Juan Guerrero, Director, IT Audit & Data Analytics, Fortune Brands Innovations
Juan F. Guerrero is the Director of IT Audit & Data Analytics at Fortune Brands Innovations, bringing over two decades of global experience in IT leadership, audit, governance, cybersecurity, risk management, and digital transformation. He holds a robust portfolio of certifications, including SAP, CISA, PMP, DevOps, Tableau/Power BI, Big Data and Analytics. Juan has also completed executive programs at Wharton University in Executive Presence, Digital and Persuasive Leadership. Known for aligning business strategy with enterprise risk frameworks, he integrates advanced analytics and automation into IT solutions and audit practices, enhancing testing efficiency and fostering cross-functional collaboration between business and technical teams. His leadership has consistently enabled organizations to adopt emerging technologies responsibly while reinforcing operational resilience and regulatory compliance.
Beyond the Checklist: A New Mandate for IT Audit
Traditional IT audits focused on verifying controls, ensuring regulatory compliance, and identifying risks. While these remain foundational, the scope has expanded. Auditors are now expected to interpret data patterns, assess the algorithmic integrity of algorithms, and evaluate the ethical use of AI. In my role at a Fortune Brands company, we’ve seen firsthand how audit teams must pivot from static testing to dynamic risk sensing, especially as AI models begin influencing decisions across finance, HR, IT and operations.
AI as Both Tool and Target
AI presents a dual challenge for IT auditors. On one hand, it offers powerful tools for anomaly detection, predictive analytics, and continuous monitoring. On the other hand, it introduces new risks: opaque decision-making, bias in training data, and vulnerabilities in model governance. Our audit team has begun integrating AI-assisted analytics into our fieldwork, enabling us to surface insights that were previously obscured by transactional noise. But we also audit the AI itself, scrutinizing model inputs, outputs, and lifecycle controls to ensure accountability.
Emerging AI Risks and the Power of Data Analytics
As AI systems become embedded in enterprise operations, new audit risks are emerging. These include:
• Model drift: This occurs when an AI system’s behavior shifts over time, but these changes aren’t well documented.
• Bias amplification: Flawed training data can lead to discrimination.
• Shadow AI: where business units deploy AI tools without IT oversight, creating blind spots in governance.
At the executive level, audit is no longer just about risk; it’s about resilience, trust, and strategic alignment. The future belongs to audit teams that can bridge technical depth with business insight. 
To address these risks, we’ve expanded our audit scope to include AI lifecycle reviews and ethical risk assessments. Data and analytics play a critical role here. By mining structured and unstructured data, we can identify patterns that signal fraud, policy violations, or control failures. For example, we’ve used the data to detect unusual vendor payment trends, duplicate payments and flag potential conflicts of interest. These insights not only strengthen our audit findings but also empower business leaders to take proactive corrective action.
The Rise of Real-Time Assurance
Gone are the days of annual audits with static reports. Today’s stakeholders demand real-time assurance. We’ve implemented dashboards that provide continuous visibility into control health, leveraging data pipelines from ERP systems, cloud platforms, and third-party integrations. This shift has redefined the auditor’s role from retrospective reviewer to proactive advisor.
Collaboration Over Silos: The Power of Partnership
The complexity of today’s digital environment demands tight collaboration between IT audit, cybersecurity, and IT operations. Our most successful initiatives have been those where these teams worked in lockstep. For instance, when auditing access controls and identity governance, our partnership with the cybersecurity team ensured that threat intelligence was integrated into our risk assessments. Similarly, working with IT allowed us to understand system configurations and change management processes in depth, critical for evaluating control effectiveness. This synergy not only improves audit quality but also accelerates remediation. When audit findings are shared in real time with IT and cybersecurity, corrective actions can be implemented before risks materialize. It’s a model of shared accountability that strengthens the organization’s overall resilience.
Leadership and the Future of Audit
As AI continues to reshape the enterprise, audit leaders must evolve too. We must speak the language of data science, understand the nuances of digital ethics, and advocate for transparency. At the executive level, audit is no longer just about risk; it’s about resilience, trust, and strategic alignment. The future belongs to audit teams that can bridge technical depth with business insight. The IT audit function is no longer a back-office necessity; it’s a front-line enabler of digital trust. As technology evolves, so must we. The journey from compliance to strategic intelligence is not just an evolution, it’s a revolution.