internal auditing tools and techniques for driving audit ... · © 2015 metricstream, inc. all...

© 2015 MetricStream, Inc. All Rights Reserved.

Internal Auditing Tools and Techniques

for Driving Audit Excellence

September 2015

© 2015 MetricStream, Inc. All Rights Reserved. 2

Today’s Agenda

Key Challenges and Trends

Use of Technology Tools for Effective Audit Management

Real world case studies

Q&A


IA Trends Among Global Corporations

Internal Auditors

Increasing role of internal audit in risk

management

Demonstrating value and

contributing to business

performance

Maintaining stature with the audit

committee

Collaborating with auditee and

business stakeholders

Leveraging technology to

achieve greater efficiencies


Changing Face of IA

Then

Provided assurance over threat (i.e., the downside of risk)

Performed discrete audits on compliance with internal controls

Acted as a back-office function

Provided lagging indicators of risk

Was the “cop” that management avoided

Now

Provides assurance over threats and opportunities (i.e., The downside and upside of risk)

Performs integrated audits on governance, risk management and controls

Acts as a front-office function

Provides leading indicators of risk

Is the “expert” that management seeks


Challenges faced by Internal Audit

Lack of real-time visibility and transparency

Information overload and differing interpretations

Improper performance measures and reporting

Un-integrated multiple point solutions and software applications

Redundant data entry caused by disparate systems

Increasing complexity of information

Ensuring Continuous Improvement by defining and monitoring metrics

Globalizing - Cross Border Issues

Working on projects around the world

With resources around the world


So What Does One Do?

How to do more with less?

How to ensure effectiveness?

How to add value?


Recent Survey Report Highlights:

Source: 2015 PWC State of the internal audit profession

Finding True North requires building four priority capabilities


Recent Survey Report Highlights:

Source: 2015 KMPG Global Audit Committee Survey

What would improve overall audit committee’s overall effectiveness


The Capabilities – What is required?

How Technology can enable an effective Audit Management


Elements of Technical Capabilities for Internal Audit

Align business focus on the right set of business risks

– Facilitates systematic & consistent risk-based audit approach for better assurance

– ‘Smart’ Advisors guide you to focus on the right priorities

Frequent monitoring and management analysis

– Quick and easy access to all enterprise risk related data

Ensure Optimal Resource Allocation

Powerful reporting and analytics for real-time visibility

– A highly structured and standardized method of reporting audit results

– Automated notifications and alerts ensuring timely communication

Offline and Mobile Auditing for field audits

Flexibility to easily support the future business needs

Assess risks that matter

Nimble, focused audits

Foresight + Insight


Efficient Risk-Based Audit Planning

• Enable a targeted, risk-based internal audit with consistent analysis and assessment

of risks

– A centralized information model to closely map risks to auditable entities

– An integrated framework for IAs to collate crucial information which will help in preparing

the audit plan

• Create a systematic audit plan with a well-defined objective and scope

– Align audits with risks and organizational goals

• Align business focus on the right set of business risks

– ‘Smart’ Advisors guide you to focus on the right priorities

Risk assessment serves as groundwork to identify areas or entities that need to be audited at regular intervals or on a need basis, depending on the severity, likelihood of the associated risk


Information Model Mapping Risks to Auditable Entities

• Risk 1

• Risk 2

• Risk 3

…

Risk Library

• Business Unit 1

• Business Unit 2

• Process 1

• Process 2

• Policy 1

• Policy 2

• …

Auditable Entities

Annual Audit Plan

Process 1

• Audit Project 1

• Audit Project 2

• Audit Project 3

…

Audit Projects

Audit Project

Tasks &

Milestones Work Paper

Documents

Draft & Final

Reports

Workflows, Emails & Alerts

Audit Universe

Process 2

Site 1

Site 2

• Risk 1

• Risk 3

• …

Key Risks

Work Program Template

Checklists

Questionnaires

Control Test Plans

…

Template Repository


Data Model: Flexible Relationships and Visualizations

Processes

Processes

Mapped to Risks

Linkages between Regulations,

Policies, Requirements, Risks,

Controls, Organizations, etc.


Integrated Control Testing & Frequent Monitoring

Test adequacy & effectiveness of controls

– Automated control testing

• Conduct surveys, self assessments

– Continuous monitoring

Quick and easy access to all enterprise risk related data

– Standardized data collection with quick and easy access

– Search, filter capability

– Automated notifications, reminders and alerts


• Advanced analytics for

decision-making

• Identify gaps and provide

insights

• Track Issues through to

resolution


Real-time metrics and visualizations

Top-level visibility for CAEs

– Close-to-real time Issues Tracking

– Provide valuable risk insights and intelligence

– Provide enterprise-wide visibility into the audit process and metrics

– Identify potential opportunities for improvements

Improve communication and teamwork on complex audit processes

across departments

– Quick and easy access to all audit data

– Help in making informed decisions

A highly structured and standardized method of reporting audit results


Continuously Monitor and Report Risks, Issues

• Graphical executive

dashboards and flexible

reports with drill-down

capability provide statistics

by a variety of parameters

• Export into pdf, excel or

word format


Ensure Optimal Resource Utilization

Effectively manage resources for multiple projects, enhancing productivity

Balance resource supply

– Analyze future demand and establish demand-supply gap

Ensure complete oversight and visibility into resource utilization

Have the right blend of skillsets and experience


• Proactively allocate

resources

• Store resource profile, skill

sets

• Track utilization trends


Mobile Auditing Capability – For Efficient Field Audits

• Native Apps for Tablets

• Auditors can view the list of all

their tasks and assignments,

access their audit forms and

checklists, enter their findings,

capture supporting photos/

images, and then push the

results back into the

MetricStream Web application;

allowing for significant efficiency.


Recap: Leverage Technology to Ensure an Effective Audit Program

Understand Risks

• Identify, capture, assess and analyze risks

Plan Audit • Identify key risk areas

and align your audit plan

Perform Audits • Use automated testing

and mobile auditing

Analyze & Report Results

• Highlight critical information – use data analytics


Customer Experience

Best Practices


How Organizations Leverage Technology?

Global Bank with Operations in Over 50 Countries

Provide a systematic and consistent risk-based audit process for global operations

Risk assessment serves as groundwork to identify areas or entities that need to be audited

at regular intervals or on a need basis, depending on the severity, likelihood of the

associated risk

Capabilities to manage risk-universe, risk assessment, audit project management, audit

planning, surveys, questionnaires, checklists, audit scheduling, audit execution, work-

paper management, etc.

Risk Assessments,

Risk Catalog

Multi-national manufacturing and high-tech conglomerate

End-to-End Audit Management Solution - Audit planning, scoping, scheduling, fieldwork

and reporting

External reporting and managing data feeds for audits

Global Data Warehousing- The solution maintains the data of the entire user base of the

organization running to more then 400000 users, and access and assignments to any of

these users can be done online.

Comprehensive Resource

Management


Mobile Auditing

Leading Agricultural and Biotechnology Supplies Company

Enabled offline audit management; provided greater transparency in audit processes; and

introduced convenient tablet-based field data collection

Provides a quick and secure way for internal and third-party auditors to go to field locations

or sites, and collect and record audit data using tablets and mobile devices.

Seamlessly integrates with other organizational systems, capturing and aggregating audit

data in one centralized framework.

Multi-national Catering and Retail Company

Internal Audit for a Global Audit team from Italy, US, Spain and UK

Multi-lingual deployment

Provides GRC platform with roadmap to enable Sox compliance and Italian 262 regulation,

apart from Enterprise Risk Management.

Enables collaboration with acquired entities consolidating best practices on a single

platform.

Integrated Audit and Sox

How Organizations Leverage Technology?


About MetricStream


About MetricStream

• Over 1,500 employees

• Headquarters in Palo Alto, California with offices worldwide

• Over 350 enterprise customers

• Privately held – backed by leading global VCs, Goldman Sachs, Sageview Capital

Integrated Governance, Risk and Compliance for Better Business Performance Vision

Solutions

• Risk Management

• Business Continuity Management

• IT GRC

• Compliance Management

• Audit Management

Partners

Differentiators

• Technology - GRC Platform – 9 Patents

• Breadth of Solutions – Single Vendor for all GRC needs

• Cross-industry Best Practices and Domain Knowledge

• ComplianceOnline.com - Largest Compliance Portal on the Web

Organization

• Supplier Governance

• Quality Management

• EHS & Sustainability

• Governance & Ethics

• Content and Training


MetricStream Internal Audit App - Key Components

Security & Permissions

Workflows

Data Browsers & Calenders

Reports & Dashboards

Alerts & Notifications

Audit Universe

Risk Assessments

Audit Planning

Audit Scheduling

Audit Fieldwork

Reporting

Issue Remediation

IA


THANK YOU

Contact Us:

Website: www.metricstream.com | Email: [email protected]

Phone: USA +1-650-620-2955 | UAE +971-5072-17139 | UK +44-203-318-8554

http://www.metricstream.com/

mailto:[email protected]