Accenture: Digitizing Internal Audit
Accenture: Digitizing Internal Audit 2 The Internal Audit function at Accenture is essential for identifying and assessing financial, operational, and technology risks and controls. As Accenture has expanded its client service offerings, more than doubled its headcount in the past five years and increased the pace of new acquisitions, the organization found itself ever-more challenged in performing its responsibilities. For Accenture’s Global Internal Audit Group, this growth means it must continue to identify and assess risk, audit high-risk areas and offer valueadd services for an increasingly larger enterprise with more diverse businesses, products and services, all of which have different risk profiles. 3 Opportunity Given Accenture’s dynamic landscape, Internal Audit is increasing the volume of audits and advisory services it offers to continue to provide business value and at the same time increase risk coverage, while doing it more efficiently and effectively. “Our challenge,” says Bob Kress, Managing Director of Global IT Audit, “is to do more with less, and do it faster, while at the same time be cost-effective.” Recognizing this challenge, Internal Audit has been progressing on a journey to digitize the function by leveraging new technology and—importantly—using technology not simply to provide more of the same capabilities, but to enable it to provide new ones. This guiding principle is at the core of making digitization a reality. Solution The Internal Audit journey of digitization has been one of implementing a number of component solutions. The organization has been collaborating with Accenture’s internal IT organization to look at internal audit business processes, examine what can be automated and determine what technology would best support that business process or processes. “Many organizations know they want to digitize operations, but can become overwhelmed with where to begin,” says Dan Kirner, CIO Organization Managing Director, Portfolio Applications Management. “It’s important to keep in mind that the starting point is with the needs of the business and not the capabilities of the various technologies in the marketplace.” 4 Internal Audit identified four key areas for enhancement with new technologies: Enhancing audit management with a new Global Risk and Compliance (GRC) solution Internal Audit’s existing GRC solution was increasingly falling short in its capabilities to meet the needs of both the growth of Accenture’s business and Internal Audit’s expanding global organization. Aware that newer, more robust GRC solutions were available in the marketplace, Internal Audit identified a new Web-based solution, which it enhanced and implemented in collaboration with Accenture’s internal IT organization. The change from a centralized hosted solution to a Webbased one alone was huge in that it enabled less complex connections and significantly improved response times for Internal Audit staff anywhere globally. The GRC solution provides Internal Audit with a comprehensive, end-to-end audit life cycle management solution that mirrors Accenture’s operating model and internal corporate functions. It is used for general project and audit management, staff scheduling, audit issue tracking, reporting, document repository for audit support and evidence, and provides audit review and sign-off functionality. “Our GRC solution for us is analogous to an ERP system for an enterprise,” notes Kress. “It’s absolutely core to supporting our internal audit function. It provides the alignment of risk and controls with the organizations and business functions. And it provides sample work programs and items such as best practices that we can leverage to improve efficiency with our different audit teams around the world, among other capabilities.” The application promotes efficiency and effectiveness across Internal Audit in a number of ways. Access is on demand via a Web browser. Behind the scenes, the solution provider manages the GRC infrastructure and software upgrades. The application also drives consistency, in large part by including a library of standard test steps, templates, checklists and frameworks. It improves collaboration by enabling sharing of audit findings, key risk areas and recommendations across Internal Audit. Internal Audit also now operates with a single source of truth and with real-time visibility into audits. In addition, the GRC solution enables improved issue trending and reporting capabilities. This enhanced reporting allows Internal Audit to collaborate more with the business, and give the business more visibility into higher-risk areas and improvement actions. Leveraging analytics to industrialize continuous audit Internal Audit has been steadily increasing the use of analytics in its audit processes, particularly to monitor key processes, controls and transactions rather than using traditional sample testing of transactions and periodic review. As a result, Accenture is leapfrogging current techniques and advancing the company toward a leading practice of continuous monitoring and auditing. The initial focus leveraged analytics to create a number of new internal audit capabilities, including automating monitoring (e.g., regulatory compliance, policy violations and potential fraud) that identifies risks on an ongoing basis for more effective controls; increasing audit coverage and assurance, promoted by auditing a full data population (vs. traditional “sample-based” auditing); and enhanced risk identification by analyzing data patterns across multiple transaction systems. The results of these new capabilities are enhanced business operations and controls. Continuous auditing applies analytics to enhance traditional Internal Audit activities and results. For example, analytics automate otherwise manualintensive sampling procedures, allowing scarce resources to focus on high-risk outliers, exceptions and policy violations. In addition, analytics can identify substantial cost-saving opportunities globally, isolating specific areas where business attention can drive the most significant benefit. “We are using analytics to support audit work globally across all audit areas and we have expanded the use of analytics across more business functions,” says Dave Hildebrand, Accenture’s Business Lead for Continuous Auditing and Analytics. Internal Audit is now taking the analytics capabilities to a new level by working with the business functions to embed ongoing analytics into the standard management processes. Scaling analytics in this way enables Accenture’s functions companywide to improve their own capability to monitor and manage their respective areas. Internal Audit’s analytics capability has also enabled it to provide a new service, what it refers to as “horizontal audits.” Instead of taking a sampling of Accenture geographies or business functions to conduct an internal audit as was historically done, Internal Audit today leverages analytics by examining transactions for an entire function or area globally, identifying outliers and transactions that appear to violate Accenture policies, and subsequently targeting those. In this way, Internal Audit gains an improved view of where the risk areas are in the business globally, and can target those areas for follow-up. Implementing continuous risk assessment with Microsoft Dynamics CRM Risk assessment is another key area identified for digitization. As Accenture’s business has continued to rapidly evolve and grow, Internal Audit found it needed to stay closer to the business and speak with Accenture leaders more frequently. In two years alone, the volume of risk interviews with leaders nearly tripled. The increase in volume and frequency of interviews drove the need for enhanced tools and technology to manage the entire process. Together, Internal Audit and Accenture’s internal IT organization came to an innovative solution: to use Microsoft Dynamics CRM. Customer Relationship management (CRM) solutions typically include a strong contact management capability. In the case of Internal Audit, it treats Accenture’s business leaders who are being interviewed as contacts. Dynamics CRM was also a good fit for Accenture in that it is cloud-based, as-a-service, and offered a plug-in directly into Microsoft Outlook, used by Accenture, enabling easy access to the Accenture address book and employee schedules. The software is used to schedule all interviews and track them to completion. 5 The software gives employees the ability to document their notes in a single repository while having access to other notes from other calls. Employees can also search for key phrases or terms to see what leaders are saying about specific topics, and identify risk themes. Dynamics CRM also allows Internal Audit to do more advanced reporting than with past tools. Reports can be generated to show which meetings have been scheduled, have taken place and still need to be scheduled. This functionality gives Internal Audit a more real-time view on how the organization is progressing on its risk assessment process. With Dynamics CRM, Accenture has taken a standard application, and with minimal customization and at very low cost, put it to use to enable a continuous risk assessment process. Because the solution was robust in its standard form, Internal Audit chose to implement the solution as quickly as possible rather than taking the traditional approach of spending time up front to design requirements and then implement. It decided to adjust the software as personnel use and learn it, enabling Accenture to gain value from the implementation quickly. 6 Increasing productivity leveraging Accenture social and collaboration tools Accenture makes extensive use of technology to support collaboration and communication of Accenture people and their knowledge with teams—whether in the same room or thousands of miles away—to come up with the best solutions for clients. These technologies include Microsoft Lync, Telepresence, videoconferencing, Microsoft SharePoint, the Stream (Accenture’s internal social and collaboration network), Yammer (an Accenture social network), and “Circles” (a place for people to connect on the Stream). Internal Audit makes use of these technologies to more effectively support its work, especially to collaborate with teams around the world virtually rather than through travel. Teams can often meet remotely and share documents with audit clients through Microsoft Lync, for example. When travel is required to do field work, the extent of time needed to be on site can be reduced through the use of collaborative technology, helping to reduce travel costs and save employee time. Results Accenture’s Internal Audit organization’s journey of digitization has been one of incremental initiatives versus one big-bang program. As a result, Internal Audit is now providing a new level of services (new services and more services) and has transformed the organization’s operations, while also working more efficiently and effectively. “We’re offering more services today than we’ve ever offered,” says Kress. “In the past, we focused mainly on performing traditional audits. Now, we’re providing advisory services, continuous auditing, performing risk assessments and conducting different types of audits.” This expansion into new areas is made possible through digital technologies that provide capabilities that previously did not exist and the elimination of manual activities. Moreover, each component implemented is viewed as an asset, to be maintained and upgraded so as to enable new capabilities to improve Internal Audit’s ability to provide value to the business. Internal Audit is also operating more real-time: as it sees risk changing in the environment, the organization can adjust its assessment, audit and advisory services on a real-time basis. Better Internal Audit capabilities translate into proactive and enhanced risk coverage for Accenture’s business. Internal Audit is able to perform more audit services due to the GRC application and collaboration technologies, which are significantly helping to increase productivity and efficiency, while reducing costs and improving the quality of audits. As an example, the number of audits, assessments and advisory services Internal Audit has completed increased more than 200 percent over the past five years (from fiscal year 2010 to fiscal year 2014). Continuous auditing provides business value to Accenture by delivering full population coverage, efficiency and risk assessment through the use of analytics. Leveraging analytics supports the business to identify global trends and costsaving opportunities, driving operational excellence and feeding predictive models. Analytics now support more than 75 percent of audits conducted and generated cost savings of approximately $1.6 million in fiscal year 2014. And advanced find queries support the identification of common risk themes and reporting dashboards, giving increased visibility into business risk on a real-time basis. “Accenture’s digitization of Internal Audit is helping to better manage Accenture’s risks faster, better and more cost effectively than just a few years ago,” says Kress. “And moving into the digital realm helps us develop new Internal Audit services and be more proactive in monitoring the expanding risk profiles of Accenture’s growing and diverse business.” The implementation of Microsoft Dynamics CRM has allowed Internal Audit to implement a new capability— continuous risk assessment—efficiently and effectively. The solution benefits Accenture by consolidating multiple tools used to track, schedule and maintain notes from risk assessment discussions to one application. Collaboration also is improved through the sharing of risk assessment interview notes across Internal Audit. 7 About Accenture Accenture is a global management consulting, technology services and outsourcing company, with approximately 319,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$30.0 billion for the fiscal year ended Aug. 31, 2014. Its home page is www.accenture.com. Copyright © 2015 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks. 15-0304
© Copyright 2025