Session from ACL Connections 2016 You understand the value that audit management technology can play in enabling success with your team, but are you overwhelmed by the process of implementing software? In this tell-all hour, an ACL customer shares a window into their migration onto a centralized system for managing projects, issues, and actions—including their thought process, approach, pitfalls and successes. She will also share how ACL professional services helped her make critical change management decisions and mapped her processes to ACL GRC functionalities. This session is intended for those who are interested in purchasing and implementing a new audit management system as well as current ACL GRC users who want to learn how one of their peers is taking full advantage of the tool. Key learning outcomes: • Learn about the different factors that went into selecting a new tool • Understand the challenges in the onboarding, migration and change management process of implementing a new audit management system • Learn how ACL professional services helped them transform their vision into reality, and made it easy for their team to adopt • See how their team is using project templates, and automating communication of issues and action plans • Understand what the benefits have been so far and where the organization plans to go next

1. How a Centralized Audit Management System Transformed Our Team
September 19, 2016
Rose-Ann Mondy, Director – HSNi Assurance & Risk Advisory
Cathy Miyagi, Senior Specialist – ACL Customer Success Organization: Data-Driven GRC Adoption

2. This presentation may contain forward-looking statements relating to the future performance and financial condition of HSNi, its operating segments and
its consolidated subsidiaries. Forward-looking statements are based on management's current expectations and assumptions which may not prove to be
accurate. Forward-looking statements are not guarantees of performance or historical facts and there are a number of known and unknown risks,
uncertainties, contingencies and other factors (many of which are outside our control) that could cause actual results to differ materially from those
expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences include but are not limited to: our
ability to attract new and retain existing customers in a cost-effective manner; our exposure to intense competition and our ability to effectively compete
for customers; changes in political, business and economic conditions, particularly those that affect consumer confidence, consumer spending or digital
sales growth; changes in our relationships with pay television operators, vendors, manufacturers and other third parties; failure to attract and retain
television viewers and secure a suitable programming tier of carriage and channel placement for the HSN television network programming; changes in
shipping and handling costs, particularly if we are unable to offset them; any technological or regulatory developments that could negatively impact the
way we do business, including regulations regarding state and local sales and use taxes; risks associated with possible systems failures and/or security
breaches, including any breach that results in the theft, transfer or unauthorized access or disclosure of customer, employee or company information, or
the failure to comply with various laws applicable to HSNi in the event of such a breach; any material change in HSNi's business prospects and/or
strategy, including whether HSNi's initiatives and investments will be effective; our ability to offer new or innovative products and services through various
platforms in a cost effective manner and consumer acceptance of these products and services; risks associated with acquisitions including the ability to
successfully integrate new businesses and achieve expected benefits and results; risks associated with litigation, audits, claims and assessments; and the
loss of any key member of our senior management team. More information about potential factors that could affect HSNi's business and financial results
is included in our filings with the U.S. Securities and Exchange Commission. Other unknown or unpredictable factors that could also adversely affect HSNi's
business, financial condition and results of operations may arise from time to time. In light of these risks and uncertainties, any forward-looking statements
may not prove to be accurate. All written or oral forward-looking statements that are made or attributable to us are expressly qualified in their entirety by
this cautionary notice. Accordingly, you should not place undue reliance on any forward-looking statements, which only reflect the views of HSNi
management as of the date of this press release. Such statements speak only to the date such statements are made and HSNi does not undertake to
update any forward-looking statements. Historical results should not be considered as an indication of future performance.
SAFE HARBOR STATEMENT
2

3. HSN, Inc. (Nasdaq: HSNI) is a $4 billion interactive
multi-channel retailer with strong direct-to-consumer
expertise and operates two business segments, HSN
and Cornerstone.
 HSNi became a stand-alone company May 2008
 HSN Compliance department converted to HSNi
Assurance & Risk Advisory - ARA (F/K/A: Internal
Audit)
 ARA retained legacy system (OpenPages) until 2014
 ARA started out as a 2 person department and over
the years has grown to:
> 4 Audit Professionals
> 1 Business Continuity Manager
> 2 Para-professionals
> RSM for IT & Non-IT Support
The Story

4. SO…HOW DID WE GET HERE?

5. What Were We Looking For
Should We Renew?
We needed a tool that will improve our productivity:
 A tool that can generate useful reports
 Capture key IA elements (e.g. Control #, Owner, method,
frequency, COSO element, application name, etc.)
 Contains industry accepted frameworks (e.g. risk control
matrices, COSO, ISO, etc.)
 Workflow capabilities
 Cloud computing
 Ability to grant restricted access
 Streamline navigation

6. Timeline
Q2 2014
• Wrote business case
• Research and assess tools
• Obtain support from VP of Assurance & Risk Advisory (ARA)
Q3 2014
• ACL Connections - Dallas, Texas
• Championed tool to ARA team
• Partnered with ACL: CSO, Pre-Sales and Product Management teams
• Introduce tool to internal & external partners
Q4 2014
• ACL GRC demonstration with HSNi specific data and methodologies
• Developed implementation plan
• Drafted MSA and SOW
Q1 2015
• Signed MSA and SOW
• Engaged ACL CSO DDGRC Adoption team (formerly Professional Services)
• ACL migrated data from OpenPages
• Trained ARA, External Auditors and other Partners – Went Live!

7. SHOPPING AROUND
The Vendor Selection Process

8. Critical Factors:
Others:
 Engagement team
 Data conversion
 Customer service
 Long term growth
 Performed a three-year expense analysis
Decision Criteria

9. Key Functionalities & Features
Regular
Product
Updates
Continuous
Improvement
User
Groups, ACL
Academy,
etc.
Work paper
management,
Cloud
Computing
Fundamentals
Templates:
SOX, SSAE
16, T&E,
Purchase
Cards
You are
not a
number –
they’ve got
your back!
Support
Various ACL
support
teams
HSNi Assurance &
Risk Advisory

10. HURDLES
Onboarding Challenges
Change Management
Data Migration

11. “The world hates change, yet it is the only thing that has brought progress.”
- Charles Kettering
(a very important guy)

12. ■ Support from Senior Management
■ HSNi ARA
> Data conversion & mapping
> Timing of conversion
> Training
> Reporting
> Ongoing assistance
■ External Auditors
> Availability of data
> Capture key elements
> Data conversion
■ Consultants
> Training and Accessibility
■ Data conversion
> ACL built template to migrate data
Getting The Green Light

13. Leadership Style
 If you don’t believe it, don’t try to sell it
 Listen
 Be honest – don’t oversell and under deliver
 Take a partner along
 Ask for help when you need it – you don’t have to
have all the answers
 Lay the foundation, but everyone builds
 Have some skin in the game!

14. ACL Customer Success Organization (CSO)
Our Transformation

15. Why ACL DDGRC Adoption Frameworks?
 Clear transformational paths to customer value-based outcomes
 Long-term scalable strategies
 Clear methodologies, phases and milestones
 To accelerate adoption of ACL technology by existing ACL GRC
and analytic customers
“Data-Driven” GRC

16. ACL DDGRC Audit Management Adoption Methodology
Change
Management
Efficient Audit
workflows
Continuous
controls
monitoring
One version of
the truth
Increase
visibility of
Audit program
Align audit
plan with
enterprise risks
Value-Based
Outcomes
OPTIMIZATION
 Integrating data analytics
into controls testing
 Adopting continuous
monitoring via usage of
questionnaires and
assigning records for
review to the business
 Usage of report
templates or create
custom reports in
Reports Manager
OPERATIONALIZATION
 Enable users to use ACL GRC
functionality for audit
> Project Manager
> Results Manager
> Reports Manager
 Document audit workflow in
Project Manager with usage of
collaborative functionalities
like client requests, to-do’s,
and action items.

17. The Customer Adoption Journey
CUSTOMER SUCCESS ORGANIZATION
(CSO)
ANALYTICS
Adoption
DD GRC
Adoption
Specialists
Agents
Customer
Intensity Agency
(CIA)
Adoption Managers
Adoption Specialists
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e
v
a
l
u
e

18. TRANSFORMATION
How is HSNi Using ACL GRC Today?

19. Life Before ACL GRC

20. PROJECT MANAGER
 Operational audits
 SOX
RESULTS MANAGER
 Data gathering
 Questionnaires
REPORTS MANAGER
 Weekly status reports
Achievable & Measurable Successes

21. Project Manager
Project Library
One-Click Reports
Issues Tracker

22. Results Manager
A B C
A Used to gather information
before onsite meetings were held
Success rate - High
B Used to execute questionnaire to
eleven members of Senior
Management covering 94 topics
Success rate - Low
C Templates provided by ACL

23. Reports Manager

24. LOOKING AHEAD

25. Build out Enterprise Risk Management
 Risk Manager
 Coming Soon - New COSO ERM
Framework – Q2/Q3 2017
Incorporate data analytics
 “Data-Driven GRC”

26. Enhancements to address Enterprise Risk Management
ACL Product Roadmap
 Multiple risk profiles
 Up to 10 risk scoring factors
 5 configurable risk attributes

27.  Roll up of Risk Assurance scores
 Linking enterprise risks to control objectives
 Nested entity tags (linked with Projects)

28. So…WHAT?

29. Efficiency
Away with emails!
Issues Tracking
Issues Reporting

30. Key Takeaways
Implementing a Centralized Audit System:
 Solicit input and listen
 Make a list of your “Must Haves”
 What does success look like to you?
 How do you measure value?
 Buying a product vs. buying a solution
 Have fun

31. QUESTIONS?

32. THANK YOU
CONTACT
Rose-Ann Mondy, HSNi rose-ann.mondy@hsn.net
Cathy Miyagi, ACL cathy_miyagi@acl.com