Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust

Transcription

1 Saving Time Amanda McPherson, CCBIA Vice President/Internal Audit Manager Colorado East Bank & Trust

2 Life before ACL GRC

3 Life before ACL GRC

4 Where do I start? In the beginning Dry erase board Word documents Access Program Sticky notes Lists

5 Learning to love ACL GRC Adding GRC to our Daily Lives In-house training: ACL Consultant for two days Input outstanding audits New report format

6 Benefits of GRC Active Projects

7 Benefits of GRC Project Level

8 Benefits of GRC Action Tracker

9 Benefits of GRC Reviews Reduction in lists

10 Benefits of GRC Issue and Remediation Tracking Exception Tracker

11 Benefits of GRC Updates to GRC

12 Instead of being focused on how far we have to go, let s be excited about the progress we are making. Moving forward, even at a microscopic pace, is still moving forward. -Unknown

13 THANK YOU CONTACT ME AT

14 ACL GRC The Equinix Story Nilisha Agrawal Global Compliance Manager, Legal Services, Equinix, Inc.

15 Internal Audit Projects Lists are widening Significant project reviews and operational audits SOX audits Implementation reviews SOD Reconciliation Sales commission System report streamlining FCPA OFAC Expense Reports Accounts Payable Review Segregation of Duties General Ledger Analytics Fixed Assets Analytics Construction Expense Audit TIME CONSUMING REPETITIVE MANUAL ERRORS TURNOVER SCALABILITY ISSUES!!

16 Background - Need for ACL Time Consuming Manual SOX Controls for Business owners and Internal Audit Limited Data Analysis Capability - Excel Random Sampling vs. Risk Based Sampling Long Audit Cycles FCPA, OFAC and other Compliance Programs that need attention Fraud / Error detection analytics

17 Equinix ACL History Business Assurance Group (Internal Audit) T&E Analytics for Expense report reviews Automated SOD reviews globally. Notifications for weekly discrepancies. Saving us Internal Audit, Control Owners and External Audit hours. More reliability on Internal work by External Audit FCPA Invoice and Expense report reviews for FCPA Compliance 2000 Audit Hours Automated (Perhaps more! )

18 Equinix ACL Today Legal Department OFAC & Sanctioned Parties Analysis Automated connection to web data (via. ACL Execute Command) Test results available in ACL Cloud for Exception Documentation Limited IT involvement, direct connection to Oracle Preventive vs. Detective In house capability for faster reviews during Acquisitions and New Sanction Lists.

19 Consolidated Benefits ACL GRC Automated Data Analytics Access and Analyze Entire Data vs. Sampling Consistent and Repeatable Analysis Reduce Cost Automated Controls Enable Rapid Response to Fraud, Errors and Inefficiencies Allow Personnel to Focus on High Risk/Value Items Reduce Cost of Performing Controls Increase Coverage Automated Audits Create an Effective and Efficient Audit Process Add Value with Timely Insights Greater Coverage vs. Sampling Reduce Cost of Audits Save Time for Other Projects Focused Audit Save Time Automated Workflows GRC Graphical Interface to Review, Manage and Resolve Exceptions. Track Exception Status and Review Notes. Workflows

20 Equinix Needed an Enterprise Risk Management Tool Multiple Reports No Single View Governance Committee Dashboards? For Example, Various Risk departments in the Company manage some part of FCPA Program Create One Report for Presenting to Senior Management, Great Tool for Audits! SOX Group Internal Audit Legal Compliance FCPA Training FCPA Analytics SOX Entity level Control Combined View SOX Legal Risk group DASHBOARD Risk Mgt Cyber Security

21 THANK YOU CONTACT ME AT

22 ACL at Palomar Health Tom Boyle, District Audit Officer

23 What is Palomar Health?

24 Palomar Health, San Diego, California

25 Palomar Health, San Diego, California Largest Healthcare District in California 3 hospitals in San Diego County Trauma Center Skilled nursing Ambulatory care Behavioral health Wound care Home Health care Women's Health Rehabilitation Community Education 3500 Employees

26 Palomar Health The first healthcare system in California to be part of the Mayo Clinic Care Network. First Public Health District in California to Achieve Magnet Recognition Developed a new smartphone app, Extension Engage, designed to directly connect physicians to nurses and patient information at Palomar Medical Center (PMC). Rolled out Airstrip-ONE Mobile App where medical staff members are able to access patients EKGs in a matter of seconds. The goal will be to view almost all of the information contained within our electronic health record including radiology images on a redesigned smaller screen using unique features of mobile devices. Partnered with Qualcomm to launch Glassware Medical Incubator, to explore the application of wearable computing in medicine.

27 ACL GRC at Palomar Health Internal Audit Palomar Health Internal Audit s scope Financial Operational Audits Compliance & Ethics IT Security Consulting and special projects ACL Licenses GRC AN 10.5 Analytics Analytics Exchange

28 ACL GRC at Palomar Health Internal Audit Risk Assessment Internal Audit Cycle A deeper look into the work flow and document management Follow up Audit Plan Report Results Perform Audit

29 ACL GRC at Palomar Health Internal Audit Excel s s spreadsheet Word Word s Document Document s PowerPoint s s s Excel Word s spreadsheet Document Word Document Follow up Report Results 29 Risk Assessment Internal Audit Cycle Audit Plan Perform Audit s s s Excel Excel spreadsheet spreadsheet PowerPoint Word s s s Document PowerPoint s s 29 Excel spreadsheet Word Word Document Document s Excel Excel spreadsheet spreadsheet Excel Excel Excel s Excel spreadsheet spreadsheet spreadsheet s Word s Word Document Document

30 ACL GRC at Palomar Health Internal Audit

31 Our Solution: ACL Data-Driven Audit Process Cloud-based ACL GRC Strategic Risks Audit Projects Audit Objectives Project Area Risks Mitigating Controls Audit Tests Audit Exceptions Issues Results for our audit team: Able to connect the dots from Risk Assessment to Remediation Eliminate multiple applications by centralizing work, integrated with our ACL AX Ensure consistency of work processes no more creative approaches or shortcuts

32 ACL GRC at Palomar Health Internal Audit Visualize relationship between operations and stakeholders

33 ACL GRC at Palomar Health Internal Audit Risk Heat Map Visualization of Risk Assessment Results

34 ACL GRC at Palomar Health Internal Audit Ability to track productivity by project

35 ACL GRC at Palomar Health Internal Audit Conveniently view project status, (even by staff member)

36 THANK YOU CONTACT ME AT