A conversation with Keith Cameron, Adecco

A conversation with Keith Cameron, Head Group Internal Audit at Adecco

As part of PwC 2020 Global Risk Study, we interviewed Keith Cameron, Head Group Internal Audit at Adecco. In an interview with Corina Ruchti, Senior Manager Internal Audit at PwC, he explained which challenges they face in Internal Audit with implementing new technologies.

How are you currently using new technologies or approaches in your risk and Internal Audit (IA) functions?

One of the biggest risks facing Adecco is labour law compliance in each country. This is a good example of where we utilise data-mining technology to test the entire population rather than just a limited sample. We can extract the entire employee and associate payroll information and test this against, for example, the related country’s minimum wage levels, overtime and standard working hour regulations. In our industry this is key, and our customers expect us to be fully compliant in these areas. We would also like to ensure that these controls are built into the system to prevent rather than detect breaches.

We do have capabilities in data science within the company, but these are currently reserved for the high-value, customer-facing activities such as pricing. Soon though these skills will also be integral to Internal Audit.

What are the main challenges for IA with digital transformation?

Our diverse system landscape is currently a challenge. This makes it difficult to run data analyses across the business without involving substantial local manual interfaces. However, we’re commencing a transformation programme on the finance and systems side and IA will transform with it. Clearly, the more common and standard the systems, the easier it is to invest in solutions that cover a larger population. 

It starts with the people and the resources that we have. This involves upskilling (something that Adecco is passionate about) and then refocusing on using these new tools as well as their potential to help us add value, for example using pre-emptive rather than after-the-event modelling.

What is your company’s biggest roadblock to using new technologies, such as AI and machine learning, to better manage risk?

It's clear that if you have a certain scale in one service centre, then you’ll achieve real benefits compared with doing things at each country level, where you might not have the resources.

It’s critical to develop talent internally and upskill people who know the business with digital skills. Given the speed of change, we need to make a shift by hiring employees with different profiles and also investing in training in areas that are not traditionally covered by a company’s training catalogue. Otherwise, we may struggle to manage our digital transformation.

What is an example of an area where your organisation is making substantial change, such that within the next two years it will transform how the business operates or goes to market?

We divide our business into front, middle and back-office functions. Front office refers to customer and candidate-facing activities, such as candidate portals; middle office includes activities such as payroll and invoicing; while back-office covers our ERP activities. All these areas have some degree of automation or digitalisation in progress. The company has appointed a Chief Digital Officer to ensure that these initiatives are aligned.

What do you believe are the biggest risks associated with this initiative?

In this industry, we have to be on top of technology to attract the best candidates for our customers. For example, no one today wants to complete a timesheet manually. We need an entrepreneurial mindset, for example, to develop applications. This, however, needs to be balanced against having the right levels of controls and governance rules, without destroying the innovation. IA and compliance need to understand the business and identify the minimum controls necessary to run the digital initiatives. Rather than slow them down, a good set of agreed minimum controls will enable them to go faster. Remember: the faster the car, the better the brakes need to be.

What are the next steps for your risk functions in the use of data and technology?

Right now, we are focusing on maintaining and improving our capabilities to run analytics across the organisation, including upskilling our team. We’re also trying to automate where possible. Later this can be followed by the use of artificial intelligence in specific areas where we can clearly deliver value to the business, e.g. for detecting anomalies.

How are risk functions collaborating with one another?

The risk functions such as Internal Audit, internal control, risk management, IT security and integrity and compliance work closely together and it is recognised that they are all closely linked. IA has a responsibility to ensure that collaboration is maintained and also to manage the link between corporate functions and the reality of the specific country operations. 

What are the benefits of such collaboration?

Increased collaboration helps us reduce duplication and focus on the areas where there is highest risk.

Do you receive risk reporting from one or more risk functions?

Yes. IA is well positioned in Adecco and is always part of any communications regarding risk reporting by other risk functions. IA is, for example, represented on the Investigation & Compliance Committee and is part of the annual Enterprise Risk Management Programme. IA can often serve as the glue that keeps the risk functions together and communicating with each other.

Would you like to make a prediction about where collaboration and the use of data and technology by the risk functions is headed?

Risk functions will not look the same in ten years and the speed of change is increasing exponentially. You need to add value to the business to remain relevant, beginning with the early adoption phase of automating repetitive manual tasks. In regard to artificial intelligence, in the long term it would be crazy to place limits based on our limited current experience and knowledge levels in this area.

Would you like to share a piece of advice to others?

Most companies would be stressed if asked to admit whether or not they are ready for the digital world. It’s important to realise that you’re not alone and not to think you’re behind. It’s a really exciting time.