case study: experian plc - metricstream · case study: experian plc ... the views expressed during...
TRANSCRIPT
Case study: Experian plc Technology Enabled Internal Audit as a Business Value Driver
Mike Taylor
Head of Global Internal Audit
The views expressed during the presentation are the personal view of the author and may not be understood or quoted as being made on behalf of, or reflecting the position of, Experian plc
Experian: A leading global information services company…
Revenue
US$4.8 bn EBIT
US$1.3 bn Market Cap* c. £12bn – UK FTSE Top 50
Employees
c.17,000 Offices in
39 countries
Largest markets
US, Brazil, UK
By region
By customer segment
By business
line
…with a diverse portfolio by region, business line and customer segments
Financial services 30%
Direct-to-consumer 20%
Retail 9%
Automotive 5%
Healthcare 5%
Telecoms and utilities 5%
Insurance 4%
Media and technology 4%
Government and public sector 2%
Other 16%
North America 51%
Latin America 18%
UK and Ireland 21%
EMEA/Asia Pacific 10%
Credit Services 49%
Decision Analytics 12%
Marketing Services 18%
Consumer 21%
…with a diverse portfolio by region, customer segment and business line
With 17,000 employees across 39 countries…
Experian Global Internal Audit Team September 2015
GRC Support Team
Risk Management
Compliance
Global Security Office
Mike Taylor Head of Global
Internal Audit
Regional Head of Audit
- UK/EMEA/APAC
9 Staff
Regional Head of Audit
North America
9 Staff
Regional Head of Audit
Latin America
8 Staff
Head of Global IT Audit
Department
Administrator
9 Staff 8 Staff
Internal Audit Challenges 1
Challenge Role of the GRC Audit Management
System (AMS)
Provide clear framework to support audit process
Embed in AMS to ensure compliance / consistency
Support the widespread use of data analytics at
planning and execution phases.
Single AMS supporting transparency / common view
Captured in AMS (audit approach/ analytics )
Capture information once / globally accessible
Manager review trail
Support quality assurance process
Broaden skills in IA - guest auditors Enhance audit practices Transition from regional to global Leverage “best practices”
Increase Audit quality and efficiency
Internal Audit Challenges 2
Role of Wider GRC System Challenge
Improve interface /usage of risk data
Single location for all business actions
Improve action follow-up and closure
Improve interaction with other governance functions
Establish linkage between risk database and audit
process
“Issue tracking” common repository for all governance
issues – IA, Risk, Compliance, InfoSec, Security
Drive reporting off issue tracking database
Make “issue tracking” available to wider business
– to view – action capture
Coordinated assurance project
Challenges As We Look Forward
Activity Technology Impact
Risk + Polices modules
Single data repository – risk & assurance
Common risk & assurance view
Issue tracking
Common database & reporting capability
Refresh risk appetite /policies
Risk owners
Co-ordinated assurance activities
Holistic Reporting
Experian GRC programme
Internal Audit Management
Issue Tracking
Compliance
Enterprise
Management
Group Policy
Risk Management
Rolling out
Operational
Operational
2016
2016
Operational
Project Timeline
2014 2015 2016 Live
Jan - July August Sep-08 Sep-22 Oct-17 Oct-20 Jan-05 Feb-09 Mar-06 Apr-01
VENDOR SELECTION
DETAILED REQUIREMENTS
Phase 1 Planning
Phase 2: Design
Phase 3: Build
Phase 4: User Acceptance Testing
Phase 5: Deploy
Phase 6: Operational Support
Audit Management System
Business requirements
Risk assessment / audit planning
Audit assignment planning
Audit execution
Work paper management / workflow
Audit status tracking
Audit closure / review
Reporting
Issues captured / tracking
Detailed requirements definition & capture
Project Guiding Principles
Sustainability
Documentation
Usability
Change Management
Complexity
Alignment
Inclusion
Consistency
The focus of development efforts will be on the usability of the tool.
The solution will be designed and developed according to the documented business requirements in the GIA manual.
Changes to scope must be formally documented and approved by the Management prior to implementation.
Simple solutions will be selected over complex solutions. The out of box solution will be utilised wherever possible.
Other GRC stakeholders will be consulted regarding proposed changes to shared components.
GIA extended team (UK, Brazil, etc.) will be consulted on decisions involving usability.
Solution will be engineered to require minimum maintenance and allow for Experian to extend the capabilities with in house resources.
All key decisions and solution architecture will be documented throughout the life of the project.
The Outcome – A Snapshot
Audit quality assessment 83%
Data analytics on 66% of Audits
Stakeholder post-audit feedback 4.2 out of 5
Hours of assurance 5% up on target per month
Report issuance <7days v 10days target
Employee engagement 89% (up from 81%)
Project objectives achieved
Live on time/ under budget
Role of Technology and Data in Achieving Our Goals
Audit Management • Increased process consistency throughout
regions
• Increased access to knowledge
• Increased efficiency through process automation
Issue Tracking • Improved issue reporting and tracking
• Visibility of issues across the business
Data Analytics • Enhanced audit planning process
• More efficient and effective testing procedures
Use of Technology and Data to Increase Business Value
Audit Management and Issue Tracking • Build a strong relationship with
governance and business functions
• More insightful audits
• Increase in assurance provided
• Facilitate better risk decision making
• Consolidated view of issues across the three lines of defence
Data Analytics • Provide tools developed during the audit
to the business
Transform culture from analysis to analytics to increase effectiveness of internal audits.
Build a strong foundation by establishing access to various data sources and partnering with governance and business partners to facilitate better risk decision making. Plan for the future by driving innovation and continue to recalibrate the strategy in response to emerging trends such as ‘Big Data’ and regulations.
Benefits of Investing in Technology and Data Analytics
Adopting Technology: Pitfalls to Avoid
• Overly complex business requirements that require significant configuration or coding changes
• Inadequate senior management sponsorship and engagement with the project
• Appointing vendors without vetting and securing the specific individuals who will work on the project
• Appointing vendors who don’t have the right mix of big picture/architectural and detailed technical experience
• Large and complex configuration changes that can cause integrity problems
• Maintaining highly configured solutions can be very costly