“Co-creating with our customers through hackathons and competitions such as our Global Innovation Awards and Code Games has had a major impact on the internal audit department.”
We want to understand what our customers face, to provide them with new, efficient, and user-friendly services and products in the best way possible.
Audit Magazine sat down with Peter Kruysifix, Vice President of Internal Audit at Wolters Kluwer, to discuss risk management and internal audit in a time defined by cutting-edge technology developments.
You’re leading Wolters Kluwer's internal audit department, how are the team and work organized?
In recent years, we have invested a great deal in know-how and qualifications, such as the CIA and CISA certifications and internal training provided by Wolters Kluwer itself. Our internal audit department is based in the Netherlands, where we are headquartered, and in the United States, our biggest market. Although we have a great deal of in-house knowledge, we occasionally engage specific knowledge externally (co-sourcing).
It is important for an internal audit department to continue to be relevant. You can achieve this by being close to the company and acting together. I am very enthusiastic about calling in our employees for audits. This is not only a condition, but it also makes it enjoyable: the significant advantage of an internal audit is that you can look behind the scenes! We also use ‘guest auditors’ from the business community to contribute relevant know-how and to increase cooperation with the business community.
How did the transition from print to online go?
Wolters Kluwer has become a technology company. The transition from print to digital started about 15 years ago. Currently, 90% of our products are offered digitally or as services. We continue working towards expanding and improving our digital products through advanced technology because our customers increasingly feel the need to work faster, do more with less, and that developments are taking place quickly. We want to understand what our customers face to provide them with new, efficient, and user-friendly services and products in the best possible way. This has also had a major impact on the internal audit department. On the one hand, the use of technology, including our product TeamMate+ and analytics software, and on the other hand also the new risks that are created by the use of modern technology within the organization.
What’s the key to the success of internal audit?
An internal audit department needs to continue to be relevant. The guest auditors and co-sourcing mentioned are an excellent way to achieve this. Know-how and skills to perform audits in a digital environment are of specific importance to us. This means that we always need talented individuals. We need to engage these individuals, develop their skills further, and retain them. It requires a lot from an auditor to work with technology and to audit technology. Technological developments will also ensure that the profile of the internal auditor will continue to change, but ultimately, it is a human process.
Risk assessment is valuable input for our work. This forms the basis for audit planning. We conduct audits at the various entities in various countries, conduct project and program audits, perform reviews after acquisitions and conduct thematic checks where we look at specific risks throughout the divisions – our repertoire changes along with the business and risks. The audits at the various entities are proper assurance audits. However, we also carry out consultancy work. For example, we are involved in new product developments in advance. I also consider that we have the critical task of sharing knowledge more widely within the organization. For example, if we learn from the business that something works well in the US, we can include this in our audit in another country. This is how we disseminate best practices.
How does Wolter Kluwer practice risk management?
Wolters Kluwer uses the traditional three lines of defense model, in which risk management plays an important role. We have a separate risk management department that works closely with other internal risk management partners. Risk management processes are applied throughout the entire organization, with responsibility primarily being assigned to the first line.
Essential risks that we face relate to market developments, developments in the field of legislation and regulations, IT security, and technological developments. The involvement of the internal audit department in the risk management process is crucial, and a significant part of the audit plan is based on the risks identified within the organization. The risk profile also forms part of the annual report.
What will be relevant to your audit department in the future?
It is crucial to have a good ‘feel’ for the organization and the developments it is experiencing. Indeed, as a technology company, these developments are happening at breakneck speed. If you compare the current audit universe to ten years ago, you can see that this has changed due to technological developments. The discussions with stakeholders also differ from those held a few years ago, with new themes and new issues. Our focus is to remain relevant to the organization, so be connected to what’s happening both inside and outside the company.