There is an interesting phenomenon occurring in the labor market that is often not clearly defined or understood within the IT and auditing community: democratization.
You may have heard the recent news covering the cryptocurrency exchange collapse (e.g., the FTX case). Similar to how the scandals of Enron and WorldCom arguably influenced the creation of the 2002 Sarbanes-Oxley Act, the crypto collapse will influence upcoming security and financial regulation, particularly in the emerging Web3 technology sector.
There will be two major outcomes from the coming increases in Web3 regulation. First, there will be a higher need for auditors within Web3 (decentralized networks, blockchain, crypto, artificial intelligence [AI]) technology-related industries as regulatory concerns continue to increase. Second, there will be more adoption of decentralized (AI, blockchain) technology within all industries as regulators finally crack down on abuse in the Web3 space. This sets a new regulatory precedent to provide framework guidance to the fledgling Web3-related industries. All this will lead to increasing the importance of understanding the evolution of auditing as it continues to merge with IT.
Technology adoption is growing quickly in all domains of government and in all industries. This adoption has become especially significant during the global COVID pandemic. All organizations, national and international, including local, state and federal governmental departments; nonprofits; limited liability companies; unions; and even new blockchain-based organizations such as decentralized autonomous organizations are concerned with employee and executive skills and the adoption of emerging technologies. The adoption of emerging technologies in all domains and at all levels of an organization is democratization.
This democratization will define much of the next industrial (r)evolution.
The importance of democratization of technology across modern organizations has been discussed at length within the literature surrounding big data, large-language models (e.g., ChatGPT), decentralized systems, blockchain intelligence, machine learning, customer-facing AI systems and other Web3 technology.
For those in positions related to any sort of auditing in big tech, finance, security, consulting and many other IT systems-driven industries, such emerging technologies require human oversight and involvement to guarantee optimal outcomes. For example, a modern audit of any type of IT system includes two types of auditors: the security and technical auditing that is performed by engineering staff and the financial regulatory auditing performed by compliance staff. In the modern organization, finding the balance between these two skill sets is paramount. Although organizations may look for employees with both of these skills (who are often referred to as unicorns), building your own team through democratization and training them on the organization’s particular technology business needs may be far more economically viable and successful.
The reasons for democratization within modern successful organizations are rooted in the changing roles of auditors, and therefore management. Both engineering and compliance auditors may essentially operate as middle management, providing status reports and other updates across the organization to upper-level management leaders. Many compliance individuals are now as technically skilled as engineers (and sometimes even more skilled). Emerging technology adoption has caused a blending of the engineering and compliance roles with both types of positions now having to be very technically capable. This is because emerging technology systems often focus on managing the intelligently connected organization of the future, which operates on a flat organizational structure. This flattening of the organizational structure has driven democratization and has changed the role of management.
Management can no longer have a hands-off approach to interact with lower-level systems or employees because the democratization of technology will continue to impact the highest levels of an organization. Management needs to see themselves as the administrators of the organizational network and take the role of a super user, which is a system user with elevated privileges. For example, modern C-level or vice president-level managers need to have dashboard or data visualization overview of the health of the organization and have the user privileges to make changes at the system administrator level of the organization. In addition, there may be a need for democratized approval techniques, such as agreement or consensus mechanisms between different managers and leaders. These management agreements or consensus mechanisms are one more way that emerging technologies, such as secure multiparty computations and blockchain, are valuable to modern managers as they lead the flatter organizations of the future.
This democratization process is particularly relevant in regulated or governance industries where formal auditing procedures are explicitly adopted (System and Organization Controls [SOC] 2, International Organization for Standardization). In less regulated industries, or industries that until recently were unregulated (social media, search, Web3), even engineering-related technical tests such as unit and model testing are adopting audit frameworks if the system or data in question may have a high impact on consumers. This means the auditing technology is also being democratized throughout the organization to unregulated (noncompliance) personnel as modern organizations continue to flatten.
In conclusion, workforce leaders at all levels (junior, mid and senior) need to continuously keep upskilling themselves to adjust to the many facets of modern competitive organizations. Democratization will continue to be an important overarching theme during this revolution. Workers at all levels are interacting with and augmented by highly complex (and in some cases, intelligent) computer systems, while managers and leaders are now achieving agreement and consensus through distributed automated mechanisms, and auditors are being constantly asked to learn new skills to meet both compliance and engineering requirements. As the flat organizations of the future become even more inclusive and open to new ideas, IT, audit, regulatory and management leaders will need to ensure their stakeholders continue to democratize a variety of processes and skills.
Editor’s note: For further insights on this topic, read the author’s recent Journal article, “Blockchain Smart Contracts Part 3: Deployment and Integration With Existing Information Technology Systems,” ISACA Journal, volume 1 2023.