ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Explore the right questions to ask before buying a Cyber Governance, Risk & Compliance solution.

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Case Study

Fortune 500 Semiconductor Manufacturer Centralizes Audit Management, Strengthens Visibility into Audit Activities and Data across Multiple Countries

READ MORE

The Client: Fortune 500 Semiconductor Manufacturer

 

Overview

Manual audit management tools such as spreadsheets and emails were time-consuming and resource-intensive. They also limited visibility into audit activities across global operations. By implementing MetricStream Audit Management Solution, the client was able to streamline and automate global audits for optimal resource-efficiency, while also integrating all audit activities and data in a common framework for complete visibility.

Solution

The client was keen to implement a new audit management system, and had considered multiple technology vendors. Eventually, MetricStream was chosen because they offered the most comprehensive, advanced, and flexible audit management solution. Built on a scalable GRC platform, the solution extends across the client’s global organization, providing a single system of record to manage and track each audit from start to finish.

The solution provides capabilities to efficiently plan, schedule, and conduct audits. It also allows audit findings to be reviewed and analyzed, enables initiation of follow-up activities when needed, and provides the ability to monitor the entire audit process. The solution maintains and maps together all global audit data (including auditable entities, processes, risks, controls, and auditor details) in a centralized repository. These data elements are common across business units, functions, processes, and risks thereby helping ensure audit data consistency.

 

Below are the capabilities of the solution:

Risk-based Audit Planning: The solution helps plan and prioritize audits based on the risk score of the processes. Configurable risk methodologies and algorithms in the solution help assess, rate, and score the risks in each business process. Those processes with a high risk score are selected for an audit in that particular quarter. This way, the audit team can plan its audit cycles in a targeted, risk-based manner. Alongside, a resource management capability helps the central audit team determine how audit resources and budgets should be distributed across various audit projects and locations.

Audit Fieldwork: The solution streamlines audit process workflows. Once a risk assessment is completed, audit managers create audit plans in the solution, and route them to the central audit team for review and approval. Thereafter, the audit manager and lead auditors in each business unit develop audit tasks for assessing or testing controls as per the audit plan, and assign these tasks to the team. Automatic notifications are sent to the auditor as well as the entity to be audited. The assigned auditors then perform the required tasks, record their findings and observations in the form of work-papers, and send them for review and approval.

During audit execution, the time-sheet management capability captures the time spent by each auditor on a task. It supports recording of audit hours on a daily or weekly basis. This helps ensure timely audit task completion. A unique feature of the solution is the Audit Briefcase which can be used to conduct audits even in remote locations where there is no access to the corporate network. Once auditors download the audit forms onto their systems, they can go out into the field, and enter their findings as usual without Internet connectivity. This data can later be synchronized with the audit database once the auditors are connected to the corporate network.

Audit Issue Management: The solution supports recording and tracking of all audit issues in real time as they move through various stages of investigation and remediation, right up to closure. It also archives all audit issues, including legacy issues. The issues remains open till the actions plan are carried out, and the results are verified for effectiveness.

Audit Reporting: The solution provides the ability to generate draft and final audit reports with review and approval workflows at appropriate stages of the audit cycle. The platform’s embedded reporting engine provides complete visibility into the audit process with comprehensive aggregate reporting as well as individual status tracking in real-time. Graphical dashboards with drill-down capabilities provide a variety of statistics based on risk category, entity, assessment results, issues triggered, and other key metrics.

 
 
 
 

Challenges

Being a global organization, the client’s operations and business units are spread across multiple countries. That creates a lot of complexities for the company’s internal audit team who have to manage, coordinate, and track multiple audits across various locations at different times of the year in a manner that is as efficient and cost-effective as possible.

Initially, most audit plans, data, and reports were managed on spreadsheets and slide presentations which were manually prepared and formatted. That took a lot of time and effort, and diverted audit resources away from core activities. Locating data was also a challenge, as it was scattered across multiple spreadsheets and slides. Users had to manually sift through these documents to find the data they needed.

Given these limitations, the company needed a more comprehensive system to manage end-to-end internal audit activities, ensure audit data consistency, and provide more visibility into audit plans and processes. This would enable them to efficiently allocate audit resources, and make informed decisions.

Why MetricStream?

MetricStream Audit Management Solution has strengthened internal audit programs at many of the largest and most well-known organizations in the world

The solution provides the flexibility to be configured to a company’s specific business needs

It can be used to manage all global audit activities from a single point of reference, and can be easily scaled up or down, as required

The underlying GRC platform can be extended to add on other MetricStream GRC solutions - the client has already implemented MetricStream Policy Management Solution on the same platform

Benefits

  • Centralized system for global audit management:
    The solution provides a common framework for over 80 auditors across the world to plan and perform their audits, record audit findings, conduct reviews and approvals, prepare reports, and manage issues.
  • Greater audit visibility:
    Audit data from across the enterprise is rolled up to the central audit team, and displayed in graphical dashboards which provide a complete view of the status and progress of audit plans and processes.
  • Improved decision-making:
    The solution allows users to identify (by views and reports) all the risks that have been associated with an auditable entity, enabling informed and quick decision-making.
  • Efficient audits:
    All audit workflows are automated and streamlined to help ensure that nothing slips through the cracks. This saves time and effort, and minimizes data errors.
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk