This research report summarizes Blue Hill observations and conclusions following a series of research interviews conducted between February and March 2016. The objective of this research was to investigate and analyze the relative impact and business value of the DoubleCheck audit process automation strategy, solution components, and value propositions described above among organizations confronted by complex audit environments. Blue Hill interview questions and analysis focused on: (1) characteristics of the audit environment, (2) business pressures on audit performance, (3) obstacles and objectives leading to investment in audit management, (4) components of the audit management solution employed, and (5) resulting operational and business impact of the investment. Blue Hill analysis focused on two cases involving organizations demonstrating complex audit environments and using DoubleCheck audit management capabilities in a manner that mapped to the components of the audit process automation strategy. Table 2 summarizes the key elements of the complex audit environments of each organization.
Summary of Cases: Business Context and Investment Patterns
Both organizations faced multi-faceted and multi-functional audit requirements common to complex audit environments. Some of these requirements focused on the regulatory framework in which the organizations exist, while others were in response to internal and external business pressures. As such, the organizations required the ability both to complete audits for the various regulatory authorities at the federal, state, and local levels. Further, audit departments were required to support various stakeholders inside and outside the organization (e.g. board members, shareholders, potential investors, etc.) while supplying result information in a rapid fashion to address real-time issues within the organization.
- Case 1: Automotive retailer with more than 140 locations and business operations reaching across the United States. The automotive retailer has approximately 1400 employees and revenue of more than $500 million. In addition to automotive sales, the organization is engaged in direct financing of vehicle sales and repair.
- Case 2: Insurance provider primarily engaged in personal life and casualty insurance provision across the United States and other continents. The insurance provider has total annual revenue of more than $2 billion and approximately 15,000 employees.
Table 2 summarizes the key characteristics of complex audit demonstrated by each organization. Table 3 summarizes the key functionality elements of the DoubleCheck audit process automation strategy demonstrated by the organizations. While Table 3 only addresses the integrated functionality components of the investment, Blue Hill found that the participants made full use of the platform configurability characteristics identified as well. The sections that follow highlight key aspects of the business case, investment decision, and resulting impact reporting in each case.
The organization possesses multiple lines of business associated with the sale of cars requiring strict compliance with various regulatory agencies; including the sale of used vehicles, the financing of these sales, financing repairs to the vehicles, contract modifications, and car repossession. Audits were completed through spreadsheets that were distributed by email. Compiling and reporting audit information thus constituted a highly painstaking process, requiring a great deal of manual manipulation of data with an accompanying heightened risk of error either accidental or intentional. Per interviews with the organization, the disparate data sources made it difficult to quickly and efficiently identify errors or otherwise verify the accuracy of the audits.
In addition, the manual audit process was slow, inefficient, and disorganized. Quarterly audits took three months to complete, which limited the ability of the audit department to engage in additional elective, but value-added activity. The automotive retailer needed a solution capable of performing regular, periodic audits and a solution capable of completing unscheduled audits triggered by events—such as the sale or financing of a vehicle.
Remove manual audit activity, ensure compliance with multiple requirements, and reduce the risk of error.
Key Audit Process Automation Functionality:
- Platform configurability to maintain an efficient and organized workflow
- Customizable reports capable of encapsulating the entire corporate structure or honing down to the dealership level
- Compliance control and auto-sampling
With the adoption of the DoubleCheck GRC solution platform, the organization was able to consolidate its process into a single, unified system and greatly improve the efficiency and accuracy of the audit process. For example, the auto retailer observed a 60% reduction in time to complete the quarterly audits. The time saved both in the periodic quarterly audits and the transactionally-driven audits allowed the retailer to experience additional business-driven value, such as assisting with the compliance efforts of the organization. Additionally, the retailer received advanced notification if any of the data included in the audit did not match expectations. The early error detection allowed the auto retailer to confirm or correct the data as necessary and guarantee a more accurate audit, which improved their level of compliance.
The organization sells property and casualty insurance across the United States and is required to maintain strict compliance with various regulatory agencies. Audits were completed through the use of three discrete solutions, requiring the data to be manually moved from solution to solution. Audits were completed through the cooperation of multiple stakeholders throughout the organization. Per interviews with the organization, the disparate stakeholders made the completion of audits a slow and painstaking process.
To gain control of the audit process, remove manual audit activity, ensure compliance with multiple requirements, and reduce the risk of error.
Key Audit Process Automation Functionality:
- Library of audit questions customizable by state
- Notifications if answers are blank or incomplete
- Automatic email-based alerts to verify issues found in audit are addressed prior to issuance of a policy
- Robust, customizable reporting capabilities that allow the user to create reports at the granular level whether based on individual or state-by-state
With the adoption of the DoubleCheck GRC Solution platform, the organization was able to obtain control of its process and consolidate the process into a single, unified system to improve the efficiency of the audit process. Prior to adopting the platform, the audit department was required to secure the assistance of parties outside of its control for assistance with placing audit questions into the audit platform, data-entry of the audit questionnaire results, and the subsequent generation of reports. Additionally, the insurance provider gained efficiencies through the creation of customizable reports that reflected the reporting requirements of the insurance provider, including the automation of a report that synthesized the answers from separate reports to create a risk profile of an insurance candidate.