The Client: Fortune 500 Semiconductor Manufacturer
Manual audit management tools such as spreadsheets and emails were time-consuming and resource-intensive. They also limited visibility into audit activities across global operations. By implementing MetricStream Audit Management Solution, the client was able to streamline and automate global audits for optimal resource-efficiency, while also integrating all audit activities and data in a common framework for complete visibility.
The client was keen to implement a new audit management system, and had considered multiple technology vendors. Eventually, MetricStream was chosen because they offered the most comprehensive, advanced, and flexible audit management solution. Built on a scalable GRC platform, the solution extends across the client’s global organization, providing a single system of record to manage and track each audit from start to finish.
The solution provides capabilities to efficiently plan, schedule, and conduct audits. It also allows audit findings to be reviewed and analyzed, enables initiation of follow-up activities when needed, and provides the ability to monitor the entire audit process. The solution maintains and maps together all global audit data (including auditable entities, processes, risks, controls, and auditor details) in a centralized repository. These data elements are common across business units, functions, processes, and risks thereby helping ensure audit data consistency.
Risk-based Audit Planning: The solution helps plan and prioritize audits based on the risk score of the processes. Configurable risk methodologies and algorithms in the solution help assess, rate, and score the risks in each business process. Those processes with a high risk score are selected for an audit in that particular quarter. This way, the audit team can plan its audit cycles in a targeted, risk-based manner. Alongside, a resource management capability helps the central audit team determine how audit resources and budgets should be distributed across various audit projects and locations.
Audit Fieldwork: The solution streamlines audit process workflows. Once a risk assessment is completed, audit managers create audit plans in the solution, and route them to the central audit team for review and approval. Thereafter, the audit manager and lead auditors in each business unit develop audit tasks for assessing or testing controls as per the audit plan, and assign these tasks to the team. Automatic notifications are sent to the auditor as well as the entity to be audited. The assigned auditors then perform the required tasks, record their findings and observations in the form of work-papers, and send them for review and approval.
During audit execution, the time-sheet management capability captures the time spent by each auditor on a task. It supports recording of audit hours on a daily or weekly basis. This helps ensure timely audit task completion. A unique feature of the solution is the Audit Briefcase which can be used to conduct audits even in remote locations where there is no access to the corporate network. Once auditors download the audit forms onto their systems, they can go out into the field, and enter their findings as usual without Internet connectivity. This data can later be synchronized with the audit database once the auditors are connected to the corporate network.
Audit Issue Management: The solution supports recording and tracking of all audit issues in real time as they move through various stages of investigation and remediation, right up to closure. It also archives all audit issues, including legacy issues. The issues remains open till the actions plan are carried out, and the results are verified for effectiveness.
Audit Reporting: The solution provides the ability to generate draft and final audit reports with review and approval workflows at appropriate stages of the audit cycle. The platform’s embedded reporting engine provides complete visibility into the audit process with comprehensive aggregate reporting as well as individual status tracking in real-time. Graphical dashboards with drill-down capabilities provide a variety of statistics based on risk category, entity, assessment results, issues triggered, and other key metrics.
Being a global organization, the client’s operations and business units are spread across multiple countries. That creates a lot of complexities for the company’s internal audit team who have to manage, coordinate, and track multiple audits across various locations at different times of the year in a manner that is as efficient and cost-effective as possible.
Initially, most audit plans, data, and reports were managed on spreadsheets and slide presentations which were manually prepared and formatted. That took a lot of time and effort, and diverted audit resources away from core activities. Locating data was also a challenge, as it was scattered across multiple spreadsheets and slides. Users had to manually sift through these documents to find the data they needed.
Given these limitations, the company needed a more comprehensive system to manage end-to-end internal audit activities, ensure audit data consistency, and provide more visibility into audit plans and processes. This would enable them to efficiently allocate audit resources, and make informed decisions.
MetricStream Audit Management Solution has strengthened internal audit programs at many of the largest and most well-known organizations in the world
The solution provides the flexibility to be configured to a company’s specific business needs
It can be used to manage all global audit activities from a single point of reference, and can be easily scaled up or down, as required
The underlying GRC platform can be extended to add on other MetricStream GRC solutions - the client has already implemented MetricStream Policy Management Solution on the same platform