Internal Audit Solution for a Global Bank

Solution

The MetricStream solution will enhance the internal audit team’s productivity by enabling it to unify and analyze cross-departmental audit data, quickly and efficiently. The team will now be able to access the data directly from a centralized data repository with multiple auditors working simultaneously across the globe

The solution will also enable the auditors to record, track, and monitor qualitative or quantitative audit findings across different business groups and across different geographies. The findings will be retained along with all the detailed observations and recommendations in predefined formats. A unique offline capability that allows auditors to enter audit findings in notebook, computers, or handheld devices at remote field sites will be provided. Further, the solution will include time-tracking capability to capture the time spent in auditing for optimal resource utilization.

The MetricStream platform includes built-in workflows for reviewing responses for approval or rejection with options to initiate remedial actions for undesirable variations and trends, and to schedule follow-up audits. This will enable the system to automatically route audit findings, observation reports, and auditors’ recommendations for review and subsequent actions to the audited entity.

The MetricStream platform’s built-in reporting engine will provide comprehensive capabilities to the bank for compiling audit reports and work-papers. It will allow access to the bank’s data and history, and performance analysis of the auditors. Graphical executive dashboards and flexible reports with drill-down capability will provide statistics on a variety of parameters including audited entities, audit schedule and calendar, filed reports, and corrective and remediation actions triggered.

The solution will also support the handling of highly sensitive data (e.g. Client Identifying Data, personal information) globally, i.e. no cross border access of certain data types is possible. A flagging mechanism identifies a certain information or record as sensitive and the store of that information is handled in a specialized manner such as storing in a specific instance of a database or encryption of the data stored.

Challenges

Currently, the Internal Audit Group supports the bank's internal audit processes, from risk assessment to issue tracking, with multiple point solutions and software applications which includes in-house developed applications, legacy applications as well as vendor solutions. The bank's plan is to replace the existing silos of disintegrated internal audit systems with a new, fully integrated and state-of-theart solution that would foster oversight and transparency and ensure compliance with the banks standards. The implementation of the new solution should also result in significant efficiency gains through improved user support, in particular the elimination of duplicity and ease of use. The solution should be able to eliminate errors and inconsistencies through standardized data collection and analyze process across the enterprise.

The solution should also enable the bank to comply with a vast number of national and international regulations across its vast global operation such as compliance with Client Identifying Data (CID), Bank secrecy act, etc. Further, the system should interface and integrate with a number of external systems that are a part of the existing IT infrastructure at bank. While the bank intends to implement a new Internal Audit System, it has established audit management processes that are based on the best practices in the industry and the solution has to be flexible and adaptable to enable the bank to preserve these processes while ensuring smooth adoption and implementation of these established processes across its operations consistently and efficiently. Moreover, the system should be highly flexible for it to easily support the future business needs as well as the evolving business processes.

In addition to the functional requirements, the evaluation process involved performing severe security tests, load and stress tests, integration tests, architecture compatibility tests, etc on the pilot deployed in multiple locations.

After an extensive evaluation over a period of six months, MetricStream emerged as their preferred choice. The MetricStream's Internal Audit solution was proven to scale globally and the platform approach provided an edge for its ability to provide an integrated GRC solution, which not only includes Internal Audit and Risk management but also Compliance and Document management.

Why MetricStream Scalability

The MetricStream solution proved its mettle through pilot rollout across multiple locations for its ability to provide a highly flexible solution that can adopt new complex business process, scale-up globally without sacrificing performance, integrate with multiple bank systems for exchange of data, etc. MetricStream Enterprise Compliance Platform architecture emerged as highly scalable with the ability to support increasing number of transactions, users, and data volume. Over 10,000 users access the system and scalability was a key driver for MetricStream's selection. Comprehensive Functionality: The solution was examined for integrated end-to-end internal audit functionality for managing the complete audit lifecycle. MetricStream’s broad suite of web-based solutions that are designed to enable banks to manage risk and compliance management processes and activities across a wide range of disciplines, including auditing, regulatory compliance, risk management, industry standards, quality programs and other corporate governance initiatives. Technology Platform: MetricStream Enterprise Compliance Platform technology architecture provided unmatched configurability and integration capability - elements that were imperative for success of the project. The platform is designed to serve as the nucleus of an organizations’ corporate governance ecosystem, coordinating all GRC management activities throughout the enterprise via a single management system.

Benefits

• Provides a systematic and consistent riskbased internal audit process across business units, divisions, global locations and sites
• Increases the efficiency of the audit process and shorten cycle times as tasks are automatically assigned and tracked from one stage to the next
• Improves communication and teamwork on complex audit processes across departments and functional areas
• Eliminates audit errors and inconsistencies with a standardized data collection and analysis process across the enterprise
• Accelerates and streamline the internal audit cycle, including development of findings, recommendations, action plans and closure cycles by implementing a closed-loop process for internal audit management
• Provides enterprise-wide visibility into the audit process and metrics for better risk management and assured compliance
• Improves the efficiency of the audit staff enabling them to be focused on more value oriented functions such as analyzing and recognizing trends in the audit data