Leveraging technology for long-term, sustainable compliance
Strong internal controls are essential given the sensitive regulatory environment and high cost of fraud. Compliance managers and risk officers are turning to technology to streamline and automate their internal controls for long-term, sustainable compliance as paper based manual process, electronic document management and generic desktop tools have proved to be inadequate.
MetricStream solutions for Governance, Risk and Compliance (GRC) support Automated Testing for Internal Controls and provide dependable automation and protection from a regulatory standpoint. Automated testing of internal controls ensures effective compliance, creates opportunities for cost savings, increases profitability, improves fraud detection and operational efficiencies and above all, gives the true status of a company’s compliance health through a transparent view of its internal controls.
Steps in Automated Testing of Internal Controls
Identifies controls which need automatic testing
Sends alerts for controls which need manual testing
Automates testing with push of button
Assimilates results of manual and automatic tests and sends reports
Sends report of records
Creates repository of tests and results for future reference
Challenges Posed by Prevalent Systems
A strong internal control system has become a prerequisite as organizations strive to become fraud free and compliant with regulations such as Sarbanes-Oxley (SOx). However, applying proper internal controls is an ongoing and complex process. Controls have both implicit and explicit rules. Tracking and applying these rules requires a rigorous approach to ensure full compliance. Also, evaluations and tests need to be conducted at frequent intervals for every control making the process highly resource intensive.
Consider a control that ensures that the orders should only be processed within a customer’s credit limit. This control is typically implemented within an organization’s ERP system, but can be overridden for exceptions with proper authorization. In general, most companies would print a report that lists out all orders that were processed within the last quarter, their credit limit at that time and if the override was applied, who applied the override and their role/title at the time the override was applied. To evaluate this entire data is not just difficult but demands flawless accuracy-a feat difficult to achieve manually.
Once, this record has been assimilated the internal audit team would have to manually review each and every entry in the report and ensure that the control worked for every situation to score the control test as ‘passed’ or ‘failed’. The team would have to manually record every instance where the test failed, so that proper disclosures and remediation processes could be triggered. Being lengthy, cumbersome and unreliable the benefit of such a system is generally questionable.
Benefits of MetricStream Solution
40%-60% Reduction in initial test run
70%-90% Reduction on subsequent test runs
Increased test runs with higher confidence and larger sampling
Automated Testing of Internal Controls
From unreliable to optimized
MetricStream enables automated testing of internal controls significantly lowering costs and improving the effectiveness of internal controls. Tests related to completeness, accuracy, validity, authorization, and segregation of duties can be configured and scheduled with the ability to define process-level manual and application controls within a single test. This configuration is wizard driven and does not need custom coding.
By integrating the management of IT application controls, IT general controls, and manual controls, the solution eliminates the key challenges of existing paper and spreadsheet based systems.
|Areas under Inventory where Testing is Automated
Key Features of SOX Solution
Environment & Process Design
Assessing Internal Controls
Training and Audits
Architecture of Automated Testing of Internal Controls
The solution provides an out-of-the-box library containing hundreds of tests for automating the testing of controls within general ledger, procure-to-pay, order-to-cash, inventory, cost accounting, asset management and payroll processes within the popular ERP systems such as SAP, Oracle and PeopleSoft.