WHITE PAPER. Effective Audit Hosting Strategy: A Perspective. Abstract. Pranav Gadre, Sanjay Martis

Similar documents
A PATH TO GDPR READINESS WHITE PAPER

PREDICTIVE ANALYTICS FOR DATA-DRIVEN DECISIONS

WHITE PAPER. Comprehensive Capital Analysis and Review (CCAR) CFO attestation Recommended approach

BANKING WITH THE RIGHT REGULATIONS

WHITE PAPER. Technology Trends for Road User Safety in Public Sector. Abstract

AUTOMATING BIG DATA TESTING FOR PERFORMANCE

VIEW POINT. The Enterprise QA Transformation Model A solution to enhance an enterprises testing maturity. Abstract. Reghunath Balaraman, Aromal Mohan

TRANSFORMING THE LANDSCAPE FOR INSURANCE CLAIMS

ENHANCING BUSINESS EFFICIENCY WITH AI AND ENGINEERING DATA ANALYTICS

SEVEN FEATURED PEGA CASE STUDIES. Different needs, different industries, tailored solutions leveraging Pega solutions

WHITE PAPER. Application Grading for Comprehensive Quality Assurance. Abstract

KEEP THE LIGHTS ON - APPLICATION MAINTENANCE AND SUPPORT

CHANGE IMAGINED. CHANGE DELIVERED

WHITE PAPER. Master Data Management as a Solution Using SAP MDM and Complementing Technologies

Reimagining Life Sciences With AI-Enabled Digital Transformation. Abstract

PRODUCT COMPLAINTS MANAGEMENT. Infosys Handbook For Life Sciences

PERSPECTIVE. Creating Business Value with Mature QA Practices. Abstract

ENABLING SALES TEAMS TO CREATE WINNING QUOTES

CASE STUDY THE SPEND ELIXIR

VIEW POINT. Top 3 steps to a successful ERP implementation for M&A in manufacturing - a project management point of view

KNOWLEDGE-BASED ENGINEERING (KBE) Key product-development technology to enhance competitiveness

RPA VALIDATION PITFALLS AND HOW TO AVOID THEM

WHITE PAPER. IoT-enabled Banking Services

PERSPECTIVE. Customer Loyalty Quotient Strategy: Key to an emotional connect with customers. Abstract

INFOSYS PROCUREMENT AND PLANNING PRACTICE

PERSPECTIVE. Assuring the digital utilities transformation. Gaurav Kalia Client Solution Manager

PERSPECTIVE. Need for a Comprehensive Test Maturity Model. Abstract. - Reghunath Balaraman, Harish Krishnankutty

PERSPECTIVE. MAKING GPP (Global PAYplus) TESTING PREDICTABLE

CASE STUDY. Streamlined Operations Through New Business Process Transformation

WHITE PAPER LEVERAGING 3-C PHILOSOPHY FOR ENHANCED ROI FROM CHANNELS

AVOIDING EQUIPMENT FAILURE WITH ENGINEERING DATA ANALYTICS AND AI

MODERNIZING THE MIDDLEWARE

RETAIL AND CPG HUMAN AMPLIFICATION IN THE ENTERPRISE

PERSPECTIVE. Operational Risk Management in Banks: The Way Forward

RETRANSFORM BEYOND AGILE FOR FASTER, INTEGRATED IT SERVICE DELIVERY

WHITE PAPER. Evaluation Framework: To Build or to Buy CRM Software? Abstract

RETRANSFORM BEYOND AGILE FOR FASTER, INTEGRATED IT SERVICE DELIVERY

COMPLIANCE AND RISK MANAGEMENT AS A CATALYST FOR CHANGE

A 7-STEP FRAMEWORK TO IMPLEMENT CICD IN ETL TESTING

PERSPECTIVE. Using QR codes to track and identify counterfeit products

WHITE PAPER. Loss Prevention Data Mining Using big data, predictive and prescriptive analytics to enpower loss prevention.

NAVIGATE YOUR NEXT TARGET PERFORMANCE WITH DIGITIZE CFO DASHBOARD

WHITE PAPER. A framework to increase ROI through quality data. Kuriakose K. K., Senior Project Manager

INFOSYS BUSINESS PROCESS MANAGEMENT OFFERINGS

WHITE PAPER. How to optimize close cycle using Hyperion Financial Management. - Navpreet Singh, Principal Consultant

CMO Challenges Today: How Are They Reacting?

PERSPECTIVE. Abstract

NAVIGATING TO ACCURATE POINTS OF INTEREST (POI): BENEFITTING MAP USERS AND BUSINESSES THROUGH THE 3D APPROACH

MARGIN MANAGEMENT IN THE OIL & GAS INDUSTRY WHITE PAPER

FINDING AIRCRAFT PARTS BEFORE THEY ARE LOST, WITH PREDICTIVE ANALYTICS

BEST STORIES FOR DIGITAL IN COMMUNICATION SERVICES

FROM MONOLITHIC MAINFRAMES TO CLOUD FOR FASTER TIME TO MARKET

DIGITAL OUTLOOK INDUSTRIAL MANUFACTURING INDUSTRY

WHITE PAPER. An Insight into Microservices Testing Strategies. Abstract. Arvind Sundar, Technical Test Lead

PERSPECTIVE. Shrink Resolution Times with Field Service Automation (FSA) Abstract

FRESH INSIGHTS FROM REAL-TIME DATA, COURTESY AI-DRIVEN ANALYTICS

WHITE PAPER. BPM for Structural Integrity Management in Oil and Gas Industry. Abstract

ACCELERATING DIGITIZATION THROUGH NEXT-GENERATION INTEGRATION

WHITE PAPER. Coalition loyalty: Loyalty s new definition

VIEW POINT. Approach to The Elemental Impurities Risk Assessment in Pharmaceuticals

WHITE PAPER. Assuring success in blockchain implementations by engineering quality in validation

WHITE PAPER. Improved Compliance Management in Banks through Cognitive Analysis

WHITE PAPER. Cloud-Based Human Capital Management: Accelerating Organizational Evolution to be #MoreTogether. Abstract

WHITE PAPER. End User empowerment for improved Asset Maintenance

REDUCING TIME TO MARKET WITH DEVOPS

VIEW POINT. Experience Commerce

WHITE PAPER. Count your inventory in the right way for right result

Converting Complaints to Customer Experience A Framework to Redefine the Complaint Management Process in Banks WHITE PAPER

INFOSYS SMART OILFIELD SERVICES SOLUTION FOR SAP ERP

WHITE PAPER. Responsive Supply Chain. Abstract

Boundaryless Information PERSPECTIVE

WHITE PAPER. Banks Regulatory Reporting Compliance The Challenges and the Solution. Abstract

PERSPECTIVE. Effective Capacity Management with Modeling and Simulation - assisted Performance Testing. Abstract

10 ideas to WiN in the EMERGiNG MARKEtS

INFOSYS OIL AND GAS PRACTICE

STUDY. Connecting the dots to create ideal stores Drive growth with profitable in-store execution

MAKING PRODUCTS TALK THROUGH SMART LABELS

DIGITAL OUTLOOK AUTOMOTIVE INDUSTRY

WHITE PAPER. Leveraging advanced validation techniques for retail size optimization. - Divya Mohan C, Chitra Sylaja

VIEW POINT. Enhancing the Effectiveness of Rolling Forecasts. Abstract

THE INVISIBLE HR PROBLEM

PERSPECTIVE. GDPR - An industry and geography agnostic regulation. Abstract

VIEW POINT. Clearing the clouds of SuccessFactors. Abstract. Jitendra Chakravarty, Principal Consultant

WHITE PAPER. Implementing Compliance Program under the Volcker Rule A practitioners perspective. Praveen Daga

Progressive Organization PERSPECTIVE

THE EVOLUTION OF CRM HOW MASS MARKETING DIED OUT AND WAS REPLACED BY A PERSONALIZED APPROACH THAT IS NOW THRIVING IN THE DIGITAL ERA

MAN, MACHINE AND FINANCE - THE FINANCE ORGANIZATION THROUGH 2030

PERSPECTIVE. Accounting General Ledger Challenges in Facets. Vikas Kumar Abstract

PERSPECTIVE. Big Data Analytics: It s Transformational Impact on the Insurance Industry

ACCELERATE YOUR JOURNEY TO BEING DIGITAL

WHITE PAPER. Chiller Plant Optimization - A Practitioner s Perspective. Abstract

ENDLESS POSSIBILITIES WITH DATA FOR RETAIL, CPG AND LOGISTICS

BEST STORIES OF INFOSYS SALESFORCE IMPLEMENTATION

DevOps Journey. adoption after organizational and process changes. Some of the key aspects to be considered are:

PRESS #1 FOR CUSTOMER SERVICE. When a customer calls for help, you want to offer the best. But they often fear the worst.

MiFID II and the World of Flash Trading WHITE PAPER

DIGITAL OUTLOOK CONSUMER PACKAGED GOODS INDUSTRY

WHITE PAPER. Kanban execution: Optimizing work-in-progress (WIP) Towards achieving a shorter lead time and better flow rate.

WHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal

INFOSYS SALESFORCE PRACTICE Empowering global enterprises to make smarter business decisions and bring engaged customer ecosystem experiences to life

Transcription:

WHITE PAPER Effective Hosting Strategy: A Perspective Pranav Gadre, Sanjay Martis Abstract A company is subjected to various IT system/applications audits throughout the year. Two of the most important audits are i) SOX audits as they enforce regulating financial reporting practices in a company and ii) Computer Systems and Part 11 s as they have financial implications for regulated companies. It is very important for a company to conduct these audits internally and externally to ascertain their compliance level and identify and rectify gaps. Periodic internal and external audits ensure compliance and diminish overall risks associated with operations. This is achieved by identifying potential issues, implementing contingency plans and managing solutions before they emerge as problems. This white paper discusses an effective Hosting strategy which includes preparatory activities, audit facilitation and remediation activities.

Need for Hosting For many companies, the failure of an audit may not only have a cost impact, but also impact the company s image, because if a company has findings that are considered to be high risk, these findings can also get reported in the public domain. The Quality and Compliance department within a company is usually responsible for conducting internal audits and hosting external audits. For most ees, the audit process is unpredictable, uncertain and one of uneasiness. The preparation process can also be tiring, frantic and sometimes grueling. And as scary as the audit process appears, it is even more concerning when an audit does not go well. To avoid such uncertainties it is always better to plan for an. A best practice and starting point would be for a company to document the process for Hosting. Typically in any large organization, there is a separate team (part of Q&C) to help the business functions and users in their audits. They help the Business Process Owners (BPOs) to undertake and clear their s. Preparation Facilitation Remediation Review the findings from previous audits to ensure remediation is closed. Prepare an elaborate plan listing down all activities that need to be completed before the is initiated. Conduct Do's and Don'ts sessions with the BPOs. Scheduling and conducting audit walkthroughs. Tracking and closing data requests. Conducting regular status meetings with auditors and BPOs. Tracking audit findings to closure. Ensure that remediation is permanent and preventive in nature. An analogy to help understand the concept better One can relate hosting to a game of soccer where Host is the Coach of the team, the players are the BPOs and the opposing team players are the ors. (In reality they should not be viewed as the opposing team but as team members whose goal is to facilitate best practices in an organization). The Coach needs to help his team and prepare them before a big match. He needs to identify the weak areas and work on them with the team. The coach and the team need to look at the past mistakes and plan so that they do not reoccur. This can be related to the Preparation activities. The actual game can be related to the Facilitation where the Coach is directing and guiding the players (BPOs) from outside the field. He ensures that they play by the plan, do not foul and that they defend their goal by fair means only. The players need to ensure that they play their best game and provide no opportunities for the opposition to score. Once the game is completed, the postmatch analysis is similar to the Remediation activities. Here the Coach analyses the mistakes of the team during the game to provide valuable insights. The players need to work on their mistakes and train harder to ensure a better outcome in the next game. The coach devises a plan based on the current experience of the team to prepare for the next game.

The host is a liaison between the auditors and the auditees. He / she is responsible for tracking the data requests from the or and providing accurate data back to them. He / she should facilitate meetings and help the BPOs with their data requests and seek clarifications from the ors whenever required. The host plays an important role in ensuring the success of the. He / she should also ensure that the data is represented accurately. Role of Host hosting phases There are three main phases of hosting: Preparation Facilitation Remediation

This is the most critical phase to ensure the success of an. Most of the groundwork and preparation is undertaken in this phase. The preparation phase should begin at least two months prior to the start of the actual audit. A starting point of any audit is for the auditors to review the findings from the previous audits whether they have been closed and remediated as any repeat finding will have a greater significance on the final rating of the. This needs to be confirmed by the host with the responsible BPOs. Preparation The next step would be to prepare an elaborate plan by listing down all the activities in preparation of an audit. The notification of the audit would be the trigger for this activity. The host should read the notification carefully and identify the in-scope and out-of-scope considerations mentioned in the document. He should inform the concerned BPOs about the duration and the scope of the upcoming audit. The plan should capture at a minimum the following details: 1. Contact Details of all the BPOs and ors 2. List of processes to be audited (In Scope) 3. List of applications/systems to be audited 4. Logistics 5. List of presentations required for the kickoff and closure meetings 6. Common shared folder details to share and store the documents with the team and BPOs Once the planning document is ready and the audit host has all the auditee contacts, he / she should start conducting an audit overview and Do s and Don ts sessions with the auditee contacts. This is a very important session which instructs the auditee how to respond to questions from the auditor. This session can also be utilized as a Q&A session to clarify misconceptions about audits in the minds of an auditee. In most audits the number of the data requests is quite significant. It is very important that the email communication is tracked accurately to monitor the traffic of the data requests and subsequent follow up questions. The host should decide on a naming convention or categorization of requests belonging to different in-scope areas. It will help if the data request tracker has the same convention as in the subject line of the emails sent for these requests. It is a good idea to send out mock data requests from previous audit prior to the start of an actual audit to familiarize the BPOs with the naming conventions and Dos and Don ts of Email communications during the audit. The mock data requests also serve the purpose to check the response time and accuracy of the data provided by the BPOs before the start of the actual audit. This activity helps the auditees to acclimatize to actual audit requirements. One of the key activities of audit preparation is to maintain a risk register. The host should conduct a session with all the BPOs to identify risk areas and mitigating controls to address these risks prior to the start of the audit. The BPOs should try to address all such risks before the start of the audit. The host should plan for pre audit meetings with the auditors to understand the scope of the audit, the proposed schedule for the audit and discuss the work schedule of the ors and BPOs during the duration of the audit. The audit host should schedule walkthrough meetings for auditors of the processes in-scope with the concerned BPOs. This helps during the course of audit as auditors would understand the processes better before providing their data requests. Ensuring successful completion of all the above activities will help in the actual audit process. The preparation phase also helps in setting expectations with all stakeholders. The next phase is the Facilitation during the course of audit.

The audit host is responsible for ensuring effective and correct communication between the ors and the BPOs during the course of the audit duration. He / she should try to attend all meetings with the auditors and should keep focus on the scope of the meeting and try to prevent any digression. Some of the key activities that the audit host should ensure during the course of audit are listed below: Facilitation Conducting Walkthroughs The host should coordinate with the auditors to schedule the required walkthroughs and ensure that there is enough and appropriate representation from business owners and users. It is a good practice to conduct internal walkthroughs with the BPOs before the actual meeting with the auditors. host should capture the minutes of meeting and action items and follow up on them after the walkthrough. Tracking Data Requests Depending on the scope and duration of the audit, the number of data requests may vary but it is important to close them in an appropriate timeframe and track them. It is a good practice to create a tracker to track all the data requests. The tracker should have the name of the responsible person, auditor name, requested date, due date and status as the minimum columns. It is a good practice to follow the same naming convention of the tracker in Email communications sent to the BPOs and the ors, this helps in effective tracking. Status Meetings It is essential to conduct status meetings with the ors and the BPOs at regular intervals At the status meetings, the data request tracker should be discussed to resolve any pending requests. This meeting should also be used to seek clarifications on data requests from the ors and the data provided by the BPOs if the auditor has any questions. The most important usage of the status meeting is to discuss the findings/ issues that the auditors have noted and the significance of the same. This enables the BPOs to provide any additional data before the final audit report is published. Closing Meeting The host should plan for the Closure meeting in advance. He /she should ensure that all the audit findings are agreed upon by the BPOs and that the remediation plans for the same are discussed and approved by the ors. He / she should confirm that the planned completion dates for the remediation are reasonable and achievable. This helps in the remediation phase of the audit. Facilitation is a critical activity and the Host should try to facilitate all communication between the ors and the BPOs. The next phase of the Hosting activities is Remediation.

There is a possibility that BPOs could lose track of the committed remediation during an audit and this would create issues during forthcoming audits. This is compounded when business users try to rush closure of the remediation prematurely. This is where the Host needs to play a pivotal role. He / she should ensure that the BPOs close the remediation as committed in the given time frame. Remediation Creating an Remediation tracker can be the starting point. At a minimum this tracker should have the issue details, remediation details, due date, status and the contact details of the responsible BPO. The host should maintain this tracker until all the remediation is closed. The host should ensure that the remediation is permanent and preventive in nature. This will avoid repeat findings of similar issues in the next audit. It is very likely that the BPOs lose focus after the audit and will not work towards closure of the findings till the due date is near. This can lead to incomplete or temporary fixes to rush closure of findings. To avoid this occurring, it is a good practice to conduct weekly status meetings with the BPOs to gather the status of the remediation and the progress made till date. Successful remediation of all the findings marks the closure of all Hosting activities for that audit. Summary It is important to understand that s are performed of the processes and not individuals. An audit is a way to check the compliance of defined processes and indentify the gaps within to solidify them. The more audits a company faces, the more mature its processes become. The Host should enforce this message to the BPOs and ensure that the findings are not taken personally. Effective Hosting for an audit ensures it s success and on-time completion. It is important for an Host and BPOs to maintain their integrity and not create any hindrances for the team. ors become more receptive and open when they sense that the Host and the BPOs are trying to help them with the audit process. It is the responsibility of the Host to keep the BPOs committed throughout the course of the audit and help them provide all requisite information to the team as possible. Hence it is pivotal for organizations to have a dedicated Host for each audit to ensure its success.

About the Authors Pranav Gadre (Pranav_Gadre@infosys.com) is a Principal Consultant with Infosys Life Sciences practice. Pranav has 11 years of experience process consulting, regulatory compliance which includes process definition and continuous improvement, process automation and support for SOX and Regulated (GXP) s. He has extensive project management experience and has managed large projects. Pranav holds a Bachelors Degree in Instrumentation Engineering. Sanjay Martis (Sanjay_Martis@infosys.com) is an Industry Principal with Infosys Life Sciences practice. Sanjay has over 15 years experience consulting on business processes, technology and project management in the Life Sciences domain to help clients achieve process improvement, business transformation and improvement in business intelligence & CRM capabilities. Sanjay holds a Bachelors Degree in Pharmaceutical Sciences and an M.B.A. in Marketing References http://www.auditing.com/preparingforthe.htm

For more information, contact askus@infosys.com 2017 Infosys Limited, Bengaluru, India. All Rights Reserved. Infosys believes the information in this document is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of other companies to the trademarks, product names and such other intellectual property rights mentioned in this document. Except as expressly permitted, neither this documentation nor any part of it may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, printing, photocopying, recording or otherwise, without the prior permission of Infosys Limited and/ or any named intellectual property rights holders under this document. Infosys.com NYSE: INFY Stay Connected

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback