After evaluating several vendors, the client felt that MetricStream was the best fit for them not only because of MetricStream’s successful track record at leading financial services institutions, but also the scalability, flexibility, and integrated capabilities of MetricStream’s internal audit management solution.
Today, MetricStream Internal Audit Management Solution has streamlined and automated the internal audit lifecycle across the client’s global enterprise. The audit team now has the freedom to focus less on cumbersome data entry and reporting tasks, and more on critical audit analysis.
The solution facilitates performing risk assessment for each organizational branch, based on which the frequency of audits for that particular branch could be automatically calculated. This provides organizations with the flexibility to choose the right audit approach based on their risk assessment results.
The solution also offers them a centralized system to track the progress of audit activities and issue remediation processes at any point across the global enterprise.
Below, in greater detail, are the capabilities of the solution:
Through configurable risk algorithms, the solution automatically calculates the risk score of each branch entity based on various factors such as the impact of outstanding internal audit issues, impact of outstanding regulatory issues, and the management of operational losses. Using these risk scores, the solution helps define the audit frequency for that particular branch entity. For instance, if the entity’s risk score is low, an audit may only be required once in 2-3 years. This kind of assessment is conducted across all branch entities worldwide with MetricStream’s solution. This way, the audit team has been able to better prioritize global audit activities.
Audit Planning and Attestations
The solution enables audit planning and scheduling by grouping together branch entities that need to be audited along similar lines.
During this process, the solution generates an entity advisor report that provides a comprehensive profile of each auditable entity (including their risk assessment scores and business monitoring plan) which helps the internal audit team effectively plan / prioritize audits.
After an entity is selected for an audit, the solution routes this data for approvals and attestations. Automated alerts and notifications are sent out to the relevant authorities to ensure that this process is completed on time.
The team also has the flexibility to reschedule audits (deviate from the audit dates calculated during the risk assessment) - at a later or earlier date, or even cancel it.
The solution streamlines the creation and allocation of work-papers for various audit tasks. These work-papers are assigned to the relevant branch auditors along with due dates. Each work-paper related to a particular branch or country has a list of all associated controls. This way, auditors can easily determine which controls to test.
During the audit execution phase, the solution captures each auditor’s qualitative and quantitative findings along with detailed observations and recommendations. It also provides a unique offline audit briefcase capability to record data when there is no internet connectivity. Thus, auditors can enter their audit findings as usual on their systems, and later synchronize the data with the central audit database when the network can be accessed again.
Control Exceptions and Issue Management
The system provides comprehensive functionality for managing audit issues/ findings arising from the auditing processes. If auditors find that a control is inadequate or missing, they can log a control exception. Similar control exceptions are grouped into an issue. The solution routes these issue for approvals, investigations, and remediation. Users can create action plans to address and resolve each issue. They can also monitor the status of the issue as it moves from one stage to the next, and validate the effectiveness of the action plan. After the risk caused by the issue has been sufficiently mitigated, the issue is closed.
The solution automatically generates a range of audit reports that consolidate audit findings for easy & effective analysis. These reports come with drill-down capabilities that help in studying the audit findings from each branch at deeper level, and enable users to compare and contrast audit results by a variety of parameters.
The solution also provides complete, real-time visibility into the internal audit process across the global enterprise through powerful, graphical executive dashboards. Users can track the progress of each audit against pre-defined milestones to ensure timely execution.