BWise

INTERNAL AUDIT IN
CONTROL WITH STATE-OF-THE-ART
GOVERNANCE, RISK MANAGEMENT,
AND COMPLIANCE SOFTWARE

BWise® Internal Audit

WWW.BWISE.COM
 BWise

Analyst Recognition Support for the End-to-End Audit

Process
BWise® Internal Audit is a software solution that supports
the end-to-end audit process and is part of the BWise in-
Independent research firm Forrester has positioned Nasdaq BWise as a “Leader” in GRC Platforms in their report, “The tegrated Governance, Risk management, and Compliance
Forrester Wave™: Governance, Risk and Compliance Platforms*, Q1 2016.” (GRC) platform. The inherent independence of Internal
The report presents a detailed view and assessment of the most significant GRC software vendors. Forrester Research Audit often mistakenly leads to creating silos. Internal
scored fourteen different GRC technology vendors on thirty distinct criteria, which they subdivided into three categories: Audit needlessly uses a separate risk language compared
Current offering, Strategy, and Market presence. to other departments. On a technology level, independent
is often interpreted as separate. BWise believes internal
The Forrester Wave™ report states: “Nasdaq BWise offers a solid platform with strong capabilities in analytics. […] BWise audit and businesses work best when operating in a single
has capabilities that include audit, risk, compliance and policy management as well as sustainability management and integrated system to efficiently streamline the structure of
information security. “
their responsibilities. The BWise® GRC Platform supports
this methodology through a single integrated system. The
ability to operate using one common risk taxonomy and
risk language helps businesses to focus and enables Inter-
nal Audit to speak the same language as its counterparts
across business units.
This brochure describes the BWise Internal Audit capabili-
ties based on a day in the life of Ann Green, the Internal
Auditor.

The Forrester Wave™: Governance, Risk and Compliance Platforms, Q1 2016.

Maintain Audit
Universe

Gartner positioned BWise in the Leaders Quadrant of the Gartner Magic Quadrant for Enterprise Governance, Risk and
Compliance Platforms. Follow-up finding & Yearly Audit
Recommendations Plan
“The GRC market is nine years old, and buyers have high expectations for the performance of GRC solutions against a wide
variety of use cases. Differentiation today is about the ability to deliver against multiple use cases, and provide advanced
risk management functionality, with analysis of the impact of risks on strategic objectives and business performance,
domain expertise in multiple highly regulated industries, ease of use — including mobile capabilities — and configurability.” Audit Detailed Audit
Reporting Planning
Gartner Research “Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms” by French Caldwell and John
A. Wheeler, September 24, 2013.
DATABASES

Workpaper Audit
Management Preparation

Audit
Analytics
The Audit Cycle

Streamline the end-to-end audit process

The end-to-end audit process BWise supports is based on an annual risk
assessment of the business; the audit universe is determined, and the
annual audit plan is created and aligned with the audit committee. Then,
based on the available audit frameworks, individual audits are set-up
and scheduled. The audit execution consists of several steps that include
desk-top research, fieldwork and finally reporting. Findings are shared
with the business units and recommendations are provided for adequate
follow-up. During the audit execution, advanced audit analytics can be
used to collect and analyze data. In addition, extensive authorization
templates ensure the secure treatment of sensitive data. Audit files can
be classified, and depending on their workflow state certain access rights
can be automatically granted or denied. This ensures compliance with
the strictest of regulations like the Bank Secrecy Act.

2 3
 BWise
A Day in the Life of Ann Green,
Internal Auditor
BWise Internal Audit (BWise IA) offers the
internal audit department where Ann Green
works comprehensive support of the end-to-
end audit process. This process makes use of
BWise capabilities such as documenting multiple
dimensions of the organization, its business lines
and risks for documentation of the Audit universe,
and risk and control frameworks at an enterprise
level and in detail, at operational, transactional and
IT levels. A fully integrated document management
system guarantees Ann and her managers secure
data encrypted storage. It also provides for easy
file administration related to documentation and
individual audits. BWise document management
includes check-in/check-out capabilities,
authorization, version management, approval
workflows, retention policies, and more.
“Sending and tracking actions to
follow up on findings with BWise
directly from the audit to other
business units is a great timesaver
for me.”
Ann Green,
Head of Internal Audit
4 5
Annual Assessment
With BWise IA, Ann can automatically create multi-year
audit plans based on audit ratings, risk ratings, and
audit cycles. She can care for the annual planning at a
managerial level. Separately she can then create detailed
scheduling at a task level. Ann and her colleagues have
all the necessary capabilities available as they conduct
risk assessments both for the total enterprise and for
individual audits. This integrated risk-based approach
enables them to perform an annual assessment to
determine the audit universe and audit coverage, and
report on the progress and risk status throughout the year
to the audit committee.
Audit Dashboard
Planning and Scheduling
Ann can plan her work using web-based planning and
scheduling for both planning at a group level and for
detailed scheduling of various audit tasks for individual
audits. Ann can also use the integrated time registration
to log hours spent per audit and to have her manager
approve those hours. This further enables budgeting, cost
allocation, and tracking progress and status.
Audit vault: Online and Offline Work Papers
BWise Internal Audit includes extensive and configurable
audit templates to automatically generate audit work
papers. When Ann conducts an audit, she has the ability
to document her audit activities in predefined work
papers directly in BWise. If Ann wants to, she can take all
or parts of the audit offline, and enter her information,
her findings and electronic evidence, to the offline audit
in a secure manner – like a secure vault. Then she can up-
load the information back into BWise, as if the work was
conducted online, with similar audit trails.
Findings and Follow-up
If Ann discovers findings during the audits, she may want
to communicate those to the business for further follow-
up. Configurable rule-based workflows allow her to keep
track of management responses and the progress of the
follow-up. Alerts on her BWise homepage will assure Ann
of a timely follow-up.
Reporting
Integrated reporting capabilities are available for Ann to
review and monitor progress on her audit plan and status
of her findings on a real time basis.
BWise Internal Audit ensures audit teams can conduct
their end-to-end audit process; everything can be
managed with one integrated solution, from the initial
enterprise risk assessment, planning, scheduling and audit
and auditor time-keeping, audit set-up, audit execution, to
reporting and tracking findings.
Key Benefits of BWise Internal Audit
• Secure access to all audit information, anytime,
anywhere; online and offline
• Protection of sensitive data against unauthorized
access
• Streamlined alignment with the audit committee on
the audit universe and the overall audit plan
• Transparency in audit planning, such as global
holidays or resource and skill availability
• Transparency in budgeting and cost allocation
• Simplified time registration, skill alignment and
reduced reporting efforts
• Ease of communication between auditors, with notes,
sign-off and reviews
• Streamlined communication between auditors and
auditees,
• Strict audit trail of all relevant audit activities and
evidencing of findings
• Reduced efforts in follow-up of findings, ease of use
for auditees and transparency of detailed status for
auditors
• Reduced effort for reporting, higher transparency
• Compatibility with configurations for highly-specific
access management needs like those for the Bank
Secrecy Act
 BWise
BWise® Audit Analytics
BWise® Audit Analytics enables the ability to securely
take data from sources such as SAP and Oracle, by
exporting the data on a protected memory stick. No live
connection is required to gather and analyze data during
the audit execution. The data analysis performed and
results documented in audit work papers, can then be
synchronized with the audit. BWise Audit Analytics enables
users to create rules that define how to analyze this data.
The true integration of risk and control frameworks with
rules, enables auditors like Ann to conduct advanced data
analysis on external data. BWise delivers templates for SAP
and Oracle analysis, including Segregation of Duties (SoD)
analysis for both. BWise also enables Ann to adapt existing
rules and define new rules. With the addition of the Audit
Analytics component, BWise Internal Audit is the most
advanced audit platform globally.
Key Benefits of the Audit Analytics component include:
• Reduced efforts for data collection and analysis
• Higher coverage of analysis (full data analysis, rather
than sampling), and as a result more reliable findings
and lower risk profile
• Precise analysis of actual (potential) problems,
providing more precise recommendations to auditees
• More focus on high risks because there is more
automation
Audit Analytics in more detail
An important part of an Auditor’s work is to analyze data,
find potential fraud and failing controls, and to gain a
better understanding of the organization’s risk exposure.
Traditionally, the data analysis is seen as a separate activity,
conducted by highly trained audit professionals with
advanced toolsets. BWise believes current technology
should facilitate more efficient ways of working by
integrating data analysis technology into the audit solution,
and even more broadly into the area of GRC. This approach
has many advantages over traditional tools:
• Centralized rules creation and decentralized rules
usage facilitates a broader use of advanced data
analysis capabilities
6 7
BWise Academy
BWise Audit Analytics
• Integrating it into work paper management reduces
audit efforts, eliminates the tedious processes
required to integrate changes via copying and pasting,
and complications to produce reports
• Integrating broader risk management and compliance
facilitates audit rules that can be used in continuous
monitoring
• It simply becomes a technology applied in another
way for users: ultimately, audit helps improve the
business by assisting business owners to better
manage their processes
• In addition, business owners may help to reduce audit
efforts; continuously monitoring data may be reused
in audit programs
Additional Benefits of BWise Audit Analytics
• Adapt and create new scripts
• Pre-defined rule scripts for SAP and Oracle are
available
• Intelligent data retrieval, based on scripts means only
relevant data will be retrieved
• Intelligent filtering mechanisms; for instance on data
ranges to allow subsets of data
• Usable in audit analytics, by integration into audit
programs
• Usable in continuous monitoring, by integration into The BWise Academy delivers learning solutions to Through the BWise Learning Center, her new colleagues
other parts of the BWise GRC Platform are provided with access to a comprehensive offering of
• Ability to securely retrieve information from external explain the GRC process and successfully imple- eLearning courses, such as a Quick Start with BWise, and
data sources on encrypted memory sticks ment the BWise solution in your organization. Understanding the Business Control Framework and In-
• Tried and tested with large data sets Through the Learning Center, customers have ternal Audit. Ann can also monitor progress and results
• Highly scalable data retrieval mechanism enabling of the training through a web-based interface.
billions of records to be retrieved access to a broad offering of cost-effective and
• Integration capabilities with any open data source innovative learning experiences. Customers can Software Training on the Job
• Historical trail of all analyses performed choose from different formats including: eLearning When Ann is asked by a lead auditor to schedule an
• Audit trail of all exceptions audit, she can log into the BWise Learning Center and
• Automated escalation, in case thresholds are courses, class room courses, and tailor-made train-
take a brief five minute tour of this topic. She will then
surpassed, triggering standard workflows in BWise ing programs. be able to effectively perform her task in BWise.
• Intelligent reporting with managerial views, drill-
downs into individual transactions, leveraging MS New Internal Audit Colleagues Visit www.bwise.com/academy for the latest training
Excel capabilities. The BWise Academy can support Ann by introducing topics.
• Flexible reporting by non-expert users new colleagues to the audit method enabled by BWise.
 BWise

BWise® GRC Platform More information

BWise® Internal Audit is one of the six different role-
based solutions BWise offers within the GRC platform.
Ann and her colleagues in Risk Management, Internal
Control, Compliance & Policy Management, Information
Security and Sustainability Performance Management
all work in the same solution. They all use the same
risk taxonomy and speak the same language, improving
transparency and efficiency, and creating common
ground.
To learn more about how your organization can benefit
from an integrated approach to Governance, Risk and
Compliance, request the corporate brochure on www.
bwise.com/grc-library.
Meet Ann’s colleagues, Jackie McLaren (Compliance),
Michael Bauer (Internal Control), Damian Thomson
(Information Security), Kim Lee (SPM) and Gerard Parker
(Risk), to see how they each work with BWise,
visit www.bwise.com.

Ann Green
Head of Internal Audit
Gerard Parker
(Internal Audit)
Chief Risk Officer (Risk Management)

Jackie McLaren
Compliance Officer
(Compliance & Policy Management)

Michael Bauer
Corporate Group Controller (Internal
Control over Financial Reporting)

Damian Thomson
Chief Information Security Officer
(Information Security)

Kim Lee
VP Corporate Sustainability
(Sustainability Performance Management)

8 9
 BWise
Join us on the GRC Journey Today
UNITED STATES: ONE OF THE LARGEST
INSURANCE COMPANIES MANAGES THEIR IT
RISKS AND CONTROLS ACCORDING TO ISO
27002 AND PCI-DSS STANDARDS.
UNITED STATES: ONE
OF THE LARGEST CAR
MANUFACTURERS
UTILIZES BWISE FOR ITS
INTEGRITY PROGRAM
FOR MORE THAN
200,000 EMPLOYEES.
UNITED STATES: GLOBAL LEADING
PHARMA COMPANY UTILIZES BWISE FOR
SOX AND FCPA COMPLIANCE INCLUDING
SOPHISTICATED DATA ANALYTICS
IMPLEMENTATION
UNITED STATES: ONE OF
THE LARGEST MORTGAGE
INSTITUTIONS UTILIZES
BWISE ACROSS THE
ORGANIZATION FOR ALL GRC
INITIATIVES.
UNITED STATES: ONE OF THE LARGEST
AUTOMAKERS UTILIZES BWISE ACROSS ALL
GRC FUNCTIONS CORPORATE WIDE.
10
BWise provides GRC solutions for single GRC initiatives as well as cross functional implementations around
the globe which are delivered through local service and delivery teams.
UNITED KINGDOM: ONE OF THE WORLD’S
LEADING PHARMACEUTICAL COMPANIES SWEDEN: A GLOBAL LEADER
BECAME SOX COMPLIANT WITH THE HELP OF IN HOME AND PROFESSIONAL
BWISE TOOLS. APPLIANCES USES BWISE TO
IMPROVE EFFICIENCY AND
EFFECTIVENESS OF ITS INTERNAL
CONTROL PROGRAM.
FRANCE: ONE OF THE GLOBAL LEADING
TELCO COMPANIES ENSURES ITS’ INTEGRITY
WITH FINANCIAL REPORTING FOR 2,000+ THE NETHERLANDS: AN INTERNATIONAL
USERS USING BWISE. RETAILER INTEGRATED BWISE FOR ALL THEIR
INTERNAL CONTROL, RISK MANAGEMENT
AND INFORMATION SECURITY.
SWITZERLAND: ONE OF THE WORLD’S
LEADING LUXURY GOODS COMPANIES
INTEGRATED BWISE FOR SEVERAL GRC
INITIATIVES.
PORTUGAL: THE PORTUGUESE POSTAL
SERVICES STREAMLINES ITS INTERNAL AUDIT
PROCESSES WITH BWISE. SAUDI ARABIA: A LEADING CHEMICAL FIRM
MANAGES ITS GLOBAL RISK, COMPLIANCE
AND AUDIT PROGRAM WITH BWISE.
BRAZIL: LEADING
EXCHANGE MANAGES
ITS RISKS AND INTERNAL SINGAPORE: LEADING
CONTROL PROCESSES SINGAPORE BASED BANK
WITH BWISE. IS IMPLEMENTING BWISE
FOR 16 USE CASES ACROSS
THE ORGANIZATION.
SOUTH AFRICA: GLOBAL LEADING BANK
DEPLOYED BWISE TO STREAMLINE INTERNAL
AUDIT FOR MORE THAN 1,000 AUDITORS AUSTRALIA: LARGE TELCO COMPANY
USES BWISE FOR ITS ENTERPRISE RISK
MANAGEMENT, REGULATORY COMPLIANCE
AND BUSINESS CONTINUITY.
11
 BWise

About Nasdaq BWise Contact Information

Nasdaq BWise is a global leader in Enterprise Gov- Nasdaq BWise has sales, service and support offices
worldwide. To contact us at our local offices
ernance, Risk Management and Compliance (GRC) in Asia, Australia, Europe and the United States,
software. Based on a strong heritage in business visit www.bwise.com/offices.
process management, the BWise® GRC Platform pro-
vides companies with highly-rated, proven software
solutions for Risk Management, Internal Control,
Internal Audit, Compliance & Policy Management,
Information Security and Sustainability Performance
Management.

BWise’s end-to-end solutions support an organization’s

ability to understand, track, measure, and manage key or-
ganizational risks. Nasdaq BWise helps companies truly be
in control by balancing performance with their financial
and reputational risks, improving corporate accountability,
increasing financial, strategic and operating efficiencies.
Using BWise, organizations are able to efficiently comply
with anti-corruption regulations like FCPA and the UK
Bribery Act, the Sarbanes-Oxley Act, European Corporate
Governance Codes, ISAE3402/SAS-70, PCI-DSS, Solvency
II, Basel II and III, Dodd-Frank, ISO-standards, and many
more.

Nasdaq BWise sales, service and support offices around

the globe provide for the GRC needs of hundreds of lead-
ing companies worldwide. For more information, visit
www.bwise.com.

WWW.BWISE.COM

Legal Notice
This document may be part of a written agreement between BWise and its customer, in which case the terms and conditions of that agreement apply hereto. In the event
that this document was provided by BWise without any reference to a written agreement with BWise, to the maximum extent permitted by applicable law this document
and its contents are provided as general information ‘as-is’ only, which may not be accurate, correct and/or complete and BWise shall not be responsible for any damage or
loss of any nature related thereto. All rights are reserved. Unauthorized use, disclosure or copying of this document or any part thereof is prohibited.

12

V.IARB1352015A4