Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Payment giant-automates-internal-audit
1. CASE STUDY
PAYMENT GIANT AUTOMATES INTERNAL AUDIT MANAGEMENT
MetricStream FOR IMPROVED VISIBILITY, RISK MITIGATION, AND RESOURCE
MANAGEMENT
Customer
A world leader and innovator in the payment space today, the company provides secure and conve-
nient payment solutions to its customers worldwide. Leading the global payment industry for decades
now, the company delivers its customers credit, debit and prepaid cards to give them the flexibility to
purchase items in stores, on the Internet, through mail-order catalogues and over the telephone.
The company has its global headquarters in the United States and offices in various regions across the
world. The company provides services in hundreds of countries and territories.
The company’s cardholders use their cards at millions of acceptance locations around the world.
Processing billions of payments seamlessly across the globe, the company is a critical link among
Customer
A LEADING PLAYER IN THE GLOBAL PAYMENT financial institutions and millions of businesses, cardholders and merchants worldwide.
INDUSTRY
Overview
Benefits The financial services sector in general and the payments sector in particular are exposed to numer-
Clearer visibility: Centralized dashboards, risk heat ous challenges such as evolving payment standards, harsher regulatory scrutiny, increased security
maps, and advanced reporting capabilities of Metric- requirements, newer input devices, changing consumer trends and more. Security and reliability are
Stream Solution keep the management well informed the watch words for organizations in these sectors.
about the exact status of the company’s audit and
risk processes. Role-based access to the application Being a leader and innovator in this increasingly challenging space, the company faced rising
ensures that all personnel have the optimum visibility
into the system to take intelligent decisions appropri-
demands to comply with a huge number of regulations and manage varied risks while ensuring clear
ate to their roles and responsibilities. visibility and suitable distribution of available resources. Auditing various areas in the organization to
accomplish this was proving to be a complex endeavour.
Efficient resource and time management:
MetricStream Solution’s capability to assess and Managing its enormous worldwide network of global operations that includes financial institutions
track availability of resources throughout the year and merchants spread across the globe, the company experienced the need to take necessary steps
allows auditors at the company to manage their towards automation and implementation of risk-based auditing.
resources efficiently, enabling collaboration and
better prioritization of audit activities. Audit calendar
ensures that everyone in the audit management Challenges
process has a clear and real-time picture of audit
schedules and assignments. Time-tracking tools such Manual processes: Most processes related to audit management at the company were mainly
as time-sheets and related reporting allows the team manual or semi-manual. Spreadsheets were used for auditing information and compliance levels. Vari-
managers to track and manage time more effectively. ous teams at the company collaborated using phone calls and emails.
Superior risk mitigation: The central repository
Lack of an integrated system: Being a large global organization, the company needed to conduct
of risks with links to KRIs, controls, assessments,
results and mitigation plans enables the company’s
regular audits covering diverse areas and involving thousands of entities. Lack of an integrated system
team to manage its risks more successfully. The wide across all locations impacted the visibility, efficiency and time spent on a number of audit-related
range of reports helps the risk team to identify the tasks.
risks associated with auditable entities, prioritize au-
ditable entities and risks for planning and scheduling Resource management: The company has a small internal audit team that manages the entire
audits in a more gainful way. The built-in best prac- internal audit requirements of the company. As a huge organization with offices across the globe, the
tices content allows the team to refine and realign the
company needed to audit a large number of entities. With a comparatively small audit team to handle
processes for more productive risk management.
the complete range of audit activities, efficient resource management for its internal audit require-
ments posed a challenge for the company.
Need to streamline GRC: Operating in the payments industry and handling a huge number of transac-
tions every day, the company needed to streamline its GRC activities and introduce a risk-based
approach for more secure business operations. The company needed to enhance its audit and risk
management capabilities by streamlining GRC activities.
Solution
The company needed to create a central system with an integrated GRC platform architecture
for managing its internal audit requirements with a sharp focus on risk. The selection team at the
company chose MetricStream as the solution provider based on MetricStream’s industry leadership
position as well as its functional and technical capabilities to provide a scalable and integrated GRC
platform and configure its solution to fit the specific requirements of the company.
2. MetricStream
MetricStream delivered to the company its Internal Audit Management solution for risk-based audit-
ing. Integrated on MetricStream GRC Platform 6.0, the solution is a comprehensive, web-based
application which includes a common framework, automated workflows, a centralized risk library
and specific modules for resource management and issue management. The solution provides the
company an integrated approach to manage its entire audit environment based on a risk-focused
approach.As part of the second phase of the engagement, MetricStream will deliver Enterprise Risk
Management (ERM) solution to the company.
MetricStream’s platform supports the company’s organizational model across all business divisions,
units and departments, as well as their mapping to different roles and reporting relationships. The por-
tal views are based on the user’s profile and organizational mapping. Users have a role-based portal
access with options required for initiating actions, scheduling tasks, viewing reports and dashboards,
limited to their roles and responsibilities. The MetricStream Briefcase option allows the auditors at the
company to conduct audits in cases of lack of internet access.
Risk-based auditing: MetricStream Solution consolidated and automated the entire audit process
beginning right with risk assessment and going on to audit planning, resource scheduling, execut-
ing fieldwork, recording results and observations, management reporting, time tracking, and issue
management for the company’s audit department.
The solution delivers intelligence for risk-based auditing through powerful capabilities such as audit
advisor, audit proposal planning and risk scenarios analysis, effectively leveraging operational and risk
metrics for defining the enterprise audit strategy.
Apart from internal audits, the solution supports a wide range of audits including operational audits,
IT audits, and quality audits. Backing the risk-based approach to internal audit, the solution provides
the company’s audit team complete automation and functionality to assess risks. This risk assess-
ment serves as groundwork for the team to identify areas or entities that need to be audited at regular
intervals or on a need basis, depending on the severity of the associated risk. The solution integrates
with various SOx and ERM applications in the organization to extract relevant risk-related information
and upload it into the solution.
Auditors at the company can plan their yearly, quarterly, monthly and other regular as well as ad-hoc
audits based on the assessment results using the MetricStream solution. The solution supports
setting up a Multi-Audit (Annual or Multi Year) plan and allows creating an audit program with a
well-defined objective and scope tied to compliance and risk management processes. The scheduling
team at the company can implement the audit plan created in the MetricStream solution and schedule
audits using the audit calendar. Relevant auditors and audit entities are notified with automatically
triggered emails and alerts.
The solution supports closed-loop audits with capabilities to analyze audit issues/findings and track
recommendations and action plans for issues identified.
Resource planning and timesheet management: The audit management solution allows interactive
resource planning based on resource availability. The solution provides functionality for assignment
and management of the resources required for each audit. The auditors at the company can assess
the availability and match the skill set of required resources and assign them to specific audits for a
particular period of time using the audit calendar and automatic email notification facility in the solu-
tion.
The solution allows team managers to allocate auditors while panning yearly audits as well as at
different phases and tasks level. The solution provides various tools and reports for resource planning,
including audit assignments and schedules for each auditor, time budgeting and tracking information.
Auditors can log their time and maintain timesheets where they can also indicate future assignments.
This helps the team managers to assess the resource availability for future audits in advance. Ad-
ditionally, the timesheets give visibility to the team managers into the amount of time spent on various
audits by each auditor and take steps for better time managementimproving the overall efficiency and
productivity.
3. MetricStream
Issue management: MetricStream issue management software has helped the company to institute
Why MetricStream and follow consistent procedures for managing incidents and issues discovered during internal audits.
The solution supports issue capture, identification, evaluation, investigation, tracking, task manage-
MetricStream has deep domain experience in the ment, and status reporting. Elaborate remediation and corrective action process is followed to close
financial services space with in-depth understanding the loop.
of internal audit management and GRC.
Each department team can log in and check the number of issues affecting their department. The sys-
MetricStream’s solution is built and deployed on tem assigns a unique ID to each issue, making it easy to track it from one stage to the next. Detailed
MetricStream GRC Platform which provides key information about each issue is provided and issues are categorized based on predefined criteria.
functionalities such as workflows, configurable forms,
Action owners are assigned for particular issues and automatic alerts and notifications are sent to the
real-time exception tracking, email alerts and notifica-
tions, integration, management reports, executive appropriate personnel for remedial action through built-in workflows.
dashboards, business intelligence, analytics, and
secure access control. Failure investigations are conducted to determine the root cause of the issue. The investigation is
performed using collaborative workflow with investigative tasks assigned to appropriate individuals.
MetricStream’s solution includes an adaptive and The issue closes only after the action plan is carried out.
flexible data model, which makes it easier for busi-
nesses to model and configure complex audit projects Reporting capabilities: The MetricStream solution provides analytics with graphical dashboards that
such as scoping new audits, modeling organizations, give the managers at the company complete real-time visibility into the audit process.
designing new products or delivering new processes.
The solution generates reports for varied audit-related requirements of the company, provides
MetricStream’s solution provides a cohesive ap-
proach to meet overall GRC objectives and also map enterprise wide visibility into the process and highlights issues that need to be addressed on priority.
itself to manage specific requirements of organiza- Based on zone, country, business unit, region and market, the solution allows the auditors to generate
tions. reports for audit entities. Reports such as audit plan report, audit details report, audit summary report,
audit status report, issue logs report, follow-up status report and various customized reports can be
generated.
The managers at the company can obtain reports on the status of issues and incidents, audit resource
efficiency and track time spent on various audits by each resource.
For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.