Managing an internal audit (IA) function in a highly regulated sector such as banking and financial services can be daunting. Not only do IA teams have to keep up with changing business scenarios and related controls, but they also need to help decision-makers drive performance and growth by delivering timely insights on emerging risks and opportunities.
Stakeholders expect internal auditors to know everything about the organization and to be aware of all types of risks and issues. Multiple risk factors need to be addressed in the audit plan - be it technological disruptions, political and economic distress, impending regulatory effects, increasing compliance burdens, or rapidly changing customer expectations and behaviors.
For years, the bank’s IA function tried to meet these demands using traditional audit tools and methods. But as they strove to anticipate future audit requirements, as well as the risks of a growing business, these tools came up short. That’s when the bank started looking for a more integrated and scalable audit solution that would help them achieve greater efficiency and effectiveness.
Out with the Old : Earlier, the bank had developed multiple in-house systems to manage the requirements of a large and complex audit program spanning the globe. Each region had its own, siloed audit systems that weren’t built to support collaboration on audit processes such as fieldwork, reporting, and follow-ups. Consequently, these processes became increasingly tedious, especially data aggregation and reporting.
What’s more, the audit systems were designed solely for IA requirements i.e. they couldn’t be used by other lines of defense. This inflexibility hindered the IA function’s ability to communicate and exchange key risk information with other assurance functions. Audit teams often ended up performing their own risk assessments instead of reusing existing risk data.
There were other limitations too. The audit systems were merely databases without defined workflows. Most IA teams followed their own informal audit processes instead of a consistent audit approach or methodology. Therefore, the audit data that was generated often required additional quality checks.
All of these drawbacks resulted in inefficiencies which hampered IA’s ability to scale and meet the requirements of a growing business. In response, the teams decided to find a more integrated and automated audit system with the flexibility and extensibility to meet the bank’s future challenges and requirements. That system turned out to be the MetricStream internal Audit Management Solution.
Improved Collaboration through Audit Integration : The MetricStream solution has enabled the bank’s IA function to replace multiple, siloed audit applications with a single, unified audit system. The solution cuts across enterprise silos, allowing IA teams to effectively collaborate and share information with each other, as well as with other lines of defense.
The solution facilitates a structured and systematic approach to IA processes across the organization. With well-defined workflows, IA teams can now perform all audit related activities and tasks in an efficient, integrated manner – including audit planning, risk assessments, fieldwork, work paper management, and audit reporting, as well as recommendations management and follow-ups.
The bank chose MetricStream because they wanted a company that would be their partner on this long-term journey – enabling them to streamline their audit processes, close key gaps, and leverage the benefits of new digital tools.
Better Consistency through a Common Audit Universe : The solution has enabled IA teams across different locations to develop and use a common audit universe for risk assessments and audit planning. This centralized data model ensures that all teams are referring to the same set of risk and audit data, thereby enabling a consistent approach to auditing. Teams can easily identify key risk areas and plan their audits on a priority basis across the organization.
Effective Risk-based Audit Planning : With the solution’s risk assessment capability, IA teams have the flexibility to either identify and evaluate high risk areas for the audits themselves, or capture and refer to risk assessment data shared by other assurance groups.
The solution provides in-depth visibility into the risks associated with each auditable entity. Using this data, IA teams can develop effective audit strategies, and provide informed recommendations on how to best mitigate risk.
Optimal Audit Productivity : Earlier, the IA group found it difficult to manage more than 2,000 auditors across various regions. But using the solution, the group can now effectively distribute and track all these resources and team assignments, thereby improving overall productivity. Tasks can be allocated based on a clear view of each auditor’s skill sets and availability.
Improved Risk Visibility and Faster Reporting : Using the solution, the IA team can swiftly gather and analyze audit data. Audit reports are easily generated with visibility into issues and action data from various tasks and work papers. Users gain real-time visibility into audit processes and findings at multiple levels of the organization.
With the MetricStream solution, management has a comprehensive view of audit findings across geographies.