Understanding, experience and technology for success
Leveraging technology for long-term, sustainable compliance
Strong internal controls are essential given the sensitive regulatory environment and high cost of fraud. Compliance managers and risk officers are turning to technology to streamline and automate their internal controls for long-term, sustainable compliance as paper based manual process, electronic document management and generic desktop tools have proved to be inadequate.
MetricStream solutions for Governance, Risk and Compliance (GRC) support Automated Testing for Internal Controls and provide dependable automation and protection from a regulatory standpoint. Automated testing of internal controls ensures effective compliance, creates opportunities for cost savings, increases profitability, improves fraud detection and operational efficiencies and above all, gives the true status of a company’s compliance health through a transparent view of its internal controls.
Steps in Automated Testing of Internal Controls
Identifies controls which need automatic testing
Sends alerts for controls which need manual testing
Automates testing with push of button
Assimilates results of manual and automatic tests and sends reports
Sends report of records
Creates repository of tests and results for future reference
Consider a control that ensures that the orders should only be processed within a customer’s credit limit. This control is typically implemented within an organization’s ERP system, but can be overridden for exceptions with proper authorization. In general, most companies would print a report that lists out all orders that were processed within the last quarter, their credit limit at that time and if the override was applied, who applied the override and their role/title at the time the override was applied. To evaluate this entire data is not just difficult but demands flawless accuracy-a feat difficult to achieve manually.
Once, this record has been assimilated the internal audit team would have to manually review each and every entry in the report and ensure that the control worked for every situation to score the control test as ‘passed’ or ‘failed’. The team would have to manually record every instance where the test failed, so that proper disclosures and remediation processes could be triggered. Being lengthy, cumbersome and unreliable the benefit of such a system is generally questionable.
Benefits of MetricStream Solution
40%-60% Reduction in initial test run
70%-90% Reduction on subsequent test runs
Increased test runs with higher confidence and larger sampling
By integrating the management of IT application controls, IT general controls, and manual controls, the solution eliminates the key challenges of existing paper and spreadsheet based systems.
Areas under Inventory where Testing is Automated
Key Features of SOX Solution
Environment & Process Design
Assessing Internal Controls
Training and Audits