control, and governance
Best Practice in Silicon Valley
Audit chiefs at leading tech firms collaborate with industry peers and organizational clients to help stay on top of their game.
The presence of so many top Internet and technology firms makes Silicon Valley a hothouse of best practices for the area’s chief audit executives (CAEs). Plugging into the local audit network at area audit forums and seminars helps CAEs find ideas for meeting common challenges. “It is always good to understand and benchmark how our colleagues are operating and what risks they are focusing on,” says LinkedIn’s head of internal audit, Inder Gulati.
These events are well-attended, with some executives flying in from as far away as San Diego and Seattle to take part, says Tom Austin, vice president of governance, risk, and control at Cisco. He notes that even at the most innovative companies, it’s easy for auditors’ methods to get stale, so it’s important to learn what others are doing. He uses these forums to benchmark Cisco’s audit processes with those of his peers at similar-sized companies such as Hewlett Packard and Oracle. “The sharing among all the peer companies helps elevate all of us,” he says.
For Google’s Lisa Lee, meeting with other technology CAEs extends her brainstorming beyond her company. “You can’t be so arrogant to think that what you’re doing is so much better than everyone else,” she says. She picks up new ideas to apply now and also tucks away ideas that may be more relevant for Google a few years down the road.
Great ideas and best practices also come from within Silicon Valley organizations, outside internal audit — particularly in the area of IT risk, which is by necessity always front-and-center for CAEs. “Folks in internal audit need to have basic awareness and understanding of IT risks just to be functional in a high-tech company,” says Austin.
Working at a technology company can give auditors a great perspective on IT risk and an advantage in dealing with it. They can draw on the knowledge of top experts in data security, privacy, application development, and other technology areas. Lee says that’s a big advantage. “I take huge comfort that we can rely on our counterparts and peers because they are world-class at what they do,” she says.
For more on internal audit practice at some of the world’s top technology and Internet companies, read “Auditing at the Speed of Technology.”
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.