Diligent Q&A – Tom Keaton talks enhancing audit and risk collaboration at Elevate 2024
Tom Keaton, Director of Internal Audit at Crown Castle, discusses why collaboration between risk and audit functions is crucial in creating a strong GRC function, how audit teams can effectively speak the board’s language, and what he’s most excited for at Elevate 2024.
Q: Thanks for joining us! Can you tell us a bit about Crown Castle and your role there?
A: Crown Castle is a real estate investment trust (REIT) and one of the largest providers of shared communications infrastructure in the United States. We own, operate and lease over 40,000 cell towers and approximately 85,000 route miles of fiber supporting small cells and fiber solutions.
Crown Castle's infrastructure is essential for mobile network operators, providing the backbone for wireless communication, including 5G deployment and provide services to help ensure robust and reliable connectivity for mobile devices, supporting the growing demand for data and internet usage.
I am currently the Director of Internal Audit at CrownCastle and I am responsible for enterprise risk management, data analytics and automation, ethics and compliance, internal investigations and our anti-fraud program as well as operational and SOX audits.
Q: We’re thrilled to have you as a speaker at Diligent Elevate 2024 in Houston, TX. What are you personally most looking forward to at Elevate?
A: Networking with the many users of Diligent solutions. I am a major advocate of the Diligent One Platform and the wide array of use cases for the software. Having other passionate users together to network, collaborate with and learn from is an opportunity too good to miss!
Q: In your session you’ll be speaking about collaboration between audit and risk teams to achieve holistic risk management. Why is this synergy such a crucial part of GRC?
A: Collaboration between internal audit and risk teams is crucial in creating a modern, cutting edge GRC function. By working together, these teams can provide a comprehensive view of the organization's risk landscape, as internal audit is able to identify potential gaps in controls while the risk teams assess and quantify the risk created by these gaps. A strong collaborative effort also yields:
- Improved risk awareness, meaning internal audit's findings can enhance the risk team's understanding of the organization's vulnerabilities. Conversely, the risk team's insights can guide internal audit in focusing on high-risk areas.
- Informed decision-making, as our joint efforts ensure that management receives consistent and accurate information about risks and controls.
- Stronger control environments, through more robust controls and mitigation strategies.
- Proactive risk mitigation, rather than reacting to issues after they have occurred.
Q: Boards are increasingly asking audit leaders to step into the role of strategic partners. How can audit teams effectively speak the board’s language to ensure buy-in?
A: First and foremost, you must understand board priorities. Audit teams should align their focus with the board’s strategic objectives and key concerns. Understanding the board’s priorities helps in presenting audit findings and recommendations that are directly relevant to the organization’s goals and ensures we are auditing the right things at the right time.
Audit and risk assessment activity must also provide actionable insights. Highlight potential business benefits, cost savings and risk mitigation opportunities that can result from implementing audit recommendations. Key to all of this is using clear and concise communication. Avoid technical jargon and present information in a straightforward, concise manner. Use executive summaries, eye catching and easy to understand visualizations, and key performance indicators (KPIs) to convey complex information succinctly and in a more impactful way.
