Implementing AdaptiveGRC – Internal Audit and Recommendations module

Challenge

7

One of our clients, Bank Gospodarstwa Krajowego (BGK) is a state-owned national development bank whose mission is to support Poland’s social and economic growth, as well as to aid the public sector in achieving its goals. As with any other bank, one of the key departments here is the Internal Audit Department (IAD). IAD is responsible for which is tasked with providing objective opinions and information about the Bank and its subsidiaries, independently assessing internal control systems, as well as performing an advisory role by giving recommendations for improving existing control processes and mechanisms and introducing new ones. Additionally, IAD is responsible for monitoring known risks and the effects of corrective actions undertaken to eliminate them, and regularly reporting on these to the Executive Board, Auditing Committee and the Supervisory Board. 

Before AdaptiveGRC was implemented these recommendations were entered after each audit into an Excel spreadsheet, which was then sent over to each department. In order to verify the implementation of these recommendations, e-mail communication was used, and the information it carried about actions taken, work completed and conclusions arrived at, was then described in separate documents.  

 

Solution

7

The bank decided to implement the Internal Audit and Recommendation Management module of AdaptiveGRC as it deemed the system to be most suitable for its existing internal processes regarding this area. 

The main goals of implementing the applications were: 

  • to facilitate the monitoring of the progress of recommendation implementations, 
  • to facilitate simultaneous work for a team of auditors, 
  • to enable real-time access to the database of recommendations for bank employees at various levels, and 
  • to enable reporting the progress of recommendation implementations to the Executive and Supervisory Boards as well as to the Audit Committee 

The fundamental functions of the system are: 

  • logging information about each internal audit, 
  • adding findings and recommendations to audits, 
  • managing the implementation of each recommendation in accordance with a pre-defined workflow, 
  • real-time monitoring of recommendation implementations, 
  • closing reporting periods – status reports for recommendation implementations as of reporting period closing date, reports of current statuses and statuses in selected reporting periods;
  • e-mail notifications on current statuses of recommendation implementations and possible delays sent to the auditing team, personnel responsible for implementing each recommendation, the Boards.

AdaptiveGRC implementation benefits:

7
  • Full control over current implementation and history of recommendations and audits 
  • Up-to-date monitoring of implementation progres 
  • Quick access to detailed information  
  • Automatic notifications about status changes