BCBS Affiliate strengthens its Healthcare Compliance through Automation and I...
Internal Audit Solution
1. CASE STUDY
MetricStream INTERNAL AUDIT SOLUTION FOR A GLOBAL BANK
Overview
One of the world’s leading global wealth management, a top global investment banking and securities
firm, and one of the largest global asset management company having billions in client asset.
Challenge
Currently, the Internal Audit Group supports the bank’s internal audit processes, from risk assessment
to issue tracking, with multiple point solutions and software applications which includes in-house
developed applications, legacy applications as well as vendor solutions. The bank’s plan is to replace
the existing silos of disintegrated internal audit systems with a new, fully integrated and state-of-
theart solution that would foster oversight and transparency and ensure compliance with the banks
Customer standards. The implementation of the new solution should also result in significant efficiency gains
A TOP GLOBAL BANK through improved user support, in particular the elimination of duplicity and ease of use. The solution
should be able to eliminate errors and inconsistencies through standardized data collection and
analyze process across the enterprise.
Benefits The solution should also enable the bank to comply with a vast number of national and international
regulations across its vast global operation such as compliance with Client Identifying Data (CID),
Provides a systematic and consistent riskbased in- Bank secrecy act, etc. Further, the system should interface and integrate with a number of external
ternal audit process across business units, divisions, systems that are a part of the existing IT infrastructure at bank. While the bank intends to implement
global locations and sites a new Internal Audit System, it has established audit management processes that are based on the
best practices in the industry and the solution has to be flexible and adaptable to enable the bank to
Increases the efficiency of the audit process and preserve these processes while ensuring smooth adoption and implementation of these established
shorten cycle times as tasks are automatically as- processes across its operations consistently and efficiently. Moreover, the system should be highly
signed and tracked from one stage to the next flexible for it to easily support the future business needs as well as the evolving business processes.
Improves communication and teamwork on complex
audit processes across departments and functional Evaluation and Selection
areas
The bank undertook a comprehensive evaluation of the existing incumbent vendor along with all the
Eliminates audit errors and inconsistencies with a leading GRC platform vendors. The systems were examined in detail for integrated capabilities of
standardized data collection and analysis process Internal Audit and Risk Management along with Compliance and Document Management. Compre-
across the enterprise hensive functionality such as micro risk assessment, audit inventory, operational planning, audit
scheduling, audit plan execution, work-paper management, audit issue monitoring and followup, issue
Accelerates and streamline the internal audit cycle, tracking, document management, etc was key to success for the bank.
including development of findings, recommendations,
action plans and closure cycles by implementing a
closed-loop process for internal audit management In addition to the functional requirements, the evaluation process involved performing severe security
tests, load and stress tests, integration tests, architecture compatibility tests, etc on the pilot de-
Provides enterprise-wide visibility into the audit ployed in multiple locations.
process and metrics for better risk management and
assured compliance
After an extensive evaluation over a period of six months, MetricStream emerged as their preferred
Improves the efficiency of the audit staff enabling
choice. The MetricStream’s Internal Audit solution was proven to scale globally and the platform ap-
them to be focused on more valueoriented functions proach provided an edge for its ability to provide an integrated GRC solution, which not only includes
such as analyzing and recognizing trends in the audit Internal Audit and Risk management but also Compliance and Document management.
data
Solution
The MetricStream solution will enhance the internal audit team’s productivity by enabling it to unify
and analyze cross-departmental audit data, quickly and efficiently. The team will now be able to ac-
cess the data directly from a centralized data repository with multiple auditors working simultaneously
across the globe.
The solution will also enable the auditors to record, track, and monitor qualitative or quantitative audit
findings across different business groups and across different geographies. The findings will be re-
tained along with all the detailed observations and recommendations in predefined formats. A unique
offline capability that allows auditors to enter audit findings in notebook, computers, or handheld
devices at remote field sites will be provided. Further, the solution will include time-tracking capability
to capture the time spent in auditing for optimal resource utilization.
2. MetricStream
The MetricStream platform includes built-in workflows for reviewing responses for approval or rejec-
Why MetricStream tion with options to initiate remedial actions for undesirable variations and trends, and to schedule
follow-up audits. This will enable the system to automatically route audit findings, observation reports,
Scalability: The MetricStream solution proved its and auditors’ recommendations for review and subsequent actions to the audited entity.
mettle through pilot rollout across multiple locations
for its ability to provide a highly flexible solution that The MetricStream platform’s built-in reporting engine will provide comprehensive capabilities to the
can adopt new complex business process, scale-up
bank for compiling audit reports and work-papers. It will allow access to the bank’s data and history,
globally without sacrificing performance, integrate
with multiple bank systems for exchange of data, etc. and performance analysis of the auditors. Graphical executive dashboards and flexible reports with
MetricStream Enterprise Compliance Platform archi- drill-down capability will provide statistics on a variety of parameters including audited entities, audit
tecture emerged as highly scalable with the ability to schedule and calendar, filed reports, and corrective and remediation actions triggered.
support increasing number of transactions, users, and
data volume. Over 10,000 users access the system
and scalability was a key driver for MetricStream’s
The solution will also support the handling of highly sensitive data (e.g. Client Identifying Data,
selection. personal information) globally, i.e. no cross border access of certain data types is possible. A flagging
mechanism identifies a certain information or record as sensitive and the store of that information is
Comprehensive Functionality: The solution was ex-
handled in a specialized manner such as storing in a specific instance of a database or encryption of
amined for integrated end-to-end internal audit func- the data stored.
tionality for managing the complete audit lifecycle.
MetricStream’s broad suite of web-based solutions
that are designed to enable banks to manage risk and
compliance management processes and activities
across a wide range of disciplines, including auditing,
regulatory compliance, risk management, industry
standards, quality programs and other corporate
governance initiatives.
Technology Platform: MetricStream Enterprise Com-
pliance Platform technology architecture provided
unmatched configurability and integration capability –
elements that were imperative for success of the
project. The platform is designed to serve as the
nucleus of an organizations’ corporate governance
ecosystem, coordinating all GRC management activi-
ties throughout the enterprise via a single manage-
ment system.
For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.