Remaining relevant in a fast moving organisation
Remaining relevant as an audit function in a fast moving technology organisation is a challenge. Anthony Latella, head of Internal Audit Function (IAF) at Adyen, tells about his experiences at Adyen.
What does Adyen do?
“Adyen is a technology company with a banking license who is redefining payments for merchants globally. It has built an efficient single platform that enables the acceptance and processing of cards and local payments globally across its merchants’ online, mobile and point of sale (‘POS’) channels.
“Adyen aims to change the payments industry, which traditionally comprised a patchwork of providers and legacy systems resulting in fragmented merchant services. Adyen has in response built a bottom-up, single, global platform capable of meeting the rapidly evolving needs of fast-growing global merchants. This single platform enables Adyen’s data capabilities, which includes services that utilize sophisticated algorithms across machine learning, data mining and artificial intelligence. These capabilities allow us to increase authorization rates for merchants while reducing the risk of fraudulent transactions.”
“Adyen targets large, global companies but increasingly also domestic/mid-market merchants. In 2017, Adyen processed transactions for several thousand merchants across the globe and across a wide number of industries, including retail, travel, digital services, hospitality and marketplaces. Adyen’s merchant portfolio includes merchants like Uber, Facebook, Spotify and booking.com. Payments is a fee business and the businessmodel is based on fees on payments processed.”
How has complex technology changed the payment industry?
“Adyen believes that simplicity, transparency, and innovation are the key to future success. Adyen’s global platform has simplified and integrated the payments value chain, enabling it to partner with large merchants to rapidly scale their businesses both locally and globally, overcoming inherent inefficiencies in traditional payment platforms. Since its founding in 2006, Adyen has built a completely new infrastructure that encompasses the entire payment value chain, from (online) checkout by the customer to settlement of funds to the merchant. Adyen’s technology removes friction for both shoppers and merchants and allows for an improved shopper experience while simplifying the global management of payments across sales channels and geographies for merchants.”
“To stay relevant, IAF’s have to evolve and become capable of fully understanding complex upcoming technologies and its associated risks”
What are Adyen’s major risks?
“The main risks Adyen is facing are definitively in the technology domain and relate to downtime and availability of its website and systems, system failure, and any real or perceived data breaches. Aside from IT and cyber risks, Adyen faces risks in the areas of competition and innovation, and also compliance and the changing regulatory framework are significant risks for Adyen. Finally maintaining key staff and safeguarding our corporate culture and values are also important factors to consider.”
How does Adyen manage these risks?
“The most effective risk mitigating approach for Adyen is to maintain a strong risk culture across the organization and to ensure the company culture and corporate values are embraced by everyone and retained globally, despite the very high pace at which the organization is changing and growing. We have defined the Adyen Formula, which summarizes the values the organization has embraced. The formula is not only used to attract talents that share our same values, but it is also used as a framework for risk management and decision making.”
“By living the values of the formula and acting accordingly, we have developed a strong risk awareness and risk culture. The Adyen Formula and the company culture allows us to do things differently. Adyen empowers its people to try and to make errors as long as you learn. Furthermore we developed our platform in-house. This means that we have complete ownership and control over our platform. We consider this to be a great advantage as we can minimize supply chain risks.”
Adyen at a glance
Adyen was founded in 2006 by a group of entrepreneurs. The payments technology at that time consisted of a patchwork of systems built on an outdated infrastructure. With the aim of helping businesses to grow, the founders set out to build a platform capable of meeting the rapidly evolving payment needs of today’s fast-growing global businesses.
Adyen’s founding team called the business Adyen – Surinamese for ‘start over again’ – and focused on building a modern infrastructure directly connected to card networks and local payment methods across the world, allowing for unified commerce and providing data insights to merchants. The Adyen platform enables merchants to accept payments in a single system, enabling revenue growth online, on mobile devices and at the point of sale.
Adyen today is a company with over 650 employees working out of 15 offices across the world and over 100 billion euro in payment volume processed in 2017.
How many people work at the IAF and what is their background?
“The IAF at Adyen is currently a team of two employees. A third auditor has already been recruited and will join the team in the coming weeks. I started at Adyen with the task to set up an IAF as Adyen applied for a banking license.”
What are the main tasks and challenges of the IAF?
“The aim of the IAF at Adyen is to become a trusted advisor, a true business partner, and to support the organization in building an ethical and sustain exible enough and is slowing us down and hinders us to be on top of new developments and add value when needed. The main challenge we face is to align ourselves to a fast-moving organisation while at the same time comply with ECB and IIA standards. Our Audit Committee expects us to work and report in line with methodologies and procedures which are fully in line with ECB/IIA standards. On the other hand, there is a business which requires us to be agile and fast. Moreover, the ever-changing regulatory landscape and increased scrutiny also poses a continued challenge for both Compliance and the IAF. Simply think about the impact and reach of new regulations such as General Data Protection Regulation (GDPR) and the second Payment Services Directive (PSD2).”
“Adyen believes that simplicity, transparency, and innovation are the key to future success”
What is ahead of us in terms of complex technology in the field of payments?
“The global payments and commerce landscape is changing fast: the globalization of commerce, the changing shopper behaviour and the rise of mobile are driving innovation and the adoption of new technologies. Mobile wallets, cryptocurrencies, voice-based payments and internet of things payments in general are examples of complex technologies entering the payments landscape. The philosophy of Adyen is to support merchants in growing their business while reducing payment complexity. If merchants want to embrace a new payment technology Adyen will support these while aiming to keep it simple for the merchants.”
What is the effect of complex technology for Internal Audit (in terms of competences, scope, tools)?
“Complex technologies will inevitably affect IAF’s. The main challenge I see would be to timely identify and comprehensively assess risks introduced by complex technologies. I doubt every Internal Auditor understands what an algorithmic bias is – for instance – and what its impact would be. In addition, the approach and tools required to provide assurance around these new technologies and related risks will also have to change. As an example, auditing machine learning, artificial intelligence or robotic process automation will require a completely different approach and a different set of competencies compared to traditional operational audits. Adyen is expected to grow fast and therefore the IAF has to embrace more technology in their audit approach and processes to remain relevant. This is not only the case for the IAF but also for other support functions. There is no need to significantly increase the size of the team in case better use is made of automation. In this way staff can focus on relevant and important things.”
Should Audit in general, in your view, prepare better for complex technology?
“In my view, the future of IAF will largely depend on their ability to prepare for upcoming complex technologies – such as AI, bots, wallets, blockchain, quantum computing – and all of its associated risks.IAF’s need to develop continuous learning to make sure it understands the risks and the impacts of the new complex technologies and also to determine what would be the best approach to mitigate these risks and provide assurance around these technologies.”
“I truly believe that for IAF’s to survive they need to stay relevant. And to stay relevant, IAF’s have to evolve and become capable of fully understanding complex upcoming technologies and its associated risks. But not only does it require that auditors understand new technologies but also it requires them to make a mind shift. As an example, if an IAF says that they have a risk-based approach in a fast-moving environment then it is impossible to continue with a multi-year planning horizon. Working with a risk-based audit backlog seems a more logical way forward. In my view the auditor of the future needs to be a lifelong learner, technology savvy, work agile, think risk-based and have convincing presentation skills as less focus will be put on written reports.”
Anthony Latella is head of Internal Audit Function (IAF) at Adyen.
Lees meer over dit onderwerp:
Een succesvolle FinTech is slechts enkelen gegund, vele interne en externe factoren zijn van invloed op falen en/of slagen. Risk management is een belangrijke factor om te slagen. Dit artikel belicht een aantal risk-managementprocessen.Lees meer
Ondanks de hype lijkt het erop dat blockchain bedrijfsprocessen en businessmodellen gaat veranderen. Kan de auditor zich permitteren om een van de belangrijkste technologische ontwikkelingen van deze tijd nog langer te negeren? Blockchain verdient een plek in het auditplan 2019.Lees meer