Eliminate the Guesswork

How to Gain Structure, Integrity and Insight in Audit, Risk and Compliance

By Jason Rohlf

When I first graduated college and landed my first full time job, I was equal parts excited and terrified. Leaving the cozy confines of university life for the day in, day out obligation of the working world was a harrowing thought for 23-year-old me. However, there was one thing that helped ease those jitters: a steady paycheck. To go from being a ramen noodle eating college kid to a paid business professional was quite a leap, and a happy one at that.

While I really enjoyed working and learning new things in my new role, I also reveled in the joy of Friday and the prospect of a weekend with no obligations and money in my pocket and a set of friends in the same situation. One thing I vividly recall from those days was that some of my friends loved to play the “ATM Game.” Simply put, they would go to the ATM, plug in their PIN, request their withdrawal amount then calmly step back and cross their fingers, hoping that they would hear that whirring sound of cash dispensing from the machine. They figured that their rent check couldn’t have possibly cleared, their power bill could wait an extra 15 days and their roommate could chip in a few bucks in a pinch. They were constantly guessing as to whether they had enough in their newly minted bank account and strangely enough they seemed to get a kick out of it.

Guesswork in Internal Audit

I never had the stomach for the ATM Game, although I will admit that I was completely satisfied if my checkbook balanced on the “happy side” of things (meaning the bank said I had more money than I thought I had). I was, however, in a situation where the concept of guesswork was alive and well. Throughout my time as an internal auditor, one of the most important roles we played was identifying issues and risks within the organization, monitoring those items to completion and reporting on their status. As we approached the end of each quarter, this responsibility became more pronounced and urgent, as this was our time to shine, our time to justify our existence and demonstrate that we were adding value to the organization.

When reporting time would come, we always seemed to find ourselves in scramble mode. This was particularly frustrating because we all knew we were doing quality work, that we were identifying key items that truly required management’s attention. Unfortunately, we lacked a reliable system for documenting and tracking these issues. Sure, we had the shared spreadsheet where everyone could input their issues, but having multiple people access the same spreadsheet on a shared drive was inefficient and cumbersome. To make matters worse, the best part about using spreadsheets (their unending flexibility) led to a variety of data integrity and reporting issues. It was too easy for us to input bad data, and this inevitably led to challenges and inefficiencies in the reporting process.

We also struggled to check in with management on the status of their issues. Because our collection and monitoring process was so disjointed and hard to work with, we usually didn’t perform any meaningful follow up until we were a week or two out from the audit committee presentation. Three months would have passed since we last checked in with an issue owner, and often the due date for their remediation plan would have come and gone. When we’d finally get around to following up with them, all too often they would say, “yeah, I know I said I’d be done by the end of October, but now I need until February at the earliest.” As you can imagine, it was not a fun experience to tell the audit committee that an issue they were expecting to be resolved was now being extended indefinitely.

Eliminate the Guessing Game: The Role of Technology

There is little to be gained by playing this guessing game, outside of additional stress and scrutiny which are already plentiful enough in our lives. But there is good news. Sometimes the byproduct of pain and inefficiency and drudgery is the realization that there must be a better way to do this. And the good news is that there is most certainly a better way. Advancement and improvement, whether monumental or incremental, is always within our reach. As long as we are willing to accept that something is broken, it becomes infinitely easier to fix.

Onspring’s no-code platform and configured solutions can help you take control of the information that you rely upon to deliver value to your organization. By centralizing your data, assigning clear ownership for each critical component, enforcing security and data integrity and leveraging clear and dynamic reporting, Onspring can help you take the necessary steps to eliminate the guesswork in your professional life. Staying with this example of managing audit findings, our clients have been able to gain the following insights about this critical process:

  • They know at any time how many open findings they have, which audit projects they relate to and their overall severity given the level of risk they represent to the organization. They can also track and report on repeat findings, allowing them to identify patterns of behavior that could adversely impact their organization.
  • They have a clear understanding of who is responsible for each mitigation action. They have the ability to efficiently follow up with mitigation owners, alert them of agreed actions that are either coming due or have gone past due. And they can clearly demonstrate the impact to the organization when these mitigation plans are not completed on time.
  • They have given their business owners the ability to provide periodic updates on their mitigation plans and formally request due date extensions when required. This gives them confidence that the owners of the plans understand what they are responsible for and are working to resolve their issues. They also can track the frequency and extent of due date extensions, allowing internal audit to identify situations where commitments are not being met.
  • They can place all findings in the broader context of their organization: what locations, risks, controls, applications, etc. are impacted by this finding? Understanding these relationships allows our clients to prioritize their efforts and ensure that they are paying proper attention to the most critical issues their organizations are facing.

This is one simple example of how Onspring can gather seemingly simplistic bits of data and transform them into meaningful and actionable information. And it’s not just limited to internal audit findings or even internal audit in general. Our solutions can help bring this level of understanding and control to your Compliance, Risk Management, Vendor Management and/or Business Continuity programs, as well as any other area of your organization that can benefit from structure, integrity and insight.

Featured Resource:

A Buyer’s Guide to Audit Management Software

Learn how to select an internal audit platform that fits today and scales tomorrow

Like What You’ve Read? Subscribe for More

Join the Onspring Insights newsletter for monthly updates from our blog.

Image Source: http://lounge.obviousmag.org/chrizoca/pergunta%202.png