By Barry Greenhut, Director, GRC Product Strategy, Oracle
If your organization is like most, financial audits are hard work: how many months do you spend preparing each year, then how many more answering your auditors' questions? And how much harder has COVID-19 made them - e.g., because of office closures and changes in your business?
Our customers are using their Cloud applications to streamline audit and make it more resilient and cost-effective. Their internal teams continually monitor, assess, address, and document risks and remediations. That helps them get ahead of potential problems, shortens the time they spend with their external auditors, and instills confidence by demonstrating soundness and control of their financials. Their external auditors have self-service access to the data they need, further shortening the time spent on requests and responses.
Two key concepts drive those activities: open-book audit and risk-driven audit.
Organizations can make full use of cloud application capabilities by giving external auditors wide-but-controlled access to everything they need during an audit. Known as “open-book auditing,” the approach was described in depth by Robert Kugel of Ventana Research in a recent Oracle webinar.
Open-book auditing includes any or all of the following components:
Proven tools, security practices, and access controls can make open-book auditing a good choice for remote audits. They let you give auditors limited-scope and limited-time access to the documents and data they need. Only those with the proper credentials can access your system during the limited period that you define, and you can block access to confidential and unrelated information.
Our customers can reduce audit effort and increase audit value by performing strategic activities that focus foremost on addressing their most significant risks.
First their internal auditors can use Oracle Risk Management to automate risk assessments, tests of control effectiveness, and issue resolution—helping to improve operations. When they find unwanted ERP transactions, or configurations and user access that allow those transactions, Risk Management automatically alerts them, so they can remediate the issues and prevent their recurrence.
Then they can give their external auditors self-service access to documentation of all that strategic activity, which puts the most important risks in the spotlight. Doing so focuses their external auditors’ expertise where it does the most good for the enterprise and its stakeholders, and as the audit proceeds, requests for additional information can be satisfied by adding more self-service access.
Kugel says using cloud applications to reduce audit burden should be a priority because it will:
Additionally, automating risk management practices—a key component of reducing audit burden—can help you manage the increasingly complex risk landscape more cost-effectively. For example, automated monitoring is the most effective way to control fraud losses and duration, according to research by the Association of Certified Fraud Examiners (ACFE).
Another important factor in fraud risk management is scalability, especially for fast-growing companies. Here, too, providing your internal audit team with automation tools pays off for CFOs and other finance executives.
Consider Ashwat Panchal, vice president of internal audit at footwear company Skechers. Over 15 years as the company globalized and revenues grew five-fold to $4.5 billion, he was able to keep up while increasing his headcount for internal auditors by only two, for a total of six. Skechers has been able to comply and mitigate risk across its global business—which includes wholly owned subsidiaries, distributors, joint ventures, and licensees around the world—through the use of Oracle Cloud Risk Management.
Regarding financial period close, according to Ventana Research, automation ensures strong accounting controls and provides access to relevant close files in one place for outside auditors. It also helps to maintain standards, especially in a distributed workforce. In terms of speeding up the close, 85% of companies that close within six business days have substantially automated their close processes.
The benefits of automation are available throughout Oracle Cloud ERP, and using automation for period-close practices further reduces the resource burden of audits, as well as for the close itself.
Every organization will have its own comfort level for using technology to share information with external auditors—but any organization that wants to use automation to have more proactive and accessible audit practices can start doing so today with Oracle Cloud Risk Management. Watch the Ventana Research webcast to learn more.