Case study: Experian plc

Size: px

Start display at page:

Download "Case study: Experian plc"

Christian Lester
5 years ago
Views:

2 Case study: Experian plc Technology Enabled Internal Audit as a Business Value Driver Mike Taylor Head of Global Internal Audit

3 The views expressed during the presentation are the personal view of the author and may not be understood or quoted as being made on behalf of, or reflecting the position of, Experian plc

4 Experian: A leading global information services company Revenue US$4.8 bn EBIT US$1.3 bn Market Cap* c. 12bn UK FTSE Top 50 Employees c.17,000 Offices in 39 countries Largest markets US, Brazil, UK

with a diverse portfolio by region, business line and customer segments with a diverse portfolio by region, customer segment and business line By region By customer segment By business line North

5 with a diverse portfolio by region, business line and customer segments with a diverse portfolio by region, customer segment and business line By region By customer segment By business line North America 51% Latin America 18% UK and Ireland 21% EMEA/Asia Pacific 10% Financial services 30% Direct-to-consumer 20% Retail 9% Automotive 5% Healthcare 5% Telecoms and utilities 5% Insurance 4% Media and technology 4% Government and public sector 2% Other 16% Credit Services 49% Decision Analytics 12% Marketing Services 18% Consumer 21%

6 With 17,000 employees across 39 countries

Experian Global Internal Audit Team September 2015

Internal Audit Risk Management Compliance Global Security

Head of Audit North America Regional Head of Audit Latin

7 Experian Global Internal Audit Team September 2015 Department Administrator Mike Taylor Head of Global Internal Audit Risk Management Compliance Global Security Office Regional Head of Audit - UK/EMEA/APAC Regional Head of Audit North America Regional Head of Audit Latin America Head of Global IT Audit GRC Support Team 9 Staff 9 Staff 8 Staff

8 Internal Audit Challenges 1 Challenge Role of the GRC Audit Management System (AMS) Broaden skills in IA - guest auditors Provide clear framework to support audit process Enhance audit practices Embed in AMS to ensure compliance / consistency Support the widespread use of data analytics at planning and execution phases. Transition from regional to global Single AMS supporting transparency / common view Leverage best practices Increase Audit quality and efficiency Captured in AMS (audit approach/ analytics ) Capture information once / globally accessible Manager review trail Support quality assurance process

9 Internal Audit Challenges 2 Challenge Role of Wider GRC System Improve interface /usage of risk data Establish linkage between risk database and audit process Single location for all business actions Issue tracking common repository for all governance issues IA, Risk, Compliance, InfoSec, Security Improve action follow-up and closure Drive reporting off issue tracking database Improve interaction with other governance functions Make issue tracking available to wider business to view action capture Coordinated assurance project

10 Challenges As We Look Forward Activity Technology Impact Refresh risk appetite /policies Risk + Polices modules Risk owners Single data repository risk & assurance Co-ordinated assurance activities Common risk & assurance view Holistic Reporting Issue tracking Common database & reporting capability

11 Experian GRC programme Risk Management Internal Audit Management Issue Tracking Rolling out Operational Operational Compliance 2016 Group Policy Enterprise Management 2016 Operational

12 Project Timeline Live Jan - July August Sep-08 Sep-22 Oct-17 Oct-20 Jan-05 Feb-09 Mar-06 Apr-01 VENDOR SELECTION DETAILED REQUIREMENTS Phase 1 Planning Phase 2: Design Phase 3: Build Phase 4: User Acceptance Testing Phase 5: Deploy Phase 6: Operational Support

13 Audit Management System Business requirements Risk assessment / audit planning Audit assignment planning Audit execution Work paper management / workflow Audit status tracking Detailed requirements definition & capture Audit closure / review Reporting Issues captured / tracking

Project Guiding Principles Usability Consistency Change Management Complexity Alignment Inclusion Sustainability Documentation The focus of development efforts will be on the usability of the tool.

14 Project Guiding Principles Usability Consistency Change Management Complexity Alignment Inclusion Sustainability Documentation The focus of development efforts will be on the usability of the tool. The solution will be designed and developed according to the documented business requirements in the GIA manual. Changes to scope must be formally documented and approved by the Management prior to implementation. Simple solutions will be selected over complex solutions. The out of box solution will be utilised wherever possible. Other GRC stakeholders will be consulted regarding proposed changes to shared components. GIA extended team (UK, Brazil, etc.) will be consulted on decisions involving usability. Solution will be engineered to require minimum maintenance and allow for Experian to extend the capabilities with in house resources. All key decisions and solution architecture will be documented throughout the life of the project.

15 The Outcome A Snapshot Live on time/ under budget Audit quality assessment 83% Data analytics on 66% of Audits Stakeholder post-audit feedback 4.2 out of 5 Hours of assurance 5% up on target per month Report issuance <7days v 10days target Employee engagement 89% (up from 81%) Project objectives achieved

Role of Technology and Data in Achieving Our Goals Audit

Increased access to knowledge Increased efficiency through

tracking Visibility of issues across the business Data

16 Role of Technology and Data in Achieving Our Goals Audit Management Increased process consistency throughout regions Increased access to knowledge Increased efficiency through process automation Issue Tracking Improved issue reporting and tracking Visibility of issues across the business Data Analytics Enhanced audit planning process More efficient and effective testing procedures

Use of Technology and Data to Increase Business Value Audit Management and Issue Tracking Build a strong relationship with governance and business functions More insightful audits Increase in

17 Use of Technology and Data to Increase Business Value Audit Management and Issue Tracking Build a strong relationship with governance and business functions More insightful audits Increase in assurance provided Facilitate better risk decision making Consolidated view of issues across the three lines of defence Data Analytics Provide tools developed during the audit to the business

Benefits of Investing in Technology and Data Analytics Transform culture from analysis to analytics to increase effectiveness of internal audits.

18 Benefits of Investing in Technology and Data Analytics Transform culture from analysis to analytics to increase effectiveness of internal audits. Build a strong foundation by establishing access to various data sources and partnering with governance and business partners to facilitate better risk decision making. Plan for the future by driving innovation and continue to recalibrate the strategy in response to emerging trends such as Big Data and regulations.

Adopting Technology: Pitfalls to Avoid Overly complex business requirements that require significant configuration or coding changes Inadequate senior management sponsorship and engagement with the

19 Adopting Technology: Pitfalls to Avoid Overly complex business requirements that require significant configuration or coding changes Inadequate senior management sponsorship and engagement with the project Appointing vendors without vetting and securing the specific individuals who will work on the project Appointing vendors who don t have the right mix of big picture/architectural and detailed technical experience Large and complex configuration changes that can cause integrity problems Maintaining highly configured solutions can be very costly