Strong internal controls are essential given the sensitive regulatory environment and high cost of fraud. Compliance managers and risk officers are turning to technology to streamline and automate their internal controls for long-term, sustainable compliance as paper based manual process, electronic document management and generic desktop tools have proved to be inadequate.

MetricStream solutions for Governance, Risk and Compliance (GRC) support Automated Testing for Internal Controls and provide dependable automation and protection from a regulatory standpoint. Automated testing of internal controls ensures effective compliance, creates opportunities for cost savings, increases profitability, improves fraud detection and operational efficiencies and above all, gives the true status of a company’s compliance health through a transparent view of its internal controls.

Internal Audit Management Software

Steps in Automated Testing of Internal Controls

Identifies controls which need automatic testing

Sends alerts for controls which need manual testing

Automates testing with push of button

Assimilates results of manual and automatic tests and sends reports

Sends report of records
failed so that such controls can be reviewed by internal auditors

Creates repository of tests and results for future reference

Challenges Posed by Prevalent Systems
A strong internal control system has become a prerequisite as organizations strive to become fraud free and compliant with regulations such as Sarbanes-Oxley (SOx). However, applying proper internal controls is an ongoing and complex process. Controls have both implicit and explicit rules. Tracking and applying these rules requires a rigorous approach to ensure full compliance. Also, evaluations and tests need to be conducted at frequent intervals for every control making the process highly resource intensive. 

Major Bottlenecks

  • Resource Intensive: Manual processes consume significant resources including manpower and time, thereby decreasing the overall productivity and affecting the bottom-line
  • Unreliable: Based completely on human expertise, manual testing can be unreliable
  • Expensive: Huge costs incurred to recruit people for testing controls and the time and resources spent on the process
  • Risk Prone: Manual interference and negligence pose risk of discrepancies, undetected fraud and noncompliance
  • Non-repeatable: Owing to lengthy and complex procedure, the repeated verification of tests at standard intervals becomes difficult



Consider a control that ensures that the orders should only be processed within a customer’s credit limit. This control is typically implemented within an organization’s ERP system, but can be overridden for exceptions with proper authorization. In general, most companies would print a report that lists out all orders that were processed within the last quarter, their credit limit at that time and if the override was applied, who applied the override and their role/title at the time the override was applied. To evaluate this entire data is not just difficult but demands flawless accuracy-a feat difficult to achieve manually.

Once, this record has been assimilated the internal audit team would have to manually review each and every entry in the report and ensure that the control worked for every situation to score the control test as ‘passed’ or ‘failed’. The team would have to manually record every instance where the test failed, so that proper disclosures and remediation processes could be triggered. Being lengthy, cumbersome and unreliable the benefit of such a system is generally questionable.


Benefits of MetricStream Solution

40%-60% Reduction in initial test run

70%-90% Reduction on subsequent test runs

Increased test runs with higher confidence and larger sampling

Automated Testing of Internal Controls

From unreliable to optimized 
MetricStream enables automated testing of internal controls significantly lowering costs and improving the effectiveness of internal controls. Tests related to completeness, accuracy, validity, authorization, and segregation of duties can be configured and scheduled with the ability to define process-level manual and application controls within a single test. This configuration is wizard driven and does not need custom coding.

By integrating the management of IT application controls, IT general controls, and manual controls, the solution eliminates the key challenges of existing paper and spreadsheet based systems.

Automated Testing of Internal Controls


  • Areas under Inventory where Testing is Automated
    • Access Control
    • Inventory Approval / Processing
    • Costing Approval / Processing
    • Authorization / GL Recording
    • Backorder / Overexposure
    • Perpetual Records
    • Waste / Returns / Reserves
    • AR Adjustments
    • Standards Testing
    • Variance Analysis
    • Cost Rollups, Carry Forward
    • Variance Absorption / COGS
    Automatic: Automates testing of application controls by reading the relevant data within ERP system and applying the testing logic
  • Reliable: Captures detailed scoring of each test, generates automatic reports and integrates data to give comprehensive, accurate results
  • Cost Effective: Saves key resources like manpower and time by enhancing productivity
  • Alleviates Risk: Reduces risks through automated tests that are conducted on basis of previously created checklists, leaving no scope for fraud thus ensuring regulatory compliance
  • Sustains Compliance: Significant portions of the testing process can be completed seamlessly without manual intervention
  • Optimizes Operations: Strong internal controls help streamline operations by allocating responsibility and verification of the same at regular intervals
  • Exhaustive: Built-in library of over 1500+ tests for automating the testing of key financial controls
  • Real Time Monitoring: Reports can be assessed in real time while simultaneously a repository of previous results is maintained, giving the auditors a complete track of events, at click of a button
Testing of Internal Controls

Key Features of SOX Solution

Environment & Process Design

Assessing Internal Controls


Monitoring Compliance

Document Management

Training and Audits

Solution Highlights
  • Quick Implementation
  • Seamless Integration
  • User-friendly
  • Built-in Reporting
  • Robust Security

Architecture of Automated Testing of Internal Controls
The solution provides an out-of-the-box library containing hundreds of tests for automating the testing of controls within general ledger, procure-to-pay, order-to-cash, inventory, cost accounting, asset management and payroll processes within the popular ERP systems such as SAP, Oracle and PeopleSoft.

Architecture of Automated Testing of Internal Controls



Ready to get started?

Speak to our experts Let’s talk