Accenture: Digitizing Internal Audit

Accenture: Digitizing
Internal Audit
The Internal Audit function at Accenture
is essential for identifying and assessing
financial, operational, and technology
risks and controls. As Accenture has
expanded its client service offerings, more
than doubled its headcount in the past
five years and increased the pace of new
acquisitions, the organization found itself
ever-more challenged in performing its
responsibilities. For Accenture’s Global
Internal Audit Group, this growth means
it must continue to identify and assess
risk, audit high-risk areas and offer valueadd services for an increasingly larger
enterprise with more diverse businesses,
products and services, all of which have
different risk profiles.
Given Accenture’s dynamic landscape,
Internal Audit is increasing the volume of
audits and advisory services it offers to
continue to provide business value and at
the same time increase risk coverage, while
doing it more efficiently and effectively.
“Our challenge,” says Bob Kress, Managing
Director of Global IT Audit, “is to do more
with less, and do it faster, while at the
same time be cost-effective.”
Recognizing this challenge, Internal Audit
has been progressing on a journey to
digitize the function by leveraging new
technology and—importantly—using
technology not simply to provide more of
the same capabilities, but to enable it to
provide new ones. This guiding principle is
at the core of making digitization a reality.
The Internal Audit journey of digitization
has been one of implementing a number
of component solutions. The organization
has been collaborating with Accenture’s
internal IT organization to look at internal
audit business processes, examine what
can be automated and determine what
technology would best support that
business process or processes. “Many
organizations know they want to digitize
operations, but can become overwhelmed
with where to begin,” says Dan Kirner, CIO
Organization Managing Director, Portfolio
Applications Management.
“It’s important to keep
in mind that the starting
point is with the needs
of the business and not
the capabilities of the
various technologies
in the marketplace.”
Internal Audit identified four key areas for
enhancement with new technologies:
Enhancing audit management
with a new Global Risk and
Compliance (GRC) solution
Internal Audit’s existing GRC solution
was increasingly falling short in its
capabilities to meet the needs of both
the growth of Accenture’s business
and Internal Audit’s expanding global
organization. Aware that newer, more
robust GRC solutions were available
in the marketplace, Internal Audit
identified a new Web-based solution,
which it enhanced and implemented in
collaboration with Accenture’s internal
IT organization. The change from a
centralized hosted solution to a Webbased one alone was huge in that it
enabled less complex connections and
significantly improved response times for
Internal Audit staff anywhere globally.
The GRC solution provides Internal Audit
with a comprehensive, end-to-end audit
life cycle management solution that
mirrors Accenture’s operating model and
internal corporate functions. It is used for
general project and audit management,
staff scheduling, audit issue tracking,
reporting, document repository for audit
support and evidence, and provides audit
review and sign-off functionality.
“Our GRC solution for us is analogous to
an ERP system for an enterprise,” notes
Kress. “It’s absolutely core to supporting
our internal audit function. It provides the
alignment of risk and controls with the
organizations and business functions. And
it provides sample work programs and
items such as best practices that we can
leverage to improve efficiency with our
different audit teams around the world,
among other capabilities.”
The application promotes efficiency and
effectiveness across Internal Audit in a
number of ways. Access is on demand
via a Web browser. Behind the scenes,
the solution provider manages the GRC
infrastructure and software upgrades.
The application also drives consistency,
in large part by including a library of
standard test steps, templates, checklists
and frameworks. It improves collaboration
by enabling sharing of audit findings, key
risk areas and recommendations across
Internal Audit. Internal Audit also now
operates with a single source of truth
and with real-time visibility into audits.
In addition, the GRC solution enables
improved issue trending and reporting
capabilities. This enhanced reporting
allows Internal Audit to collaborate more
with the business, and give the business
more visibility into higher-risk areas and
improvement actions.
Leveraging analytics to
industrialize continuous audit
Internal Audit has been steadily increasing
the use of analytics in its audit processes,
particularly to monitor key processes,
controls and transactions rather than
using traditional sample testing of
transactions and periodic review. As a
result, Accenture is leapfrogging current
techniques and advancing the company
toward a leading practice of continuous
monitoring and auditing.
The initial focus leveraged analytics
to create a number of new internal
audit capabilities, including automating
monitoring (e.g., regulatory compliance,
policy violations and potential fraud)
that identifies risks on an ongoing basis
for more effective controls; increasing
audit coverage and assurance, promoted
by auditing a full data population (vs.
traditional “sample-based” auditing);
and enhanced risk identification by
analyzing data patterns across multiple
transaction systems. The results of these
new capabilities are enhanced business
operations and controls.
Continuous auditing applies analytics
to enhance traditional Internal Audit
activities and results. For example,
analytics automate otherwise manualintensive sampling procedures, allowing
scarce resources to focus on high-risk
outliers, exceptions and policy violations.
In addition, analytics can identify
substantial cost-saving opportunities
globally, isolating specific areas where
business attention can drive the most
significant benefit.
“We are using analytics to
support audit work globally
across all audit areas and
we have expanded the use
of analytics across more
business functions,” says
Dave Hildebrand, Accenture’s
Business Lead for Continuous
Auditing and Analytics.
Internal Audit is now taking the analytics
capabilities to a new level by working
with the business functions to embed
ongoing analytics into the standard
management processes.
Scaling analytics in this way enables
Accenture’s functions companywide to
improve their own capability to monitor
and manage their respective areas.
Internal Audit’s analytics capability
has also enabled it to provide a new
service, what it refers to as “horizontal
audits.” Instead of taking a sampling
of Accenture geographies or business
functions to conduct an internal audit
as was historically done, Internal Audit
today leverages analytics by examining
transactions for an entire function or
area globally, identifying outliers and
transactions that appear to violate
Accenture policies, and subsequently
targeting those. In this way, Internal Audit
gains an improved view of where the risk
areas are in the business globally, and can
target those areas for follow-up.
Implementing continuous risk
assessment with Microsoft
Dynamics CRM
Risk assessment is another key area
identified for digitization. As Accenture’s
business has continued to rapidly evolve
and grow, Internal Audit found it needed
to stay closer to the business and speak
with Accenture leaders more frequently.
In two years alone, the volume of risk
interviews with leaders nearly tripled.
The increase in volume and frequency of
interviews drove the need for enhanced
tools and technology to manage the
entire process.
Together, Internal Audit and Accenture’s
internal IT organization came to an innovative
solution: to use Microsoft Dynamics CRM.
Customer Relationship management (CRM)
solutions typically include a strong contact
management capability. In the case of
Internal Audit, it treats Accenture’s business
leaders who are being interviewed as
contacts. Dynamics CRM was also a good
fit for Accenture in that it is cloud-based,
as-a-service, and offered a plug-in directly
into Microsoft Outlook, used by Accenture,
enabling easy access to the Accenture
address book and employee schedules. The
software is used to schedule all interviews
and track them to completion.
The software gives employees the ability
to document their notes in a single
repository while having access to other
notes from other calls. Employees can
also search for key phrases or terms to
see what leaders are saying about specific
topics, and identify risk themes.
Dynamics CRM also allows Internal Audit
to do more advanced reporting than with
past tools. Reports can be generated
to show which meetings have been
scheduled, have taken place and still need
to be scheduled. This functionality gives
Internal Audit a more real-time view on
how the organization is progressing on its
risk assessment process.
With Dynamics CRM, Accenture has taken
a standard application, and with minimal
customization and at very low cost, put
it to use to enable a continuous risk
assessment process. Because the solution
was robust in its standard form, Internal
Audit chose to implement the solution
as quickly as possible rather than taking
the traditional approach of spending
time up front to design requirements and
then implement. It decided to adjust the
software as personnel use and learn it,
enabling Accenture to gain value from
the implementation quickly.
Increasing productivity
leveraging Accenture social
and collaboration tools
Accenture makes extensive use of
technology to support collaboration and
communication of Accenture people and
their knowledge with teams—whether in the
same room or thousands of miles away—to
come up with the best solutions for clients.
These technologies include Microsoft Lync,
Telepresence, videoconferencing, Microsoft
SharePoint, the Stream (Accenture’s
internal social and collaboration network),
Yammer (an Accenture social network), and
“Circles” (a place for people to connect on
the Stream).
Internal Audit makes use of these
technologies to more effectively support
its work, especially to collaborate with
teams around the world virtually rather
than through travel. Teams can often
meet remotely and share documents with
audit clients through Microsoft Lync, for
example. When travel is required to do
field work, the extent of time needed to be
on site can be reduced through the use of
collaborative technology, helping to reduce
travel costs and save employee time.
Accenture’s Internal Audit organization’s
journey of digitization has been one
of incremental initiatives versus one
big-bang program. As a result, Internal
Audit is now providing a new level of
services (new services and more services)
and has transformed the organization’s
operations, while also working more
efficiently and effectively.
“We’re offering more services
today than we’ve ever
offered,” says Kress. “In the
past, we focused mainly on
performing traditional audits.
Now, we’re providing advisory
services, continuous auditing,
performing risk assessments
and conducting different
types of audits.”
This expansion into new areas is made
possible through digital technologies that
provide capabilities that previously did
not exist and the elimination of manual
activities. Moreover, each component
implemented is viewed as an asset, to be
maintained and upgraded so as to enable
new capabilities to improve Internal
Audit’s ability to provide value to the
business. Internal Audit is also operating
more real-time: as it sees risk changing
in the environment, the organization can
adjust its assessment, audit and advisory
services on a real-time basis.
Better Internal Audit capabilities
translate into proactive and enhanced
risk coverage for Accenture’s business.
Internal Audit is able to perform more
audit services due to the GRC application
and collaboration technologies, which
are significantly helping to increase
productivity and efficiency, while reducing
costs and improving the quality of audits.
As an example, the number of audits,
assessments and advisory services Internal
Audit has completed increased more than
200 percent over the past five years (from
fiscal year 2010 to fiscal year 2014).
Continuous auditing provides business
value to Accenture by delivering full
population coverage, efficiency and risk
assessment through the use of analytics.
Leveraging analytics supports the business
to identify global trends and costsaving opportunities, driving operational
excellence and feeding predictive
models. Analytics now support more
than 75 percent of audits conducted and
generated cost savings of approximately
$1.6 million in fiscal year 2014.
And advanced find queries support the
identification of common risk themes
and reporting dashboards, giving
increased visibility into business risk
on a real-time basis.
“Accenture’s digitization of
Internal Audit is helping to
better manage Accenture’s
risks faster, better and more
cost effectively than just a
few years ago,” says Kress.
“And moving into the digital
realm helps us develop new
Internal Audit services and be
more proactive in monitoring
the expanding risk profiles
of Accenture’s growing and
diverse business.”
The implementation of Microsoft
Dynamics CRM has allowed Internal
Audit to implement a new capability—
continuous risk assessment—efficiently
and effectively. The solution benefits
Accenture by consolidating multiple tools
used to track, schedule and maintain notes
from risk assessment discussions to one
application. Collaboration also is improved
through the sharing of risk assessment
interview notes across Internal Audit.
About Accenture
Accenture is a global management
consulting, technology services and
outsourcing company, with approximately
319,000 people serving clients in
more than 120 countries. Combining
unparalleled experience, comprehensive
capabilities across all industries and
business functions, and extensive research
on the world’s most successful companies,
Accenture collaborates with clients to
help them become high-performance
businesses and governments. The company
generated net revenues of US$30.0 billion
for the fiscal year ended Aug. 31, 2014.
Its home page is
Copyright © 2015 Accenture
All rights reserved.
Accenture, its logo, and High Performance
Delivered are trademarks of Accenture.
This document makes descriptive reference
to trademarks that may be owned by others.
The use of such trademarks herein is not an
assertion of ownership of such trademarks
by Accenture and is not intended to
represent or imply the existence of an
association between Accenture and the
lawful owners of such trademarks.