Governance, Risk and Compliance

How TransCanada Achieved Value in Audit Management

Employees

0 Billion

Dollars in capital projects in development

0 Billion

Dollars in assets

Expanding Role of Audit Stretches Resources and Capabilities

Over the past two decades audit has changed. The role of the audit is taking on greater significance to guide the enterprise beyond traditional attitudes about financial controls; toward assuring that the organization is managing risk appropriately and meeting obligations across a range of high-risk business processes, operations, and regulatory requirements.

Audit is being challenged to cover enterprise risk management, a broad array of operational audits, increasing regulatory compliance audits, and expanding demand for 3rd party (e.g., vendor, supplier, agent) audits across a dynamic and distributed business. Therefore audit itself needs to have a strategy that encompasses both the dynamic need for audits as well as the planned and cyclical. There is growing interest in dynamic audits – but the best approach is a hybrid in which there are regularly scheduled and planned audits yet there are resources available for the dynamic needs of business for audits when risk and situations require them. This grows particularly challenging as business is constantly changing and distributed across a mesh of business relationships. Providing assurance to stakeholders in the modern organizations has become a real challenge to audit and has increased audits role and visibility while stretching its resources. To effectively manage audit requires new paradigms in managing audit, audit processes, analytics, and the role of technology to make audit successful.

The issues facing audit are more challenging than ever before. The audit department is being asked to do more audits across more areas of business operations with limited resources. It has become an ongoing challenge to document and maintain auditor skill sets, develop and deliver audit work papers, and provide assurance across business operations and relationships. The business has grown in diversity, complexity, and processes that challenge audit to build an audit program that is sustainable, efficient, effective, and agile to the needs of a distributed and complex business environment. The need for resources and tools to drive efficient and effective audits through audit analytics of vast sets of data further adds to the challenges facing audit.

The bottom line: This is not your father’s audit program. Audit today is different than it was twenty to thirty years ago. Today’s audit department has growing demands to do more audits across operations and relationships while still being constrained by limited resources to fulfill these demands. To effectively conduct audits, efficiently manage limited audit resources, and meet the agility required of a dynamic business environment requires a top-down approach to audit that is driven by risk-based priorities and technology is utilized to manage resources, analyze data, and streamline audit operations.

How TransCanada Achieved Value in Audit Management

The Situation

The TransCanada Corporation is a major energy organization that develops and operates energy infrastructure in North America. This includes extensive oil and natural gas pipelines, storage, as well as power generation. As a critical infrastructure organization the demands on audit for assurance of their operations and controls is significant. Their total oil, gas, and energy assets is approximately $54 billion, with nearly 5,500 employees across 7 Canadian provinces, 31 US States, and 6 Mexico States. TransCanada is developing $38 billion of capital projects in next 5 years in oil and gas pipelines as well as power plants. This presence and expansion is impressive while operating within complex social, corporate and regulatory environments.

The challenge was that audits and the overall audit program were managed as individual projects that were responsible for producing their own metrics and measures of project audit quality and performance. Consequently, results were difficult to baseline and measure throughout the corporate portfolio.

TransCanada needed an overhaul of their audit program and this included a technology foundation to make it sustainable with the organizations growth and complex operational control requirements.

The Solution

To address a sustainable audit program for the organization, TransCanada created an ISO 9001 based Quality Management System (QMS) that facilitates an audit program to identify and correct underperforming areas within processes and procedures required to deliver capital projects within TransCanada. In addition to the traditional benefits of an audit program this CPMS (Capital Project Management System) has one critical and very public objective: acquiring and maintaining a social license to operate. As a major player in the oil & gas pipeline industry TransCanada is under constant scrutiny to prove to regulators, partners, local communities and the world that these major infrastructure projects are not only safe, but are executed with an unparalleled level of quality and a serious respect for the environment and social impacts. A successful implementation and adoption of this program will resonate across the industrial and social communities that TransCanada is committed to delivering the highest quality standards for all projects delivered throughout North America.

TransCanada’s tactical Objectives of their audit program were:

Uncover specific process or procedure steps that are underperforming, correct them, and input results back into the Process Continuous Improvement Cycle.
Understand the project life cycle (i.e., prospecting, proposal, definition, implementation, operation) to improve the quality, delivery timelines, lower additional project cost and minimize project issues.
Enable the business to track and manage control points as part of their operations with audit review and assistance instead of audit as the primary documenter and assessor.

TransCanada needed a solution to manage CPMS and their overall audit program. They evaluated solutions in the market and chose Resolver’s GRC solution. Resolver’s audit management solution provides TransCanada an integrated audit management solution to collaborate, understand risk, align audit with strategic planning, and drive business value.

Resolver enables TransCanada to have an audit program focused on continuous improvement to maintain its status as a leading Energy Infrastructure provider in North America.

The Value of Resolver at TransCanada

GRC is a capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and acting with integrity [COMPLIANCE].1 Successful GRC strategies deliver the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human and financial efficiency, and meet the demands of a changing business environment. GRC solutions should achieve stronger processes that utilize accurate and reliable information. This enables a better performing, less costly, and more flexible business environment.

GRC 20/20 measures the value of GRC initiatives around the elements of efficiency, effectiveness and agility. Organizations looking to achieve GRC value will find that the results are:

GRC Efficiency. GRC provides efficiency and savings in human and financial capital resources by reduction in operational costs through automating 1 This is the official definition of GRC found in the GRC Capability Model and other work by OCEG at www.OCEG.org. ©2014 GRC 20/20 Research, LLC; Licensed to Resolver, Inc. for Redistribution 7 processes, particularly those that take a lot of time consolidating and reconciling information in order to manage and mitigate risk and meet compliance requirements. GRC efficiency is achieved when there is a measurable reduction in human and financial capital resources needed to address GRC in the context of business operations.
GRC Effectiveness. GRC achieves effectiveness in risk, control, compliance, IT, audit, and other GRC processes. This is delivered through greater assurance of the design and operational effectiveness of GRC processes to mitigate risk, protect integrity of the organization, and meet regulatory requirements. GRC effectiveness is validated when business processes are operating within the controls and policies set by the organization and provide greater reliability of information to auditors and regulators.
GRC Agility. GRC delivers business agility when organizations are able to rapidly respond to changes in the internal business environment (e.g. employees, business relationships, operational risks, mergers, and acquisitions) as well as the external environment (e.g. external risks, industry developments, market and economic factors, and changing laws and regulations). GRC agility is also achieved when organizations can identify and react quickly to issues, failures, non-compliance, and adverse events in a timely manner so that action can be taken to contain these and keep them from growing.

GRC 20/20 has evaluated and verified the implementation of Resolver at TransCanada and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized Resolver and TransCanada with a 2014 GRC Value Award in the domain of Audit Management.

Audit Management Efficiency Value

TransCanada using Resolver has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measure of audit management value as they pertain to the human and financial efficiencies they have benefited from.

GRC 20/20 has evaluated and verified the following quantitative measures of audit management efficiency value:

TransCanada has seen a direct impact in a reduction in staff required per project based on greater visibility into CPMS and audit with Resolver. This is reflective in that projects have increased by 110% while staff has only increased by 60%.
The bandwidth of TransCanada’s project portfolio has increased because of greater visibility of control and issues. Portfolio growth over the next 5 years is ©2014 GRC 20/20 Research, LLC; Licensed to Resolver, Inc. for Redistribution 8 significant; this project established the foundation and the capacity to support quality though this growth period. Project portfolio growth is targeted to reach $38 Billion over the next 5 years.
TransCanada has reduced project costs while simultaneously increasing average project system conformance by 31% between August 2013 and May 2014.\

GRC 20/20 has evaluated and verified the following qualitative measures of audit management efficiency value:

TransCanada, utilizing Resolver, has created a lean approach to better allocate resources within project teams. The audit program allows specific underperforming processes to be identified both within specific projects and the system as a whole. Consequently, customized training plans can be created on a project specific basis and holistic process improvements can be made on a process specific basis.
The Resolver workflow engine allows Trans Canada to customize and replicate new processes in a fully automated structure.

Audit Management Effectiveness Value

TransCanada using Resolver’s software has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measures of value as they pertain to the effectiveness of audit management that the organization has benefited from.

GRC 20/20 has evaluated and verified the following quantitative measures of audit management effectiveness value:

With greater visibility into audit issues, TransCanada reports that Resolver has enabled them to see a decrease in the number of issues identified with a 33% reduction from August 2013 to May 2014
TransCanada has successfully implemented a tiered auditing program on 30 major projects and 2 capital programs. From inception through May 2014, TransCanada has performed over 262 audits utilizing Resolver. The results of these audits are presented at monthly meetings that include senior vice presidents, directors, and project teams throughout the company.
Measurable improvements in project execution and tracking through cumulative conforming deliverables that are tracked and compared proportionately to the total population of controls assigned in a given project phase. Projects target 95% of Phase conformance prior to moving through a stage gate. Initial scores in August of 2013 gave an average phase score of 48% (15 projects), and scores in May of 2014 gave an average phase score of 79% (31 projects).

GRC 20/20 has evaluated and verified the following qualitative measures of audit management effectiveness value:

TransCanada projects have increased quality, accuracy, timeliness, and with fewer issues.
TransCanada has seen increased ability to consistently provide product that meets applicable statutory and regulatory requirements.
There is increased customer satisfaction through the effective application of the system, particularly the process for continual improvement and the assurance of conformity to customer and applicable statutory and regulatory requirements.
Improved visibility into control referrals by month allows TransCanada to gauge how projects are trending.
Resolver flags inconsistencies providing TransCanada with visibility into control deferral trends tracking when the project goes off course.
TransCanada is able to track incremental criteria to ensure that deliverables are progressed with maximum conformance towards a delivery date.
Findings are clearly articulated and tracked in the Resolver system providing visibility to vulnerable areas.
With the offline capabilities of Resolver, TransCanada is able to ensure that work can continue at remote sites that do not have connectivity.
Audit data indicates the key system areas where work is being deferred. Repetitive deferrals often indicate project specific areas that require increased oversight by the project team or require additional training or resources to deliver conforming results.

Audit Management Agility Value

TransCanada using Resolver has been able to identify both quantitative (hard objective facts and figures) and qualitative (soft subjective opinions and experience) measures of value as they pertain to the agility and responsiveness of Audit Management that the organization has benefited from.

GRC 20/20 has evaluated and verified the following quantitative measures of audit management agility and responsiveness value:

The Resolver solution has proven to be agile in a dynamic and distributed business environment at TransCanada with over 80 users utilizing the solution and process across projects on a regular basis.
The size and number of projects contributing to economic development of Canada continues to grow into increased job creation

GRC 20/20 has evaluated and verified the following qualitative measures of audit management agility and responsiveness value:

Resolver allows TransCanada to integrate a strategy and provide visibility across all projects in North America with better resource allocation.
TransCanada’s CPMS program has received recognition from management and the board as an excellent process and has seen adoption of audit practices across business operations. The business is asking to be included in the audit program because of the maturity of the control framework.
TransCanada’s culture has shifted to operations fully adopting management of projects in Resolver.
Implementation of CPMS and the audit program has enabled TransCanada to build a reputation of delivering some of the highest quality projects across the industry.

GRC 20/20’s Final Perspective

What is particularly impressive at TransCanada is their increased social license to operate in which the CPMS and the audit program in Resolver is giving TransCanada an unbiased, transparent and measurable approach to show that the organization is an industry leader in ensuring that all assets are delivered to the highest quality standards defined by governmental agencies where it operates. This, in turn, is information that the government agencies can utilize to demonstrate the high integrity and safety of these assets as demanded by the general public.

Request a Demo

Fill out this form and a member of our team will contact you shortly

Today’s audit department has growing demands to do more audits across operations and relationships while still being constrained by limited resources to fulfill these demands. To effectively conduct audits, efficiently manage limited audit resources, and meet the agility required of a dynamic business environment requires a top-down approach to audit that is driven by risk-based priorities and technology is utilized to manage resources, analyze data, and streamline audit operations. To address a sustainable audit program for the organization, TransCanada selected Resolver. This provided TransCanada an integrated audit management solution to collaborate, understand risk, align audit with strategic planning, and drive business value. GRC 20/20 has evaluated and verified the implementation of Resolver at TransCanada and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized Resolver and TransCanada with a 2014 GRC Value Award in the domain of Audit Management.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
BIGipServersj13web-nginx-app_https	session	This cookie name is associated with the BIG-IP product suite from company F5. Usually associated with managing sessions on load balanced servers, to ensure user requests are routed consistently to the correct server. The common root is BIGipServer most commonly followed by a domain name, usually the one that it is hosted on, but not always.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
XSRF-TOKEN	6 months	This cookie is set by Wix and is used for security purposes.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__resolver-ref	session	This cookie is set by Resolver to ensure visitors receive unique content after submitting a form on our website.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
sp_landing	1 day	The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t	1 year	The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Cookie	Duration	Description
ADRUM_BT1	past	This cookie is set by AppDynamics and is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
ADRUM_BTa	past	This cookie is set by AppDynamics and used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	16 years 2 months 17 days 10 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_4655365_4	1 minute	Set by Google to distinguish users.
_gat_UA-4655365-4	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_ga_VCHH3SM1QW	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_omappvp	11 years	The _omappvp cookie is set by OptinMonster to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie set by OptinMonster, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
driftt_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
sa-user-id	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
sa-user-id-v2	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetvid	1 year 24 days	This cookie is set by Bing to store and track visits across websites.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
33ff0b0c0c	session	No description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
AnalyticsSyncHistory	1 month	This cookie set by LinkedIn is used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries
AWSALBAPP-0	7 days	No description
AWSALBAPP-1	7 days	No description
AWSALBAPP-2	7 days	No description
AWSALBAPP-3	7 days	No description
debug	never	No description available.
drift_aid	2 years	No description
drift_campaign_refresh	30 minutes	No description available.
guestidc	session	This cookie is set by Jobvite.
li_gc	2 years	Set by LinkedIn and used to store consent of guests regarding the use of cookies for non-essential purposes
loglevel	never	No description available.
muc_ads	2 years	No description
rl_anonymous_id	never	No description available.
rl_user_id	never	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
visitorId	1 year	No description
_hjSessionUser_103316	1 year	No description
_hjSession_103316	30 minutes	No description
_smm_answers	session	No description
_smm_answers_text	session	No description