The Client: Industry-recognized provider of cloud-based Human Capital Management (HCM) solutions.

Overview

Manual tools, a lack of collaboration, and limited data visibility were hindering the client’s audit management processes. The MetricStream Audit Management Solution helped the client overcome these challenges by automating audit management workflows, providing a real-time view of risk and audit data, and breaking down the barriers to crossfunctional communication through a single, centralized audit management system.

Download a Case Study

The Solution

After evaluating multiple audit management solution providers, the client chose MetricStream. Their choice was largely determined by MetricStream’s proven track record and customer successes, as well as MetricStream’s automated, riskbased approach to audit management.

With the MetricStream Audit Management Solution, the client now has a single point of reference to manage the complete audit lifecycle – from risk assessments and audit planning, to audit resource management, audit execution, issue management, and reporting. The solution provides the flexibility to support various types of audits, including internal audits and regulatory audits. It also streamlines, standardizes, and automates audit management workflows, while strengthening cross-functional communication and reporting on audit activities.

The solution was deployed over the private MetricStream GRC Cloud, enabling the client to realize faster time-to-value, as well as increased agility and flexibility. Capabilities for role-based access and single-sign-on mechanisms supported the client’s information security requirements effectively.

Below are the key capabilities of the MetricStream Audit Management Solution that are used by the client:

Risk Identification and Assessment: The solution enables the client to identify and document multiple risks in a central risk library with details such as risk description, category, and owner. This data is mapped to the associated controls, processes, and business units for complete transparency and accountability. The solution also supports risk assessments with flexible risk scoring, rating, and ranking capabilities. The results are used by the client to efficiently plan and prioritize audit activities, focusing on high risk areas.

Audit Planning and Scheduling: Based on the results of the risk assessments, delivered through an audit advisor report, the MetricStream solution helps the client define an audit plan addressing key risks and issues. The solution also supports pre-audit surveys which enable auditors to gather data on processes, policies, and high risk areas, so that the audit can be planned effectively.

The client can use the solution to schedule audits periodically, or trigger them on an ad hoc basis for specific processes or business units. Auditors can be selected in the system, and assigned the audit responsibility with a due date. Alerts are then set to them, as well as to the entity that is to be audited.

Audit Resource Management: The MetricStream solution enables the client to effectively manage audit teams, and allocate audit tasks based on each auditor’s availability and skill setvs, as well as the effort required. Email notifications and reminders keep the process on track. The solution also prevents audit over-booking or conflicts.

Audit Execution and Review: Through the solution, the client can create different types of checklists to test controls, based on the organization’s risks, areas of compliance, regulations, and other data elements. Auditors can capture the test details on the workpapers in the solution, and attach supporting evidence. Once the audit findings have been recorded, the solution helps route them to the appropriate audit managers for review and subsequent action. Upon receiving the responses, the auditors can provide feedback, or propose an updated action plan through the solution.

Audit Issue Management: Any risk or control related issues that are identified during the client’s audit processes are routed by the MetricStream solution through a systematic process of investigation and remediation. The solution provides detailed information on the issue, and helps track it from one stage to the next. It also helps categorize the issue, and supports failure investigations to determine the root cause of the issue.

Audit Reporting: The MetricStream solution enables the client’s audit teams to efficiently generate both draft and final audit reports. These reports are easily populated with findings and actions from various tasks. The solution also provides in-depth visibility into the audit lifecycle with historical and real-time reports on audit data and results, as well as analyses of auditor performance. Graphical dashboards with drill-down capabilities deliver audit statistics by various parameters, enabling the client to identify risk and audit trends, as well as potential areas of concern. The solution also enables monitoring the performance of the auditors and the audit activities through post audit surveys and reports.

The Challenge

In compliance with various regulations and risk management objectives, the client conducted internal audits and regulatory audits at periodic intervals. However, most of the audit processes were rudimentary and not clearly defined. Moreover, the audit activities, including risk assessments, were planned, managed, and conducted manually. Not only was this approach tedious and time-consuming, but it also led to redundancies in audit effort and data.

Visibility into audits and risks was also limited, as the data was scattered across various documents and spreadsheets. This data had to be manually consolidated into audit reports to share with stakeholders.

Collaboration was another challenge. Since the company did not have a centralized audit management system, auditors often found it difficult to communicate and coordinate tasks across audit teams, risk teams, and other business functions.

As a result of these challenges, the client wanted to implement a new and robust audit management solution that would streamline and automate their audit management processes, strengthen collaboration, and provide better visibility into audit data. Since risk assessments were a critical part of the audits, the new system had to support risk evaluation and scoring, while also enabling the results of the risk assessments to be integrated into audit planning and execution.

Benefits

  • Greater Audit Efficiency and Time-Savings
    The solution has replaced the cumbersome, manual approach to audit management with a much more automated and efficient program, enabling the client to save time and effort, minimize errors, and improve audit productivity.
  • Streamlined and Well-Defined Audit Processes
    Through the solution, the client’s internal audit and regulatory audit processes have become more systematic, consistent, and clearly defined. The solution streamlines the end-to-end audit management lifecycle, minimizing duplication of effort and data.
  • Effective Risk-Based Audits
    The solution helps the client clearly identify and assess their risks, and integrate the results into the audit management process, so that audit tasks can be better planned and prioritized based on the areas of highest risk.
  • Enhanced Visibility into Audit Data
    Powerful reports and dashboards in the solution enable the client to roll up and drill down into audit and risk data at multiple levels across the enterprise. Users can also track audit processes, findings, and issues in real time.
  • Improved Collaboration
    Through a single, centralized system, the solution enables auditors and other teams to effectively collaborate, share data, and coordinate audit management activities.

Request a demo Download RFP Template Pricing Contact