Our client is a global leader in media and entertainment, with approximately 34,000 employees and four operating divisions worldwide. The company has 750 auditable entities across all divisions, and in its internal audit process tracks no less than 50 standard risk objectives, 16 standard processes and 1,100 information technology (IT) systems. In performing these audits, the company relied on a variety of home-grown and off-the-shelf systems and spreadsheets for risk assessment, audit documentation and work paper tracking. In 2013, management decided to replace this hodgepodge collection of auditing tools with a centralized audit solution. After exploring several options, the company chose the Protiviti Governance Portal based on its configurability and true integration of risk assessment results into the audit plan and process.
Prior to rolling out the full solution in February of 2014, Protiviti’s Governance Portal experts helped company management conduct two pilot programs: The first, a “conference room pilot,” was designed to run through the entire process, from risk assessment to audit reporting, and involved the participation of every level of financial and IT auditor in the company. The internal audit team then used the auditors’ feedback to make configuration adjustments to the Governance Portal and to refine the training manual. Following this initial pilot, a second pilot was launched, which included the chief auditor, two vice presidents and two executive directors.
With the help of the Governance Portal, the company consolidated all its risk assessment and audit data into a single system, allowing risk assessment activities to support and drive audit activities. The Governance Portal also enabled the client to enhance and simplify the auditors’ experience.
Configurability. The built-in configurability of the Governance Portal enabled the audit team to customize the system to fit the company’s risk assessment and audit methodology instead of forcing auditors to adapt their methodology to the system—which was an issue with other solutions evaluated.
As part of configuring the solution, Protiviti helped the audit team develop and document a taxonomy of standard risks and processes in the Governance Portal. Using this standardized list, users can evaluate and document their activities against it simply by checking boxes. The taxonomy in the Governance Portal also ensures that auditors see all of the risks that are applicable to a particular process and can decide which processes are in scope for the audit, greatly simplifying decision-making.
Protiviti also helped automate a number of audit and risk activities, including data collection related to budgeting audits and advanced calculations related to the risk assessment process.
Searching and Reporting. Prior to using the Governance Portal, the company’s data typically resided in spreadsheets and text documents, which did not support easy or quick summary reporting. The Governance Portal supports almost instant retrieval of large amounts of live data. Protiviti helped the audit team create a number of standard searches in the Governance Portal; users also can define their own specific queries, which can then be integrated with the Governance Portal’s built-in reporting capabilities.
The reporting feature in the Governance Portal supports a variety of output formats, including pivot tables, charts and graphs, as well as conditional formatting. These powerful reporting capabilities allow auditors to report on risk assessment and audit activities across the audit team using the most informative format. The centralized data model enables the company to look across the business and analyze trends related to risks, controls, audit tests and audit findings, providing much deeper insight into the business.
“The Protiviti Governance Portal gave us the flexibility to track our processes and risks the way we wanted to,” said an internal audit executive. “It also has the robust reporting capabilities we need and it makes it easy for our users to enter information no matter where they are located.”
With the initial phase of the Governance Portal deployment completed, audit executives are looking forward to the next phase. The company is planning to use the Governance Portal to manage its anti-corruption and Foreign Corrupt Practices Act (FCPA) programs, as well as implement action plan tracking and an audit satisfaction survey. The company plans to eventually use the Governance Portal for all internal financial, IT and process audits.