"Our company is changing rapidly and undergoing digital transformation, so internal audit has to obtain information faster than the traditional model allows. Management and the audit committee don’t want to know what happened six months ago — they want to know what’s happening right now."
- Lynne Howison, Senior Director of Internal Audit
A widely recognized brand, Brinks Home Security has long been known for its dedication to security and protection. The company has bolstered this brand reputation while also becoming known for rapid and creative innovation. A number of major ongoing changes, including the implementation and refinement of an e-commerce system, have enabled the company to increase its growth rate during the past two years. A few years ago, Brinks Home Security launched a direct-to-consumer online channel, which now complements sales of its alarm systems and services through dealers that perform the installation, as well as a do-it-yourself offering supported by more streamlined installation assistance.
Based in Dallas, Brinks Home Security is the sole operating subsidiary of Denver-based Ascent Capital Group, Inc. (Nasdaq: ASCMA), a publicly listed company. Most of Brinks Home Security’s approximately 1,000 employees work from the Dallas area. The company also operates offices in Kansas and Illinois.
“The customer is our business,” notes Brinks Home Security Senior Director of Internal Audit Lynne Howison. “Everything we do centers on acquiring, retaining and satisfying the customer.” This aspect of business is thriving: Brinks Home Security was ranked highest in customer satisfaction among home security brands as part of J.D. Power’s 2018 Home Security Satisfaction Study. ℠The company’s corporate data analytics group plays a pivotal role in tracking, analyzing and sharing information and metrics that help the rest of the business understand customer behaviors. This understanding helps increase customer acquisition and retention rates.
Lean, Mean and Always Moving Forward
Howison leads a two-person internal audit function. After her former direct report was promoted to a more senior role in the company’s finance and accounting function, Howison hired a senior auditor with a decade of auditing experience, information technology (IT) auditing expertise, and Certified Information Systems Auditor (CISA) credentials. Through advanced technologies and auditing methodologies, including data analytics, robotic process automation (RPA), continuous auditing and agile auditing techniques, the lean internal audit function can perform more work in less time, though Howison asserts that the primary purpose of these tools is to provide more speed and information.
“Our company is changing rapidly and undergoing digital transformation, so internal audit has to obtain information faster than the traditional model allows,” Howison notes. “Management and the audit committee don’t want to know what happened six months ago — they want to know what’s happening right now.” As a result, the internal audit function is intensely focused on keeping pace with the business. Keeping up, Howison says, means identifying risk factors faster and then providing useful feedback to management that strengthens their decision-making process to ensure that they’re meeting their strategic objectives. “And, yes,” she adds, “we do a lot with a little given our size. We have to be very creative on that count.”
Not surprisingly, the internal audit function’s strategic objectives include the goal of keeping up with advanced auditing techniques and tools. In addition to his IT auditing expertise, Howison’s senior auditor has experience using ACL’s auditing analytics software, and he is training to use Tableau’s visual analytics software. He and Howison are also refining the governance, risk and compliance (GRC) tool they use for managing the company’s Sarbanes-Oxley (SOX) program. The function’s goals this year include applying RPA to at least one auditing process, completing work on a continuous auditing capability, advancing the use of agile auditing and increasing the application of data analytics throughout the annual audit.
"The enterprise risk assessment that internal audit conducts each year also serves as an important guidepost — one that helps ensure that the function remains focused on the issues that are of the greatest strategic importance."
Howison relies on the following set of decidedly nontechnological guiding principles to help her function succeed in its testing and implementing of advanced auditing techniques and technologies:
- Take “thoughtful leaps of faith”: When considering how to apply advanced auditing technology, Howison is less concerned with identifying in advance which audits will be conducted with the new technology or what the outcomes of those experiments will be. Instead, she is more focused on getting started, learning from the experience, applying those lessons and then expanding the use of that technology to more audits. “We’re a small team,” she says, “so our mindset is, ‘Let’s just start.’ That’s the most important part — taking a thoughtful leap of faith.”
- Don’t reinvent the wheel: As internal audit sought to increase its use of advanced analytics to examine customer-and revenue-related risks, Howison decided that “we’re not going to reinvent the wheel.” Instead, she and her senior auditor tapped into the existing data lake maintained by the company’s data analytics group. “I can’t hire a team of data analytics experts,” she adds, “but I can go downstairs to the head of our data analytics group, find out about the rich data analysis that we already have within the company, learn how management’s using it, and figure out how we can leverage that.”
- Collaborate: After learning about how agile auditing could produce more timely and relevant audit results, Howison and her senior auditor sat down with a similarly lean internal audit function in another Dallas-based company to discuss agile auditing strategy and practices. “We brought our teams together and whiteboarded out how we could run an agile audit in accordance with auditing standards,” Howison says. That collaboration produced a two-page document laying out an agile auditing methodology that Howison’s team has been using for the past few years.
The enterprise risk assessment that internal audit conducts each year also serves as an important guidepost — one that helps ensure that the function remains focused on the issues that are of the greatest strategic importance — as Howison and her senior auditor expand their use of next-generation auditing techniques.
Data Tells a Deeper Story
To meet her function’s objective of increasing its use of data analytics in audits, Howison learned about existing sales and customer analytics from the company’s data analytics group before auditing the sales function. “Before we went out into the field, we met with the director of our data analytics group,” she says. “We got as much data analysis and information about the sales process as possible from him. That interview helped us figure out the most meaningful questions to ask about sales and customer data and who to ask.”
Equipped with those insights and customer and sales analyses, Howison and her senior auditor visited with sales leaders to discuss what the data revealed concerning key sales measures like customer acquisition and attrition. “When we saw something that might drive attrition, we could drill down into a high level of detail to identify possible root causes,” explains Howison. “Those extremely detailed analytics led us down the path to hold much more directed follow-up conversations around internal controls,” Howison says. “At the same time, we’re always keeping the enterprise risk perspective in mind because issues like sales and attrition are the most important concerns.”
The combination of traditional internal audit interviewing and precise supporting data enabled internal audit to share a more concise and convincing story with senior management regarding sales function risks and opportunities. The next steps for internal audit in its use of data analytics include leveraging Tableau to report the same information in a more visually compelling manner and to start automatically receiving relevant sales and customer analytics without having to submit requests to the corporate analytics function.
Move Faster, Illustrate More
Like the analytics-supported sales audit, the deployment of agile auditing also began with collaboration. Using the two-page plan from the collaborative planning session as a guide, Brinks Home Security auditors applied the methodology.
"The combination of traditional internal audit interviewing and precise supporting data enabled internal audit to share a more concise and convincing story with senior management regarding sales function risks and opportunities."
“In our most recent audit, we followed the agile audit methodology — we did not wait until we had fully documented everything or even finished all of our procedures,” Howison says. “As soon as we had a number of findings and the data and illustrations to support the findings, we shared them with management.”
Howison and her senior auditor individually sat down with the company’s chief financial officer (CFO), chief operating officer (COO), and president of sales and examined the initial findings well before the final report was completed. “They were extremely receptive to the new approach because they could utilize the information we shared immediately to start making changes and improvements,” says Howison. The executives also provided feedback on how the interim reports could be improved, and internal audit incorporated that guidance into its next round of interim reports.
“Our CEO has been very engaged in our agile approach,” Howison notes. “He’s validated the importance of our findings, and monitors what changes are being made in response to our work and when those changes are being completed. The audit committee also provided very positive feedback.”
"While advanced auditing techniques and emerging technologies are key enablers of that agility, Howison points to a far more traditional auditing tool — one-on-one interviews — as a vital initial step prior to testing out new advanced approaches."
That agility is crucial if the internal audit function is to fulfill its goal of keeping pace with the business. While advanced auditing techniques and emerging technologies are key enablers of that agility, Howison points to a far more traditional auditing tool — one-on-one interviews — as a vital initial step prior to testing out new advanced approaches.
“When we’re interested in using new technology to audit a specific process, I talk to the people who perform the process, as well as all of the people surrounding the process and/or affected by it,” Howison adds. “Those insights give us a comprehensive picture of the process that no one else in the company usually sees. And that helps us ensure that we’re focused on the right enterprise risks as we introduce new methods and tools.”
Click here to access the full list of profiles.