protiviti 30 on thursday · 2016. 7. 29. · protiviti governance portal • cost-effective grc...
TRANSCRIPT
![Page 1: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/1.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
PROTIVITI 30 ON THURSDAY
HOW TO LEVERAGE
MICROSOFT SHAREPOINT
TO MANAGE YOUR AUDIT
PROGRAM
![Page 2: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/2.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TECHNOLOGY FOR INTERNAL AUDIT
2
Protiviti Perspective:
• Over 77% of the global
average and 87% of
participants from North
America leverage some
type of electronic
solution for Internal
Audit.
• Related studies find that
over 45% of users feel
that their solution does
not provided desired
value to the program
and many organizations
have multiple GRC
solutions.
!
Source: The IIA Research Foundation, “Staying a Step Ahead, Internal Audit’s Use of Technology,” August 2015
Global Average
East Asia & Pacific
Sub-Saharan Africa
Latin America & Caribbean
South Asia
Middle East & North Africa
Europe & Central Asia
North America
38%
27%
37%
36%
45%
35%
39%
50%
39%
37%
31%
39%
33%
44%
43%
37%
23%
36%
32%
25%
21%
21%
18%
13%
Appropriate orextensive use oftechnology for IA
Some use ofelectronic workpapersor other officeinformation tools
Primary reliance onmanual systems andprocesses
![Page 3: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/3.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
MEASURE OF USE CASES
3
Protiviti Perspective:
• Internal Audit Teams tend
to adopt functionality at
varied levels. Off-the-
shelf systems tend to
focus on certain areas.
When choosing an OTS
solution, it is important to
consider requirements
and solution strengths.
SharePoint offers a fresh
alternative to consider
when focusing on
specific or a sub-set of
requirements
!
Source: The IIA Research Foundation, “Staying a Step Ahead, Internal Audit’s Use of Technology,” August 2015
Continuous/Real-Time Auditing
Data Mining & Analytics
Internal Quality Assessments
Monitor & Track Remediation
Flowchart or Process Mapping
Electronic Workpapers
Manage Information Collected by IA
Planning & Scheduling
IA Risk Assessment
14%
19%
11%
24%
18%
41%
19%
17%
17%
30%
34%
26%
28%
34%
31%
29%
29%
33%
25%
23%
24%
20%
26%
14%
21%
23%
22%
31%
24%
39%
28%
22%
14%
30%
31%
28%
Extensive Moderate Minimal None
![Page 4: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/4.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
TRENDS IN USE CASE DEMANDS
4
Protiviti Perspective: • Clients continue to seek
opportunities to optimize the
maturity of their testing and
monitoring capabilities with
real-time auditing and data-
mining.
!
Source: © 2015 Forrester Research Inc.
The GRC Technology Landscape, October 2015 Forrester Webinar
Source: The IIA Research Foundation, “Staying a Step Ahead, Internal Audit’s Use of Technology,” August 2015
Electronic Workpapers
Flow Charting
Data Mining
Computer Assisted Audit Technique (CAAT)
Continuous/Real-Time Auditing
72%
52%
53%
48%
44%
65%
43%
39%
52%
37%
2006 2015
![Page 5: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/5.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
OUR APPROACH TO GRC TECHNOLOGY
5
3,500professionals
Over 20 countriesin the Americas, Europe,
the Middle East and
Asia-Pacific
70+offices
![Page 6: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/6.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
GRC PLATFORM IMPLEMENTATION CAPABILITIES
6
Third Party Implementer• Certified RSA Archer admins
• MetricStream Business Partner
• Experienced adviser of other GRC
solutions including Thomson Reuters
Accelus and IBM Open Pages
• We assist clients with content-based
solution designs that are portable
across GRC platforms.
Protiviti Governance Portal• Cost-Effective GRC software.
• More than 500 implementations
since 2003.
SharePoint Solution
Accelerators• Solution Accelerators for GRC, Risk
Index, or specific workflows.
• 14-time Microsoft Gold certified
partner, 100+ SharePoint Experts
on staff including top-certified
SharePoint MVP’s.
Third Party
Platforms
We provide a unique set of choices and capabilities for clients to:
• Invest in a proven cost-effective solution
• Leverage key elements of their infrastructure
• Implement leading GRC platforms
!
R
R
w
![Page 7: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/7.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
WHY SHAREPOINT FOR GRC?
7
OFF-THE-
SHELF
(COTS)
SHARE-
POINT BLENDED
COTS Data Model
COTS Reporting
Breadth of GRC Functionality
Breadth of Enterprise Functionality (collaboration,
documentation, records management, etc.)
Customized to Your Methodology
Intuitive User Interface
Embedded GRC Processes
Annual Fees Toward Broad Roadmap
Targeted Ongoing Investment in Specific Capabilities
Leverages Existing IT Infrastructure
The choice is
not mutually
exclusive. Custom
SharePoint
solutions can be
developed for
specific work
streams while
integrating with
GRC platforms.
!
![Page 8: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/8.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
Proven value-added solutions Deep competency in the following industries
PROTIVITI’S SOLUTION & INDUSTRIES
8
GOVERNMENT SERVICES
ENERGY AND UTILITIES
CONSUMER PRODUCTS
AND SERVICES
FINANCIAL SERVICES
INDUSTRIAL PRODUCTS
TECHNOLOGY, MEDIA AND COMMUNICATIONS
HEALTHCARE AND LIFE SCIENCESDATA MANAGEMENT AND ADVANCED ANALYTICS
TRANSACTION SERVICES
INTERNAL AUDIT AND
FINANCIAL ADVISORY
INFORMATION
TECHNOLOGY CONSULTING
BUSINESS PERFORMANCE
IMPROVEMENT
RESTRUCTURING AND LITIGATION SERVICES
RISK AND COMPLIANCE
Accelerator Solutions
![Page 9: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/9.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
SOLUTION ACCELERATORS
Purpose built SharePoint apps
Bridging the gap between business requirements and IT knowledge to create useful
applications can be difficult for organizations.
Our SP Solution Accelerators
Leading Technology
TechnicalPlaybook
Industry & Solution
SME
9
Protiviti methodology and business
experience
![Page 10: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/10.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.
INTERNAL AUDIT FRAMEWORK
10
Risks
1
2
3
Risk 1
Name
Desc.
…
Controls
1
2
3
Controls
1
2
3Control 2
Name
Desc.
…
Risks
1
Tests
1
Audit Subsite - Page
Fieldwork >
Controls
1
2
3
Tests
1
2
3
Test 1
Name
Desc.
…
Controls
2
Exceptions
1
Reporting >< Planning
Exceptions
1
2
3
Observations
A
B
Observation A
Name
Desc.
…
Exceptions
1
Actions
B
Actions
A
B
Exception 1
Name
Desc.
…
Test
1
Observations
A
Info. Requests
Audit Name – Planning Phase Audit Name – Fieldwork Phase
Audit Name – Reporting Phase
< Fieldwork
many : many
many : 1
1: many
Action B
Name
Desc.
…
Observations
A
Test 1
page
Audit Subsite - Page
Audit Subsite - Page
many : many
Audit Collection
Audit Sub-Site
![Page 11: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/11.jpg)
© 2016 Protiviti Inc.
CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party. 11
SAMPLE SHAREPOINT EXPERIENCES
Our Client approached Protiviti in review of GRC solutions for Internal Audit. While exploring the Protiviti Governance Portal and
other off-the-shelf solutions, it was determined that SharePoint provided a better fit to the client’s requirements and interest to
leverage its existing technology footprint. The client’s IT group already had implemented a GRC solution through IT which could
have been leveraged. However, client concerns that the off-the-shelf GRC tool did not address IA requirements adequately
demanded an alternative. SharePoint allowed the client increased capability in building an audit platform that supported its specific
methodology. After an initial implementation for IA, client has expanded scope to now include Enterprise Risk with an integrated
dashboard covering both functional areas.
Internal Audit & Risk Management (Example 1)
Our Client approached Protiviti with fatigue from off-the-shelf solutions. They were very positive about using SharePoint considering
the increased flexibility. Although, the company did not have a strong footprint or access to IT for the implementation. By introducing
Office 365, our client was able to subscribe on-line to a limited user-base for the IT team alone. Increased value points included the
ability to respond to workflow and engage end-users all directly through email, allowing audit approvals and issue management to
update within the application without requiring a user to login. Our client is now planning to expand its implementation to include
Vendor Risk, IT Risk, and Enterprise Risk solutions within the environment considering the positive experience held by Internal
Audit.
Internal Audit (Example 2)
Our Client approached Protiviti in interest to learn about multiple GRC solutions. The option to leverage client’s in-house
SharePoint platform was refreshing as compared to using an off-the-shelf solution that had been utilized previously with challenging
experiences. In establishing requirements, the client was very pleased that many of the challenges they had faced with its existing
IT solution were unfound with SharePoint. For example, the client required a specific relational model of risks and controls that
included observations, issues, and actions. While off-the-shelf tools offer flexibility to configure fields, true data mapping changes
were not supported. The client had an opportunity to support its requirements natively with SharePoint.
Internal Audit (Example 3)
![Page 12: PROTIVITI 30 ON THURSDAY · 2016. 7. 29. · Protiviti Governance Portal • Cost-Effective GRC software. • More than 500 implementations since 2003. SharePoint Solution ... documentation,](https://reader034.vdocument.in/reader034/viewer/2022052004/6017f559b262d566395e26be/html5/thumbnails/12.jpg)
12