- Corporate Security
- Governance, Risk and Compliance
- Information Security
Over the past two decades audit has changed. The role of the audit is taking on greater significance to guide the enterprise beyond traditional attitudes about financial controls; toward assuring that the organization is managing risk appropriately and meeting obligations across a range of high-risk business processes, operations, and regulatory requirements.
Audit is being challenged to cover enterprise risk management, a broad array of operational audits, increasing regulatory compliance audits, and expanding demand for 3rd party (e.g., vendor, supplier, agent) audits across a dynamic and distributed business. Therefore audit itself needs to have a strategy that encompasses both the dynamic need for audits as well as the planned and cyclical. There is growing interest in dynamic audits – but the best approach is a hybrid in which there are regularly scheduled and planned audits yet there are resources available for the dynamic needs of business for audits when risk and situations require them. This grows particularly challenging as business is constantly changing and distributed across a mesh of business relationships. Providing assurance to stakeholders in the modern organizations has become a real challenge to audit and has increased audits role and visibility while stretching its resources. To effectively manage audit requires new paradigms in managing audit, audit processes, analytics, and the role of technology to make audit successful.
The issues facing audit are more challenging than ever before. The audit department is being asked to do more audits across more areas of business operations with limited resources. It has become an ongoing challenge to document and maintain auditor skill sets, develop and deliver audit work papers, and provide assurance across business operations and relationships. The business has grown in diversity, complexity, and processes that challenge audit to build an audit program that is sustainable, efficient, effective, and agile to the needs of a distributed and complex business environment. The need for resources and tools to drive efficient and effective audits through audit analytics of vast sets of data further adds to the challenges facing audit.
The bottom line: This is not your father’s audit program. Audit today is different than it was twenty to thirty years ago. Today’s audit department has growing demands to do more audits across operations and relationships while still being constrained by limited resources to fulfill these demands. To effectively conduct audits, efficiently manage limited audit resources, and meet the agility required of a dynamic business environment requires a top-down approach to audit that is driven by risk-based priorities and technology is utilized to manage resources, analyze data, and streamline audit operations.
The TransCanada Corporation is a major energy organization that develops and operates energy infrastructure in North America. This includes extensive oil and natural gas pipelines, storage, as well as power generation. As a critical infrastructure organization the demands on audit for assurance of their operations and controls is significant. Their total oil, gas, and energy assets is approximately $54 billion, with nearly 5,500 employees across 7 Canadian provinces, 31 US States, and 6 Mexico States. TransCanada is developing $38 billion of capital projects in next 5 years in oil and gas pipelines as well as power plants. This presence and expansion is impressive while operating within complex social, corporate and regulatory environments.
The challenge was that audits and the overall audit program were managed as individual projects that were responsible for producing their own metrics and measures of project audit quality and performance. Consequently, results were difficult to baseline and measure throughout the corporate portfolio.
TransCanada needed an overhaul of their audit program and this included a technology foundation to make it sustainable with the organizations growth and complex operational control requirements.
To address a sustainable audit program for the organization, TransCanada created an ISO 9001 based Quality Management System (QMS) that facilitates an audit program to identify and correct underperforming areas within processes and procedures required to deliver capital projects within TransCanada. In addition to the traditional benefits of an audit program this CPMS (Capital Project Management System) has one critical and very public objective: acquiring and maintaining a social license to operate. As a major player in the oil & gas pipeline industry TransCanada is under constant scrutiny to prove to regulators, partners, local communities and the world that these major infrastructure projects are not only safe, but are executed with an unparalleled level of quality and a serious respect for the environment and social impacts. A successful implementation and adoption of this program will resonate across the industrial and social communities that TransCanada is committed to delivering the highest quality standards for all projects delivered throughout North America.
TransCanada’s tactical Objectives of their audit program were:
TransCanada needed a solution to manage CPMS and their overall audit program. They evaluated solutions in the market and chose Resolver’s GRC Cloud offering. GRC Cloud’s audit management solution provides TransCanada an integrated audit management solution to collaborate, understand risk, align audit with strategic planning, and drive business value.
GRC Cloud from Resolver enables TransCanada to have an audit program focused on continuous improvement to maintain its status as a leading Energy Infrastructure provider in North America.
GRC is a capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and acting with integrity [COMPLIANCE].1 Successful GRC strategies deliver the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human and financial efficiency, and meet the demands of a changing business environment. GRC solutions should achieve stronger processes that utilize accurate and reliable information. This enables a better performing, less costly, and more flexible business environment.
GRC 20/20 measures the value of GRC initiatives around the elements of efficiency, effectiveness and agility. Organizations looking to achieve GRC value will find that the results are:
GRC 20/20 has evaluated and verified the implementation of Resolver GRC Cloud at TransCanada and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized Resolver and TransCanada with a 2014 GRC Value Award in the domain of Audit Management.
TransCanada using Resolver GRC Cloud has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measure of audit management value as they pertain to the human and financial efficiencies they have benefited from.
GRC 20/20 has evaluated and verified the following quantitative measures of audit management efficiency value:
GRC 20/20 has evaluated and verified the following qualitative measures of audit management efficiency value:
TransCanada using Resolver GRC Cloud has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measures of value as they pertain to the effectiveness of audit management that the organization has benefited from.
GRC 20/20 has evaluated and verified the following quantitative measures of audit management effectiveness value:
GRC 20/20 has evaluated and verified the following qualitative measures of audit management effectiveness value:
TransCanada using Resolver GRC Cloud has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measures of value as they pertain to the agility and responsiveness of Audit Management that the organization has benefited from.
GRC 20/20 has evaluated and verified the following quantitative measures of audit management agility and responsiveness value:
GRC 20/20 has evaluated and verified the following qualitative measures of audit management agility and responsiveness value:
What is particularly impressive at TransCanada is their increased social license to operate in which the CPMS and the audit program in GRC Cloud is giving TransCanada an unbiased, transparent and measurable approach to show that the organization is an industry leader in ensuring that all assets are delivered to the highest quality standards defined by governmental agencies where it operates. This, in turn, is information that the government agencies can utilize to demonstrate the high integrity and safety of these assets as demanded by the general public.