Session from ACL Connections 2016
You understand the value that audit management technology can play in enabling success with your team, but are you overwhelmed
by the process of implementing software? In this tell-all hour, an ACL customer shares a window into their migration onto a
centralized system for managing projects, issues, and actions—including their thought process, approach, pitfalls and successes. She
will also share how ACL professional services helped her make critical change management decisions and mapped her processes to
ACL GRC functionalities. This session is intended for those who are interested in purchasing and implementing a new audit
management system as well as current ACL GRC users who want to learn how one of their peers is taking full advantage of the tool.
Key learning outcomes:
• Learn about the different factors that went into selecting a new tool
• Understand the challenges in the onboarding, migration and change management process of implementing a new audit
management system
• Learn how ACL professional services helped them transform their vision into reality, and made it easy for their team to
adopt
• See how their team is using project templates, and automating communication of issues and action plans
• Understand what the benefits have been so far and where the organization plans to go next
How a centralized audit management system transformed our team
1. How a Centralized Audit Management System Transformed Our Team
September 19, 2016
Rose-Ann Mondy, Director – HSNi Assurance & Risk Advisory
Cathy Miyagi, Senior Specialist – ACL Customer Success Organization: Data-Driven GRC Adoption
2. This presentation may contain forward-looking statements relating to the future performance and financial condition of HSNi, its operating segments and
its consolidated subsidiaries. Forward-looking statements are based on management's current expectations and assumptions which may not prove to be
accurate. Forward-looking statements are not guarantees of performance or historical facts and there are a number of known and unknown risks,
uncertainties, contingencies and other factors (many of which are outside our control) that could cause actual results to differ materially from those
expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences include but are not limited to: our
ability to attract new and retain existing customers in a cost-effective manner; our exposure to intense competition and our ability to effectively compete
for customers; changes in political, business and economic conditions, particularly those that affect consumer confidence, consumer spending or digital
sales growth; changes in our relationships with pay television operators, vendors, manufacturers and other third parties; failure to attract and retain
television viewers and secure a suitable programming tier of carriage and channel placement for the HSN television network programming; changes in
shipping and handling costs, particularly if we are unable to offset them; any technological or regulatory developments that could negatively impact the
way we do business, including regulations regarding state and local sales and use taxes; risks associated with possible systems failures and/or security
breaches, including any breach that results in the theft, transfer or unauthorized access or disclosure of customer, employee or company information, or
the failure to comply with various laws applicable to HSNi in the event of such a breach; any material change in HSNi's business prospects and/or
strategy, including whether HSNi's initiatives and investments will be effective; our ability to offer new or innovative products and services through various
platforms in a cost effective manner and consumer acceptance of these products and services; risks associated with acquisitions including the ability to
successfully integrate new businesses and achieve expected benefits and results; risks associated with litigation, audits, claims and assessments; and the
loss of any key member of our senior management team. More information about potential factors that could affect HSNi's business and financial results
is included in our filings with the U.S. Securities and Exchange Commission. Other unknown or unpredictable factors that could also adversely affect HSNi's
business, financial condition and results of operations may arise from time to time. In light of these risks and uncertainties, any forward-looking statements
may not prove to be accurate. All written or oral forward-looking statements that are made or attributable to us are expressly qualified in their entirety by
this cautionary notice. Accordingly, you should not place undue reliance on any forward-looking statements, which only reflect the views of HSNi
management as of the date of this press release. Such statements speak only to the date such statements are made and HSNi does not undertake to
update any forward-looking statements. Historical results should not be considered as an indication of future performance.
SAFE HARBOR STATEMENT
2
3. HSN, Inc. (Nasdaq: HSNI) is a $4 billion interactive
multi-channel retailer with strong direct-to-consumer
expertise and operates two business segments, HSN
and Cornerstone.
HSNi became a stand-alone company May 2008
HSN Compliance department converted to HSNi
Assurance & Risk Advisory - ARA (F/K/A: Internal
Audit)
ARA retained legacy system (OpenPages) until 2014
ARA started out as a 2 person department and over
the years has grown to:
> 4 Audit Professionals
> 1 Business Continuity Manager
> 2 Para-professionals
> RSM for IT & Non-IT Support
The Story
5. What Were We Looking For
Should We Renew?
We needed a tool that will improve our productivity:
A tool that can generate useful reports
Capture key IA elements (e.g. Control #, Owner, method,
frequency, COSO element, application name, etc.)
Contains industry accepted frameworks (e.g. risk control
matrices, COSO, ISO, etc.)
Workflow capabilities
Cloud computing
Ability to grant restricted access
Streamline navigation
6. Timeline
Q2 2014
• Wrote business case
• Research and assess tools
• Obtain support from VP of Assurance & Risk Advisory (ARA)
Q3 2014
• ACL Connections - Dallas, Texas
• Championed tool to ARA team
• Partnered with ACL: CSO, Pre-Sales and Product Management teams
• Introduce tool to internal & external partners
Q4 2014
• ACL GRC demonstration with HSNi specific data and methodologies
• Developed implementation plan
• Drafted MSA and SOW
Q1 2015
• Signed MSA and SOW
• Engaged ACL CSO DDGRC Adoption team (formerly Professional Services)
• ACL migrated data from OpenPages
• Trained ARA, External Auditors and other Partners – Went Live!
8. Critical Factors:
Others:
Engagement team
Data conversion
Customer service
Long term growth
Performed a three-year expense analysis
Decision Criteria
9. Key Functionalities & Features
Regular
Product
Updates
Continuous
Improvement
User
Groups, ACL
Academy,
etc.
Work paper
management,
Cloud
Computing
Fundamentals
Templates:
SOX, SSAE
16, T&E,
Purchase
Cards
You are
not a
number –
they’ve got
your back!
Support
Various ACL
support
teams
HSNi Assurance &
Risk Advisory
11. “The world hates change, yet it is the only thing that has brought progress.”
- Charles Kettering
(a very important guy)
12. ■ Support from Senior Management
■ HSNi ARA
> Data conversion & mapping
> Timing of conversion
> Training
> Reporting
> Ongoing assistance
■ External Auditors
> Availability of data
> Capture key elements
> Data conversion
■ Consultants
> Training and Accessibility
■ Data conversion
> ACL built template to migrate data
Getting The Green Light
13. Leadership Style
If you don’t believe it, don’t try to sell it
Listen
Be honest – don’t oversell and under deliver
Take a partner along
Ask for help when you need it – you don’t have to
have all the answers
Lay the foundation, but everyone builds
Have some skin in the game!
15. Why ACL DDGRC Adoption Frameworks?
Clear transformational paths to customer value-based outcomes
Long-term scalable strategies
Clear methodologies, phases and milestones
To accelerate adoption of ACL technology by existing ACL GRC
and analytic customers
“Data-Driven” GRC
16. ACL DDGRC Audit Management Adoption Methodology
Change
Management
Efficient Audit
workflows
Continuous
controls
monitoring
One version of
the truth
Increase
visibility of
Audit program
Align audit
plan with
enterprise risks
Value-Based
Outcomes
OPTIMIZATION
Integrating data analytics
into controls testing
Adopting continuous
monitoring via usage of
questionnaires and
assigning records for
review to the business
Usage of report
templates or create
custom reports in
Reports Manager
OPERATIONALIZATION
Enable users to use ACL GRC
functionality for audit
> Project Manager
> Results Manager
> Reports Manager
Document audit workflow in
Project Manager with usage of
collaborative functionalities
like client requests, to-do’s,
and action items.
17. The Customer Adoption Journey
CUSTOMER SUCCESS ORGANIZATION
(CSO)
ANALYTICS
Adoption
DD GRC
Adoption
Specialists
Agents
Customer
Intensity Agency
(CIA)
Adoption Managers
Adoption Specialists
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
22. Results Manager
A B C
A Used to gather information
before onsite meetings were held
Success rate - High
B Used to execute questionnaire to
eleven members of Senior
Management covering 94 topics
Success rate - Low
C Templates provided by ACL
30. Key Takeaways
Implementing a Centralized Audit System:
Solicit input and listen
Make a list of your “Must Haves”
What does success look like to you?
How do you measure value?
Buying a product vs. buying a solution
Have fun