Governance, Risk & Compliance: GRC
Multinational Conglomerate Improves Control of Internal Audit, SOX and Risk with SAI360
Case study at-a-glance
- Background: The company is an American multinational conglomerate company with headquarters in Boston, Massachusetts.
- GRC Challenges: Better management of risk across its financial and non-financial business segments, integration with in-place systems supporting corporate audit program, while also supporting traditional audit team operation in its financial services division, reliable reporting and support for expansion into the internal control and risk management departments.
- Solution: A flexible and integrated GRC solution to support the end-to-end internal audit, internal control and enterprise risk management processes.
- Benefits: SAI360 helped systematize the internal audit processes across the corporate audit and financial services divisions’ audit teams and allowed the integration of the internal control and risk functions within a common platform.
Addressing increasing GRC challenges with a holistic approach to risk management
This U.S.-based multinational company was founded over 125 years ago by several entrepreneurs. The company employs over 200,000 people and operates globally in industries ranging from aviation, transportation and energy to finance, insurance and software.
Selecting an internal audit software solution was driven by several factors, including:
- Growing challenges in overall risk management
- A desire for improved audit committee reporting
- Growing regulatory objectives in the business due to the entity being deemed a Systemically Important Financial Institution (SIFI).
The company also had less than six months to meet its initial targeted go-live date for a GRC solution.
The organization set out to select a single software tool to centralize and structure all audit data and processes and to provide consistent and easy access to the information for both audit teams in both its corporate and financial services divisions. The corporate audit division required integration with their homegrown career development tools to ensure staff received broad exposure to business processes and audit types. The financial services division needed to be able to record audit staff skills within the new system to support effective audit planning and resourcing.
While the audit teams also followed somewhat differing methodologies and the mix of audit types (operational, finance, IT, etc.) was different, the selected tool was also required to support reusable and editable standard audit programs.
An integrated solution built for growth
SAI360 supported the organization in the operational deployment of its internal audit initiatives across the audit groups of the corporate and financial services divisions.
SAI360’s experts helped systematize the complete internal audit management cycle, including audit universe management, scoping, yearly and individual audit planning, audit preparation, auditee notification, workpaper management, audit reporting and findings follow-up.
As a result, the company is now able to communicate about risks through advanced reporting and can share information in real-time.
In subsequent phases, the company extended their SAI360 GRC implementation to include solutions for internal control to support their global SOX compliance process, risk management to support their operational risk program including KRI management, and compliance management supporting treasury process compliance and control management.
Flexible configuration and integration to meet future needs
Given the size and complexity of the organization, configurability and integration support were two primary considerations driving the selection of a tool. The company’s team is able to manage the configuration of the platform and has executed most of the internal control, risk and compliance add-on configuration themselves.
That the SAI360 GRC platform is configurable has greatly reduced the organization’s long-term cost of ownership, which was a primary consideration over customized vendor offerings or in-house development, although SAI360 is integrated with some internal systems.
The SAI360 team is also responsive to requests from customers for product enhancements, and this organization has been both the initiator and the beneficiary of many enhancements to and new releases of the SAI360 GRC platform, all of which they are entitled to under their maintenance agreements and which can be implemented with far less regression testing and other costs than customized software.