×
Case Study

Global Child Development NGO Automates Risk-based Internal Audits through a Cloud-based Audit Management Solution

The Client: Global Child Development NGO

Overview

As an internationally recognized Non-Governmental Organization (NGO), the client constantly strives to balance its commitment to humanitarian work, with the need to mitigate multiple risks ranging from child labor, to corruption and misappropriation of funds. At every step, transparency and accountability is critical for the organization to sustain its reputation, and increase the confidence and trust of donors, beneficiaries, and stakeholders.

In this regard, risk management and internal audits play a key role in the client's operations. However, as an NGO which depends almost entirely on donor funds, the client faces the dual challenge of not only implementing comprehensive and sophisticated internal audits, but also ensuring that these audits are lean and cost-efficient. This is where MetricStream proved to be an effective fit for the client's requirements. MetricStream was able to provide the tools and capabilities to enable best-in-class internal audit processes, while also optimizing costs through a cloud-based deployment model, automated workflows, and extensible and flexible GRC platform.

The solution was implemented within just a month, helping the client realize its benefits very quickly. Moreover, the solution's scalability and support for multiple languages is enabling the client to seamlessly unify internal audit processes across the global enterprise

Solution

MetricStream Audit Management Solution has enabled the client to integrate audit processes and entities on a common platform for improved collaboration and top-level visibility. It has also streamlined the complete internal audit lifecycle, while automating workflows such as risk tracking and audit reporting.

Using the solution, the organization can efficiently capture and analyze risks from across the enterprise, and leverage this risk intelligence to plan internal audits, prioritize audit schedules, and manage audit budgets efficiently and cost-effectively. Auditors can also leverage the solution to manage every stage of the audit process, and enable real-time tracking of audit processes and issues.

Below in greater detail are the capabilities of the MetricStream solution:

Risk-Based Internal Audit Planning 
The MetricStream solution enables the client to document, manage, and assess all risks in a single point of reference. Configurable risk methodologies and algorithms support in-depth risk assessments and computations, providing a clear view into the organization's risk profile, and enabling internal auditors to develop systematic, risk-based internal audit plans. The solution also enables the client to organize audits in a logical structure with detailed checklists, evaluation and pass/ fail criteria, audit tasks, assigned auditors, and due dates.

Audit Scheduling and Resource Management
With the MetricStream solution, the client has the flexibility to schedule audits either on a periodic or ad hoc basis. Automatic notifications, sent to the relevant auditors and auditees, keep the process on track. The solution also helps assign audits based on allocated budgets, and tracks the time and cost spent on internal audits to optimize resource utilization. Capabilities for auditor profile management, auditor timesheets, budget tracking, distribution lists, and shared calendars help improve the efficiency and productivity of internal audits.

Audit Execution and Offline Field Work
The MetricStream solution supports offline audits, allowing data to be captured on handheld devices without access to the corporate network. This data can automatically be synchronized with the central audit database later. Thus, internal auditors at the client organization can view their task checklists, and record their qualitative and quantitative findings along with detailed observations, recommendations, and attachments – all from the convenience of their tablets or smart phones. The data can then be routed to audit managers for review and subsequent action, or to auditees for their responses on specific issues observed.

Audit Findings/Issue Management
After the audit findings are documented and prioritized, the MetricStream solutions helps trigger a systematic investigation and remediation process, supported by automatic notifications and alerts. The client can track the status of these issues in real time through the solution's powerful reporting functionalities.

Audit Reporting
The MetricStream solution automatically generates a range of internal audit reports in predefined formats based on audit findings and data. It also provides real-time visibility into each stage of the internal audit process, supported by a complete history of audit data. Graphical dashboards with drill-down capabilities help the client view audit metrics by a variety of parameters such as auditee, schedules, findings, and issues.

Multi-language Support
In keeping with the client's aim of bringing together global internal audit processes in a single framework, the MetricStream solution provides support for multiple languages. Therefore, internal auditors across the client's global locations will be able to collaborate more effectively, coordinate internal audit tasks and assignments, share audit findings across the enterprise, and build a more cohesive and robust internal audit program.

Cloud-Based Deployment
MetricStream deployed its audit management solution over MetricStream Cloud to help the client realize faster-time-to-value and low total-cost-of-ownership. Within a month, the solution was up and running, enabling the client to enjoy the benefits of an automated, streamlined, and integrated internal audit framework in a state-of-the-art and secure cloud environment.

Challenges

Before implementing MetricStream's solution, the client encountered the following challenges:

  • Complex and time-consuming manual processes for tracking and assessing risks
  • High possibility that errors could be made or risks missed while initiating risk-based internal audits
  • Multiple bulky and inconvenient spreadsheets for managing audit field work and reporting
  • Increasing costs and resource inefficiency of internal audit processes
  • Lack of sufficient top-level visibility to monitor risks and internal audits

Why MetricStream was Selected?

The client chose MetricStream for the following reasons:

MetricStream's integrated approach to internal audit management enables NGOs to improve risk transparency and accountability for donors, beneficiaries, and other stakeholders.

MetricStream's workflow automation capabilities improve the efficiency and productivity of internal audits.

MetricStream's state-of-the-art virtualization and cloud technology accelerates and simplifies the deployment of GRC applications, while also providing excellent reliability and security.

Capabilities such as multi-language support enable global deployment of the solution, and help improve the effectiveness of audit processes.

The flexibility of the MetricStream solution allows it to be mapped to each organization's unique audit processes and hierarchies.

MetricStream GRC Platform provides the extensibility to address not only internal audits, but other related GRC processes such as enterprise risk management and regulatory compliance.

Benefits

  • Sharper focus on risk
    The MetricStream solution provides advanced capabilities and tools for risk assessments, helping the client identify high-risk areas in the organization, and accordingly plan and prioritize internal audit tasks, schedules, and budgets.
  • Increased internal audit efficiency
    The MetricStream solution automates multiple resource-intensive processes such as risk monitoring and audit notifications and alerts. This enables the client to do away with cumbersome manual processes, and save resources, time, and effort. It also minimizes the possibility of errors.
  • Improved audit collaboration and coordination
    Since all audit processes and entities are consolidated on a single, centralized platform, there is greater collaboration and communication on audit plans, tasks, and reporting processes across business departments, units, and locations.
  • Greater risk and audit transparency
    Through powerful dashboards and reporting capabilities, the solution enables the client to effectively assess and track risks across the organization. It also helps monitor the progress of internal audit processes in real time to proactively identify and address areas of concern as well as opportunities.
  • Reduced costs
    By deploying the solution over MetricStream Cloud, the client has minimized the need for internal IT resources, while enjoying a high return on investment.
lets-talk-img

Ready to get started?

Speak to our GRC experts Let’s talk