TeamMate® Audit Benchmark

Digital skills assessment matrix

Data analytics Robotics process Machine learning & Cybersecurity Cloud computing
automation artificial intelligence

Process mining Data exchange Blockchain/ Social media Visualization & business
APIs Cryptocurrencies governance intelligence tools
 Robotics process
Data analytics
automation
The identification of data sources and the testing Software robots and/or artificial intelligence workers
of data to identify patterns, anomalies, errors or that use technology to automate a workflow that follows
potential fraud by using established data tests a predictable or routine process.
and statistical analysis methods.

Machine learning &

Cybersecurity
artificial intelligence
Tools, algorithms and statistical models that The protection of computer/information systems
automate tasks or predict data behaviors/ from theft or damage to their hardware, software
outcomes without explicit instructions by or electronic data, as well as from the disruption
relying on patterns and inferences instead. or misdirection of the services they provide.

Cloud computing

The on-demand availability of computer/information

systems or platforms, especially for computing power
and data storage, without direct active management
by the user. This term generally describes data centers
that are accessible over the Internet.

TeamMate® Audit Benchmark: Digital skills assessment matrix 1

 Process mining Data exchange APIs

Techniques applied to the field of process management Data Exchange APIs (Application Programming Interface)
that support the analysis of business processes based facilitate the transfer and/or communication of data
on event logs. Process mining typically uses data mining between two or more computer/information systems.
algorithms applied to event log data to identify trends, In addition to the actual data being exchanged, security
patterns, and details contained in event logs recorded during transmission and security access to the data in both
by a computer/information system with the intention source and target systems is in scope of this definition.
of improving process efficiency and effectiveness.

Blockchain/
Social media governance
Cryptocurrencies
Blockchain is a digital record-keeping technology that Social media is the interactive technologies that facilitate
stores encrypted transactional information in a public the creating and/or sharing of information, ideas, and other
database with the goal of allowing the information to be forms of expression (i.e. opinions, referrals, etc.) via virtual
recorded and distributed but not edited. Cryptocurrency communication and networks. Examples of social media
is a digital asset designed to be a medium of exchange in include: Twitter, LinkedIn, Facebook, Instagram, YouTube.
secure financial transactions or the transfer of assets.

Visualization & business

intelligence tools
Data visualization is the graphical representation of
information and data. By using visual elements, such as
charts, graphs, and maps, data visualization tools provide
an accessible way to see and understand trends, outliers,
and patterns in data.

TeamMate® Audit Benchmark: Digital skills assessment matrix 2

 Data analytics

Novice Beginner Follower Expert Leader

• No understanding/ •B
 asic awareness of the • Can identify data sources • Can identify data sources • Can identify data sources and
buy-in or interest in benefits of data analytics and required fields and required fields and required fields and extract data
using data analytics extract data in an automatic fashion
•C
 an analyze DA results and • Can quality check the data
document conclusions before the test is run • Can create new DA tests based •C
 an create:
on a hypothesis -B ots to run data analytic
•H
 as attended training • Can use pre-defined tests
scripts and tasks
but is not actively using and analyze the results • Can create continuous audit
-p redictive analytics that
data analytics tests that can be used by
• Can define a DA test help the business make
others with minimal input
•H
 as access to DA licenses hypothesis and read future decisions
but is not using them results to determine if • Can create advanced analytic - advanced analytic tests
results are conclusive tests in standard DA tools in R or Python
• Can create visualizations from • Can create enhanced - advanced analytics that
the DA tests to communicate visualizations from the can be run by the business
conclusions effectively DA tests to communicate as a ‘leave behind’
conclusions effectively - impactful messaging within
the audit report using
• Can understand and
interactive visualizations
use data architecture
from the DA tests
documentation such
as ER (Entity Relationship) •K
 nowledge of big data
diagrams and database and cloud data sources that
data dictionaries can be used to augment
testing capabilities
• Knowledge of SQL
and script writing • Act as thought leader on DA
activities, contribute to relevant
journals, blogs, whitepapers
•T
 akes a leadership role in the
training and upskilling
of others on the team/in
the organization

TeamMate® Audit Benchmark: Digital skills assessment matrix 3

 Robotics process
automation

Novice Beginner Follower Expert Leader

• No understanding, •B
 asic understanding • Can identify data sources • Can identify use cases for RPA •C
 an influence the use of RPA
buy-in or interest in of the benefits of RPA and workflows required and help build the business in business, evaluate RPA
using Robotics Process to create an RPA process case for tool usage/selection software, assess operational
•R
 esponsible for consuming
Animation (RPA) tools effectiveness (resource
the results of an RPA bot but • Can create a single • Can create and schedule
allocation) and create
• No ability to audit Robotics no understanding of HOW use/simple RPA bot RPA bots to test complex
governance rules for bots
Process Animation (RPA) the bot works transaction or workflow sets
• Involved in RPA design
bots or processes and easily modify the bot •C
 an create RPA bots that:
• Involved in RPA workflows but does not build RPA bots
when changes are required -u se unstructured data
but does not build RPA bots • Can select from a library (i.e. text) and can access
• Can create a full end-to-end
• Has attended training but the correct RPA bot to use multiple applications and
process bot that fully replaces
is not actively using RPA and activate it data sources
a previously scheduled audit
•B
 asic understanding of where • Can copy and alter an RPA to - “ hunt” for scenarios and
(i.e. T&E)
RPA could be and/or is being test a different hypothesis report when matches are
• Can create RPA bots that found
used within the organization • Has ability and/or limited automate next action - act predictively
experience auditing simple tasks based on a result
RPA bots • Can create advanced RPA
or previous action
bots that can be run by the
• Can identify rudimentary • Can manage change in a business as a “leave behind”
risks and address them governed RPA environment
“around the bot” • Act as thought leader on
• Expertise in one of the RPA activities, contribute
standard RPA frameworks to relevant journals, blogs,
• Has ability and/or experience whitepapers
auditing simple to moderate • Takes a leadership role in
complexity RPA bots the training and upskilling
• Can identify more advanced/ of others on the team/
technical risks and address organization
them when auditing “through • Can identify advanced/
the bot” technical risks when auditing
“through the bot”

TeamMate® Audit Benchmark: Digital skills assessment matrix 4

 Machine learning &
artificial intelligence

Novice Beginner Follower Expert Leader

• No understanding, buy-in or •B

 asic awareness of the • Actively seeks out how peers • Regular hands-on experience •R
 uns ML/AI tasks that
interest in learning the value benefits of ML/AI and can are using the technology and with ML platforms (i.e. Google automate significant
of Machine Learning (ML) or describe a work practice adopts similar practices TensorFlow, Amazon or audit processes or tasks
Artificial Intelligence (AI) that could benefit from Microsoft ML kits, or Apache •D
 esigns ML/AI tasks that
• Can describe a work practice
this technology Spark) for simple to moderate take decision tree-based
• No ability to audit that could benefit from the
ML tasks on audit and/or follow on actions based
ML/AI platforms or • Reads resources about ML/AI ML/AI technology
organizational data on predictive behavior
organizational usage to further knowledge but • Some hands-on experience
does not benefit from having • Reasonable knowledge • Expert knowledge of how to
with ML platforms (i.e. Google
hands-on experience with of how to identify potential identify potential ML/AI bias in
TensorFlow, Amazon or
the underlying technology ML/AI bias in control or control or workflow design
Microsoft ML kits, or Apache
workflow design
•B
 asic understanding of Spark) for simple to moderate • Participates in thought
where ML/AI could be ML tasks on audit data • Has the ability and/or leadership on ML/AI activities,
and/or is being used experience auditing simple contributes to relevant journals,
• Has the ability and/or limited
within the organization to moderate complexity blogs, whitepapers
experience auditing simple
ML/AI platforms/usage
ML/AI platforms/usage • Takes a leadership role in the
• Can identify more advanced training and upskilling of others
• Can identify rudimentary
technical risks and address on the team/organization
risks and address them
them when auditing
for ML/AI platforms/usage •H
 as the ability and/or
ML/AI platforms/usage
experience auditing
moderate to complex
ML/AI platforms/usage
•C
 an identify advanced/
technical risks when
auditing ML/AI
platforms/usage
• Has tools and tests to audit
ML/AI platforms/usage in an
effective and efficient manner

TeamMate® Audit Benchmark: Digital skills assessment matrix 5

 Cybersecurity

Novice Beginner Follower Expert Leader

• No understanding, •B
 asic understanding • Stays knowledgeable of the • Understands the connections •D
 esigns cybersecurity tests
buy-in or interest in of cybersecurity risks regulatory environment and and exposures of third- that either in-house or
auditing cybersecurity beyond and controls current known threats party environments and outsourced experts run to
standard organizational (i.e. OWASP lists) applications expose cyber risks (based
•C
 an identify environments
training/annual confirmations on internal hypothesis)
and applications that • Understands the connections • Designs cybersecurity tests
are governed by and exposures of organization- that either in-house or •O
 rganizes hackathons
cybersecurity controls owned environments outsourced experts run with ethical hackers
and applications to expose cyber risks •C
 onsults with IT/CISO
•C
 apable of identifying
(based on external or on cybersecurity control
cybersecurity tests that • Can design new
industry information) design or updates to design
are applicable to current cybersecurity tests based on
audit scope new information applicable • Has access to and regularly • Participates in thought
to current audit scope monitors incident resilience leadership on cybersecurity
planning and strategy activities, contributes
• Understands and can to relevant journals,
assist outsourced experts blogs, whitepapers
when penetration tests •T
 akes a leadership
are performed role in the training and
• Understands and can assist upskilling of others on
with HITRUST adoption the team/organization
and/or certification •P
 ossess certifications,
such as CISSP, CEH, CISM,
CySA+, HITRUST CCSFP1

TeamMate® Audit Benchmark: Digital skills assessment matrix 6

 Cloud computing

Novice Beginner Follower Expert Leader

• No understanding, buy-in •B

 asic awareness • Stays knowledgeable • Understands the connections •D
 esigns cloud tests that
or interest in how cloud of cloud computing of the regulatory and exposures of the either in-house or outsourced
computing affects the environment and environment and experts run to expose risks
•U
 nderstands the cloud
business/organization current known risks its applications (based on internal hypothesis)
computing environment
and has inventoried it • Can design new • Designs tests that either •S
 trong knowledge of
tests based on new in-house or outsourced DevOps best practices
•C
 apable of identifying
information applicable experts run to expose cloud •C
 onsulted with IT/CISO (Chief
cloud computing tests
to current audit scope risks (based on external or Information Security Officer)
that are applicable to
industry information) on cloud computing control
current audit scope
• Good knowledge of design or updates to design
DevOps best practices •P
 articipates in thought
• Has access to and regularly leadership on cloud
monitors incident resilience computing activities,
planning and strategy contributes to relevant
journals, blogs, whitepapers
• Understands and can assist
with HITRUST adoption •T
 akes a leadership
and/or certification role in the training and
upskilling of others on
• Able to perform a “cloud
the team/organization
readiness assessment” and
advise an organization •P
 ossesses certifications,
on cloud strategy” such as CISSP or CISM
• Understands and can assess
compliance with HITRUST
adoption and/or certification

TeamMate® Audit Benchmark: Digital skills assessment matrix 7

 Process mining

Novice Beginner Follower Expert Leader

• No understanding, buy-in •B

 asic awareness of process • Able to construct/discover the • Uses metadata to reconstruct •C
 urrently uses a combination
or interest in how to use mining as a concept desired process model the executed process of AI and data analytics to
(mine) organizational data provide unbiased visibility
•S
 till continuing to use the • Understands the shortcomings • The actual process model is
of an organization’s process
designed process model of the designed process model now the standard start point
as the basis for audits and the actual process model for further audit procedures • Uncovers hidden bottleneck
and opportunities to
• Seeks knowledge and training • Expert in both business process
connect data sources to
on process mining to bridge conformance checking and
eliminate manual work
the gap between actual performance analysis
or redundancies
process and designed process • Proficient in process mining
• Participates in thought
• Identifies process mining tools tools, such as Celonis, Minit,
leadership on process
Disco, etc.
mining activities,
contributes to relevant
journals, blogs, whitepapers
• Takes a leadership
role in the training and
upskilling of others on
the team/organization
• Professionally certified in
process mining tools, such
as Celonis, Minit, Disco, etc.

TeamMate® Audit Benchmark: Digital skills assessment matrix 8

 Data exchange APIs

Novice Beginner Follower Expert Leader

• No understanding, buy-in or • Basic awareness of APIs • Understands the • Understands the use • Actively implements
interest in how data that is benefits of APIs and benefits of APIs APIs across applications
•B
 asic level of knowledge
created in other parts of the within the organization
of the potential benefits • Actively investigates how • Understands the data
organization can benefit audit of APIs with respect to others in same industry sources and type of data • Has a documented API
data or tasks sharing audit data with other are leveraging APIs that can be exchanged strategy that aligns with
• No understanding, buy-in assurance providers business strategy
• Has identified various • Actively realizes
or interest in how data can •B
 asic level of knowledge data sources within the the benefits of APIs • Participates in thought
be shared through APIs about the benefits of organization that could leadership on data
• APIs are regularly
leveraging other data be leveraged with APIs exchange/API activities,
reviewed during audits
sources to better plan contributes to relevant
• Understands/has participated • Possesses the relevant skills
assurance activities journals, blogs, whitepapers
in creating an inventory of and knowledge to review
•B
 asic awareness of APIs as organizational APIs • Takes a leadership
a diverse array of APIs
a concept and the potential role in the training and
• Consideration given to • Has extended audit plan
risks posed by APIs upskilling of others on
assessing controls around coverage to third-party the team/organization
APIs during audit planning, relationships where APIs
but APIs are not necessarily • APIs are actively
are used
considered in the risk reviewed during audits
assessment process • Risk assessment planning
includes API components
and potential risk exposures
by third-party relationships
and APIs
• API testing is currently or
will soon be incorporated
into automated test plans

TeamMate® Audit Benchmark: Digital skills assessment matrix 9

 Blockchain/
Cryptocurrencies

Novice Beginner Follower Expert Leader

• No understanding, •B
 asic awareness of • Has developed an • Has developed own audit • Has deep understanding of
buy-in or interest in how blockchain/cryptocurrencies ability to identify content on blockchain/ blockchain/ cryptocurrencies
blockchain affects the as a concept the risk associated cryptocurrencies (library of • Positions blockchain
business/organization with blockchain/ risks, controls, procedures) as a solution with
•S
 eeks education on
cryptocurrencies • Auditor of smart contracts ecosystem differentiation,
blockchain/cryptocurrencies
• Seeks audit content of the organization behavioral change and
on blockchain/ regulatory implications
• Ability to identify risks
cryptocurrencies of Blockchain as a Service • Able to evaluate/assess
from others in the existing private/public
same industry blockchain use cases
• Actively conducting audits of
“Blockchain as a Service” –
built, hosted applications
on cloud-based solutions
• Participates in thought
leadership on blockchain
activities, contributes
to relevant journals,
blogs, whitepapers
• Takes a leadership
role in the training and
upskilling of others on
the team/organization

TeamMate® Audit Benchmark: Digital skills assessment matrix 10

 Social media governance

Novice Beginner Follower Expert Leader

• No understanding, buy-in or •B

 asic awareness of how social • Participates in social • Participates in strategic •S
 ocial media participation
interest in how social media media governance affects the listening as an audit activity listening (automates the is at the level of “social
governance affects the business organization listening for key words/ intelligence” as an
• Understands how social
business/organization phrases) as an audit activity audit activity
•K
 nowledge of who has media governance affects
access/control to the the business organization • Strong understanding of how •S
 ocial media governance
social media properties social media governance affects is developed and functions
• Carefully monitors how others
the business organization at a level that enhances or
in the industry are handling
optimizes the brand
social media governance
•P
 articipates in thought
leadership on social media
governance activities,
contributes to relevant
journals, blogs, whitepapers
•T
 akes a leadership
role in the training and
upskilling of others on
the team/organization

TeamMate® Audit Benchmark: Digital skills assessment matrix 11

 Visualization & business
intelligence tools

Novice Beginner Follower Expert Leader

• No understanding, buy-in •B

 asic awareness of • Can identify data sources • Can effectively use BI tools • Can effectively use BI tools to
or interest in how business the benefits of BI tools and required fields for BI tool to create visualizations to create visualizations of
intelligence (BI) tools (i.e. usage to create visualizations tell a story and/or convey large data sets to tell
• Incorporates the output of BI
Power BI, Tableau, QllikView, significance in findings a story and/or convey
tools that others on the team • Can use pre-defined reports
Spotfire, etc.) can benefit significance in findings
create in their work product or visualization templates and • Creates starter or templates
audit data or tasks can summarize/conclude on for other team members to use • Regularly joins and
•H
 as attended training but is
the results explores multiple data sets
not actively using BI tools • Regularly explores one or
including outside sources
• Can define report/visualization more data sets for trend
•H
 as access to BI tool licenses to create benchmarks,
requirements to an expert, and identification and correctly
but is not using them trend identifications and
with some guidance, create selects the visualization
predictions in visual format
own outputs (chart) to use to best
explain the output • Participates in thought
leadership on BI tool
usage and opportunities,
contributes to relevant
journals, blogs, whitepapers
• Takes a leadership
role in the training and
upskilling of others on
the team/organization

TeamMate® Audit Benchmark: Digital skills assessment matrix 12