How a centralized audit management system transformed our team
1 like622 views
The document discusses how HSNI transformed its audit management system by adopting a centralized tool aimed at improving productivity, reporting, and compliance. Key factors for this change included selecting a vendor, managing data migration, and ensuring user engagement and training. The implementation led to enhanced visibility in audit operations and a framework for ongoing data-driven governance risk and compliance (GRC) improvements.
How a centralized audit management system transformed our team
- 1. How a Centralized Audit Management System Transformed Our Team September 19, 2016 Rose-Ann Mondy, Director – HSNi Assurance & Risk Advisory Cathy Miyagi, Senior Specialist – ACL Customer Success Organization: Data-Driven GRC Adoption
- 2. This presentation may contain forward-looking statements relating to the future performance and financial condition of HSNi, its operating segments and its consolidated subsidiaries. Forward-looking statements are based on management's current expectations and assumptions which may not prove to be accurate. Forward-looking statements are not guarantees of performance or historical facts and there are a number of known and unknown risks, uncertainties, contingencies and other factors (many of which are outside our control) that could cause actual results to differ materially from those expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences include but are not limited to: our ability to attract new and retain existing customers in a cost-effective manner; our exposure to intense competition and our ability to effectively compete for customers; changes in political, business and economic conditions, particularly those that affect consumer confidence, consumer spending or digital sales growth; changes in our relationships with pay television operators, vendors, manufacturers and other third parties; failure to attract and retain television viewers and secure a suitable programming tier of carriage and channel placement for the HSN television network programming; changes in shipping and handling costs, particularly if we are unable to offset them; any technological or regulatory developments that could negatively impact the way we do business, including regulations regarding state and local sales and use taxes; risks associated with possible systems failures and/or security breaches, including any breach that results in the theft, transfer or unauthorized access or disclosure of customer, employee or company information, or the failure to comply with various laws applicable to HSNi in the event of such a breach; any material change in HSNi's business prospects and/or strategy, including whether HSNi's initiatives and investments will be effective; our ability to offer new or innovative products and services through various platforms in a cost effective manner and consumer acceptance of these products and services; risks associated with acquisitions including the ability to successfully integrate new businesses and achieve expected benefits and results; risks associated with litigation, audits, claims and assessments; and the loss of any key member of our senior management team. More information about potential factors that could affect HSNi's business and financial results is included in our filings with the U.S. Securities and Exchange Commission. Other unknown or unpredictable factors that could also adversely affect HSNi's business, financial condition and results of operations may arise from time to time. In light of these risks and uncertainties, any forward-looking statements may not prove to be accurate. All written or oral forward-looking statements that are made or attributable to us are expressly qualified in their entirety by this cautionary notice. Accordingly, you should not place undue reliance on any forward-looking statements, which only reflect the views of HSNi management as of the date of this press release. Such statements speak only to the date such statements are made and HSNi does not undertake to update any forward-looking statements. Historical results should not be considered as an indication of future performance. SAFE HARBOR STATEMENT 2
- 3. HSN, Inc. (Nasdaq: HSNI) is a $4 billion interactive multi-channel retailer with strong direct-to-consumer expertise and operates two business segments, HSN and Cornerstone. HSNi became a stand-alone company May 2008 HSN Compliance department converted to HSNi Assurance & Risk Advisory - ARA (F/K/A: Internal Audit) ARA retained legacy system (OpenPages) until 2014 ARA started out as a 2 person department and over the years has grown to: > 4 Audit Professionals > 1 Business Continuity Manager > 2 Para-professionals > RSM for IT & Non-IT Support The Story
- 4. SO…HOW DID WE GET HERE?
- 5. What Were We Looking For Should We Renew? We needed a tool that will improve our productivity: A tool that can generate useful reports Capture key IA elements (e.g. Control #, Owner, method, frequency, COSO element, application name, etc.) Contains industry accepted frameworks (e.g. risk control matrices, COSO, ISO, etc.) Workflow capabilities Cloud computing Ability to grant restricted access Streamline navigation
- 6. Timeline Q2 2014 • Wrote business case • Research and assess tools • Obtain support from VP of Assurance & Risk Advisory (ARA) Q3 2014 • ACL Connections - Dallas, Texas • Championed tool to ARA team • Partnered with ACL: CSO, Pre-Sales and Product Management teams • Introduce tool to internal & external partners Q4 2014 • ACL GRC demonstration with HSNi specific data and methodologies • Developed implementation plan • Drafted MSA and SOW Q1 2015 • Signed MSA and SOW • Engaged ACL CSO DDGRC Adoption team (formerly Professional Services) • ACL migrated data from OpenPages • Trained ARA, External Auditors and other Partners – Went Live!
- 7. SHOPPING AROUND The Vendor Selection Process
- 8. Critical Factors: Others: Engagement team Data conversion Customer service Long term growth Performed a three-year expense analysis Decision Criteria
- 9. Key Functionalities & Features Regular Product Updates Continuous Improvement User Groups, ACL Academy, etc. Work paper management, Cloud Computing Fundamentals Templates: SOX, SSAE 16, T&E, Purchase Cards You are not a number – they’ve got your back! Support Various ACL support teams HSNi Assurance & Risk Advisory
- 10. HURDLES Onboarding Challenges Change Management Data Migration
- 11. “The world hates change, yet it is the only thing that has brought progress.” - Charles Kettering (a very important guy)
- 12. ■ Support from Senior Management ■ HSNi ARA > Data conversion & mapping > Timing of conversion > Training > Reporting > Ongoing assistance ■ External Auditors > Availability of data > Capture key elements > Data conversion ■ Consultants > Training and Accessibility ■ Data conversion > ACL built template to migrate data Getting The Green Light
- 13. Leadership Style If you don’t believe it, don’t try to sell it Listen Be honest – don’t oversell and under deliver Take a partner along Ask for help when you need it – you don’t have to have all the answers Lay the foundation, but everyone builds Have some skin in the game!
- 14. ACL Customer Success Organization (CSO) Our Transformation
- 15. Why ACL DDGRC Adoption Frameworks? Clear transformational paths to customer value-based outcomes Long-term scalable strategies Clear methodologies, phases and milestones To accelerate adoption of ACL technology by existing ACL GRC and analytic customers “Data-Driven” GRC
- 16. ACL DDGRC Audit Management Adoption Methodology Change Management Efficient Audit workflows Continuous controls monitoring One version of the truth Increase visibility of Audit program Align audit plan with enterprise risks Value-Based Outcomes OPTIMIZATION Integrating data analytics into controls testing Adopting continuous monitoring via usage of questionnaires and assigning records for review to the business Usage of report templates or create custom reports in Reports Manager OPERATIONALIZATION Enable users to use ACL GRC functionality for audit > Project Manager > Results Manager > Reports Manager Document audit workflow in Project Manager with usage of collaborative functionalities like client requests, to-do’s, and action items.
- 17. The Customer Adoption Journey CUSTOMER SUCCESS ORGANIZATION (CSO) ANALYTICS Adoption DD GRC Adoption Specialists Agents Customer Intensity Agency (CIA) Adoption Managers Adoption Specialists v a l u e v a l u e v a l u e v a l u e v a l u e v a l u e
- 18. TRANSFORMATION How is HSNi Using ACL GRC Today?
- 19. Life Before ACL GRC
- 20. PROJECT MANAGER Operational audits SOX RESULTS MANAGER Data gathering Questionnaires REPORTS MANAGER Weekly status reports Achievable & Measurable Successes
- 21. Project Manager Project Library One-Click Reports Issues Tracker
- 22. Results Manager A B C A Used to gather information before onsite meetings were held Success rate - High B Used to execute questionnaire to eleven members of Senior Management covering 94 topics Success rate - Low C Templates provided by ACL
- 23. Reports Manager
- 24. LOOKING AHEAD
- 25. Build out Enterprise Risk Management Risk Manager Coming Soon - New COSO ERM Framework – Q2/Q3 2017 Incorporate data analytics “Data-Driven GRC”
- 26. Enhancements to address Enterprise Risk Management ACL Product Roadmap Multiple risk profiles Up to 10 risk scoring factors 5 configurable risk attributes
- 27. Roll up of Risk Assurance scores Linking enterprise risks to control objectives Nested entity tags (linked with Projects)
- 28. So…WHAT?
- 29. Efficiency Away with emails! Issues Tracking Issues Reporting
- 30. Key Takeaways Implementing a Centralized Audit System: Solicit input and listen Make a list of your “Must Haves” What does success look like to you? How do you measure value? Buying a product vs. buying a solution Have fun
- 31. QUESTIONS?
- 32. THANK YOU CONTACT Rose-Ann Mondy, HSNi rose-ann.mondy@hsn.net Cathy Miyagi, ACL cathy_miyagi@acl.com