Internal Auditing Tools and Techniques for Driving Audit ... · © 2015 MetricStream, Inc. All...
Transcript of Internal Auditing Tools and Techniques for Driving Audit ... · © 2015 MetricStream, Inc. All...
© 2015 MetricStream, Inc. All Rights Reserved.
Internal Auditing Tools and Techniques
for Driving Audit Excellence
September 2015
© 2015 MetricStream, Inc. All Rights Reserved. 2
Today’s Agenda
Key Challenges and Trends
Use of Technology Tools for Effective Audit Management
Real world case studies
Q&A
© 2015 MetricStream, Inc. All Rights Reserved. 3
IA Trends Among Global Corporations
Internal Auditors
Increasing role of internal audit in risk
management
Demonstrating value and
contributing to business
performance
Maintaining stature with the audit
committee
Collaborating with auditee and
business stakeholders
Leveraging technology to
achieve greater efficiencies
© 2015 MetricStream, Inc. All Rights Reserved. 4
Changing Face of IA
Then
Provided assurance over threat (i.e., the downside of risk)
Performed discrete audits on compliance with internal controls
Acted as a back-office function
Provided lagging indicators of risk
Was the “cop” that management avoided
Now
Provides assurance over threats and opportunities (i.e., The downside and upside of risk)
Performs integrated audits on governance, risk management and controls
Acts as a front-office function
Provides leading indicators of risk
Is the “expert” that management seeks
© 2015 MetricStream, Inc. All Rights Reserved. 5
Challenges faced by Internal Audit
Lack of real-time visibility and transparency
Information overload and differing interpretations
Improper performance measures and reporting
Un-integrated multiple point solutions and software applications
Redundant data entry caused by disparate systems
Increasing complexity of information
Ensuring Continuous Improvement by defining and monitoring metrics
Globalizing - Cross Border Issues
Working on projects around the world
With resources around the world
© 2015 MetricStream, Inc. All Rights Reserved. 6
So What Does One Do?
How to do more with less?
How to ensure effectiveness?
How to add value?
© 2015 MetricStream, Inc. All Rights Reserved. 7
Recent Survey Report Highlights:
Source: 2015 PWC State of the internal audit profession
Finding True North requires building four priority capabilities
© 2015 MetricStream, Inc. All Rights Reserved. 8
Recent Survey Report Highlights:
Source: 2015 KMPG Global Audit Committee Survey
What would improve overall audit committee’s overall effectiveness
© 2015 MetricStream, Inc. All Rights Reserved. 9
The Capabilities – What is required?
How Technology can enable an effective Audit Management
© 2015 MetricStream, Inc. All Rights Reserved. 10
Elements of Technical Capabilities for Internal Audit
Align business focus on the right set of business risks
– Facilitates systematic & consistent risk-based audit approach for better assurance
– ‘Smart’ Advisors guide you to focus on the right priorities
Frequent monitoring and management analysis
– Quick and easy access to all enterprise risk related data
Ensure Optimal Resource Allocation
Powerful reporting and analytics for real-time visibility
– A highly structured and standardized method of reporting audit results
– Automated notifications and alerts ensuring timely communication
Offline and Mobile Auditing for field audits
Flexibility to easily support the future business needs
Assess risks that matter
Nimble, focused audits
Foresight + Insight
© 2015 MetricStream, Inc. All Rights Reserved.
Efficient Risk-Based Audit Planning
• Enable a targeted, risk-based internal audit with consistent analysis and assessment
of risks
– A centralized information model to closely map risks to auditable entities
– An integrated framework for IAs to collate crucial information which will help in preparing
the audit plan
• Create a systematic audit plan with a well-defined objective and scope
– Align audits with risks and organizational goals
• Align business focus on the right set of business risks
– ‘Smart’ Advisors guide you to focus on the right priorities
Risk assessment serves as groundwork to identify areas or entities that need to be audited at regular intervals or on a need basis, depending on the severity, likelihood of the associated risk
© 2015 MetricStream, Inc. All Rights Reserved. 12
Information Model Mapping Risks to Auditable Entities
• Risk 1
• Risk 2
• Risk 3
…
Risk Library
• Business Unit 1
• Business Unit 2
• Process 1
• Process 2
• Policy 1
• Policy 2
• …
Auditable Entities
Annual Audit Plan
Process 1
• Audit Project 1
• Audit Project 2
• Audit Project 3
…
Audit Projects
Audit Project
Tasks &
Milestones Work Paper
Documents
Draft & Final
Reports
Workflows, Emails & Alerts
Audit Universe
Process 2
Site 1
Site 2
• Risk 1
• Risk 3
• …
Key Risks
Work Program Template
Checklists
Questionnaires
Control Test Plans
…
Template Repository
© 2015 MetricStream, Inc. All Rights Reserved. 13
Data Model: Flexible Relationships and Visualizations
Processes
Processes
Mapped to Risks
Linkages between Regulations,
Policies, Requirements, Risks,
Controls, Organizations, etc.
© 2015 MetricStream, Inc. All Rights Reserved. 14
Integrated Control Testing & Frequent Monitoring
Test adequacy & effectiveness of controls
– Automated control testing
• Conduct surveys, self assessments
– Continuous monitoring
Quick and easy access to all enterprise risk related data
– Standardized data collection with quick and easy access
– Search, filter capability
– Automated notifications, reminders and alerts
© 2015 MetricStream, Inc. All Rights Reserved. 15
• Advanced analytics for
decision-making
• Identify gaps and provide
insights
• Track Issues through to
resolution
© 2015 MetricStream, Inc. All Rights Reserved. 16
Real-time metrics and visualizations
Top-level visibility for CAEs
– Close-to-real time Issues Tracking
– Provide valuable risk insights and intelligence
– Provide enterprise-wide visibility into the audit process and metrics
– Identify potential opportunities for improvements
Improve communication and teamwork on complex audit processes
across departments
– Quick and easy access to all audit data
– Help in making informed decisions
A highly structured and standardized method of reporting audit results
© 2015 MetricStream, Inc. All Rights Reserved. 17
Continuously Monitor and Report Risks, Issues
• Graphical executive
dashboards and flexible
reports with drill-down
capability provide statistics
by a variety of parameters
• Export into pdf, excel or
word format
© 2015 MetricStream, Inc. All Rights Reserved. 18
Ensure Optimal Resource Utilization
Effectively manage resources for multiple projects, enhancing productivity
Balance resource supply
– Analyze future demand and establish demand-supply gap
Ensure complete oversight and visibility into resource utilization
Have the right blend of skillsets and experience
© 2015 MetricStream, Inc. All Rights Reserved. 19
• Proactively allocate
resources
• Store resource profile, skill
sets
• Track utilization trends
© 2015 MetricStream, Inc. All Rights Reserved. 20
Mobile Auditing Capability – For Efficient Field Audits
• Native Apps for Tablets
• Auditors can view the list of all
their tasks and assignments,
access their audit forms and
checklists, enter their findings,
capture supporting photos/
images, and then push the
results back into the
MetricStream Web application;
allowing for significant efficiency.
© 2015 MetricStream, Inc. All Rights Reserved. 21
Recap: Leverage Technology to Ensure an Effective Audit Program
Understand Risks
• Identify, capture, assess and analyze risks
Plan Audit • Identify key risk areas
and align your audit plan
Perform Audits • Use automated testing
and mobile auditing
Analyze & Report Results
• Highlight critical information – use data analytics
© 2015 MetricStream, Inc. All Rights Reserved. 23
How Organizations Leverage Technology?
Global Bank with Operations in Over 50 Countries
Provide a systematic and consistent risk-based audit process for global operations
Risk assessment serves as groundwork to identify areas or entities that need to be audited
at regular intervals or on a need basis, depending on the severity, likelihood of the
associated risk
Capabilities to manage risk-universe, risk assessment, audit project management, audit
planning, surveys, questionnaires, checklists, audit scheduling, audit execution, work-
paper management, etc.
Risk Assessments,
Risk Catalog
Multi-national manufacturing and high-tech conglomerate
End-to-End Audit Management Solution - Audit planning, scoping, scheduling, fieldwork
and reporting
External reporting and managing data feeds for audits
Global Data Warehousing- The solution maintains the data of the entire user base of the
organization running to more then 400000 users, and access and assignments to any of
these users can be done online.
Comprehensive Resource
Management
© 2015 MetricStream, Inc. All Rights Reserved. 24
Mobile Auditing
Leading Agricultural and Biotechnology Supplies Company
Enabled offline audit management; provided greater transparency in audit processes; and
introduced convenient tablet-based field data collection
Provides a quick and secure way for internal and third-party auditors to go to field locations
or sites, and collect and record audit data using tablets and mobile devices.
Seamlessly integrates with other organizational systems, capturing and aggregating audit
data in one centralized framework.
Multi-national Catering and Retail Company
Internal Audit for a Global Audit team from Italy, US, Spain and UK
Multi-lingual deployment
Provides GRC platform with roadmap to enable Sox compliance and Italian 262 regulation,
apart from Enterprise Risk Management.
Enables collaboration with acquired entities consolidating best practices on a single
platform.
Integrated Audit and Sox
How Organizations Leverage Technology?
© 2015 MetricStream, Inc. All Rights Reserved.
About MetricStream
• Over 1,500 employees
• Headquarters in Palo Alto, California with offices worldwide
• Over 350 enterprise customers
• Privately held – backed by leading global VCs, Goldman Sachs, Sageview Capital
Integrated Governance, Risk and Compliance for Better Business Performance Vision
Solutions
• Risk Management
• Business Continuity Management
• IT GRC
• Compliance Management
• Audit Management
Partners
Differentiators
• Technology - GRC Platform – 9 Patents
• Breadth of Solutions – Single Vendor for all GRC needs
• Cross-industry Best Practices and Domain Knowledge
• ComplianceOnline.com - Largest Compliance Portal on the Web
Organization
• Supplier Governance
• Quality Management
• EHS & Sustainability
• Governance & Ethics
• Content and Training
© 2015 MetricStream, Inc. All Rights Reserved. 27
MetricStream Internal Audit App - Key Components
Security & Permissions
Workflows
Data Browsers & Calenders
Reports & Dashboards
Alerts & Notifications
Audit Universe
Risk Assessments
Audit Planning
Audit Scheduling
Audit Fieldwork
Reporting
Issue Remediation
IA
© 2015 MetricStream, Inc. All Rights Reserved. 28
THANK YOU
Contact Us:
Website: www.metricstream.com | Email: [email protected]
Phone: USA +1-650-620-2955 | UAE +971-5072-17139 | UK +44-203-318-8554