protiviti 30 on thursday · 2016. 7. 29. · protiviti governance portal • cost-effective grc...

© 2016 Protiviti Inc.

CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party.

PROTIVITI 30 ON THURSDAY

HOW TO LEVERAGE

MICROSOFT SHAREPOINT

TO MANAGE YOUR AUDIT

PROGRAM



TECHNOLOGY FOR INTERNAL AUDIT

2

Protiviti Perspective:

• Over 77% of the global

average and 87% of

participants from North

America leverage some

type of electronic

solution for Internal

Audit.

• Related studies find that

over 45% of users feel

that their solution does

not provided desired

value to the program

and many organizations

have multiple GRC

solutions.

!

Source: The IIA Research Foundation, “Staying a Step Ahead, Internal Audit’s Use of Technology,” August 2015

Global Average

East Asia & Pacific

Sub-Saharan Africa

Latin America & Caribbean

South Asia

Middle East & North Africa

Europe & Central Asia

North America

38%

27%

37%

36%

45%

35%

39%

50%

39%

37%

31%

39%

33%

44%

43%

37%

23%

36%

32%

25%

21%

21%

18%

13%

Appropriate orextensive use oftechnology for IA

Some use ofelectronic workpapersor other officeinformation tools

Primary reliance onmanual systems andprocesses



MEASURE OF USE CASES

3

Protiviti Perspective:

• Internal Audit Teams tend

to adopt functionality at

varied levels. Off-the-

shelf systems tend to

focus on certain areas.

When choosing an OTS

solution, it is important to

consider requirements

and solution strengths.

SharePoint offers a fresh

alternative to consider

when focusing on

specific or a sub-set of

requirements

!


Continuous/Real-Time Auditing

Data Mining & Analytics

Internal Quality Assessments

Monitor & Track Remediation

Flowchart or Process Mapping

Electronic Workpapers

Manage Information Collected by IA

Planning & Scheduling

IA Risk Assessment

14%

19%

11%

24%

18%

41%

19%

17%

17%

30%

34%

26%

28%

34%

31%

29%

29%

33%

25%

23%

24%

20%

26%

14%

21%

23%

22%

31%

24%

39%

28%

22%

14%

30%

31%

28%

Extensive Moderate Minimal None



TRENDS IN USE CASE DEMANDS

4

Protiviti Perspective: • Clients continue to seek

opportunities to optimize the

maturity of their testing and

monitoring capabilities with

real-time auditing and data-

mining.

!

Source: © 2015 Forrester Research Inc.

The GRC Technology Landscape, October 2015 Forrester Webinar


Electronic Workpapers

Flow Charting

Data Mining

Computer Assisted Audit Technique (CAAT)

Continuous/Real-Time Auditing

72%

52%

53%

48%

44%

65%

43%

39%

52%

37%

2006 2015



OUR APPROACH TO GRC TECHNOLOGY

5

3,500professionals

Over 20 countriesin the Americas, Europe,

the Middle East and

Asia-Pacific

70+offices



GRC PLATFORM IMPLEMENTATION CAPABILITIES

6

Third Party Implementer• Certified RSA Archer admins

• MetricStream Business Partner

• Experienced adviser of other GRC

solutions including Thomson Reuters

Accelus and IBM Open Pages

• We assist clients with content-based

solution designs that are portable

across GRC platforms.

Protiviti Governance Portal• Cost-Effective GRC software.

• More than 500 implementations

since 2003.

SharePoint Solution

Accelerators• Solution Accelerators for GRC, Risk

Index, or specific workflows.

• 14-time Microsoft Gold certified

partner, 100+ SharePoint Experts

on staff including top-certified

SharePoint MVP’s.

Third Party

Platforms

We provide a unique set of choices and capabilities for clients to:

• Invest in a proven cost-effective solution

• Leverage key elements of their infrastructure

• Implement leading GRC platforms

!

R

R

w



WHY SHAREPOINT FOR GRC?

7

OFF-THE-

SHELF

(COTS)

SHARE-

POINT BLENDED

COTS Data Model

COTS Reporting

Breadth of GRC Functionality

Breadth of Enterprise Functionality (collaboration,

documentation, records management, etc.)

Customized to Your Methodology

Intuitive User Interface

Embedded GRC Processes

Annual Fees Toward Broad Roadmap

Targeted Ongoing Investment in Specific Capabilities

Leverages Existing IT Infrastructure

The choice is

not mutually

exclusive. Custom

SharePoint

solutions can be

developed for

specific work

streams while

integrating with

GRC platforms.

!



Proven value-added solutions Deep competency in the following industries

PROTIVITI’S SOLUTION & INDUSTRIES

8

GOVERNMENT SERVICES

ENERGY AND UTILITIES

CONSUMER PRODUCTS

AND SERVICES

FINANCIAL SERVICES

INDUSTRIAL PRODUCTS

TECHNOLOGY, MEDIA AND COMMUNICATIONS

HEALTHCARE AND LIFE SCIENCESDATA MANAGEMENT AND ADVANCED ANALYTICS

TRANSACTION SERVICES

INTERNAL AUDIT AND

FINANCIAL ADVISORY

INFORMATION

TECHNOLOGY CONSULTING

BUSINESS PERFORMANCE

IMPROVEMENT

RESTRUCTURING AND LITIGATION SERVICES

RISK AND COMPLIANCE

Accelerator Solutions



SOLUTION ACCELERATORS

Purpose built SharePoint apps

Bridging the gap between business requirements and IT knowledge to create useful

applications can be difficult for organizations.

Our SP Solution Accelerators

Leading Technology

TechnicalPlaybook

Industry & Solution

SME

9

Protiviti methodology and business

experience



INTERNAL AUDIT FRAMEWORK

10

Risks

1

2

3

Risk 1

Name

Desc.

…

Controls

1

2

3

Controls

1

2

3Control 2

Name

Desc.

…

Risks

1

Tests

1

Audit Subsite - Page

Fieldwork >

Controls

1

2

3

Tests

1

2

3

Test 1

Name

Desc.

…

Controls

2

Exceptions

1

Reporting >< Planning

Exceptions

1

2

3

Observations

A

B

Observation A

Name

Desc.

…

Exceptions

1

Actions

B

Actions

A

B

Exception 1

Name

Desc.

…

Test

1

Observations

A

Info. Requests

Audit Name – Planning Phase Audit Name – Fieldwork Phase

Audit Name – Reporting Phase

< Fieldwork

many : many

many : 1

1: many

Action B

Name

Desc.

…

Observations

A

Test 1

page



many : many

Audit Collection

Audit Sub-Site


CONFIDENTIAL: An Equal Opportunity Employer M/F/D/V. This document is for your company's internal use only and may not be copied nor distributed to another third party. 11

SAMPLE SHAREPOINT EXPERIENCES

Our Client approached Protiviti in review of GRC solutions for Internal Audit. While exploring the Protiviti Governance Portal and

other off-the-shelf solutions, it was determined that SharePoint provided a better fit to the client’s requirements and interest to

leverage its existing technology footprint. The client’s IT group already had implemented a GRC solution through IT which could

have been leveraged. However, client concerns that the off-the-shelf GRC tool did not address IA requirements adequately

demanded an alternative. SharePoint allowed the client increased capability in building an audit platform that supported its specific

methodology. After an initial implementation for IA, client has expanded scope to now include Enterprise Risk with an integrated

dashboard covering both functional areas.

Internal Audit & Risk Management (Example 1)

Our Client approached Protiviti with fatigue from off-the-shelf solutions. They were very positive about using SharePoint considering

the increased flexibility. Although, the company did not have a strong footprint or access to IT for the implementation. By introducing

Office 365, our client was able to subscribe on-line to a limited user-base for the IT team alone. Increased value points included the

ability to respond to workflow and engage end-users all directly through email, allowing audit approvals and issue management to

update within the application without requiring a user to login. Our client is now planning to expand its implementation to include

Vendor Risk, IT Risk, and Enterprise Risk solutions within the environment considering the positive experience held by Internal

Audit.

Internal Audit (Example 2)

Our Client approached Protiviti in interest to learn about multiple GRC solutions. The option to leverage client’s in-house

SharePoint platform was refreshing as compared to using an off-the-shelf solution that had been utilized previously with challenging

experiences. In establishing requirements, the client was very pleased that many of the challenges they had faced with its existing

IT solution were unfound with SharePoint. For example, the client required a specific relational model of risks and controls that

included observations, issues, and actions. While off-the-shelf tools offer flexibility to configure fields, true data mapping changes

were not supported. The client had an opportunity to support its requirements natively with SharePoint.

Internal Audit (Example 3)

protiviti 30 on thursday · 2016. 7. 29. · protiviti governance portal • cost-effective grc...

Documents