Google Glass: Should Internal Auditors Wear It?

Richard Chambers, CIA, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. 

 
One of the occasional criticisms of internal auditors is that we are not as innovative as some in other professions. There is a grain of truth to the “innovation-aversion syndrome,” as I will call it, but our profession has adopted several new technologies in the past 20 years that have permitted us to leverage key technologies. Today, for example, many internal audit functions leverage audit management systems, deploy systems for maintaining workpapers electronically, use data mining and analysis tools, and deliver our reports electronically with embedded hyperlinks for the readers’ use in perusing evidence or data in greater detail.
 
While I am proud of the innovation that we have adopted, I am always on the lookout for the next innovative tools, methodologies, and technologies that our profession can pioneer for use. One such tool that recently popped onto my radar is Google Glass – “a wearable computer with a head-mounted display (HMD) that is being developed by Google in the Project Glass research and development project.”
 
In American Banker’s BankThink blog, Richard Magrann-Wells, financial services practice leader for reinsurance giant Willis North America, recently proposed fighting securities fraud by requiring traders to wear Google Glass to record conversations and videotape trades.
 
Bruce Carton, a former senior counsel in the SEC’s division of enforcement, picked up on the idea and wrote in his Compliance Week Enforcement Action blog that perhaps there might even be a place for Google Glass as a compliance tool for public companies.
 
While it remains to be seen whether Google Glass will be donned by either traders or compliance professionals, what about the prospect that internal auditors might don this science fiction like device for use during the data collection and analysis phase of internal audit engagements? Just imagine the amount of time and effort that could be saved from the normal processes to document interviews or audit evidence. It could all be captured almost effortlessly and saved into the electronic workpapers or other means of documenting the engagement results.
 
Before we all trade in our green eyeshades for these newfangled devices, we should probably examine the wisdom or folly of such technology in our profession:
 
  • From the half-full perspective: The benefits of such technology are staggering. Internal auditors could significantly enhance their efficiency and effectiveness during the audit process, and the accuracy of the recorded interviews or data analysis would be beyond question.
  • On the half-empty side: The prospect of having every word recorded could have a chilling effect on candor and openness of the internal auditors, management, and operating personnel, setting us back as a profession at a time when we are working hard to put dehumanizing stereotypes behind us.
 
Trading firms have been recording phone conversations since the mid-1980s. Texts, emails, and trading conversations are all recorded and discoverable in court. IT departments can log on and monitor the computer habits of practically any individual on any corporate network. So, in that sense, Google Glass doesn’t really represent any new threat to privacy.
 
From an internal audit perspective, the real question is whether Google Glass would be an effective fraud deterrent, and that’s a question that remains to be answered. Given the persistence of fraud and malfeasance in the face of escalating regulation and deterrence, it’s reasonable to assume that it would be only a matter of time before some rogue element found a way to game the system.
 
Still . . . I think it would be an idea worthy of debate once the technology is actually on the market.
 
I would welcome your thoughts.
 

Posted on Apr 22, 2013 by Richard Chambers

Share This Article:    

  1. Hi Richard:

    Interesting thoughts, but it does raise at least two serious concerns that I can think of.  First, while you have already mentioned the chilling effects of having conversations recorded when the folks you are interviewing are aware they are being recorded.  If these devices become ubiquitous, however, people will become used to them and they will fade from our consciousness and we will be less cautious about what we say around them.  Once this happens an ethical issue arises ... as an auditor, is it ethical to record an interaction with another party when they are unaware that you are recording them.

    Another issue to consider is the health concerns that come with the new technology.  Electromagnetic radiation can cook food.  It stands to reason that it can also cook brain cells.  We are exposing our brains to more and more near-field electromagnetic radiation (radiation that you are exposed to from very short distances) when we use our blue-tooth devices, and our cell phones.  While there is no hard evidence that this exposure is having detrimental effects on our health, I would rather err on the side of caution when it comes to having a computer and a fairly powerful wireless transmitter right beside my frontal lobe.

    The topic is interesting to think of in the abstract, but I think we need to think it through carefully before we jump in with both feet.  I am normally an early adopter of technology but the privacy, health and ethical concerns that this new tecnology brings have to be considered carefully before I would want to put it into practice.

  1. As a gadget geek and auditor, I have always thought that the majority of auditors are way behind the curve when it comes to using technology in audits.  The thought of auditors using Google Glasses would be very interesting.  Being able to document your audit work with voice capture and instant imaging would be great.  With Google voice recognition capabilities and instant upload of data to the cloud, documentation of these walthroughs would be a breeze and would also be more accurate.  Of course the privacy ramifications along with the auditee resistance would be a mountain to overcome. 

    Your column however made me also realize another tool that could also be very useful for auditors especially smaller, budget concious shops.  Data collection and storage tools like Evernote would make great low cost audit workpaper packages.  Evernote is capable of capturing and storing all types of data from written text, voice recording and photographs.  It not only captures this data but also is very capable of organizing it through the use of data tags and notebooks.  

    With Evernote's cloud based platform, information is available anywhere through mutliple tools: laptop, iPad, Android tablet, iPhone, Android phone or the internet.   All one needs is a connection to the internet.  Using any Smartphone, an auditor could easily capture audio or pictures or makes notes for their audit.  A quick cut and paste would also allow them to capture images of documentation into the workpapers. 

    Best of all, Evernote is a "free" tool for basic use and is very affordable for more data intensive power users.  Evernote also allows controlled sharing of information for team use.  Imagine combining Google Glasses with Evernote!

    Thanks for getting me thinking or how new tech can be used!

    Clay Cochran, CIA, CISA, CFSA, CRMA

  1. While attitudes may change over time as recording devices become ubiquitous, many today claim unease at the thought of such complete recording.  Given our efforts to be perceived more as business partners than "police", we should carefully consider whether the introduction of a recording device may invoke images of Hollywood-style law enforcement interrogation rooms in our clients.  The use of voice recorders has been generally frowned upon in audit interviews for some time for this reason.

    From a security standpoint, there are confidentiality considerations.  What networks may data gathered through the glasses traverse, what party has claim to the data which may be stored at these points, and what are the legal and company policy implications?  As a computer, the device itself may introduce risks similar to other mobile devices entrusted to users.

    While research into possible side effects of a new product are important, the fears of additional electromagnetic radiation seem overblown.  The radiation of the device in question is in a spectrum which is already seeing very wide use, and has not been found to have measurable ill effect.  As humans, we tend to improperly inflate miniscule risks, especially those which involve something rare, novel, beyond our control or understanding, or which have high emotional impact.  As with mobile telephony and entertainment in wide use, we are likely to find the greatest personal risks from this new technology are those of accidents resulting from user distraction.

    The larger social effects and privacy implications of a technology such as Google Glass becoming common likely require more than this comments section to address, though they are worth considering.

    Thank you for the article.  I look forward to the debate.

    Brian Cathey, CISA, CISSP, OSCP, etc.

     

  1. Google Glass technology, side effects, security concerns, risks, legal and compliance implications, management policies, user acceptance and /or rejection, audit efficiency and effectiveness, work paper synchronization, fears of ownership and control of data stored in the clouds....the list of concerns go on an on. All these are legitimate issues that can be fully considered as auditors embrace the new technology from Google Glass. As an auditor and a fan of technology, I am a stickler for any technology that eases the work of an auditor and increases audit efficiency and effectiveness. Embracing new technology is not always an easy thing to do but, as auditors and organizational change agents, we have the responsibility to be innovators that drive into new frontiers that will change for the better, the way we do business. It is in the light of this that I would welcome the new Google Glass technology. At least, for a start, we could deploy it in the walk-through and the control assessment of phases of an entity's structure. Since clients may not be open (as least not yet) to the notion of "being on tape", we may have to thread softly at first. We need to document the results, successes or failures of this new technology and so have a base with which we would "sell the idea" to management, (one way or the another). Richard, thank you for this article. I look forward to the debate that would follow. Vincent Mokwenye, CFE, CGAP, CGFM.
  1.  Great topic and all good points noted in earlier comments.  As Vincent noted, the key would be to tread carefully with the client.  I too am all for employing new technologies to make the audit process more efficient.  I think it would come down to getting buy in from company management, both in audit and on the client side, to work together to employ new methods to further support the company in meeting overall objectives.  If the implementation of this technology had benefits on the business side as well, it would be easier for audit to "share" in it's use, rather than to lead with it.  I've considered using those fancy pens that record the notes you take for conversion into a typewritten document, given that the note taking process during a walkthrough is tedious and often times you lose a good amount of the comment if you don't document the results timely.  I also like to use my laptop to take notes, and now days iPads or other tablets would make that process even easier.  I think if the company as a whole adopts a new technology, it becomes easier for audit to use it as well without pushback from clients.

  1. The first that comes to my mind is that the world is changing and so do we need to adapt the way we perform our audit activities.

    I have also just read PwC’s 2013 State of the Internal Audit Profession Study which reveals that "many internal audit functions are not keeping pace with changes—which poses a major challenge for companies (and audit committees) seeking to determine their future strategies for, and investment in, internal audit."

    My personal view is driven by the fact that in this era of dynamically changing environments, globalization and new technologies companies need to re-visit their strategy on a continuous basis. Technological innovation can create a paradigm shift leading to changes in the market and the ways markets and organizations operate. The introduction of the computer resulted in ongoing automation of processes and after some period of time elapsed also continuous monitoring / auditing became introduced and more widely accepted. Apparently the efficiency gains have prevailed the idea of big brother is watching you.

    The redesign of the organization, processes, and systems, are often executed through (large) projects. With increasing demands from management on the internal audit profession, the question is also raised of how the auditor’s traditional assurance role can be redefined and more proactive project auditing roles and techniques can be applied.

    I am aware there are still many discussions on how the auditor can be more proactive in a changing environment ( this week I will also publish an article about "proactive project auditing" in the American journal - EDPACS, NO. 5 -) . I strongly prefer to see the glass half full keeping in mind the words of Darwin: "It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change."

Leave a Reply