A Central Bank Deploys MetricStream's Internal Audit Solution
A Central Bank streamlines the complete audit lifecycle
The Client: A Central Bank
Federal (or Central) bank is primarily responsible for stabilizing the national currency. The bank implements the monetary policy, and maintains the financial stability of the nation.
In the charter, the bank’s senior management gives the internal audit department the right of authority and initiative, and empowers it to evaluate the bank’s financial statements, oversee its risk management system, reduce the gaps in risk controls, recommend norms and procedures for stronger internal controls and assist the senior management to identify, measure, mitigate, monitor, and communicate the bank’s key risk exposures.
The bank evaluated various audit and risk management solutions in the market; the benchmark being robustness of the solution, quality of the application, and a lower cost of ownership. After extensive evaluation, MetricStream risk and internal audit solution emerged as their preferred choice. Recalling the process of selection, the Chief Internal Auditor says, “We tested MetricStream, and found that it addressed all our needs, in terms of unifying the audit universe, improving the effectiveness of internal audit function, and streamlining the internal control and governance processes.”
The MetricStream’s Audit Planning solution enabled the bank to create a riskbased audit plan with a well-defined objective and scope; in tandem with quality, compliance and risk management processes. The solution organized audits in a logical structure, matching the audit steps from bank's Audit Procedure Manual. It also defined the evaluation and pass/fail criteria, checklists, and the tasks that needed to be performed for executing the audit. Audits could now be scheduled periodically, or triggered ad-hoc.
The MetricStream solution improved the audit team’s productivity by enabling it to unify and analyze cross-departmental audit data, quickly and efficiently. The team could now access data directly from a centralized data repository; have multiple auditors working simultaneously; and use automated audit tests.
The MetricStream solution enabled auditors to record, track, and monitor qualitative or quantitative audit findings across different business groups. The findings could be stored along with detailed observations and recommendations in predefined formats. A unique offline capability allowed auditors to enter audit findings in notebook, computers, or handheld devices at remote field sites. Further, the time-tracking capability captured the time spent in auditing for optimal resource utilization.
The MetricStream’s Audit Review solution routed audit findings, observation reports, and auditors’ recommendations for review and subsequent actions. The ACL analysis was automatically attached to the respective work paper record in an electronic format. Findings were sent to the audited entity to seek responses or issues observed. The application provided built-in workflows for reviewing responses for approval or rejection with options to initiate remedial actions for undesirable variations and trends, and to schedule follow-up audits.
The MetricStream Reporting solution provided comprehensive capabilities to the bank for compiling audit reports and work-papers. It allowed access to the bank’s data and history, and performance analysis of auditors. Graphical executive dashboards and flexible reports with drill-down capability provided statistics on a variety of parameters including audited entities, audit schedule and calendar, filed reports, and corrective and remediation actions triggered.
Why MetricStream was Selected
Centralized Audit Management Platform to automate and integrate the audit process
Powerful reporting for audit data analysis as well as risk reporting
On-line and offline access to "work-inprogress
Complete integration of the Audit department with financial controls management, IT risks and compliance management
The audit department followed manual audit processes, spending countless hours preparing work papers and audit reports along with associated documentation. With increased workload, the bank identified significant challenges such as audit inefficiencies, errors, unreliable reporting, redundant efforts, inflated costs, and data inaccuracies. Disintegrated audit processes, lack of collaboration between the departments, manual and inefficient follow-up on action items, and timeconsuming data gathering process - all translated into limited reporting and data
analysis. Increased regulatory, legal, and risk management obligations further underscored the need for an integrated Audit Management Solution.
The bank’s Chief Internal Auditor explains, “With 90+ cross-organizational processes, collaboration consistently became a challenge for us. Our auditors frequently complained about spending too much time performing administrative work, such as scheduling audit programs, collating audit findings, collecting audit completion reports, and preparing the risk analysis. In addition, each of our departments had its own processes for conducting and issuing audits. We wanted a standardized, company-wide audit approach that could unify all the audit efforts
across the bank.”
The need of the hour was a centralized audit management framework that could automate and manage entire audit life cycle - from planning and scheduling audits to developing standard audit plans, collecting field data, developing and reviewing audit reports and recommendations, and implementing audit recommendations and remediation. Going forward, the senior management looked to leverage the solution to identify gaps or inefficiencies in the bank’s risk coverage; resolve compliance issues; enable fraud risk assessments; build continuous audit capability; influence continuous monitoring techniques; improve risk management and processes; and reduce audit complexity and costs.
Improved Audit Efficiency:
The average audit time has gone down substantially. The automated workflows help the bank to unify all the audit-related activities, data and processes. Systematic and paperless audit process across the enterprise with standardized data collection has further eliminated audit errors and inconsistencies. Efficient time tracking, email based notifications and alerts, and risk assessment methodologies allow the bank to implement the industry-best practices for efficient audit execution.
The bank has complete visibility into the audit process and metrics. This leads to better risk management and assured compliance. The transparency has made audit management a predictable process, while improving audit findings and lowering risk probability.
Integrated Audit and Risk Management:
The solution supports comprehensive risk assessment, based on parameters such as severity and likelihood of occurrence. With computations based on configurable methodologies and algorithms, auditors get a clear view into bank’s risk profile.
Clarified Personal Accountabilities, Roles & Responsibilities:
The MetricStream solution not only streamlines the bank’s audit processes, but also allows auditors to better incorporate accountability into the work culture of the department.
Ensured Continuous Risk Management Learning:
With the MetricStream solution, the bank’s business units can share their experience and best practices - internally and externally. Thus ensuring, continuous risk management learning. This supports innovation, capacity building and continuous improvement, and fosters an environment that motivates people to learn.