"Evolving into a next-generation internal audit function is a strategic priority for us — as it must be. We can’t hold on to our traditional ways. We must modernize and keep pace with change at our company."
- Maria Rontogianni, Senior Vice President, Group Audit and Group Risk Governance
Deutsche Telekom AG is one of the world’s leading integrated telecommunications companies, with approximately 178 million mobile customers, 28 million fixed-network lines and 20 million broadband lines. Formerly known as Deutsche Bundespost Telekom, the company is one of three business entities that evolved from Deutsche Bundespost, a state-owned postal and telephone service founded in West Germany in 1947 that privatized in 1995.
Deutsche Telekom has operated under its current name since 1995. Based in Bonn, the company has grown strategically through acquisitions over the past two decades, and today operates in more than 50 countries and employs more than 200,000 people around the world. Deutsche Telekom is a major shareholder in several telecommunications companies throughout Europe and in wireless network operator T-Mobile in the United States. Its subsidiary, Frankfurt-based T-Systems, provides global IT and consulting services, primarily for business-to-business customers.
"Deutsche Telekom’s focus on change, and preparing for an increasingly digitized future, impacts all corners of its business, including internal audit."
In anticipation of skyrocketing demand for broadband in the future and the need for telecom infrastructure that is intelligent enough to open up new business areas to entire industries, Deutsche Telekom is building more efficient networks that can transport ever-greater volumes of data at ever-higher speeds. It is also working to evolve from being a traditional telephony company to becoming “an entirely new kind of service company” that can seize growth opportunities in new business areas.
Ramping Up on Agile Working Methods
Deutsche Telekom’s focus on change, and preparing for an increasingly digitized future, impacts all corners of its business, including internal audit. “Evolving into a next-generation internal audit function is a strategic priority for us — as it must be,” says Maria Rontogianni, senior vice president, group audit and group risk governance, at Deutsche Telekom. “We can’t hold on to our traditional ways. We must modernize and keep pace with change at our company.”
Transformative change at Deutsche Telekom includes its recent embrace of agile working methods, including the Scrum method, in its Telekom IT organization and other areas. For Rontogianni and her internal audit team, that shift presents challenges. “How do we preserve the control environment in an agile organization?” she asks. “How do we look at authority, responsibility and accountability as we move from a typical boxed organizational structure to an agile one, with tribes, chapters and squads?”
Another challenge, Rontogianni says, is that the agile method is not a “one size fits all” across different types of service and delivery models. “Deutsche Telekom is a service organization based on a technology delivery model, so how agile and that model merge is nuanced for all of us — not only for operations but also for internal audit,” she explains. Rontogianni says she is eager to get her team up to speed on agile work methods. “We’re learning about agile right alongside the business,” she says. “I’m also researching formal training options to see what’s available on this topic for internal auditors. And I’m looking to The Institute of Internal Auditors for more insight and watching what’s happening in the profession and with our peers across industries.”
Adopting a More Global Approach to Internal Auditing
In addition to gaining a deeper understanding of agile work methods, internal audit’s short-term goals include solidifying the function’s internationalization strategy. “This strategy has been a big focus for us for the past two years,” Rontogianni says. “We have so many individually operating companies, especially in Europe. Our aim is to internationalize how internal audit works at Deutsche Telekom — from our charter to our tools and to how we operate.”
Rontogianni, who has been leading Deutsche Telekom’s internal audit function since June 2016, collaborates with a team of about 150 internal audit staff who work in locations from South Africa to Seattle, which is T-Mobile’s U.S. home base. “Our internal audit department is local yet international,” says Rontogianni, adding that Deutsche Telekom’s acquisitions, or “NatCos” (national companies), have their own internal audit functions that do not report formally to the parent company.
“Really, we are one department, even though our governance structures have different reporting lines,” Rontogianni says. “Our long-term strategy is to build on the baseline of internationalization that we’ve developed so we can effectively serve a technology company that is rapidly changing.”
Over the first two years of internal audit’s internationalization effort, the goal was to increase the percentage of aligned individual audit plans from 10% to 25%. Now, the team is working toward 30% to 40% alignment, according to Rontogianni. She says individual audit plans on the same topic are being executed by 40 mobile auditors working across 14 different companies.
“It’s a big undertaking,” she says. “It’s mind-boggling what we’ve achieved in the last 18 months with internationalizing our processes, our system and the mobility of our people across many legal entities and cultures. It’s a win-win all around for the audit department, the stakeholders and the audit committees because we’re now more comprehensive and global in our approach.”
"In addition to gaining a deeper understanding of agile work methods, internal audit’s short-term goals include solidifying the function’s internationalization strategy."
Exploring Options to Go Deeper With Data Analytics
Technology plays an important role in supporting internal audit’s internationalization, according to Rontogianni. “We’re in the process of implementing the Teammate Plus audit management system, which will be our global audit work paper tool. We are also using various solutions, like OneNote, to support our international communication and collaboration. It’s quite interesting how things have changed.”
Rontogianni says internal audit is also now looking at how it can expand its use of data analytics. One plan is to modernize the Financial Reporting Data Analytics tool, or FReDA, which internal audit developed five years ago. “It’s a purchase-to-pay auditing process,” explains Rontogianni. “We write SQL queries into SAP and do testing from purchase orders to payments. Now we’re thinking about how to develop that further, maybe extending it to payroll or sales.”
The internal audit function is also considering whether to offshore some of its data analysis as a way to get faster and more globalized results. “Using offshore data scientists is clearly a cost benefit for us,” says Rontogianni. “These resources are already doing this work for other parts of the organization, so why not for internal audit? We’d need to skill up those individuals to think like auditors, of course. We also would need to consider any potential control issues with offshoring this work.”
Rontogianni says that no matter how much internal audit work can be automated or digitized, internal auditors “still need to think, and apply the rules of their market, of their organization, and of proper compliance and governance.”
Visualizing a More Holistic Future for Internal Audit
As the internal audit function at Deutsche Telekom continues to evolve its processes and practices to meet digital age demands, Rontogianni has a future vision in mind. She sees her team one day providing holistic assurance to the business based on an aligned assurance risk assessment model. She is quick to add that this more holistic process would provide greater assurance to audit committees and drive more impactful management action plans.
Rontogianni says that no matter how much internal audit work can be automated or digitized, internal auditors “still need to think, and apply the rules of their market, of their organization, and of proper compliance and governance.” The combination of technology and human thinking is what will ultimately create value for the business and drive results.
“For internal audit, digital transformation is about how we can utilize information more effectively to make more informed decisions. It’s also about preserving the three lines of defense and supporting a stronger control environment,” she says. “Digitizing and then letting go is not the endgame for us as internal auditors.”
While internal audit teams around the world are working to transform digitally, Rontogianni notes that not all change needed to meet the challenges of today’s rapidly changing business environment is technological. She points to her team’s internationalization efforts as an example. “What we have accomplished is quite innovative,” she says. “We have succeeded in transforming individual local mindsets to one international mindset. It is the foundation for how we will operate going forward. And all this was achieved by something very traditional, a positive and healthy ATTITUDE!”
Click here to access the full list of profiles.