My department has four people. We’re responsible for internal audit, risk, and controls. Our work is focused around SOX and the testing done annually. We also help with maintaining the repository of controls — getting updates from management and helping in the certification process, and with the financial statements. In addition, we perform operational audits when time permits.
Life before AuditBoard was a bit chaotic: it was a network of spreadsheets, emails, SharePoint, and a little help from a third party tool. There were a lot of challenges, because with spreadsheets there were always issues of version control and how to document comments where people could find and react to them. We also had some difficulty getting results together for status reporting.
We needed one system of truth — one place where we could have all of our testing, be able to summarize our results more easily, and be able to move our testing through various phases. We needed automation — trying to do things manually and keep everything in sync was a nightmare. Now, having the workflow capabilities in AuditBoard — with everything integrated together, from the definition of the control through the test — it’s been much more efficient.
External auditors have been able to pick up the tool with a minimum of instruction. AuditBoard has been very helpful with external auditors. In the past, we would add documents to a shared drive, and zip things up to a flash drive and deliver them manually to external auditors. Now, in AuditBoard, we’ve set it up so that as soon as a test is completed for a reliant control, the external auditor can immediately review our work. We’ve also evolved to sharing document requests with external auditors — reducing the load on the business in a very big way. With one request, most of the documents can be used for external and internal audit testing. It’s a lot easier for the business to gather the documents we need for completing SOX testing.
The biggest savings we’ve had is in regard to the amount of time we put into document requests and administrative matters like status reporting and follow-up on tests that need to be redone. Reporting from AuditBoard — being able to get quick status reports — definitely helps with that.
AuditBoard saved us 30-40% of the hours we used to spend on administrative activities like status reporting, following up on missing documents, and following up on review notes. Just being able to see everything in the system makes it a lot easier. It also frees us up for more time to spend on activities that are core to SOX work, such as performing original testing and doing more targeted, clear, and detailed reviews of the work performed by others.
I like that AuditBoard is a software solution and that’s been able to grow with us. We started with SOXHUB, and we’ve added RiskOversight. We’re also working with OpsAudit and we keep on finding more things to use — not just for SOX, but with internal audits and our work with risk and controls. The tools help us with overall governance.