Internal Audit

Agents of Change: Kenneth Chen of Spotify

Agents of Change: Kenneth Chen of Spotify

Join Richard Chambers, Senior Internal Audit Advisor for AuditBoard, for the first installment of his Agents of Change video series, featuring conversations with internal audit leaders from some of the world’s most prominent organizations about innovation in the profession.

In this episode, Richard sits down with Kenneth Chen, Vice President of Finance Strategy, Operations, and Risk at Spotify, to gain insight into: 

  • Why internal audit must lead from the front — not be a backseat driver
  • Why he’s hiring passionate internal auditors at Spotify
  • His keys to building a forward-looking team to keep ahead of evolving risks

Watch the full conversation, and read the can’t-miss highlights below.

Spotify's Kenneth Chen shares how internal audit has evolved at Spotify from pre-IPO to the present day, plus why passionate auditors are the most successful.

Storytelling & Internal Auditors as Change Agents

Richard Chambers: Kenneth, you were one of those folks that I interviewed when I was writing the book that was published earlier this year, Agents of Change: Internal Auditors in an Era of Disruption. I define the agents of change in the profession as those internal auditors who are catalysts for transformation that creates value within their organizations. What is your view on internal auditors as agents of change?

Kenneth Chen: As internal auditors, no matter what company you work with, you’re still part of the company. You want to help the company succeed in reaching its strategic objectives the way an internal auditor can do it best: providing really interesting insights about how to get to the goal while addressing all the risks they might encounter along the way. That statement is absolutely true. I think internal audit has a very important role to play, especially in these days when risk is showing up everywhere, in everything we do. And the speed of risk is so much faster than it was just 10 years ago. 

Richard Chambers: You mentioned how the internal auditors are received in a company. From your experience, do members of senior management and board members see internal auditors as having this role of helping to promote change in the organization?

Kenneth Chen: Spotify was a very young company when I started, and a big part of that journey was educating management and the board on what internal audit is and isn’t.As part of that transformational journey of going from a pre-IPO to post-public world, the storytelling that you do along the way is just as important as the work itself. 

Pre-IPO to Public — Internal Audit Transformation at Spotify 

Richard Chambers: In the book, I take the position that before internal auditors can be agents of change within their companies or their organizations, they must start by making changes within internal audit itself. Can you share what you’ve done as the chief audit executive at Spotify drive change within internal audit?

Kenneth Chen: When I started at Spotify, I was fortunate to be the first employee of the internal audit team, so I could build a team and mold it. Even that required a few iterations before I got it to its current form because I recognized throughout the course of the work that the team structure and focus wasn’t actually what the company needed. There was a mismatch between what I thought we should be doing as IA versus what the company truly needed to be successful in that moment of its maturity.

In my six years at Spotify, we’ve refocused what we’re doing and reorganized the way we’re structured a few times to make sure we’re staying relevant to the business. If you don’t lead by example and make those difficult decisions yourself first within your own work, the rest of the business is not going to believe that you can do it for them

Richard Chambers: You make an excellent point that a lot of new chief audit executives may not fully appreciate, that when you when you take over an internal audit function, you have to be able to assess the organization you’re trying to serve and what they need internal audit to be — because there’s no one size fits all. Internal audit needs to be addressing the risks in the organization. It sounds like you’ve been able to continually evolve internal audit at Spotify as the company has matured. 

Kenneth Chen: Pre-IPO is all about financial readiness. A lot of focus on SOX, helping the organization put in place governance, policies, and controls — tackling all those basic things that an organization that’s about to go public needs to have. But as soon as we crossed that IPO line, the needs of the internal audit team changed. Suddenly, you now need to be an advisor, you need to be able to provide assurance on things. You need to continue the SOX program and continue evolving your organization to support the business. That journey never stops. Even at Spotify, what we had back in 2016 or 2017 versus what we have now in 2021 is very different, and our focus is quite different too. 

Plug In to Your Organization’s Technology Resources

Richard Chambers: I think that is a sign of an audit department that is keenly attuned to the needs of its organization. One of the most transformational or transformative capacity multipliers is obviously technology. Any insights on how you have leveraged technology within your audit department?

Kenneth Chen: I think there are two ways to look at tech.

First, there are the tools that we auditors need to have, and AuditBoard is a system that we’ve implemented recently to support the work that we do as auditors.

Second, how do we leverage the technology that the rest of the company is using effectively to be able to plug in to what they’re doing? Because Spotify is a heavily engineering-focused organization in terms of how we develop our products and services, we leverage a lot of the platforms and systems that our R&D teams have built up to assist us in our audit work. There’s no reason for us to reinvent the wheel if they’re using a system that works really well and we can find a different use case for that same system to be able to provide audit services. That’s how I think you multiply your output, because you’re not implementing standalone systems that don’t plug in to anything.You’re actually leveraging what the business is using to be able to offer the type of services you want to provide. 

Hiring Internal Auditors with Passion

Richard Chambers: As we were creating the book, more than 600 chief audit executives shared what they thought the skills are that a real change agent in internal audit needs to have, and we boiled it down to four key traits or key skills: business acumen, strategic mindset, relationship-centric, and innovative. Are there any other key traits or skills that you think you’re looking for when you’re recruiting someone into internal audit?

Kenneth Chen: You mentioned “innovative,” which is actually one of our core Spotify values along with passion, collaborative, sincerity, and playfulness. The one I relate to personally the most is passion. That’s not really a skillset you would bring to the table. It’s more of an attitude. It’s how you approach something. Passion for me is very much about caring about why you do the work you do — not coming in because you’re there to collect a paycheck, but because you actually, truly care about helping Spotify reach its corporate objectives.

By being passionate — by using your tools and building those strong relationships, then applying your business acumen to help them get to their goals you become a better internal auditor, and also an employee that people actually like to work with. For me, that’s really important if you want to establish yourself as a change agent.

Internal Audit in the Driver’s Seat

Richard Chambers: I’m often asked my views on challenges and opportunities that this profession of internal audit faces. If you were to pull out your crystal ball, what do you think the biggest challenge and opportunity is for the internal audit profession over the next 10 years?

Kenneth Chen: I think the traditional internal auditor — and by traditional, I mean the ones that perhaps have worked in more heavily regulated industries and are used to being in a function where their sole purpose is to look backwards and tell management what they’ve done wrong, then go back to the Audit Committee or their regulator and say, “Hey, I found all these things.” If you look at those traditional auditors and you look at how business is run today — there is an incredible misalignment of objectives because businesses care about the future, more and more so. Yes, last quarter is important, last year is important, but the reality is, I need to survive the next quarter.

To get there, you really need to have a team of auditors who are able to apply their unique skillsets in risk management to help management make the right decisions going forward. An internal audit team that is prepared to break the traditional auditor mold will be successful in pretty much any company, in my view, because of the shift in how people are looking at business today.

Risks occur so quickly in this globalized world that we live in today. There’s nothing that happens in one region that doesn’t indirectly or directly impact us in another part of the world. COVID is a perfect example of that. How do we, as internal auditors, stay relevant if we’re constantly just looking backwards, when the reality is we’re about to drive off a cliff going forward? You need to tell management, “Hey, it’s time to take a turn before you run yourself off the road.” I want to be that sort of internal audit team: in the driver’s seat, or at least in the passenger seat along with management, driving forward — not just a backseat driver telling you all the mistakes you just made in the past stretch of road.

Stay tuned for more Agents of Change episodes featuring conversations about innovation in internal audit with forward-thinking leaders from some of the world’s most prominent organizations.

You Might Like

Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.