SlideShare ist ein Scribd-Unternehmen logo

Protiviti-Governance-Portal-Client-Insights

Marco Villacorta Olano
Marco Villacorta Olano
1 von 16
Downloaden Sie, um offline zu lesen
IProtiviti’s Governance Portal – Client Insights Image to come Protiviti’s Governance Portal Client Insights on Gaining Value From GRC Technology
Protiviti’s Governance Portal – Client Insights i Table of Contents Introduction............................................................................................................................................................ii Insurer launches a combined assurance initiative with Protiviti’s Governance Portal .........................................1 Protiviti’s Governance Portal helps media giant consolidate risk and audit activities..........................................3 Protiviti Governance Portal forms the bedrock of Coal Services’ risk and internal audit framework ................5 JELD-WEN turns to Protiviti and Governance Portal for timely SOX compliance..........................................7 U.S. manufacturer streamlines field audit with Protiviti’s Governance Portal....................................................10
Protiviti’s Governance Portal – Client Insightsii Governance, risk and compliance (GRC) technology has the ability to enhance GRC programs by enabling processes, improving performance, reducing costs and driving efficiencies. However, selecting a single solution that works for everyone in the organization isn’t always easy. Obtaining consensus regarding methodology, approach and risk language among your various GRC groups and key stakeholders can be an involved and complicated process. Protiviti has worked successfully with hundreds of clients around the world to enhance their GRC programs through our Governance Portal. We have found that working with synergistic groups to leverage a common technology solution drives early value and long-term departmental efficiency. We think our clients tell the story best. We believe their stories reflect a pragmatic approach to utilizing technology to document multirelational risk and compliance information, facilitate enterprise collaboration and produce consolidated GRC reporting. We are pleased to share five client stories with you. Each story provides insight – from the client’s enterprisewide challenge to the way it adapted the capabilities of the Governance Portal to enhance the efficiency and effectiveness of its GRC initiatives. The stories highlight clients from a range of industries and a variety of GRC use cases. We hope you find these stories useful. If you would like to learn more about the Governance Portal or to set up a demonstration, please visit www.protiviti.com/grc-software. Acknowledgements We would like to thank our Protiviti Governance Portal clients for taking time to share their stories. Scott Wisniewski Protiviti Managing Director Risk Technologies Introduction
1Protiviti’s Governance Portal – Client Insights Insurer launches a combined assurance initiative with Protiviti’s Governance Portal Client Challenge A leading multinational insurance group headquartered in the UK and serving more than 17 million customers in nearly 140 countries faced a technology turning point in 2009. The governance, risk and compliance (GRC) systems used by the financial control group and the internal audit group were nearing end-of-life status, and the risk group, which had no GRC platform, needed to satisfy emerging requirements for individual capital assess- ment (ICA) and Solvency II. Rather than implementing three separate systems for each group, management decided to launch a combined assurance initiative designed to bring a single risk story back to its board of directors. After developing detailed criteria and thoroughly investigating several market-leading providers and platforms, the insurance company selected the Protiviti Governance Portal. Along with the Governance Portal’s broad fea- ture set and extensive configurability, four key factors contributed to this decision: • The Governance Portal’s single, integrated database supports combined assurance. If the risk group entered a risk control with an audit or financial control dimension, the audit and financial control groups would have direct visibility. Protiviti was the only vendor able to demonstrate this capability. • The Governance Portal’s key features were easy to see and demonstrate. Management could see all of the capabilities immediately, with no need for custom development. • Protiviti offered a flexible licensing model that allowed the company to easily scale and deploy the solution with its user base across 33 countries. • Most important, Protiviti understood the client’s needs and spoke the same language. The benefit of this connection became particularly clear during the configuration phase of the project, when Protiviti consultants played a vital role in helping the different client teams work toward a common taxonomy. Powerful Insights As part of the implementation, Protiviti performed an inventory of the requirements of seven project teams, developing a total of 40 specific functional areas (e.g., risk assessment, reporting, remediation, etc.) to be included in the implementation. During planning and diagnostic discussions, Protiviti helped management identify a series of common themes across the functional groups that would facilitate an integrated GRC approach while still supporting team-specific requirements. Throughout the configuration phase, Protiviti provided continuous feedback, direction and validation of the final design. The implementation was completed in 12 months.
2 Protiviti’s Governance Portal – Client Insights Proven Delivery Currently, the financial control group uses the Governance Portal to manage the financial reporting pro- cesses, including control models for remediation, testing and quality assurance. This group also uses the so- lution to manage the CFO accounting assertions. The risk group has incorporated compliance management, operational risk, information security, scenario assessments and the Solvency II Risk Register in the Governance Portal. In the audit group, internal auditors use the Protiviti Governance Portal to manage the audit process, including recording findings, assigning actions and creating management information reports. The auditors leverage the Portal’s offline functionality to perform work in the field while disconnected from the server. The process of deploying and refining the system’s capabilities is ongoing, but the Protiviti Governance Portal has already proven to be an excellent foundation for the company’s combined assurance initiative. For example, when the financial controls group and the audit group are engaged in similar activities, the Governance Portal flags those controls and identifies the two different opinions. This visibility allows exec- utive management to decide whether to eliminate the duplicate effort or maintain the two separate activities because there is value in the different opinions. Although the company did not adopt the Protiviti Governance Portal with ROI in mind, the company has realized significant savings in a number of areas: • Previously, users in the financial control group each spent about a half-hour developing a control asser- tion by interviewing a subject and then keying and consolidating the results into the old GRC system. In the Governance Portal, this is a five-minute automated task, a savings of more than 300 man-hours every reporting period. • In information security, the company previously used more than 35 policy assessment spreadsheets that were sent around to various IT resources, reviewed and summarized. Today, self-assessments are conducted in the Governance Portal, and a single report is easily generated. • Having one GRC solution instead of three has reduced operational costs associated with maintaining multiple database administrators, hardware platforms, organizational models and risk registers. “ THE PROTIVITI GOVERNANCE PORTAL HAS ALREADY PROVEN TO BE AN EXCELLENT FOUNDATION FOR THE COMPANY’S COMBINED ASSURANCE INITIATIVE.”
3Protiviti’s Governance Portal – Client Insights Protiviti’s Governance Portal helps media giant consolidate risk and audit activities Client Challenge Our client is a global leader in media and entertainment, with approximately 34,000 employees and four operating divisions worldwide. The company has 750 auditable entities across all divisions, and in its inter- nal audit process tracks no less than 50 standard risk objectives, 16 standard processes and 1,100 information technology (IT) systems. In performing these audits, the company relied on a variety of homegrown and off-the-shelf systems and spreadsheets for risk assessment, audit documentation and work paper tracking. In 2013, management decided to replace this hodgepodge collection of auditing tools with a centralized audit solution. After exploring several options, the company chose the Protiviti Governance Portal, based on its configurability and true integration of risk assessment results into the audit plan and process. Powerful Insights Prior to rolling out the full solution in February 2014, Protiviti’s Governance Portal experts helped com- pany management conduct two pilot programs: The first, a “conference room pilot,” was designed to run through the entire process, from risk assessment to audit reporting, and involved the participation of every level of financial and IT auditor in the company. The internal audit team then used the auditors’ feedback to make configuration adjustments to the Governance Portal and to refine the training manual. Following this initial pilot, a second pilot was launched, which included the chief auditor, two vice presidents and two executive directors. “The goal of the second pilot was to familiarize our executives with the Governance Portal, so they would be advocates for the benefits that the solution would deliver,” said the company’s associate director of internal audit. “Thanks to this approach, when we began training a larger audience, the executives who had attended the pilot became strong advocates for the tool.” Proven Delivery With the help of the Governance Portal, the company consolidated all its risk assessment and audit data into a single system, allowing risk assessment activities to support and drive audit activities. The Governance Portal also enabled the client to enhance and simplify the auditors’ experience. Configurability. The built-in configurability of the Governance Portal enabled the audit team to customize the system to fit the company’s risk assessment and audit methodology instead of forcing auditors to adapt their methodology to the system – which was an issue with other solutions evaluated.
4 Protiviti’s Governance Portal – Client Insights As part of configuring the solution, Protiviti helped the audit team develop and document a taxonomy of standard risks and processes in the Governance Portal. Using this standardized list, users can evaluate and document their activities against it simply by checking boxes. The taxonomy in the Governance Portal also ensures that auditors see all of the risks that are applicable to a particular process and can decide which pro- cesses are in scope for the audit, greatly simplifying decision-making. Protiviti also helped automate a number of audit and risk activities, including data collection related to bud- geting audits and advanced calculations related to the risk assessment process. Searching and Reporting. Prior to using the Governance Portal, the company’s data typically resided in spreadsheets and text documents, which did not support easy or quick summary reporting. The Governance Portal supports almost instant retrieval of large amounts of live data. Protiviti helped the audit team create a number of standard searches in the Governance Portal. Users also can define their own specific queries, which can then be integrated with the Governance Portal’s built-in reporting capabilities. The reporting feature in the Governance Portal supports a variety of output formats, including pivot tables, charts and graphs, as well as conditional formatting. These powerful reporting capabilities allow auditors to report on risk assessment and audit activities across the audit team using the most informative format. The centralized data model enables the company to look across the business and analyze trends related to risks, controls, audit tests and audit findings, providing much deeper insight into the business. “The Protiviti Governance Portal gave us the flexibility to track our processes and risks the way we wanted to,” said an internal audit executive. “It also has the robust reporting capabilities we need and it makes it easy for our users to enter information no matter where they are located.” With the initial phase of the Governance Portal deployment completed, audit executives are looking forward to the next phase. The company is planning to use the Governance Portal to manage its anti- corruption and Foreign Corrupt Practices Act (FCPA) programs, as well as implement action plan tracking and an audit satisfaction survey. The company plans to eventually use the Governance Portal for all internal financial, IT and process audits. “ THE PROTIVITI GOVERNANCE PORTAL GAVE US THE FLEXIBILITY TO TRACK OUR PROCESSES AND RISKS THE WAY WE WANTED TO. IT ALSO HAS THE ROBUST REPORTING CAPABILITIES WE NEED AND IT MAKES IT EASY FOR OUR USERS TO ENTER INFORMATION NO MATTER WHERE THEY ARE LOCATED.”
5Protiviti’s Governance Portal – Client Insights Protiviti Governance Portal forms the bedrock of Coal Services’ risk and internal audit framework Client Challenge Australia-based Coal Services Pty Limited (www.coalservices.com.au) is an industry-owned organization provid- ing critical services and expertise to the New South Wales coal mining industry. The company offers a suite of health, safety, environmental and insurance solutions to support coal mine workers, employers and communities and has a long-standing commitment to ensuring a safe workplace and a healthy workforce. For years, the organization relied on Excel spreadsheets to maintain its risk register, records of risk actions and audit findings. As a result, there was no automated way to follow up on assigned tasks and enforce accountability. The lack of automation also made it difficult to create reports for the governing board’s risk management committee. Aware of the shortcomings of this manual process, management decided to move to an enterprise risk man- agement system. The company already relied on Protiviti as its co-sourced internal audit partner. In 2012, Matthew Vickers, manager of risk, internal audit and business improvement, decided to evaluate the capa- bilities of Protiviti’s Governance Portal for risk and internal audit management. Impressed with the Portal’s demonstrated capabilities, as well as its high ratings by a recent Forrester Wave report on governance, risk and compliance (GRC) platforms, Vickers selected the Governance Portal as the risk management system for Coal Services. The system went live in February 2013. Powerful Insights Protiviti’s GRC experts set out to rebuild the entire risk management and assurance framework. We created a user interface where each risk can be rated, a risk owner identified, and an action plan set up to mitigate the risk. We set up automated alerts for key actions and deadlines to help keep risk owners accountable and on schedule. We used a similar approach for the completion of internal audit recommendations. To facilitate adoption and reduce time spent navigating the extensive Portal environment, our team worked with business users to create landing pages customized to their specific needs and to build report templates ready for use. Automation, usability and accessibility were touchstones of the implementation and made a dif- ference in how quickly the Portal was accepted by the user base.
6 Protiviti’s Governance Portal – Client Insights Proven Delivery Automation and Accountability The automated risk management and mitigation alerts are invaluable to the company in maintaining ac- countability among the audit team – something impossible in the old spreadsheet-based audit system. With the Portal, once the risk has been successfully mitigated, it can be closed out. “The system eliminates any questions related to whether a spreadsheet has been updated to reflect an updated status,” said Vickers. “We can see who is closing out their audit findings quickly, and for those who require more time, we can see whether or not they are making progress toward closing.” A Simple User Interface One of Vickers’ key goals was to make it as easy as possible for business users to navigate the Portal – and Protiviti delivered. “Business users don’t need to see everything our team sees, and Protiviti did a great job of customizing and simplifying the specific landing pages for business users,” said Vickers. “They see only what they need to see, which has encouraged them to use the system.” Improved Reporting The ability to rate risks and automate follow-up has driven consistency in the audit approach and stream- lined report writing. Coal Services uses the reports prebuilt by Protiviti to automate the reporting process. Data now goes straight from system-generated searches to formatted PDF reports. “We now have a modern risk management framework that is based on scoring risk, which makes our reports far more useful to the management team,” said Vickers. Cloud-Based Hosting By relying on the cloud-based hosting option for the Governance Portal, Coal Services has eliminated the need for hardware or software locally. “The cloud option eliminates IT complexity and drives down costs,” said Vickers. “It also means our auditors and business users can complete work anytime from anywhere with an Internet connection.” With the Governance Portal as the foundation of the governance and risk framework at the company, Vickers is planning to expand its use, starting with implementing a compliance module over the next year. “Protiviti has been excellent to work with, and we regularly rely on their expertise in risk management and internal audit,” said Vickers. “The relationship we have with Protiviti is extremely beneficial to Coal Services.” “ WE NOW HAVE A MODERN RISK MANAGEMENT FRAMEWORK THAT IS BASED ON SCORING RISK, WHICH MAKES OUR REPORTS FAR MORE USEFUL TO THE MANAGEMENT TEAM.”
7Protiviti’s Governance Portal – Client Insights JELD-WEN turns to Protiviti and Governance Portal for timely SOX compliance Client Challenge Headquartered in Klamath Falls, Oregon, JELD-WEN is one of the world’s leading manufacturers of win- dows and doors. The company’s extensive product line is sold globally through multiple distribution channels, including retail home centers, wholesale distributors and building products dealers. JELD-WEN has approxi- mately 20,000 employees in 20 countries across the Asia-Pacific region, Europe and the Americas. Since JELD-WEN’s founding more than 50 years ago, the company has expanded globally through a series of acquisitions. A consequence of this was that management of the organization was decentralized, and most of the acquired companies continued to rely on their existing accounting and manufacturing software and proce- dures. In addition, JELD-WEN had neither an internal audit department nor a formal program of controls and procedures to ensure the validity of the company’s financial records. In 2010, prior to the company’s acquisition by the Canadian firm Onex, JELD-WEN voluntarily chose to seek Sarbanes-Oxley (SOX) compliance, believ- ing that engaging in the best practices required for the SOX process would benefit the dispersed organization. The project was the first true corporate initiative launched across all three regions. Michael Higgins, global Sarbanes-Oxley manager at JELD-WEN, was brought in to lead the SOX program, including the implementation project, and to form an implementation consulting team with deep SOX expertise. Higgins, who had previously used the Protiviti Governance Portal to run a very successful SOX program at his former employer, a global leader in advanced embedded solutions for communications networking and commercial systems, brought Protiviti on board to assist JELD-WEN with the compliance effort. “I knew there were other products and vendors out there,” said Higgins, “but I knew the Governance Portal worked well and had the capability to support and manage an ongoing program of the size that JELD-WEN would require.” Powerful Insights Starting the project voluntarily in 2010 and Higgins’ decision to implement the Protiviti Governance Portal proved fortuitous. When JELD-WEN was purchased by Onex only nine months after the start of the proj- ect, the company suddenly had only one year to comply with key elements of the Canadian version of SOX. “Fortunately, we were able to get started very quickly,” said Higgins. “The Protiviti implementation team was able to build out our SOX portal and begin training my core consulting team within a month. Thanks to the Governance Portal, despite the challenges associated with a global rollout with remote locations and language differences, we successfully met the one-year deadline.”
8 Protiviti’s Governance Portal – Client Insights As a result of the implementation work performed by the Protiviti Governance Portal team, all JELD- WEN entities, more than 110, have been incorporated into the Governance Portal. With the program fully implemented across the organization, process control owners have a single site for reviewing control processes, obtaining flowcharts and providing documentation to support testing. The Governance Portal makes it easy for the JELD-WEN SOX team to analyze the relationships among objectives, risks, controls and tests. Proven Delivery The deployment and powerful capabilities of Protiviti’s Governance Portal have enabled four key areas of a sustainable SOX program at JELD-WEN: universal access, flexible change management, highly efficient workflows and reporting. Universal Access Protiviti’s Governance Portal enables more than 1,000 JELD-WEN control owners, as well as the SOX consultants and more than 20 testers from the company’s outside testing provider, KPMG, to log in securely from anywhere – office, home, hotel room or airport lounge – at any time. This capability was essential during development of the program, as JELD-WEN had as many as 26 consultants globally, all of whom were able to access the Portal daily to upload flowcharts, create risk control matrices and perform tests – all without requiring a desk in a JELD-WEN office or even a guest account on the JELD-WEN network. Today, the flexibility to access the Governance Portal from anywhere enables everyone involved in the SOX program to be more productive and the entire process to be more cost-efficient. Flexible Change Management JELD-WEN performs change management much more efficiently using the Governance Portal’s Assess- ment Management Engine. Control owners fill in self-assessment surveys on a quarterly basis, making it easy for the company to document the significant number of changes in processes, personnel and process ownership that occur in that period. At the end of each quarter, the regional SOX coordinators use this documentation to update flowcharts, process controls and the test plans for each control. “With 46 locations spread out across North America, the ability to have the process owners enter their information locally and the regional coordinators access it from their locations has drastically reduced the time and cost of change management,” said Higgins. Highly Efficient Workflows The Governance Portal’s robust capabilities and functions allowed JELD-WEN to streamline the develop- ment and ongoing operation of its SOX program as follows: • The task functionality enables the JELD-WEN SOX implementation team to assign controls and process flows to process control owners for their initial review and confirmation. With the SOX program in place, the SOX team is also able to assign tasks to outside testers, as well as specify when a test should start, when it should finish and who should perform quality assurance review. The status of tasks can be monitored centrally in the Governance Portal. “ THE PROTIVITI IMPLEMENTATION TEAM WAS ABLE TO BUILD OUT OUR SOX PORTAL AND BEGIN TRAINING MY CORE CONSULTING TEAM WITHIN A MONTH. THANKS TO THE GOVERNANCE PORTAL, DESPITE THE CHALLENGES ASSOCIATED WITH A GLOBAL ROLLOUT WITH REMOTE LOCATIONS AND LANGUAGE DIFFERENCES, WE SUCCESSFULLY MET THE ONE-YEAR DEADLINE.”
9Protiviti’s Governance Portal – Client Insights • The action plan functionality enables the JELD-WEN SOX team to guide process control owners in remediating controls that have failed a test. Action plans include a start date, due date, the person on the SOX team responsible for reviewing the remediation and, if appropriate, a requirement that the control owner upload supporting documentation when remediation has been completed. Action plans can also be centrally monitored in the Governance Portal. • The template library, which includes templates for risks, controls, objectives and test plans, made it far easier for the JELD-WEN SOX implementation team to add each of its more than 150 locations by simply entering the location into the system and importing the appropriate templates from the library. This eliminated the need to create from scratch an entirely new organizational structure for each new entity or acquisition. “The template library continues to help us add subsequent locations and acquisi- tions,” said Higgins. • The mass upload function enables the JELD-WEN SOX team to update all relevant records with a single click. Using templates, JELD-WEN is able to easily update testers, dates, control information and more. “JELD-WEN has nearly 3,000 controls in the Governance Portal,” said Higgins. “When a field needs to be updated, it’s far faster to use the mass upload function rather than going one-by-one through the controls.” Reporting The Governance Portal enables JELD-WEN’s SOX team and senior management to gain insight into the SOX program through a variety of ad hoc searches, dashboards and reports. The SOX implementation team developed reports to monitor the status of process documentation and testing daily. The team also devel- oped a global test results report. JELD-WEN makes extensive use of the ability of the Governance Portal to export its data to Microsoft Excel, which the SOX team uses to create easy-to-read graphical charts and pivot tables. “The reporting capabilities in the Governance Portal have made it easier to satisfy our reporting require- ment, while providing the SOX team and senior management with a much clearer picture of the risks facing the organization,” added Higgins. “ THE REPORTING CAPABILITIES IN THE GOVERNANCE PORTAL HAVE MADE IT EASIER TO SATISFY OUR REPORTING REQUIREMENT WHILE PROVIDING THE SOX TEAM AND SENIOR MANAGEMENT WITH A MUCH CLEARER PICTURE OF THE RISKS FACING THE ORGANIZATION.”
10 Protiviti’s Governance Portal – Client Insights U.S. manufacturer streamlines field audit with Protiviti’s Governance Portal Client Challenge Our client, one of the world’s leading manufacturers, with headquarters in the United States and multiple retail and distribution locations throughout the U.S., needed to develop a field audit solution for display tracking. The company supports its network of retail sales representatives by providing them with display systems, which hold flip-through binders of samples. These systems are placed in retail stores and are maintained by the sales rep- resentatives. However, the company did not have an efficient system for tracking these displays – such as their current locations, whether they have been moved from one location to another and the condition they were in. The client uses the sample binders as a primary means to educate and promote its product to the retail customer. Ensuring the binders are available and in good shape is essential to the company’s marketing and sales strategy. In 2013, the company decided to develop a field audit solution to improve the tracking of these display sys- tems. The company consulted with its internal audit partner, Protiviti, on the best way to address the issue. We proposed developing a tablet-based field audit solution, which sales representatives could use to conduct a field audit while in a store. The company management agreed to the proposal, and the Protiviti internal audit team contacted the Protiviti Governance Portal team for assistance with the proposed solution. Powerful Insights The Protiviti team collected the company’s requirements for the audit and efficiently set up and deployed a program for a mobile-device-enabled audit that covered 180 store locations and 450 displays. Using their tablets, the sales representatives completed their audits by ranking display details through drop-down rating fields and adding commentary if needed. The audit management team was then automatically notified that a field audit had been completed, and the data was consolidated at the company headquarters. The audit process was intuitive, simple and straightforward, and was received extremely favorably by the users. “Despite a tight deadline and limited budget, Protiviti quickly created and deployed the field audit solu- tion,” said the company manager of residential sales operations. “Initially, some of our reps were concerned about having to take the extra time to do the in-store audit, but they found that it was easy to use and did not take more than five minutes.” Proven Delivery The new field audit program fully addressed the needs of the internal audit team, enabling field reps to report timely and accurately on the status of the displays in stores. Previously, the audits were performed manually and required multiple steps to consolidate and report on the results – a cumbersome process that was stream- lined and made much more efficient with the Governance-Portal solution. As a result, the company is now looking to adopt the Governance-Portal-enabled field audit as a standard practice at all its locations.
11Protiviti’s Governance Portal – Client Insights About Protiviti’s GRC Practice and Governance Portal Protiviti’s GRC experts have worked with thousands of global clients to deliver targeted GRC software solu- tions that address their immediate needs, while facilitating convergence toward fully integrated, value-added GRC practices. The Protiviti Governance Portal is a comprehensive software platform that integrates content and com- monly accepted and proprietary frameworks with world-class consulting expertise to provide organizations with the visibility and insight needed to manage and mitigate current and future risk and compliance issues. The Governance Portal integrates process, knowledge and technology to help clients: • Start the GRC program quickly, using out-of-the-box content and templates • Execute GRC tasks efficiently, using proprietary GRC content that provides industry normative guidance • Create a self-sustainable GRC program by easily configuring the Governance Portal to meet each organization’s GRC program requirements, methodology and terminology • Add value by converging multiple GRC activities • Rely on real-time reporting and dashboards to provide executives with a holistic view of all GRC efforts For additional information about the issues reviewed here or Protiviti’s services, please contact: Scott Wisniewski +1.312.476.6302 scott.wisniewski@protiviti.com About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Named one of the 2015 Fortune 100 Best Companies to Work For® , Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
ASIA-PACIFIC AUSTRALIA Brisbane Canberra Melbourne Perth Sydney CHINA Beijing Hong Kong Shanghai Shenzhen INDIA* Bangalore Mumbai New Delhi JAPAN Osaka Tokyo SINGAPORE Singapore * Protiviti Member Firm THE AMERICAS UNITED STATES Alexandria Atlanta Baltimore Boston Charlotte Chicago Cincinnati Cleveland Dallas Denver Fort Lauderdale Houston Kansas City Los Angeles Milwaukee Minneapolis New York Orlando Philadelphia Phoenix Pittsburgh Portland Richmond Sacramento Salt Lake City San Francisco San Jose Seattle Stamford St. Louis Tampa Washington, D.C. Winchester Woodbridge ARGENTINA* Buenos Aires BRAZIL* Rio de Janeiro São Paulo CANADA Kitchener-Waterloo Toronto CHILE* Santiago MEXICO* Mexico City Monterrey PERU* Lima VENEZUELA* Caracas © 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet. PRO-0315 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. SOUTH AFRICA* Johannesburg EUROPE/MIDDLE EAST/AFRICA FRANCE Paris GERMANY Frankfurt Munich ITALY Milan Rome Turin THE NETHERLANDS Amsterdam UNITED KINGDOM London BAHRAIN* Manama KUWAIT* Kuwait City OMAN* Muscat QATAR* Doha UNITED ARAB EMIRATES* Abu Dhabi Dubai

Empfohlen

Framework to monitor and evaluate e gp systems in india (v3.5)
Framework to monitor and evaluate e gp systems in india (v3.5)Framework to monitor and evaluate e gp systems in india (v3.5)
Framework to monitor and evaluate e gp systems in india (v3.5)
ramana01
 
Chapter 11 control self-assessment
Chapter 11 control self-assessmentChapter 11 control self-assessment
Chapter 11 control self-assessment
Quan Risk
 
Inonvate Finance_Membership and Regulatory Sandboxes_15Dec
Inonvate Finance_Membership and Regulatory Sandboxes_15DecInonvate Finance_Membership and Regulatory Sandboxes_15Dec
Inonvate Finance_Membership and Regulatory Sandboxes_15Dec
InnFin
 
Volcker Rule: Calibration to 2.0
Volcker Rule: Calibration to 2.0Volcker Rule: Calibration to 2.0
Volcker Rule: Calibration to 2.0
accenture
 
Enhancing Integrity for Business Development in the Middle East and North Afr...
Enhancing Integrity for Business Development in the Middle East and North Afr...Enhancing Integrity for Business Development in the Middle East and North Afr...
Enhancing Integrity for Business Development in the Middle East and North Afr...
OECDglobal
 
Integrated_GRC
Integrated_GRCIntegrated_GRC
Integrated_GRC
Marco Villacorta Olano
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
AntonioMaio2
 
Insights on the Future of SharePoint
Insights on the Future of SharePointInsights on the Future of SharePoint
Insights on the Future of SharePoint
Christian Buckley
 

Empfohlen

Framework to monitor and evaluate e gp systems in india (v3.5)
Framework to monitor and evaluate e gp systems in india (v3.5)Framework to monitor and evaluate e gp systems in india (v3.5)
Framework to monitor and evaluate e gp systems in india (v3.5)
ramana01
 
Chapter 11 control self-assessment
Chapter 11 control self-assessmentChapter 11 control self-assessment
Chapter 11 control self-assessment
Quan Risk
 
Inonvate Finance_Membership and Regulatory Sandboxes_15Dec
Inonvate Finance_Membership and Regulatory Sandboxes_15DecInonvate Finance_Membership and Regulatory Sandboxes_15Dec
Inonvate Finance_Membership and Regulatory Sandboxes_15Dec
InnFin
 
Volcker Rule: Calibration to 2.0
Volcker Rule: Calibration to 2.0Volcker Rule: Calibration to 2.0
Volcker Rule: Calibration to 2.0
accenture
 
Enhancing Integrity for Business Development in the Middle East and North Afr...
Enhancing Integrity for Business Development in the Middle East and North Afr...Enhancing Integrity for Business Development in the Middle East and North Afr...
Enhancing Integrity for Business Development in the Middle East and North Afr...
OECDglobal
 
Integrated_GRC
Integrated_GRCIntegrated_GRC
Integrated_GRC
Marco Villacorta Olano
 
Overcoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
AntonioMaio2
 
Insights on the Future of SharePoint
Insights on the Future of SharePointInsights on the Future of SharePoint
Insights on the Future of SharePoint
Christian Buckley
 
Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and Transformation
GustavoVelandia3
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
Maher Manan
 
Making Connections
Making ConnectionsMaking Connections
Making Connections
Tina Jordan
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
Thoughtworks
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
Thoughtworks
 
GP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheetGP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheet
Marco Villacorta Olano
 
Chetan Siddaramu_Jun 2016
Chetan Siddaramu_Jun 2016Chetan Siddaramu_Jun 2016
Chetan Siddaramu_Jun 2016
Chetan Siddaramu
 
Solvency II Offering
Solvency II Offering Solvency II Offering
Solvency II Offering
Thinksoft Global
 
Introduction to Val IT
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
Varuna Harshana
 
GP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetGP for Regulatory Management Product Sheet
GP for Regulatory Management Product Sheet
Marco Villacorta Olano
 
Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
MetricStream Inc
 
Muthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_ResumeMuthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_Resume
Muthu Vel P
 
Clear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdfClear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdf
Subrat Kumar Dash
 
Whitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank MergersWhitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank Mergers
Sinjo Alex
 
Indian CST's GPMS Products Portfolio 2015
Indian CST's GPMS Products Portfolio 2015Indian CST's GPMS Products Portfolio 2015
Indian CST's GPMS Products Portfolio 2015
Raja Seevan
 
Set-up a Centralized Data Warehouse System for leading Insurance Company with...
Set-up a Centralized Data Warehouse System for leading Insurance Company with...Set-up a Centralized Data Warehouse System for leading Insurance Company with...
Set-up a Centralized Data Warehouse System for leading Insurance Company with...
ITC Infotech
 
Compliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdfCompliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdf
AmyPoblete3
 
Cap_Labor_Publication
Cap_Labor_PublicationCap_Labor_Publication
Cap_Labor_Publication
lijithomasswa
 
The Total Economic Impact of Equinix Interconnection Solutions
The Total Economic Impact of Equinix Interconnection SolutionsThe Total Economic Impact of Equinix Interconnection Solutions
The Total Economic Impact of Equinix Interconnection Solutions
Equinix
 
Forrester: Total Economic Impact Study - Interconnection
Forrester: Total Economic Impact Study - InterconnectionForrester: Total Economic Impact Study - Interconnection
Forrester: Total Economic Impact Study - Interconnection
Equinix
 

Weitere ähnliche Inhalte

Ähnlich wie Protiviti-Governance-Portal-Client-Insights

The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
Thoughtworks
 
GP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetGP for Regulatory Management Product Sheet
GP for Regulatory Management Product Sheet
Marco Villacorta Olano
 
Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
MetricStream Inc
 
Muthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_ResumeMuthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_Resume
Muthu Vel P
 
Clear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdfClear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdf
Subrat Kumar Dash
 
Indian CST's GPMS Products Portfolio 2015
Indian CST's GPMS Products Portfolio 2015Indian CST's GPMS Products Portfolio 2015
Indian CST's GPMS Products Portfolio 2015
Raja Seevan
 
Cap_Labor_Publication
Cap_Labor_PublicationCap_Labor_Publication
Cap_Labor_Publication
lijithomasswa
 
The Total Economic Impact of Equinix Interconnection Solutions
The Total Economic Impact of Equinix Interconnection SolutionsThe Total Economic Impact of Equinix Interconnection Solutions
The Total Economic Impact of Equinix Interconnection Solutions
Equinix
 

Ähnlich wie Protiviti-Governance-Portal-Client-Insights (20)

Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and Transformation
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Making Connections
Making ConnectionsMaking Connections
Making Connections
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
 
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development ApproachThe Total Economic Impact of Using ThoughtWorks' Agile Development Approach
The Total Economic Impact of Using ThoughtWorks' Agile Development Approach
 
GP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheetGP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheet
 
Chetan Siddaramu_Jun 2016
Chetan Siddaramu_Jun 2016Chetan Siddaramu_Jun 2016
Chetan Siddaramu_Jun 2016
 
Solvency II Offering
Solvency II Offering Solvency II Offering
Solvency II Offering
 
Introduction to Val IT
Introduction to Val ITIntroduction to Val IT
Introduction to Val IT
 
GP for Regulatory Management Product Sheet
GP for Regulatory Management Product SheetGP for Regulatory Management Product Sheet
GP for Regulatory Management Product Sheet
 
Payment giant-automates-internal-audit
Payment giant-automates-internal-auditPayment giant-automates-internal-audit
Payment giant-automates-internal-audit
 
Muthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_ResumeMuthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_Resume
 
Clear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdfClear_Partner Management System_Case Challange_Subrat.pdf
Clear_Partner Management System_Case Challange_Subrat.pdf
 
Whitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank MergersWhitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank Mergers
 
Indian CST's GPMS Products Portfolio 2015
Indian CST's GPMS Products Portfolio 2015Indian CST's GPMS Products Portfolio 2015
Indian CST's GPMS Products Portfolio 2015
 
Set-up a Centralized Data Warehouse System for leading Insurance Company with...
Set-up a Centralized Data Warehouse System for leading Insurance Company with...Set-up a Centralized Data Warehouse System for leading Insurance Company with...
Set-up a Centralized Data Warehouse System for leading Insurance Company with...
 
Compliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdfCompliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdf
 
Cap_Labor_Publication
Cap_Labor_PublicationCap_Labor_Publication
Cap_Labor_Publication
 
The Total Economic Impact of Equinix Interconnection Solutions
The Total Economic Impact of Equinix Interconnection SolutionsThe Total Economic Impact of Equinix Interconnection Solutions
The Total Economic Impact of Equinix Interconnection Solutions
 
Forrester: Total Economic Impact Study - Interconnection
Forrester: Total Economic Impact Study - InterconnectionForrester: Total Economic Impact Study - Interconnection
Forrester: Total Economic Impact Study - Interconnection
 

Protiviti-Governance-Portal-Client-Insights

  • 1. IProtiviti’s Governance Portal – Client Insights Image to come Protiviti’s Governance Portal Client Insights on Gaining Value From GRC Technology
  • 2.
  • 3. Protiviti’s Governance Portal – Client Insights i Table of Contents Introduction............................................................................................................................................................ii Insurer launches a combined assurance initiative with Protiviti’s Governance Portal .........................................1 Protiviti’s Governance Portal helps media giant consolidate risk and audit activities..........................................3 Protiviti Governance Portal forms the bedrock of Coal Services’ risk and internal audit framework ................5 JELD-WEN turns to Protiviti and Governance Portal for timely SOX compliance..........................................7 U.S. manufacturer streamlines field audit with Protiviti’s Governance Portal....................................................10
  • 4. Protiviti’s Governance Portal – Client Insightsii Governance, risk and compliance (GRC) technology has the ability to enhance GRC programs by enabling processes, improving performance, reducing costs and driving efficiencies. However, selecting a single solution that works for everyone in the organization isn’t always easy. Obtaining consensus regarding methodology, approach and risk language among your various GRC groups and key stakeholders can be an involved and complicated process. Protiviti has worked successfully with hundreds of clients around the world to enhance their GRC programs through our Governance Portal. We have found that working with synergistic groups to leverage a common technology solution drives early value and long-term departmental efficiency. We think our clients tell the story best. We believe their stories reflect a pragmatic approach to utilizing technology to document multirelational risk and compliance information, facilitate enterprise collaboration and produce consolidated GRC reporting. We are pleased to share five client stories with you. Each story provides insight – from the client’s enterprisewide challenge to the way it adapted the capabilities of the Governance Portal to enhance the efficiency and effectiveness of its GRC initiatives. The stories highlight clients from a range of industries and a variety of GRC use cases. We hope you find these stories useful. If you would like to learn more about the Governance Portal or to set up a demonstration, please visit www.protiviti.com/grc-software. Acknowledgements We would like to thank our Protiviti Governance Portal clients for taking time to share their stories. Scott Wisniewski Protiviti Managing Director Risk Technologies Introduction
  • 5. 1Protiviti’s Governance Portal – Client Insights Insurer launches a combined assurance initiative with Protiviti’s Governance Portal Client Challenge A leading multinational insurance group headquartered in the UK and serving more than 17 million customers in nearly 140 countries faced a technology turning point in 2009. The governance, risk and compliance (GRC) systems used by the financial control group and the internal audit group were nearing end-of-life status, and the risk group, which had no GRC platform, needed to satisfy emerging requirements for individual capital assess- ment (ICA) and Solvency II. Rather than implementing three separate systems for each group, management decided to launch a combined assurance initiative designed to bring a single risk story back to its board of directors. After developing detailed criteria and thoroughly investigating several market-leading providers and platforms, the insurance company selected the Protiviti Governance Portal. Along with the Governance Portal’s broad fea- ture set and extensive configurability, four key factors contributed to this decision: • The Governance Portal’s single, integrated database supports combined assurance. If the risk group entered a risk control with an audit or financial control dimension, the audit and financial control groups would have direct visibility. Protiviti was the only vendor able to demonstrate this capability. • The Governance Portal’s key features were easy to see and demonstrate. Management could see all of the capabilities immediately, with no need for custom development. • Protiviti offered a flexible licensing model that allowed the company to easily scale and deploy the solution with its user base across 33 countries. • Most important, Protiviti understood the client’s needs and spoke the same language. The benefit of this connection became particularly clear during the configuration phase of the project, when Protiviti consultants played a vital role in helping the different client teams work toward a common taxonomy. Powerful Insights As part of the implementation, Protiviti performed an inventory of the requirements of seven project teams, developing a total of 40 specific functional areas (e.g., risk assessment, reporting, remediation, etc.) to be included in the implementation. During planning and diagnostic discussions, Protiviti helped management identify a series of common themes across the functional groups that would facilitate an integrated GRC approach while still supporting team-specific requirements. Throughout the configuration phase, Protiviti provided continuous feedback, direction and validation of the final design. The implementation was completed in 12 months.
  • 6. 2 Protiviti’s Governance Portal – Client Insights Proven Delivery Currently, the financial control group uses the Governance Portal to manage the financial reporting pro- cesses, including control models for remediation, testing and quality assurance. This group also uses the so- lution to manage the CFO accounting assertions. The risk group has incorporated compliance management, operational risk, information security, scenario assessments and the Solvency II Risk Register in the Governance Portal. In the audit group, internal auditors use the Protiviti Governance Portal to manage the audit process, including recording findings, assigning actions and creating management information reports. The auditors leverage the Portal’s offline functionality to perform work in the field while disconnected from the server. The process of deploying and refining the system’s capabilities is ongoing, but the Protiviti Governance Portal has already proven to be an excellent foundation for the company’s combined assurance initiative. For example, when the financial controls group and the audit group are engaged in similar activities, the Governance Portal flags those controls and identifies the two different opinions. This visibility allows exec- utive management to decide whether to eliminate the duplicate effort or maintain the two separate activities because there is value in the different opinions. Although the company did not adopt the Protiviti Governance Portal with ROI in mind, the company has realized significant savings in a number of areas: • Previously, users in the financial control group each spent about a half-hour developing a control asser- tion by interviewing a subject and then keying and consolidating the results into the old GRC system. In the Governance Portal, this is a five-minute automated task, a savings of more than 300 man-hours every reporting period. • In information security, the company previously used more than 35 policy assessment spreadsheets that were sent around to various IT resources, reviewed and summarized. Today, self-assessments are conducted in the Governance Portal, and a single report is easily generated. • Having one GRC solution instead of three has reduced operational costs associated with maintaining multiple database administrators, hardware platforms, organizational models and risk registers. “ THE PROTIVITI GOVERNANCE PORTAL HAS ALREADY PROVEN TO BE AN EXCELLENT FOUNDATION FOR THE COMPANY’S COMBINED ASSURANCE INITIATIVE.”
  • 7. 3Protiviti’s Governance Portal – Client Insights Protiviti’s Governance Portal helps media giant consolidate risk and audit activities Client Challenge Our client is a global leader in media and entertainment, with approximately 34,000 employees and four operating divisions worldwide. The company has 750 auditable entities across all divisions, and in its inter- nal audit process tracks no less than 50 standard risk objectives, 16 standard processes and 1,100 information technology (IT) systems. In performing these audits, the company relied on a variety of homegrown and off-the-shelf systems and spreadsheets for risk assessment, audit documentation and work paper tracking. In 2013, management decided to replace this hodgepodge collection of auditing tools with a centralized audit solution. After exploring several options, the company chose the Protiviti Governance Portal, based on its configurability and true integration of risk assessment results into the audit plan and process. Powerful Insights Prior to rolling out the full solution in February 2014, Protiviti’s Governance Portal experts helped com- pany management conduct two pilot programs: The first, a “conference room pilot,” was designed to run through the entire process, from risk assessment to audit reporting, and involved the participation of every level of financial and IT auditor in the company. The internal audit team then used the auditors’ feedback to make configuration adjustments to the Governance Portal and to refine the training manual. Following this initial pilot, a second pilot was launched, which included the chief auditor, two vice presidents and two executive directors. “The goal of the second pilot was to familiarize our executives with the Governance Portal, so they would be advocates for the benefits that the solution would deliver,” said the company’s associate director of internal audit. “Thanks to this approach, when we began training a larger audience, the executives who had attended the pilot became strong advocates for the tool.” Proven Delivery With the help of the Governance Portal, the company consolidated all its risk assessment and audit data into a single system, allowing risk assessment activities to support and drive audit activities. The Governance Portal also enabled the client to enhance and simplify the auditors’ experience. Configurability. The built-in configurability of the Governance Portal enabled the audit team to customize the system to fit the company’s risk assessment and audit methodology instead of forcing auditors to adapt their methodology to the system – which was an issue with other solutions evaluated.
  • 8. 4 Protiviti’s Governance Portal – Client Insights As part of configuring the solution, Protiviti helped the audit team develop and document a taxonomy of standard risks and processes in the Governance Portal. Using this standardized list, users can evaluate and document their activities against it simply by checking boxes. The taxonomy in the Governance Portal also ensures that auditors see all of the risks that are applicable to a particular process and can decide which pro- cesses are in scope for the audit, greatly simplifying decision-making. Protiviti also helped automate a number of audit and risk activities, including data collection related to bud- geting audits and advanced calculations related to the risk assessment process. Searching and Reporting. Prior to using the Governance Portal, the company’s data typically resided in spreadsheets and text documents, which did not support easy or quick summary reporting. The Governance Portal supports almost instant retrieval of large amounts of live data. Protiviti helped the audit team create a number of standard searches in the Governance Portal. Users also can define their own specific queries, which can then be integrated with the Governance Portal’s built-in reporting capabilities. The reporting feature in the Governance Portal supports a variety of output formats, including pivot tables, charts and graphs, as well as conditional formatting. These powerful reporting capabilities allow auditors to report on risk assessment and audit activities across the audit team using the most informative format. The centralized data model enables the company to look across the business and analyze trends related to risks, controls, audit tests and audit findings, providing much deeper insight into the business. “The Protiviti Governance Portal gave us the flexibility to track our processes and risks the way we wanted to,” said an internal audit executive. “It also has the robust reporting capabilities we need and it makes it easy for our users to enter information no matter where they are located.” With the initial phase of the Governance Portal deployment completed, audit executives are looking forward to the next phase. The company is planning to use the Governance Portal to manage its anti- corruption and Foreign Corrupt Practices Act (FCPA) programs, as well as implement action plan tracking and an audit satisfaction survey. The company plans to eventually use the Governance Portal for all internal financial, IT and process audits. “ THE PROTIVITI GOVERNANCE PORTAL GAVE US THE FLEXIBILITY TO TRACK OUR PROCESSES AND RISKS THE WAY WE WANTED TO. IT ALSO HAS THE ROBUST REPORTING CAPABILITIES WE NEED AND IT MAKES IT EASY FOR OUR USERS TO ENTER INFORMATION NO MATTER WHERE THEY ARE LOCATED.”
  • 9. 5Protiviti’s Governance Portal – Client Insights Protiviti Governance Portal forms the bedrock of Coal Services’ risk and internal audit framework Client Challenge Australia-based Coal Services Pty Limited (www.coalservices.com.au) is an industry-owned organization provid- ing critical services and expertise to the New South Wales coal mining industry. The company offers a suite of health, safety, environmental and insurance solutions to support coal mine workers, employers and communities and has a long-standing commitment to ensuring a safe workplace and a healthy workforce. For years, the organization relied on Excel spreadsheets to maintain its risk register, records of risk actions and audit findings. As a result, there was no automated way to follow up on assigned tasks and enforce accountability. The lack of automation also made it difficult to create reports for the governing board’s risk management committee. Aware of the shortcomings of this manual process, management decided to move to an enterprise risk man- agement system. The company already relied on Protiviti as its co-sourced internal audit partner. In 2012, Matthew Vickers, manager of risk, internal audit and business improvement, decided to evaluate the capa- bilities of Protiviti’s Governance Portal for risk and internal audit management. Impressed with the Portal’s demonstrated capabilities, as well as its high ratings by a recent Forrester Wave report on governance, risk and compliance (GRC) platforms, Vickers selected the Governance Portal as the risk management system for Coal Services. The system went live in February 2013. Powerful Insights Protiviti’s GRC experts set out to rebuild the entire risk management and assurance framework. We created a user interface where each risk can be rated, a risk owner identified, and an action plan set up to mitigate the risk. We set up automated alerts for key actions and deadlines to help keep risk owners accountable and on schedule. We used a similar approach for the completion of internal audit recommendations. To facilitate adoption and reduce time spent navigating the extensive Portal environment, our team worked with business users to create landing pages customized to their specific needs and to build report templates ready for use. Automation, usability and accessibility were touchstones of the implementation and made a dif- ference in how quickly the Portal was accepted by the user base.
  • 10. 6 Protiviti’s Governance Portal – Client Insights Proven Delivery Automation and Accountability The automated risk management and mitigation alerts are invaluable to the company in maintaining ac- countability among the audit team – something impossible in the old spreadsheet-based audit system. With the Portal, once the risk has been successfully mitigated, it can be closed out. “The system eliminates any questions related to whether a spreadsheet has been updated to reflect an updated status,” said Vickers. “We can see who is closing out their audit findings quickly, and for those who require more time, we can see whether or not they are making progress toward closing.” A Simple User Interface One of Vickers’ key goals was to make it as easy as possible for business users to navigate the Portal – and Protiviti delivered. “Business users don’t need to see everything our team sees, and Protiviti did a great job of customizing and simplifying the specific landing pages for business users,” said Vickers. “They see only what they need to see, which has encouraged them to use the system.” Improved Reporting The ability to rate risks and automate follow-up has driven consistency in the audit approach and stream- lined report writing. Coal Services uses the reports prebuilt by Protiviti to automate the reporting process. Data now goes straight from system-generated searches to formatted PDF reports. “We now have a modern risk management framework that is based on scoring risk, which makes our reports far more useful to the management team,” said Vickers. Cloud-Based Hosting By relying on the cloud-based hosting option for the Governance Portal, Coal Services has eliminated the need for hardware or software locally. “The cloud option eliminates IT complexity and drives down costs,” said Vickers. “It also means our auditors and business users can complete work anytime from anywhere with an Internet connection.” With the Governance Portal as the foundation of the governance and risk framework at the company, Vickers is planning to expand its use, starting with implementing a compliance module over the next year. “Protiviti has been excellent to work with, and we regularly rely on their expertise in risk management and internal audit,” said Vickers. “The relationship we have with Protiviti is extremely beneficial to Coal Services.” “ WE NOW HAVE A MODERN RISK MANAGEMENT FRAMEWORK THAT IS BASED ON SCORING RISK, WHICH MAKES OUR REPORTS FAR MORE USEFUL TO THE MANAGEMENT TEAM.”
  • 11. 7Protiviti’s Governance Portal – Client Insights JELD-WEN turns to Protiviti and Governance Portal for timely SOX compliance Client Challenge Headquartered in Klamath Falls, Oregon, JELD-WEN is one of the world’s leading manufacturers of win- dows and doors. The company’s extensive product line is sold globally through multiple distribution channels, including retail home centers, wholesale distributors and building products dealers. JELD-WEN has approxi- mately 20,000 employees in 20 countries across the Asia-Pacific region, Europe and the Americas. Since JELD-WEN’s founding more than 50 years ago, the company has expanded globally through a series of acquisitions. A consequence of this was that management of the organization was decentralized, and most of the acquired companies continued to rely on their existing accounting and manufacturing software and proce- dures. In addition, JELD-WEN had neither an internal audit department nor a formal program of controls and procedures to ensure the validity of the company’s financial records. In 2010, prior to the company’s acquisition by the Canadian firm Onex, JELD-WEN voluntarily chose to seek Sarbanes-Oxley (SOX) compliance, believ- ing that engaging in the best practices required for the SOX process would benefit the dispersed organization. The project was the first true corporate initiative launched across all three regions. Michael Higgins, global Sarbanes-Oxley manager at JELD-WEN, was brought in to lead the SOX program, including the implementation project, and to form an implementation consulting team with deep SOX expertise. Higgins, who had previously used the Protiviti Governance Portal to run a very successful SOX program at his former employer, a global leader in advanced embedded solutions for communications networking and commercial systems, brought Protiviti on board to assist JELD-WEN with the compliance effort. “I knew there were other products and vendors out there,” said Higgins, “but I knew the Governance Portal worked well and had the capability to support and manage an ongoing program of the size that JELD-WEN would require.” Powerful Insights Starting the project voluntarily in 2010 and Higgins’ decision to implement the Protiviti Governance Portal proved fortuitous. When JELD-WEN was purchased by Onex only nine months after the start of the proj- ect, the company suddenly had only one year to comply with key elements of the Canadian version of SOX. “Fortunately, we were able to get started very quickly,” said Higgins. “The Protiviti implementation team was able to build out our SOX portal and begin training my core consulting team within a month. Thanks to the Governance Portal, despite the challenges associated with a global rollout with remote locations and language differences, we successfully met the one-year deadline.”
  • 12. 8 Protiviti’s Governance Portal – Client Insights As a result of the implementation work performed by the Protiviti Governance Portal team, all JELD- WEN entities, more than 110, have been incorporated into the Governance Portal. With the program fully implemented across the organization, process control owners have a single site for reviewing control processes, obtaining flowcharts and providing documentation to support testing. The Governance Portal makes it easy for the JELD-WEN SOX team to analyze the relationships among objectives, risks, controls and tests. Proven Delivery The deployment and powerful capabilities of Protiviti’s Governance Portal have enabled four key areas of a sustainable SOX program at JELD-WEN: universal access, flexible change management, highly efficient workflows and reporting. Universal Access Protiviti’s Governance Portal enables more than 1,000 JELD-WEN control owners, as well as the SOX consultants and more than 20 testers from the company’s outside testing provider, KPMG, to log in securely from anywhere – office, home, hotel room or airport lounge – at any time. This capability was essential during development of the program, as JELD-WEN had as many as 26 consultants globally, all of whom were able to access the Portal daily to upload flowcharts, create risk control matrices and perform tests – all without requiring a desk in a JELD-WEN office or even a guest account on the JELD-WEN network. Today, the flexibility to access the Governance Portal from anywhere enables everyone involved in the SOX program to be more productive and the entire process to be more cost-efficient. Flexible Change Management JELD-WEN performs change management much more efficiently using the Governance Portal’s Assess- ment Management Engine. Control owners fill in self-assessment surveys on a quarterly basis, making it easy for the company to document the significant number of changes in processes, personnel and process ownership that occur in that period. At the end of each quarter, the regional SOX coordinators use this documentation to update flowcharts, process controls and the test plans for each control. “With 46 locations spread out across North America, the ability to have the process owners enter their information locally and the regional coordinators access it from their locations has drastically reduced the time and cost of change management,” said Higgins. Highly Efficient Workflows The Governance Portal’s robust capabilities and functions allowed JELD-WEN to streamline the develop- ment and ongoing operation of its SOX program as follows: • The task functionality enables the JELD-WEN SOX implementation team to assign controls and process flows to process control owners for their initial review and confirmation. With the SOX program in place, the SOX team is also able to assign tasks to outside testers, as well as specify when a test should start, when it should finish and who should perform quality assurance review. The status of tasks can be monitored centrally in the Governance Portal. “ THE PROTIVITI IMPLEMENTATION TEAM WAS ABLE TO BUILD OUT OUR SOX PORTAL AND BEGIN TRAINING MY CORE CONSULTING TEAM WITHIN A MONTH. THANKS TO THE GOVERNANCE PORTAL, DESPITE THE CHALLENGES ASSOCIATED WITH A GLOBAL ROLLOUT WITH REMOTE LOCATIONS AND LANGUAGE DIFFERENCES, WE SUCCESSFULLY MET THE ONE-YEAR DEADLINE.”
  • 13. 9Protiviti’s Governance Portal – Client Insights • The action plan functionality enables the JELD-WEN SOX team to guide process control owners in remediating controls that have failed a test. Action plans include a start date, due date, the person on the SOX team responsible for reviewing the remediation and, if appropriate, a requirement that the control owner upload supporting documentation when remediation has been completed. Action plans can also be centrally monitored in the Governance Portal. • The template library, which includes templates for risks, controls, objectives and test plans, made it far easier for the JELD-WEN SOX implementation team to add each of its more than 150 locations by simply entering the location into the system and importing the appropriate templates from the library. This eliminated the need to create from scratch an entirely new organizational structure for each new entity or acquisition. “The template library continues to help us add subsequent locations and acquisi- tions,” said Higgins. • The mass upload function enables the JELD-WEN SOX team to update all relevant records with a single click. Using templates, JELD-WEN is able to easily update testers, dates, control information and more. “JELD-WEN has nearly 3,000 controls in the Governance Portal,” said Higgins. “When a field needs to be updated, it’s far faster to use the mass upload function rather than going one-by-one through the controls.” Reporting The Governance Portal enables JELD-WEN’s SOX team and senior management to gain insight into the SOX program through a variety of ad hoc searches, dashboards and reports. The SOX implementation team developed reports to monitor the status of process documentation and testing daily. The team also devel- oped a global test results report. JELD-WEN makes extensive use of the ability of the Governance Portal to export its data to Microsoft Excel, which the SOX team uses to create easy-to-read graphical charts and pivot tables. “The reporting capabilities in the Governance Portal have made it easier to satisfy our reporting require- ment, while providing the SOX team and senior management with a much clearer picture of the risks facing the organization,” added Higgins. “ THE REPORTING CAPABILITIES IN THE GOVERNANCE PORTAL HAVE MADE IT EASIER TO SATISFY OUR REPORTING REQUIREMENT WHILE PROVIDING THE SOX TEAM AND SENIOR MANAGEMENT WITH A MUCH CLEARER PICTURE OF THE RISKS FACING THE ORGANIZATION.”
  • 14. 10 Protiviti’s Governance Portal – Client Insights U.S. manufacturer streamlines field audit with Protiviti’s Governance Portal Client Challenge Our client, one of the world’s leading manufacturers, with headquarters in the United States and multiple retail and distribution locations throughout the U.S., needed to develop a field audit solution for display tracking. The company supports its network of retail sales representatives by providing them with display systems, which hold flip-through binders of samples. These systems are placed in retail stores and are maintained by the sales rep- resentatives. However, the company did not have an efficient system for tracking these displays – such as their current locations, whether they have been moved from one location to another and the condition they were in. The client uses the sample binders as a primary means to educate and promote its product to the retail customer. Ensuring the binders are available and in good shape is essential to the company’s marketing and sales strategy. In 2013, the company decided to develop a field audit solution to improve the tracking of these display sys- tems. The company consulted with its internal audit partner, Protiviti, on the best way to address the issue. We proposed developing a tablet-based field audit solution, which sales representatives could use to conduct a field audit while in a store. The company management agreed to the proposal, and the Protiviti internal audit team contacted the Protiviti Governance Portal team for assistance with the proposed solution. Powerful Insights The Protiviti team collected the company’s requirements for the audit and efficiently set up and deployed a program for a mobile-device-enabled audit that covered 180 store locations and 450 displays. Using their tablets, the sales representatives completed their audits by ranking display details through drop-down rating fields and adding commentary if needed. The audit management team was then automatically notified that a field audit had been completed, and the data was consolidated at the company headquarters. The audit process was intuitive, simple and straightforward, and was received extremely favorably by the users. “Despite a tight deadline and limited budget, Protiviti quickly created and deployed the field audit solu- tion,” said the company manager of residential sales operations. “Initially, some of our reps were concerned about having to take the extra time to do the in-store audit, but they found that it was easy to use and did not take more than five minutes.” Proven Delivery The new field audit program fully addressed the needs of the internal audit team, enabling field reps to report timely and accurately on the status of the displays in stores. Previously, the audits were performed manually and required multiple steps to consolidate and report on the results – a cumbersome process that was stream- lined and made much more efficient with the Governance-Portal solution. As a result, the company is now looking to adopt the Governance-Portal-enabled field audit as a standard practice at all its locations.
  • 15. 11Protiviti’s Governance Portal – Client Insights About Protiviti’s GRC Practice and Governance Portal Protiviti’s GRC experts have worked with thousands of global clients to deliver targeted GRC software solu- tions that address their immediate needs, while facilitating convergence toward fully integrated, value-added GRC practices. The Protiviti Governance Portal is a comprehensive software platform that integrates content and com- monly accepted and proprietary frameworks with world-class consulting expertise to provide organizations with the visibility and insight needed to manage and mitigate current and future risk and compliance issues. The Governance Portal integrates process, knowledge and technology to help clients: • Start the GRC program quickly, using out-of-the-box content and templates • Execute GRC tasks efficiently, using proprietary GRC content that provides industry normative guidance • Create a self-sustainable GRC program by easily configuring the Governance Portal to meet each organization’s GRC program requirements, methodology and terminology • Add value by converging multiple GRC activities • Rely on real-time reporting and dashboards to provide executives with a holistic view of all GRC efforts For additional information about the issues reviewed here or Protiviti’s services, please contact: Scott Wisniewski +1.312.476.6302 scott.wisniewski@protiviti.com About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Named one of the 2015 Fortune 100 Best Companies to Work For® , Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
  • 16. ASIA-PACIFIC AUSTRALIA Brisbane Canberra Melbourne Perth Sydney CHINA Beijing Hong Kong Shanghai Shenzhen INDIA* Bangalore Mumbai New Delhi JAPAN Osaka Tokyo SINGAPORE Singapore * Protiviti Member Firm THE AMERICAS UNITED STATES Alexandria Atlanta Baltimore Boston Charlotte Chicago Cincinnati Cleveland Dallas Denver Fort Lauderdale Houston Kansas City Los Angeles Milwaukee Minneapolis New York Orlando Philadelphia Phoenix Pittsburgh Portland Richmond Sacramento Salt Lake City San Francisco San Jose Seattle Stamford St. Louis Tampa Washington, D.C. Winchester Woodbridge ARGENTINA* Buenos Aires BRAZIL* Rio de Janeiro São Paulo CANADA Kitchener-Waterloo Toronto CHILE* Santiago MEXICO* Mexico City Monterrey PERU* Lima VENEZUELA* Caracas © 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet. PRO-0315 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. SOUTH AFRICA* Johannesburg EUROPE/MIDDLE EAST/AFRICA FRANCE Paris GERMANY Frankfurt Munich ITALY Milan Rome Turin THE NETHERLANDS Amsterdam UNITED KINGDOM London BAHRAIN* Manama KUWAIT* Kuwait City OMAN* Muscat QATAR* Doha UNITED ARAB EMIRATES* Abu Dhabi Dubai