The Most Important Aspect Of Internal Audit Is Understanding The Business

Interview with Brian Matthews, International Internal Audit Manager, AutoZone


Brian Matthews is a former president and current board member of the Memphis IIA Chapter, Matthews recently led a supply chain logistics audit that found more than $2.5 million in annual savings opportunities due to his innovative data analytics process.

We sat down with him ahead of his presentation at the Risk Management Summit, taking place in Boston this September 8-9.

How did you get started in your career? 

I was a junior at the University of Memphis and decided to take my second semester off to participate in a six-month Internal Audit internship at FedEx. I had always been interested in learning as much about business as I could. When I realized the broad scope, high exposure, evolving [towards IA as a partner] nature of the work, I knew I could benefit greatly from a career beginning in Internal Audit. After completing my degree in Finance from the U of M in 2009, I returned to FedEx as an Associate Auditor.

What do you see as the most important aspect of internal audit? i.e. company reputation, growth, impact on the environment, employee satisfaction etc.

The most important aspect of Internal Audit, to me, is understanding the business. In traditional Internal Audit departments [primarily focused on compliance, after-the-fact control validation and issuing opinions], understanding the business allows auditors to effectively analyze processes, assess risk and identify key controls. While some of that also rings true for more progressive Internal Audit groups [Internal Audit as a front-end partner, advising on risk and consulting on cross-functional teams], understanding the business allows such groups to understand the businesses key strategic objectives and provide recommendations and feedback on obstacles to accomplishing those objectives.

Do you think companies are doing enough to ensure the security of their data? What could those who are failing do differently? 

It’s always been a challenge for companies to ensure the security of their data. While most at companies are going home at 5:00, those outside the company targeting data for malicious reasons are working around the clock. Companies failing to protect their data need to find ways to leverage the expertise of third parties, limit retention of sensitive data, encrypt where possible, benchmark with peers and data security leaders, perform extensive penetration testing, and never underestimate on-going requirements to stay abreast of current threats and the proposed solutions for maintaining secure networks.

What are the particular challenges in the near future that auto parts retailers will have to deal with?

The aftermarket auto parts industry is very strong and continues to grow. That being said, there are several risk factors companies like AutoZone keep a close eye on: parts proliferation – a single part no longer fits a wide array of vehicles; advancements in automotive technology – as vehicles become more complicated, DIYers may struggle to continue working on their own vehicles; miles driven – the number of miles vehicles are driven annually. Higher vehicle mileage increases the need for maintenance and repair. Mileage levels may be affected by gas prices and other factors.

What will you be discussing in your presentation? 

How Internal Audit departments can leverage the basic tools they have, such as Excel and Access, to perform advanced data analytics. The case study being examined I’ve titled 'How Data Analytics Yielded a $3 million Opportunity.'

You can hear more from Brian, along with other industry leaders in risk management, at the Risk Management Summit. To register your interest, click here.


Read next:

What Can For-Profit Organizations Learn About Gender Equality From Nonprofits?