A clear lens on risk
Helping a consumer products company modernize its internal audit risk assessment
GETTING CLEAR
ABOUT RISK
The Situation
It was that time of the year again—audit leaders for a large consumer product company were on the hook to deliver their annual internal risk assessment and audit plan. But there was a challenge this year: competing priorities, which affected their ability to deliver. And no one—despite the sudden churn—was completely surprised. The company had deep, historic roots, and like many heritage enterprises, most of its systems and processes had been updated over the years, while some—like the annual risk assessment—hadn’t.
The company’s internal auditors were still manually soliciting information for the assessment from stakeholders across the business—a cohort that had grown, over the years, to more than 100 people around the globe. And as any corporate employee can tell you: requesting information is one thing. You then need to actually obtain it, then synthesize it in order to perform your analysis. The process had become too unwieldy. It was time for a change.
Modernizing things could help internal audit leaders make more efficient use of time and other resources and tell a better story of enterprisewide risk to boot.
They envisioned a new, digital process that standardized risk assessment across all divisions of the company and through all risk domains. First, the process would provide greater insights into the inherent risks each department was likely to face over the next one to two years. Next, it would surface how well management mitigated these risks so that, finally, anything as yet unaddressed—residual risks—could be flagged for internal audit.
Company leaders turned to Deloitte’s Digital Internal Audit practice for help getting it done.
THE SOLVE
A CUSTOMIZABLE
SOLUTION
TO IDENTIFY RISK
The Impact
The AI solution the Deloitte team built helped the company generate insights that weren’t just better than before, but faster, with automated data collection freeing up employees from manual tasks and creating new bandwidth for more strategic work.
By facilitating collecting, processing, and analyzing unstructured data at a granular level, the technology ultimately served as a storytelling device for the company. The internal audit team could now hone more accurate insights that support a strong narrative for how the company’s testing, controls, and mitigation strategies are aligned to its enterprise risk management (ERM).
The company had more time to not only bring risk findings to responsible leaders (who could then identify the source of the risk), but there was more time to work out a mitigation strategy from the leadership level.
Ultimately, the client had a powerful board-level tool that helped tell a more informed, data-driven story, which previously required spending several manual hours to achieve.
The tool brought standardization to the risk assessment process across the divisions and helped the client evaluate risk on an ongoing basis.
What started out as an exercise to standardize an annual planning procedure ended up transforming the entire risk assessment process by providing more granular—and therefore more valuable—information with less effort.