The bank evaluated various audit and risk management solutions in the market; the benchmark being robustness of the solution, quality of the application, and a lower cost of ownership. After extensive evaluation, MetricStream risk and internal audit solution emerged as their preferred choice. Recalling the process of selection, the Chief Internal Auditor says, “We tested MetricStream, and found that it addressed all our needs, in terms of unifying the audit universe, improving the effectiveness of internal audit function, and streamlining the internal control and governance processes.”
The MetricStream’s Audit Planning solution enabled the bank to create a riskbased audit plan with a well-defined objective and scope; in tandem with quality, compliance and risk management processes. The solution organized audits in a logical structure, matching the audit steps from bank's Audit Procedure Manual. It also defined the evaluation and pass/fail criteria, checklists, and the tasks that needed to be performed for executing the audit. Audits could now be scheduled periodically, or triggered ad-hoc.
The MetricStream solution improved the audit team’s productivity by enabling it to unify and analyze cross-departmental audit data, quickly and efficiently. The team could now access data directly from a centralized data repository; have multiple auditors working simultaneously; and use automated audit tests.
The MetricStream solution enabled auditors to record, track, and monitor qualitative or quantitative audit findings across different business groups. The findings could be stored along with detailed observations and recommendations in predefined formats. A unique offline capability allowed auditors to enter audit findings in notebook, computers, or handheld devices at remote field sites. Further, the time-tracking capability captured the time spent in auditing for optimal resource utilization.
The MetricStream’s Audit Review solution routed audit findings, observation reports, and auditors’ recommendations for review and subsequent actions. The ACL analysis was automatically attached to the respective work paper record in an electronic format. Findings were sent to the audited entity to seek responses or issues observed. The application provided built-in workflows for reviewing responses for approval or rejection with options to initiate remedial actions for undesirable variations and trends, and to schedule follow-up audits.
The MetricStream Reporting solution provided comprehensive capabilities to the bank for compiling audit reports and work-papers. It allowed access to the bank’s data and history, and performance analysis of auditors. Graphical executive dashboards and flexible reports with drill-down capability provided statistics on a variety of parameters including audited entities, audit schedule and calendar, filed reports, and corrective and remediation actions triggered.
Why MetricStream was Selected?
Centralized Audit Management Platform to automate and integrate the audit process
Powerful reporting for audit data analysis as well as risk reporting
On-line and offline access to "work-inprogress
Complete integration of the Audit department with financial controls management, IT risks and compliance management
The audit department followed manual audit processes, spending countless hours preparing work papers and audit reports along with associated documentation. With increased workload, the bank identified significant challenges such as audit inefficiencies, errors, unreliable reporting, redundant efforts, inflated costs, and data inaccuracies. Disintegrated audit processes, lack of collaboration between the departments, manual and inefficient follow-up on action items, and timeconsuming data gathering process - all translated into limited reporting and data
analysis. Increased regulatory, legal, and risk management obligations further underscored the need for an integrated Audit Management Solution.
The bank’s Chief Internal Auditor explains, “With 90+ cross-organizational processes, collaboration consistently became a challenge for us. Our auditors frequently complained about spending too much time performing administrative work, such as scheduling audit programs, collating audit findings, collecting audit completion reports, and preparing the risk analysis. In addition, each of our departments had its own processes for conducting and issuing audits. We wanted a standardized, company-wide audit approach that could unify all the audit efforts
across the bank.”
The need of the hour was a centralized audit management framework that could automate and manage entire audit life cycle - from planning and scheduling audits to developing standard audit plans, collecting field data, developing and reviewing audit reports and recommendations, and implementing audit recommendations and remediation. Going forward, the senior management looked to leverage the solution to identify gaps or inefficiencies in the bank’s risk coverage; resolve compliance issues; enable fraud risk assessments; build continuous audit capability; influence continuous monitoring techniques; improve risk management and processes; and reduce audit complexity and costs.