I’m Anthony Mandica, Vice President, Head of Internal Audit here at ProSight Specialty Insurance. I’m responsible for providing assurance over the company’s internal control framework, performing a risk-based approach in assessing that the controls are designed appropriately and operating effectively. We strive to provide value added resources to our organization and leverage our audit experience and our knowledge of the company to help challenge and improve the various processes across the organization.
My audit team is made up of three experienced internal auditors who bring an array of experience that range from external audit, consulting, internal audit, as well as having experience in the finance accounting functions.
Prior to AuditBoard, we were like other companies living in a highly manual control environment dealing with a large volume of Excel files Word, and Visio documents. Having to worry about version control issues and remembering to update changes to controls and risks in the various locations that they’re at. If they’re in one Word document in one Excel document, making sure that you’ve updated them in both locations — pretty much an administrative nightmare.
We researched many SOX audit tools and the reason we selected AuditBoard was simple. The tool was created by auditors and the people we’ve talked to throughout the initial process were auditors. They knew what we were looking for and were able to show us on the spot, what we wanted. We never got those “we can add that enhancement in a future release” or “we don’t have the functionality just yet” type of answers. It was, “I know where you’re going with this and here it is right here.” We wanted a tool that can get it to us all in one shot, where you can assess the effectiveness of controls and build a dashboard or a report that can give you an output that you can discuss.
We use AuditBoard to manage our overall control environment through the SOXHUB module. And our director of SOX uses that to test SOX controls. We also have the OpsAudit feature where my team performs all the audits. We actually have tagged our external auditors in that process, so they rely on all our work. When it’s through my review, I then tag them and they’re able to see the documentation, review it in the OpsAudit module, and once we’re done with it, then we download it and they put it into their files. So we get a lot of benefit from having everything all in one place with our external auditors.
We also use the WorkStream feature. With WorkStream and SOXHUB is where the business has seen the most benefit. I remember the CFO said to me, “We were in an executive meeting and I heard a compliment about audit and about the use of AuditBoard and how seamless and easy it was.” And it just gives us a one-stop shop for the business, where they know that anything that internal audit or external audit wants is in that tool.
Having everything in AuditBoard has saved us so many hours of administrative time. When you think of all the request lists that you have, I would say we probably have 20 or 30 request lists in a year… it’s all housed in AuditBoard, and once you set it up, you’re done. You don’t have to worry about checking up on status and meeting with a few people to go through and say, “This is coming due, but when is this due?” or “Wait, can you shift this date? Okay, I’ll update it in this Excel file.” It’s all there. It’s all in one place, and you don’t have to spend those 2-3 hours a week to talk through a request list. Those things have been the most beneficial to the organization because you don’t realize how many administrative hours you spend on executing things. Having a tool that takes away those administrative hours is priceless.
We’ve implemented SOX in 2020. We had to change all our processes and controls for the most part, based off of a remote environment. We executed quarterly reviews and the annual audit remotely without adding staff. And we knew when we were bringing on this tool that that would be one of the reasons why we’re not adding onto staff.
Having AuditBoard track everything for you and keep everyone tightly connected really benefited us. In short I would say AuditBoard saved us a lot of hours, — 500-600 overall administrative hours — and saved us from possibly having to add one or two more full-time employees.
Having everything all in one place has enabled me to not have to worry about what I’m missing, but instead worry about other things. What can I do better? What can I bring to management and say, “Hey, I got this under control. We can take on more work. Are there any more operational audits that I can do? Are there any new systems that we’re implementing or changing or, or that you want you want internal audit involved in?” It’s enabled me to not have to focus on the things I used to have to focus on, in the sense of just the status of things, and actually change to say I can take on more work. What organization doesn’t like the fact that their team can handle more work and not have to add more people?
When we think of the investment that ProSight made in AuditBoard, it has paid off tenfold. The amount of time that it saved us in administrative aspects, our ability to focus and assess our control environment on a quicker basis, communication with our external auditors and how we made them more efficient in dealing with us because everything is in AuditBoard. It has definitely made my job a lot easier — and my team’s as well.