Lessons from auditing a next gen bank
My friends in the global corporates are always curious as to what I learn in the entrepreneurial space. You see I was a big bank defector, and when I started out at Tyro there were only 50 employees, and I was appointed as the Internal Auditor. Five years on, I head up Tyro’s Internal Audit team, and I would like to share with you the three most important questions that I ask myself daily, especially now as Tyro rapidly transitions to a cloud native next gen bank.
1. What value do you add?
Many entrepreneurs in the innovative fintech space consider auditing along with regulatory and compliance a four letter word. I would like to think of that four letter word as “safe”. Internal Audit keeps the entrepreneurs safe and gives the regulator comfort that the organisation is meeting its strategic objectives whilst managing its risks appropriately. Internal Audit brings a deep understanding of the business, good process, risk and controls to the table. These expertise are extremely useful especially when setting up new policies and processes, or when venturing into unchartered territory. Whilst retaining our independence, we educate and advise management, and are partners in continuous improvement activities, ensuring the business meets its objectives within its risk appetite and good governance.
2. At what stage of the journey are you at?
Here at Tyro, Internal Audit is faced with the challenge of the delicate balance between the hungry entrepreneur and the cautious regulator. What I have found with a start-up going onto a fast growth company, and now onto the next gen bank, is that it is important to understand where the company is in its journey and the risks it currently faces at that particular stage. The control environment expected will directly link to the nature, size and extent of the company at that specific stage of the journey.
3. Are you doing the right thing?
Business is all about managing risks to make sure that your business meets its strategic business objectives. Every business will have a different risk tolerance threshold. We all strive for continuous improvement, to be better, stronger, faster, and the bigger organisations aim and spend big bucks to implement best practices all round. Best practices are all good and well, but what if those practices are not adding any additional value to the end user or customer? Tyro Internal Audit applies a pragmatic risk based approach to internal audit as opposed to best practice over kill. We ensure that Tyro is doing the right (not perfect) thing within regulation, and highly focused on providing as much value as possible to the merchant.
How can you apply these questions to take your business into the next generation?