After evaluating multiple audit management solution providers, the client chose MetricStream. Their choice was largely determined by MetricStream’s proven track record and customer successes, as well as MetricStream’s automated, riskbased approach to audit management.
With the MetricStream Audit Management Solution, the client now has a single point of reference to manage the complete audit lifecycle – from risk assessments and audit planning, to audit resource management, audit execution, issue management, and reporting. The solution provides the flexibility to support various types of audits, including internal audits and regulatory audits. It also streamlines, standardizes, and automates audit management workflows, while strengthening cross-functional communication and reporting on audit activities.
The solution was deployed over the private MetricStream GRC Cloud, enabling the client to realize faster time-to-value, as well as increased agility and flexibility. Capabilities for role-based access and single-sign-on mechanisms supported the client’s information security requirements effectively.
Below are the key capabilities of the MetricStream Audit Management Solution that are used by the client:
Risk Identification and Assessment: The solution enables the client to identify and document multiple risks in a central risk library with details such as risk description, category, and owner. This data is mapped to the associated controls, processes, and business units for complete transparency and accountability. The solution also supports risk assessments with flexible risk scoring, rating, and ranking capabilities. The results are used by the client to efficiently plan and prioritize audit activities, focusing on high risk areas.
Audit Planning and Scheduling: Based on the results of the risk assessments, delivered through an audit advisor report, the MetricStream solution helps the client define an audit plan addressing key risks and issues. The solution also supports pre-audit surveys which enable auditors to gather data on processes, policies, and high risk areas, so that the audit can be planned effectively.
The client can use the solution to schedule audits periodically, or trigger them on an ad hoc basis for specific processes or business units. Auditors can be selected in the system, and assigned the audit responsibility with a due date. Alerts are then set to them, as well as to the entity that is to be audited.
Audit Resource Management: The MetricStream solution enables the client to effectively manage audit teams, and allocate audit tasks based on each auditor’s availability and skill setvs, as well as the effort required. Email notifications and reminders keep the process on track. The solution also prevents audit over-booking or conflicts.
Audit Execution and Review: Through the solution, the client can create different types of checklists to test controls, based on the organization’s risks, areas of compliance, regulations, and other data elements. Auditors can capture the test details on the workpapers in the solution, and attach supporting evidence. Once the audit findings have been recorded, the solution helps route them to the appropriate audit managers for review and subsequent action. Upon receiving the responses, the auditors can provide feedback, or propose an updated action plan through the solution.
Audit Issue Management: Any risk or control related issues that are identified during the client’s audit processes are routed by the MetricStream solution through a systematic process of investigation and remediation. The solution provides detailed information on the issue, and helps track it from one stage to the next. It also helps categorize the issue, and supports failure investigations to determine the root cause of the issue.
Audit Reporting: The MetricStream solution enables the client’s audit teams to efficiently generate both draft and final audit reports. These reports are easily populated with findings and actions from various tasks. The solution also provides in-depth visibility into the audit lifecycle with historical and real-time reports on audit data and results, as well as analyses of auditor performance. Graphical dashboards with drill-down capabilities deliver audit statistics by various parameters, enabling the client to identify risk and audit trends, as well as potential areas of concern. The solution also enables monitoring the performance of the auditors and the audit activities through post audit surveys and reports.