"There has been a significant increase in consulting requests from other internal departments. They are asking internal auditing to identify and provide guidance on risk management improvements and also to access our knowledge and experiences related to digital transformation."
- Masakazu Inori, Communications Team Leader of Legal Affairs and Internal Auditing
Established in 1999, NTT Communications is a wholly owned subsidiary of Tokyo-based Nippon Telegraph and Telephone Corporation (NTT), one of the largest telecommunications companies in the world. Also headquartered in Tokyo, NTT Communications provides consultancy, architecture, security and cloud services to help enterprises worldwide optimize their information and communications technology environments. The company, which has more than 20,000 employees worldwide, operates subsidiaries and offices in more than 110 cities throughout 40-plus countries and regions. As of the end of March 2019, NTT Communications’ operating revenue was approximately JP¥1.4 trillion (roughly US$12.7 billion).
As NTT Communications approaches its 20th anniversary in July, it is celebrating its lengthy track record of innovation. While the company has clearly made good on its original mandate to “Change Communications” — the tagline under which the company launched in 1999 — it continues to embrace transformation and innovation. The company’s new trademarked tagline, “DX EnablerTM,” refers to its goal of changing the world through digital technology (“DX” is shorthand for “digital transformation”).
In a message posted on his company’s website, NTT Communications President and CEO Tetsuya Shoji explains that the organization is helping clients achieve their digital transformation goals as it simultaneously pursues its own internal DX objectives. To assist customers with their DX goals and efforts, NTT Communications provides services supported by advanced technologies, such as artificial intelligence (AI), the Internet of Things (IoT) and more, as well as infrastructure services (e.g., networks and data centers) that enable and promote data utilization.
“Our goal is to help our customers achieve new business creation and business process innovation by equipping them with new findings and forecasts derived from their collections of big data,” explains NTT Communications Team Leader of Legal Affairs and Internal Auditing Masakazu Inori. In support of NTT Communications’ internal DX endeavor, the internal audit function also operates as a “DX EnablerTM” for the rest of the business.
"The company’s new trademarked tagline, “DX EnablerTM,” refers to its goal of changing the world through digital technology."
A Two-Pronged Approach to Transformation
The internal audit function’s 17 full-time employees operate on three teams: internal audit, Sarbanes-Oxley (SOX) compliance (NTT Communications’ holding company, NTT, is listed on the Tokyo Stock Exchange) and audit planning. Inori currently serves as the leader of both the SOX audit team and the audit planning team, although that structure will soon change. “To further improve the skills of the auditors, we are working to integrate the internal audit team and the SOX audit team,” Inori explains. “Each team manager will be responsible for the work of the other team as well.”
Internal audit’s mission, Inori notes, is to minimize companywide risks and to increase corporate value through the compliance and efficiency of business activities. The function’s short-term goal is to deliver objective assurance on the effectiveness of internal controls, identify issues based on root-cause analysis, and support the resolution of any controls-related problems throughout the organization. The function’s long-term goal, Inori notes, is to operate as “a trusted adviser that provides strategic advice that has high value for business activities.”
Mirroring the company’s two-pronged approach to digital transformation, the internal audit function strives to operate as a “DX EnablerTM” by supporting digital transformation efforts performed by its internal customers throughout the enterprise while simultaneously pursuing internal audit transformation. Auditing analytics and a move to a more risk-based auditing methodology represent two of the function’s primary transformation focal points.
Continuous learning represents a related functional priority. “In addition to acquiring various audit know-how through operations, we are actively encouraging our internal auditors to participate in various internal and external training, obtain professional certifications, and exchange opinions with people from other companies’ audit departments,” says Inori. His team is also learning about AI and its applications.
The “Awareness Effect” and Other CAAT Benefits
The internal audit function deploys a range of advanced technology to serve as a “DX EnablerTM” to the business and to advance the function’s own digital transformation. Most of these tools enable internal auditors to derive, and more effectively communicate, new insights by analyzing larger collections of data.
The function began applying computer-assisted auditing techniques (CAATs) and tools to audits in the labor compliance areas in June 2017. Since then, the function’s use of advanced technologies, especially those related to data analytics, has steadily increased. Internal auditors have used robotic process automation (RPA) to collect and cleanse expense data from spreadsheets and then load the data into a database where it can be analyzed via ACL Analytics software. Part of the reason his team has undergone AI training, Inori notes, is so that the function can evaluate how and where to deploy AI tools to strengthen its assurance work. The function also uses Tableau’s data visualization tool and R, a programming language designed for data mining.
Inori notes that the data visualization tools “are particularly important” because they equip management and employees with a more precise and lucid understanding of risks in their areas, which in turn strengthens their ability to manage and mitigate those risks on their own. All of these tools are used to strengthen auditing activities.
When examining labor compliance, the internal audit team analyzes working time data, as well as entry and exit history data, to assess risks related to compliance with Japan’s Labor Standards Act. Internal audit applies similar analyses to other (complete) data sets to assess expense spending for any anomalies. Inori reports that these techniques deliver numerous benefits, such as:
- Exhaustiveness: By scrutinizing all of the data, unaudited risks are eliminated.
- Fairness: There is no room for arbitrary judgment or sampling errors because the data is obtained directly from the system.
- Objectivity: Any human bias related to data extraction and comparison decisions is eliminated.
- An “awareness effect”: As the entire company becomes more familiar with internal audit’s ability to analyze complete data populations, that knowledge produces a deterrent effect against fraud.
The success of these analytics-enhanced audits has stimulated demand for internal audit’s consulting offerings. “There has been a significant increase in consulting requests from other internal departments,” Inori notes. “They are asking internal auditing to identify and provide guidance on risk management improvements and also to access our knowledge and experiences related to digital transformation.”
Inori and his team strike a careful balance when providing consulting services. “When we receive a request for internal consulting, we are particularly conscious of standing in the other party’s position and thinking together in a collaborative fashion,” Inori explains. “We never look at them from above, and we are always clear as to what the second line of defense should do and what the third line of defense should do.”
Future-Ready via a Risk-Based Approach
NTT Communications’ internal audit function is also re-engineering processes as part of its internal transformation. A shift to increasingly risk-based audits represents one such process overhaul.
To move to a more risk-based auditing approach, Inori’s team gathered a large volume of risk information that exists throughout the company. Examples of this risk information include:
- Findings by the National Board of Accounting
- Concerns of internal auditors
- Concerns regarding the domestic subsidiaries, according to audit and supervisory members
- A wide range of compliance-related information
- Risk that has been identified in data analysis
- Risk categories identified by the business risk management (BRM) committee, which is responsible for enterprise risk management
Using that information, the internal audit function created a risk map that identifies the size of impact and likelihood of occurrence for each risk. Inori and his team now use the risk map to strengthen their discussions with executives.
"The success of these analytics-enhanced audits has stimulated demand for internal audit’s consulting offerings."
The move to a risk-based auditing approach, combined with the ongoing adoption of advanced technologies, has helped the internal audit function pivot in another way. Inori notes that his team’s audits previously focused on detecting past deficiencies and fraud indicators. Now, he adds, “We are using the latest data analysis technology to predict future behavior patterns and prevent and mitigate related risks.”
Click here to access the full list of profiles.