How do you manage a $4.5 billion business with an internal audit team of only 6 people?
It sounds impossible, especially with today’s unprecedented pace of business change. New and evolving regulatory requirements require an increased need for agility, as public and regulatory scrutiny is at an all-time high. In this environment, Internal Audit needs the ability to quickly identify and mitigate risk, ensuring compliance is consistent and aligns with strategic directives—no matter where they operate in the world.
Ashwat Panchal, vice president of internal audit at footwear company Skechers, experienced this unprecedented pace of change first hand. When Panchal joined Skechers, it was an $815M company operating primarily in the US. Today, 15 years later, it's a $4.5B company operating globally with 60 business units around the world. As the company experienced this rapid growth, Panchal was able to not only save employees’ valuable time (and the company money) while ensuring localized compliance, but he accomplished this with an increase in internal audit headcount of only 2 employees.
“6 people for a $4.5B company!” exclaims Panchal. “Without a standardized audit program and a compliance solution agile enough to handle ever-changing, and worldwide, regulatory requirements, I would have to spend 75% of my time on a plane, which would severely impact productivity.”
Skechers has been able to comply and mitigate risk across its global business—which includes wholly owned subsidiaries, distributors, joint ventures, and licensees around the world—through the use of Oracle Risk Management Cloud.
“I started with a master library of best practices,” Panchal recently told an audience at Oracle OpenWorld 2019. These best practices served as the foundation for the Risk Management Cloud implementation—which took weeks, not months or years. Getting a new region up and running is simple and can be done from anywhere. “We can do a lot more with fewer people. Without our standardized approach and Risk Management Cloud, we would have 40 to 50 people traveling around the world, all of the time. When I first joined Skechers, I was motivated by how I could add value to the company. By streamlining and rationalizing our control environment and leveraging Oracle Risk Management Cloud, I have controlled headcount and reduced travel—saving the company time and money.”
For new regions, Panchal simply takes the master library and works with the local business unit to help determine the high-risk areas and decide how to test and what to test. He will modify the master library based on these analyses to create localized instructions for testing in the region. “I don’t have to worry about regions doing their own thing,” Panchal said.
The additional silver lining comes for External Audit. “It’s self-service! I just give them access to Risk Cloud—so gone are the emails and the little stuff that gets very time-consuming. We now get to spend our time addressing the more meaningful issues.”
A company’s confidence to grow should never be impacted by an inability to quickly comply with a locale’s regulatory requirements. Internal Audit can sometimes be the first in the organization to get exposed to potentially high-risk issues for the company, putting them in a unique position to detect risk and implement the proper controls before damage can happen.