Financial Services
Europe
Bank Gospodarstwa Krajowego (BGK) is a state-owned national development bank whose mission is to support Poland’s social and economic growth, as well as to aid the public sector in achieving its goals.
As with any other bank, one of the key departments here is the Internal Audit Department (IAD), which is tasked with providing objective opinions and information about the Bank and its subsidiaries, independently assessing internal control systems, as well as performing an advisory role by giving recommendations for improving existing control processes and mechanisms and introducing new ones.
Additionally, IAD is responsible for monitoring known risks and the effects of corrective actions undertaken to eliminate them, and regularly reporting on these to the Executive Board, Auditing Committee and the Supervisory Board.
On completing an audit, the auditors formulate recommendations and pass them on to appropriate departments to implement. They are also responsible for monitoring these implementations and providing up-to-date progress information to the Executive Board as well as periodic status reports to the Auditing Committee and the Supervisory Board.
Before AdaptiveGRC was implemented these recommendations were entered after each audit into an Excel spreadsheet, which was then sent over to each department. In order to verify the implementation of these recommendations, e-mail communication was used, and the information it carried about actions taken, work completed and conclusions arrived at, was then described in separate documents. Obtaining complete information about the progress of post-audit recommendations meant editing the Excel spreadsheet by hand and necessitated team-editing the same file, which was not always possible.
Reports for the executive team were created manually, and at the end of the reporting period it was necessary to re-verify the completion status of each recommendation and create yet another Excel spreadsheet, which greatly added to the laboriousness of the process and was exceedingly time-consuming.
Monitoring the implementation of their recommendations was a challenge for the auditors, as it necessitated a tedious and prolonged process of acquiring and re-filing relevant status information via a series of e-mails and spreadsheets.