports to — Chief Executive Officer and Executive Vice President
“We will need to adopt a ‘common language’ that will allow us to perform our jobs effectively among all internal audit groups around the world. … The Institute of Internal Auditors’ Standards could serve as that language.”
- Satoshi Takaishi
NTT DATA Corporation, a subsidiary of Japanese telecommunications giant NTT Group, is the largest information technology (IT) services provider headquartered in Japan. NTT Group formed NTT DATA when it spun off its data communications business in 1988. NTT DATA specializes in systems integration (SI), especially mission-critical systems, such as banking systems and government administration systems, which could cause great disruption to society if service were suspended. NTT DATA offers many related services, as well, including network system services, consulting, and business IT outsourcing. It also provides Internet access, intranet development, and a wide range of e-commerce services.
NTT DATA has long dominated the Japanese IT market, and many industries, such as banking, health-care, manufacturing and transportation, rely heavily on its services in Japan. However, the 21st century brought a time of change for NTT DATA. The company was facing limited growth potential in Japan’s IT market due to saturation, and globalization of the economy was causing many of its clients – major Japanese companies – to transform into multinational players. Those clients wanted NTT DATA to offer seamless services regardless of business location. Therefore, NTT DATA set globalization as a key growth strategy so it not only could survive, but also keep growing.
NTT DATA began major mergers and acquisitions (M&A) activity overseas in 2008 – and now operates in 40 countries around the world. It acquired two German companies: itelligence, a leading international IT full-service provider for SAP, and Cirquent, an IT consulting and professional services provider, in 2008. In 2010, it acquired Keane International, a multinational SI provider headquartered in the United States. NTT DATA continues to pursue global expansion through M&A; in February 2014, it acquired Everis Group, a relatively new SI provider in Spain.
NTT DATA aims to become a top-five global company by evolving into a corporate group that provides a wide range of IT services to its clients on a global scale – essentially, a one-stop shop service provider. To that end, it is working to unify all NTT DATA brands as “Global One” to enhance collaboration and information sharing, and better align specialized skills and resources, among its geographically dispersed businesses. Another motivation for the initiative is to strengthen the presence of the NTT DATA brand and eliminate regional and resource overlap. Since 2011, the company has established several Global One Teams, including SAP; Business Intelligence (BI); Oracle; Telecom; and Testing.
Helping to support this new focus for NTT DATA is the company’s internal audit function, led by Satoshi Takaishi, head of the Internal Audit Department (IAD) at NTT DATA’s Tokyo headquarters. The internal audit function at NTT DATA has been increasing both its size and scope to keep pace with the company’s rapid international expansion. The team has more than doubled in size since 2007, from 18 to 44 staff members.
Growth brings new challenges
With each acquisition comes the complexity of the integration process – and the need for target companies to move away from their already-established systems and processes to meet NTT DATA’s requirements. Each acquired business also has its own unique history and culture, which must be acknowledged as NTT DATA’s values and practices are introduced. There are also regulatory differences to consider, as well as each company’s style of internal control.
“The challenge for IAD is to communicate to the newly acquired businesses the value of NTT DATA’s approach to internal control,” says Takaishi. “We begin by setting the expectation of what the minimum level of internal control should be, and we build from there.”
Only a few years ago it would’ve been next to impossible for NTT DATA’s internal audit team to even find time to help support the company’s global growth strategy and integration challenges. Internal auditors were overwhelmed with work related to the Sarbanes-Oxley Act (SOX) in the United States, and the Financial Instruments and Exchange Law (J-SOX) in Japan. In 2010, IAD established a project management office specifically for SOX- and J-SOX-related work and by NTT DATA’s 2012 fiscal year, the number of deficiencies identified by internal or external auditors had declined by almost half.
“SOX and J-SOX compliance was a nightmare for us five years ago, but now, we have overcome such a tough period and compliance activities have become kind of routine,” says Eiji Nakada, senior manager of IAD and direct report to Takaishi. “Full compliance is still a challenge, of course, because every year we face new issues – such as the introduction of new regulations and participation of newly acquired companies that have either no knowledge of or experience with SOX or J-SOX compliance.”
The Audit Global One Team
To help facilitate sharing and deployment of best practices, IAD at NTT DATA took inspiration from the company’s efforts to unify global operations and formed the “Audit Global One Team.” Before this initiative was launched in 2012, NTT DATA Tokyo had been performing all of the audits for the company’s subsidiaries outside of Japan – from New York to Brisbane to Milan.
In the first meeting of the Audit Global One Team, held in Boston in July 2012, Takaishi proposed that each regional headquarters (RHQ) location perform the audits for their region, and NTT DATA Tokyo IAD review their activities, setting the implementation target for fiscal year 2014. RHQ North America (Boston) and RHQ Business Solutions (Bielefeld, Germany) have established their own internal audit teams. RHQ EMEA (London), RHQ APAC (Singapore) and RHQ China (Beijing) are in the process of setting up dedicated internal audit functions.
For the latter three RHQs, NTT DATA Tokyo IAD conducts joint audits with staff in charge of internal audit to help them understand audit processes and control requirements and learn how to meet certain compliance expectations. All RHQs except China have their own audit committees. Nakada is helping those audit committees’ activities through his participation as an observer, giving advice on internal audit best practices. The Audit Global One Team, as a whole, meets annually.
“Through better collaboration, we are creating one effective internal audit function throughout NTT DATA,” says Takaishi. He explains that the Audit Global One Team concept is allowing internal auditors and senior executives from across the company to build relationships, which goes a long way toward building trust and being proactive about sharing information and raising issues.
“As internal auditors, sometimes we have to deal with uncomfortable issues, such as fraud and scandal. If we don’t have good relationships, people won’t feel comfortable coming to us with problems. By meeting in person on a regular basis, instead of just relying on communication via email or phone, we can break down these barriers. The Audit Global One Team initiative is a major factor in helping to make this possible,” says Takaishi.
Communication skills necessary to help influence change
The more new markets NTT DATA expands into, the more likely it is that internal auditors will encounter some frustration and even resistance from people unfamiliar with the company’s audit process or with certain compliance expectations. This means auditors must be able to communicate with such new participants to understand and accept the need for change and make necessary improvements, and to help NTT DATA identify and avoid potential risk.
“NTT DATA is pursuing growth in emerging markets, so we are now entering risky countries,” says Nakada. “For example, the company received an order to create a system for the Central Bank of Myanmar. In Myanmar, there is almost no framework for securing internal control effectively. Also, the company is considering doing business, with assistance from the Japanese government, in some African countries where there seems to be no legal framework or even a sense of compliance.”
Takaishi adds, “We cannot avoid these markets because they are strategic to NTT DATA’s growth objectives. So the challenge for the company and IAD is figuring out how best to explain to these companies why their business customs are not acceptable to us from a global point of view. We must have this conversation: If and when a small business group in one region commits fraud, or a crime, the negative impact on NTT DATA might pervade globally in just an instant.”
As NTT DATA continues to grow through acquisitions, internal audit will need to assist each new entity with designing, equipping and maintaining a certain level of internal control, says Takaishi. “Maintaining the core competency of newly acquired subsidiaries and transforming them into real members of NTT DATA Group, with shared visions and values, will remain an ongoing responsibility for our team.”
There is another challenge ahead for internal audit, as well. Takaishi expects that as NTT DATA becomes more diversified culturally, it will be even more difficult for internal auditors to find common ground with the various businesses they must audit. “We will need to adopt a ‘common language’ that will allow us to perform our jobs effectively among all internal audit groups around the world,” he says. “I believe The Institute of Internal Auditors’ Standards could serve as that language.”