Circular food systems

Perspectives

Rising perils amid a plethora of platform choices

The risks that should be on internal audit’s radar 

With various modern software development methodologies available to meet and scale their business vision, platform companies are spoiled for choice. However, this variety of options tasks internal audit (IA) teams with the critical responsibility of rethinking the risk considerations surrounding their in-scope processes to mitigate technology-related risks.

Are choices for platform companies concerns for IA?

“Platform company” describes businesses facilitating exchanges between interdependent groups, typically consumers and producers. These are the social media, content, payment, and other exchange platforms. Platform companies frequently leverage one or a combination of modern software development methodologies (Agile, DevOps, Continuous Integration/Continuous Delivery, etc.) to meet and scale their business vision rapidly. 

As more open-source tooling options are made available, engineers frequently use various customizable tools to develop their in-house built platforms. This inherently creates dispersed and complex processes in a controlled environment and introduces new risks not previously considered. Due to the variety of development methodologies available to the developers of in-house built platforms, IA departments will need to reexamine their risk considerations surrounding their in-scope processes, specifically identifying proper general technology controls to mitigate technology-related risks.

Internal audit risk considerations

Types of platform risks

Conclusion

With the widespread adoption of modern-day software development methodologies and companies building their own different platforms to operate their businesses, IA departments will need to equip themselves with new skills to uncover the core risks that require mitigation properly. Without a strong understanding of these rapidly changing technologies, internal auditors run the risk of not being broad enough in their inquiries to uncover many avenues of potential risks in the established processes.

Authors


Jimmy Yu
Partner, Risk & Financial Advisory
Deloitte & Touche LLP
jamesyu@deloitte.com
+1 714 436 7309


Jason Ho
Senior Manager, Risk & Financial Advisory
Deloitte & Touche LLP
jasonnho@deloitte.com
+1 213 688 6974


John Apel
Consultant, Risk & Financial Advisory
Deloitte & Touche LLP
japel@deloitte.com
+1 303 542 4013

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?