Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION



Similar documents
<risk> Enterprise Risk Management

Enterprise Risk Management in Compliance 360

LEVERAGE TECHNOLOGY TO EMPOWER INTERNAL AUDIT

How To Improve Your Business

INTERNAL AUDIT SOFTWARE BUYER S GUIDE

Integrated Governance, Risk & Compliance for Academy Trusts

ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES

The Power of Risk, Compliance & Security Management in SAP S/4HANA

How To Manage A Public Safety Department Risk Management Program

Process Control Optimisation with SAP

Functional and technical specifications. Background

ITIL A guide to service asset and configuration management

Global Industrial Manufacturer

WHITE PAPER. Governance, Risk and Compliance (GRC) - IT perspective

The SAS Transformation Project Deploying SAS Customer Intelligence for a Single View of the Customer

RSA ARCHER OPERATIONAL RISK MANAGEMENT

PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution

Fortune 500 Medical Devices Company Addresses Unique Device Identification

ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS

REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS

Managing Amazon Web Services within a Hybrid IT model

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

ethic Audit Solution

Automate Complex Pay Rules While Streamlining Time and Attendance Management

Environmental Management System & Compliance Suite. Web-based Environmental Software Boost your bottom line. Build a better world.

AMBIT LOAN ORIGINATION A New Approach

THE WEB S FAVOURITE INTEGRATED SOURCE TO PAY SOLUTION

agility made possible

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Optimizing Automation of Internal Controls for GRC and General Business Process Compliance

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Enhance visibility into and control over software projects IBM Rational change and release management software

Sales Management Solution

Moving Forward with IT Governance and COBIT

Module 6 Essentials of Enterprise Architecture Tools

MAGENTA KEYLINE IS A CUTTER GUIDE, DO NOT PRINT. PLEASE SET TRAPPING THROUGHOUT

BEACON Loan Management Platform. The faster, smarter and cost-effective way to automate your lending business

Digital Marketing. SiMplifieD.

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Business Process Management & Workflow Solutions

ASSET ARENA PROCESS MANAGEMENT. Frequently Asked Questions

Integrated Stress Testing

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

Governance, Risk, and Compliance (GRC) White Paper

IBM Cognos 8 Controller Financial consolidation, reporting and analytics drive performance and compliance

OBLIGATION MANAGEMENT

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

Corporate Challenges in Model Risk Management : Moving Beyond Model Inventory. Iain Wright Ian Francis, IBM 4 June 2015

Balance collections with retention for each customer. Decision Analytics for debt management in telecommunications

Eight principles of risk convergence

ENTERPRISE RISK MANAGEMENT POLICY

4net Technologies. Managed Services and Cloud Solutions

IBM Tivoli Netcool network management solutions for enterprise

Innovation in Work Health and Safety Solutions

DATA GOVERNANCE AT UPMC. A Summary of UPMC s Data Governance Program Foundation, Roles, and Services

Risk & Hazard Management

Digital Marketing. Simplified.

Self-Service Business Intelligence: The hunt for real insights in hidden knowledge Whitepaper

Outperform Financial Objectives and Enable Regulatory Compliance

Chartis RiskTech Quadrant for Model Risk Management Systems 2014

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Enabling Agile, Efficient and Reliable Global HCM Through Integrated Payroll

DTZ Corporate Finance Limited Pillar 3 Disclosures as at 30 April 2009

Data Governance for ERP Projects

UNCOVER WHAT S HIDDEN IN YOUR SAP ERP DATA TO HELP CUT COSTS AND RAISE COMPLIANCE

An Introduction to Continuous Controls Monitoring

Add a new perspective to your supply chain management.

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

HYBRID CLOUD SERVICES HYBRID CLOUD

Supporting Compliance Management with Technology

Managed Services. Business Intelligence Solutions

PROCESSING & MANAGEMENT OF INBOUND TRANSACTIONAL CONTENT

Regulatory Compliance Management for Energy and Utilities

CIC Audit Review: Experian Data Quality Enterprise Integrations. Guidance for maximising your investment in enterprise applications

BPM IN F&A THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH. xchanging.com BUSINESS PROCESS MANAGEMENT 1

Finance Effectiveness Efficiency

Managing global tax reporting challenges

A Tipping Point for Automation in the Data Warehouse.

35 Examples How Sales Teams Benefit from Microsoft Dynamics CRM

IBM's Fraud and Abuse, Analytics and Management Solution

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

DNBi Risk Management. Use Unparalleled Data to Boost Performance

Global Support Center

Growing Vendor Management

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

ITSM Process Description

Gain superior agility and efficiencies with enterprise origination solution. Finacle Origination

Ultracomms Cloud Solutions

<workers> Online Claims and Injury Management

1. Talecom from BT. Talecom from BT. Service Definition

Integrated global treasury management

Recruitment Process Outsourcing Methodology Statement

Request for Proposal for Application Development and Maintenance Services for XML Store platforms

Run and grow your care home facility with speed and ease The smart guide to your CareBlox solution

SYSTEM OVERVIEW SYSTEM OVERVIEW MANAGE, MAINTAIN, COMMUNICATE AND AUTOMATE ALL OF YOUR HR-RELATED ACTIVITIES. One System. Infinite Possibilities.

Case Management. itouch Vision. This document gives an overview of Case management and discusses the different features and functionality.

Patient Relationship Management

Transcription:

Introduction Emerging trends in the banking sector due to globalisation, liberalisation, increasing environment complexity, regulatory requirements & accountability is driving banks in India to adopt & implement technology driven solutions to manage a structured approach to governance, risk & compliance initiatives. Management requires accurate information on risk assessments, effectiveness of controls & regulatory compliance to efficiently manage banking operations. It is becoming increasingly essential to implement technology driven solutions to manage & provide critical information on audit & assurance initiatives. This case study covers the details of the implementation of Pentana Audit Work System into ICICI Bank, presenting the challenges, solutions and the results achieved. Customer Profile ICICI Bank, a large private sector bank with global operations, has implemented large technology based solutions for various business needs. They were in need of an effective integrated system for their Internal Audit Department (IAD), and their business requirement was for an end-to-end integrated technology solution for risk based internal audit management. The bank implemented Pentana Audit Works System (PAWS), Retain Resource Planner through Pentana Ltd and AUDITime Information Systems (I) Ltd for consulting and implementation services, successfully achieving their requirements while adding substantial value and benefits to their initiatives. KEY BENEFITS: A Single Stop of Audit Information for all Stakeholders Increased Efficiency and Effectiveness in Audits and Assessments Risk Based Audit Planning with real-time Information on Patterns & Trends in Risks Boost in Productivity of Auditors & Effective Mechanism of Monitoring Audits Achieved Significant Cost Savings Eliminated Gaps and 40 % Duplication in Coverage Improved Visibility, Enterprise Wide Risk and Audit Landscape Report Automation Online real-time Issue Closure Cycle Score & Parameter Based Rating System with Qualitative Dimension of Risk Analysis Adoption of Best Practices and Adherence to RBI Guidelines

STRUCTURE Complex audit universe structure. Complex business domain structures. Complex representation needs of business units in the risk, audit and compliance department. Dynamic and evolving structures due to business volatility. AUDIT PLANNING Planning structured for some domains, ad-hoc for others. Absence of uniform and standardised planning. Implementing risk based audit planning for all domains. Necessity for clear visualisation of trends in risks. Resource management, planning and time management. PROCESS Complex approach to executing planned audits. Requirement to incorporate intricacies of manual audit flow. Complex issue closure process. Well defined framework for audit universe, structure to include all business processes, units, functions and all types of audits. Scalable and flexible structure created to manage dynamic changes in business structures. Structures presented by business units were represented in PAWS incorporating perspectives pertinent to the audit department for performing their activities. Structured parameters for planning based on regulatory & management requirements implemented for all domains. Centralised one system for planning and scheduling. Unified approach to Risk Based Audit Planning (RBAP). Better visualisation of patterns & trends by extensive collation of risk assessment results for present & past assessments. IT governance & risk parameters defined for Information System Audits. Efficient, effective, streamlined implementation of risk assessment and audit process enabled auditors to concentrate on areas with high risk, reduce efforts for mundane tasks added, increase frequency, repeatability and reduce costs. All aspects of present processes replicated in the system. Simplified extensive issue and action closure processes incorporated into the system to make it online and real-time. METHODOLOGY Prolonged and ad-hoc approach in building Key Risk Indicators (KRI) and controls. Inadequate dissemination of assessment guidance. Inconsistent approach to assessments by different domains. Need to attune the risk scoring method for better analysis. Requirement for streamlining risk and control attributes. Integrated governance risk compliance management system. REPORTING AND ANALYSIS Need for extensive comparative real-time reporting. Integrated governance risk compliance management system. Requirement for analysis dashboards and report automation. Mechanism to conveniently build Key Risk Indicators (KRI) and controls. The PAWS system enabled enhanced hierarchical presentation of processes, risk, controls and tests (verification measures). Implemented a standard approach to assessments for all domains with standard checklists and assessment guidance. Implemented standard checklist format with archival, attributes for risk and controls and internal control over reporting. Instantaneous reporting for impromptu management and audit committee requirements, with automation in reporting. Enterprise wide risk and management dashboards.

Definition of Auditable Entities Maintaining all attributes covering tier structures, product units, information system (IS) applications, IS assets, IS infrastructure, bank branches, central and regional processing units, banking product units, banking functions, geographies, subsidiaries, processes, hierarchical structure within the organisation. These entity definitions were created in a flexible scalable structure to enable the organisation to meet the extensive reporting and enterprise wide analysis requirements, absorbing changes in the business environment that may affect the business structure. Library Content Development Definition and creation of library content for standardising the process of recording, documenting, updating and maintaining a centralised repository of audit checklists/ risk and controls metrics with version control and audit trail for changes has been implemented. All risk controls and tests are created in a hierarchy falling under process areas for a single checklist. This enables content management specific to the audit unit profile, ensures the right checklists are pulled for the respective audits by building controls in this regard and meets regulator requirements (Reserve Bank of India RBI) for archiving old audit checklists. It also enables creation and understanding of KPI s and mitigating controls. Audit Planning Implemented the risk based audit approach as per the regulatory requirements (RBI guidelines) based on risk parameters, audit ratings and forced frequency requirements. The analysis culled out of the system provides effective inputs on the trends of risk enabling effective planning. Planning and scheduling initiatives have been standardised and implemented for all IAD domains including an information systems domain. Resource Management Integration of resource planning and time management with the audit planning to ensure efficiency in executing the audits, compliance and monitoring initiatives. Retain planning, time management and analysis modules are implemented which enable effective planning and time management providing analysis on utilisation and availability of auditors. Methodical Streamlined Audit Process At the heart of the system implementation lies standardisation of processes across all departments and domains. Standardised and streamlined processes across all domains and functions ensure repeatability in audit and compliance activities and increases the frequency of activities helping auditors to concentrate on significant and material areas. A structured approach through the system enables avoidance of duplication in efforts and documentation. GRC Convergence In a dynamic economic environment the relevance of true GRC convergence has gained lot of importance. This implementation covered laying a strong foundation for GRC convergence. The concept of convergence involves combining and strategically managing information, methodologies, ratings, analysis, reporting requirements and monitoring mechanisms used by the organisations assurance professionals. The diverse approaches only create duplication and undesirable mundane activities bringing diminishing returns towards value oriented management. GRC convergence effectively resolves duplication and related issues. At the core of implementing GRC convergence lies the following: Structuring monitoring initiatives to avoid duplication. Implementing streamlined unified processes. Implementing consistent and reliable methodology. Leveraging through technology solutions.

Auditor Assessments and Ranking Implementation of a standardised scoring & rating methodology has been enhanced to include risk scoring based on likelihood and impact scores, based on a quantitative risk scoring method and control evaluation scores to provide control effectiveness and risk analysis with better depiction of risk trends, patterns & final audit rating. Inherent risk assessments impacting detection risk enables auditors to make informed decisions on sample sizes & criteria for verification tests necessary to hold audit risk to an acceptable low level. Audit Monitoring Having implemented real-time unified one window monitoring capabilities where audits and assessments can be monitored by status and fieldwork progress at various hierarchy levels within the audit team, ICICI have effectively saved audit managers time and reduced onsite visits. Working papers and audit evidentiary documents stored in the system centrally further augment flow of information for monitoring audit evidence real-time and at any point in time. Risk Analysis Comprehensive risk assessment analysis facilitate decision making, enabling management to understand trends in risk and control evaluations. Framework for risk definition and classification as per RBI guidelines have been implemented, enabling measurement for category wise risk and the percentage of errors reported for audit tests performed. The risk methodology was standardised and enhanced to support heat map analysis. Heat map analysis includes pre audit and post audit risk rankings, with depiction of segment wise movement of risk on completion of risk assessments and audits. This enables the recording and analysis of patterns and trends in risk and effectiveness of controls and the details of final audit ratings reflected with comparative results of past audit ratings. Analysis dashboards for slicing and dicing data as per the defined parameters to view risk analysis, for example, per business process, risk control categories / attributes, business units, process owners, COSO framework. Instantaneous comparative results can be analysed & reported on for risk, performance of controls and issues reported between bank branches and banking functions. Issue Closure and Action Tracking With integrated end-to-end audit issue closure cycle complete through the system, auditors can record & prioritise issues, include recommendations, add action plans and follow up on them for closure. Auditor initialised email notifications to inform business users to complete the actions plans. Business user responses can be ascertained online. All complexities of the issues and action plan processes are covered. Auditor s can track and follow-up on the pending actions through the action tracker with dashboards and pending action plan age analysis. Reporting Flexible reporting capabilities have been implemented to report extensively for ad-hoc comparative reports required by management and audit committee reporting requirements. All reports are automated so that they may run at the touch of a button while meeting specific formats, with regulatory and international reporting standards and requirements. Integrated Technology Solution Web module functionality, remote terminal connection capability, with secure & centralised database, improves accuracy, enhances collaboration and allows for easy review even from remote locations. Provides convenient access to past audit data, lets you establish access rights, authorisation matrix & prevents unauthorised access. User defined field behaviours, configuring organisation specific nomenclatures and easy configuration settings have made maintenance easy & less dependent on the system vendors. The Pentana Audit Work System s user friendly interface ensured easy acceptability by the users & a shorter adoption phase.

Results: Reduced Audit Silos. Improved Audit Visibility. Enterprise Wide Risk and Audit Landscape. Implementation of a Centralised Repository of Processes, Risks Controls and Verification Tests, with Attributes. Implementation of a Scalable and Flexible Structure to Absorb Dynamic Business Variations. Increased Productivity of Auditors and Managers by 30%. Increased Efficiency and Effectiveness of Audits, made tasks Repeatable Reduced Costs. Implementation of Internal Controls over Reporting Risk and Control Mapping with Accounts and Assertions. Established a Common Language for Risk and Control Across the Organisation. Eliminated Gaps and Duplication in Coverage by 40%. Elimination of Audit Resource Management Hurdles, Provided Effective Status on Utilisation and Deployment. Established a Successful Foundation for GRC Convergence. Decrease in Time Spent by Auditors on Mundane Tasks, Helped to Concentrate on Value Oriented Activities. Decrease in Time Spent by Audit Managers due to One Window Multiple Audits Monitoring Capability. Presents a Better Oversight and Insight into the Risks and Control Environment. Information for Sample Size & Criteria Selection Enable Auditors to Manage Detection and Audit Risk Effectively at Low Levels. Count and Percentage of Errors Calculations Reported for Operational Risks. Presents Effective Details on the Patterns and Trends in Risk. Shorter Issue Closure Cycle, with Faster Issue Rectification Cycles. Auditor/Auditee Interactions Now Online and real-time Through the System One Window Approach. Revenue Leakage Identification and Recovery Details. Web Interview Pre / Post Audit Questionnaires with Notifications to Business Users and Auditors. Access to Auditors at Remote Branches and Locations Through Web Interface. Enhanced Comparative Analysis Enabled by Implementation of a Standardised Rating Method. Comparative Analysis Now Possible with the Click of a Button. Automation in Reporting. Complete Audit Trail, Versioning and Archival of Audit Checklists. Centralised Repository of Audit Evidentiary Documents and Audit Work Papers (Permanent & Current Work papers). Dashboards for Executives and Management. Effective Knowledge Management. Assurance Initiatives Supported Effectively by Accurate Information Flows. Efficient Use of Staff Expertise and Knowledge Management due to Centralised Repository. Effectively Leveraging on Technology for their Risk, Audit and Compliance Management. Pentana Gate House, Fretherne Road, Welwyn Garden City, Herts AL8 6RD. UK Phone: +44 (0) 1707 373335 Email: info@pentana.com www.pentana.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information