Compliance Law 262/2005 (L262) Italy
(Law 262/2005 applies to all publicly listed companies in Italy, and concerns the disclosure of external financial information)
Most organizations have implemented paper and MS Excel-based processes to document and test internal controls over financial reporting in compliance with regulations such as Law 262. As a result, a large amount of time and effort is consumed in scheduling tests, manually testing internal controls, identifying and tracking remediation processes, compiling and cataloging evidence, implementing change controls, and managing the entire compliance process.
Many organizations also lack a systematic and comprehensive approach to assess the IT controls that impact financial transactions. Controls testing is often not integrated into the overall compliance program.
This kind of a fragmented and manual approach to compliance with L262 can be excessively resource intensive and costly. It also increases the risk of noncompliance for which penalties can be severe.Download Solution Brief
Compliance Law 262/2005 (L262) Italy
In order to sustain financial compliance at lower costs, many companies have tried using generic electronic document management systems and desktop tools. However such technologies lack the specialized capability needed to manage the compliance and controls process. On the other hand, the integration and automation of controls testing and management allows companies to lower their compliance costs, reduce their noncompliance risk and free up their personnel to focus on activities that deliver real benefits to the bottom line.
MetricStream enables companies to sustain compliance with Law 262 cost-effectively, and reduce the risk of noncompliance by:
- Seamlessly integrating the design and testing of internal controls over financial and IT processes
- Automating the testing of certain financial and IT controls
- Tracking and managing activities to correct deficiencies and weaknesses
- Streamlining change control to ensure that processes and their documentation always stay in sync
- Providing complete visibility into compliance process through dashboards
The MetricStream Compliance Management Solution helps in establishing a comprehensive internal controls system covering all the regulatory requirements of Law 262. The solution also enables adequate controls to be implemented to ensure the accuracy and timeliness of information used in financial statements and related activities.
With its unique library of over 1500 tests, the solution helps in automating the testing of application level controls within standard ERP systems in key financial processes. It also enables executives to gain real-time visibility into the organizational risk associated with financial and IT related controls.
Using the MetricStream solution, companies can define, design, assess and improve internal controls under the COSO framework. The solution helps in structuring a logical compliance and controls hierarchy, including processes, sub-processes, objectives, risks, controls and control activities. It also provides capabilities to capture all the processes, associated financial accounts and financial statement assertions for a business unit. Risks and controls are identified with appropriate linkages, while associated policies and procedure documents can be attached for reference.
Evaluations and tests to assess the design and operational effectiveness of the controls can be designed, assigned to employees based on roles and responsibilities, and scheduled based on controls and risk types. The evaluations and tests can also be shared across controls for higher efficiency.
Assessing Internal Controls
With the evaluation and test designs in place, process owners across the organization can use the MetricStream solution to assess the design and operational effectiveness of internal controls. The system supports assessments based on predefined checklists, and has a mechanism for scoring, tabulating and reporting results.
The data available in existing ERP and Business Intelligence functions and reports is automatically evaluated as per the defined schedule and sampling. The results for these tests can be consolidated with the assessment results of those controls that require a combination of automated and manual testing.
Remediation and Disclosures
After control deficiencies or issues are identified and documented, a systematic mechanism of remediation and disclosure is triggered by the underlying workflow and collaboration engine. Issues are marked for remediation and/or disclosure, and assigned to owners within the business unit.
After the remediation plan is created, the cases are sent to the reviewer for approval. They are then routed for implementation, with the loop closing back to the internal auditor to ensure that the internal controls issue has been effectively addressed.
Executive dashboards provide enterprise-wide visibility into the compliance process, and highlight issues that need to be addressed. The solution identifies controls as manual or automated, and has the ability to track the design status, process ownership, assessment plans and other factors on graphical charts. These charts can be accessed globally, and display real-time information. They also provide the ability to drill-down and access data at finer levels of detail. This allows companies to create a streamlined and transparent view of their business data, simplifying the processes of verification and control.
In addition to providing preconfigured standard control monitoring reports, the system enables stakeholders to configure ad-hoc or scheduled reports. These reports provide a consolidated view of metrics by a variety of parameters such as process, business units and status. They also provide quarterly and monthly trending analyses along with the ability to drill-down into each report and dashboard to see the underlying details. This enables compliance project teams to stay in constant touch with the ground reality and progress of compliance programs.
- Integrated Compliance Management: The MetricStream solution provides a single information model to integrate multiple initiatives and controls management processes for compliance with Law 262. It also facilitates seamless collaboration across departments,
- Improved Process Control: The MetricStream solution enables a consistent and sustainable financial controls management process across the enterprise, eliminating any deviations and errors, as well as redundant activities.
- Reduced Compliance Costs: The solution automates information flows, assessments, testing, and remediation assignments, dramatically reducing the overall costs of complying with Law 262.
- Better Resource Utilization: By streamlining and automating controls management, the solution allows many tasks to be moved down the responsibility chain. Process owners can take on the direct responsibility of managing internal controls, while auditors c
- Improved Transparency: Compliance dashboards and risk heat maps provide enterprise-wide visibility into the financial controls management and compliance process, and highlight issues that need to be addressed.
- Single, Easy-to-access Database: The MetricStream solution provides a centralized information repository with easy access to all relevant documentation for Law 262 compliance, including risks, controls, assessments, policies and procedures.
- Streamlined Change Control: The solution’s integrated document management repository with change control capabilities keeps documentation and processes in sync. This significantly reduces the amount of rework required on the documentation to ensure ongoin
- Heightened Data Security: The security and integrity of data is protected in the MetricStream solution through advanced capabilities for data encryption, role-authorization, multi-layered authentication and time-stamped audit trails.
- Highly Flexible Processes: The MetricStream solution provides a high degree of flexibility for designing compliance programs and processes according to specific needs, and easily adapting to changing regulatory requirements in Law 262.
- High Degree of Extendibility: The MetricStream solution can be extended to manage compliance activities beyond Law 262. The solution offers a configurable framework to document processes and controls for multiple areas of compliance, including cross-indus
We believe we are the first global bank to conceive and implement an enterprise-wide Compliance Risk Assessment and Management platform. MetricStream's proficiency in delivering a solution architected in line with our vision and expected benefits.