Foreword

Like the operational functions, the internal audit and internal control functions are also undergoing a digital transformation. Indeed, the internal control devices can be supported by different GRC solutions, which in particular allows monitoring compliance with some regulations: SOx, SAPIN II or GDPR. In addition, internal audit departments use tools to support and document their work (annual audit plan, work program by process, audit report, follow-up on recommendations) …

Thus ArtimIS specializes in supporting these customers in the digitalization of the internal audit and internal control functions by providing a methodical and rigorous approach, thereby improving their risk management and process performance.

We support you in your different assignments to secure and improve the control of your operations on different axes such as:

  • Adopt a risk-based approach and performance improvement approach for defining the audit plan

  • Propose a risk management adapted to the organization

  • Set up a digital risk monitoring with defective and preventive controls

  • Strengthen the three lines of defense for better control of operations

  • Improve the qualification of information necessary for strategic decision-making throughout the organization

  • Develop a culture around compliance and risk management

  • Improve the control structure, in particular through the implementation of automated control

  • Take advantage of technology-based auditing

  • Protect against threats that could impact the sustainability of the organization (fraud, cyber-attacks, etc.)

  • Ensure responsiveness in the execution of the BCP

Internal Audit

The management and the audit committee use the internal audit process as a means to assess the quality and control of operations, and also to generate value across the organization.

We help large, medium and small businesses to design their internal audit function – from carrying out an in-depth risk assessment on all of an organization’s processes, to communicating the results to management, the board of directors and other stakeholders. Not only do we identify the risks and the deficiencies, but we also work hand in hand with the operational staff to meet the challenges and put in place the appropriate controls.

Whatever the client’s industry – whether there is already an internal audit service or whether it needs to be set up – ArtimIS creates a framework adapted to the needs of each company. We take a practical approach and our partners are deeply involved in our work.

ArtimIS supports you in co-sourcing in your audit missions throughout the year:

  • Business process audits (Finance, O2C, P2P, H2R) & IS audits (User access management, change control, incident management, …),

  • IT risk mapping & scenario modeling revealing impacts and costs,

  • Definition of key indicators (KRI) and creation of dashboards for risk communication and monitoring,

  • Audit, Help with the choice, Piloting, integration-migration of GRC solutions – Data Analytics & Internal Audit Management.

Internal Control

IT risks, cyber threats, regulatory requirements, process complexity, fraud and attacks continue to grow in number and in complexity – all in an increasingly connected and digital business world. As companies and technologies evolve, the internal control framework has to be updated (as the COSO for example).

On the basis of this reference framework, we offer controls adapted to the processes with an optimal effort / efficiency ratio. At ArtimIS, we support our customers challenge the « status quo ». Rather than just building on “last year’s approach,” our team of professionals helps companies simplify and strengthen their processes to be as efficient as possible, while focusing on the processes and the risks that matter most to them.

We start by assessing the internal control framework of our customers with a systematic and consistent approach, adapted to their context. It is after understanding their device that we are able to identify gaps and recognize the risks while finding opportunities to improve and optimize controls.

Our methods and projects are structured with change management and technological solutions:

  • Assessment of the level of maturity of the internal control device (governance, process, roles and responsibilities, dashboard)

  • Identification of existing controls and evaluation of their effectiveness compared to the needed effort.

  • Highlighting existing controls that mitigate the main risks, seeking to take advantage of on-board information system controls; elimination of redundant controls, with low added value or even ineffective.

  • Development / adjustment of the internal control reference system.

  • Design and implementation of new automated controls to align with the target benchmark.

  • Collaboration with external auditors to ensure that changes in control suit them and improves the level of risk addressed and the reliability of financial information.

  • Design and implementation of a monitoring structure to review the effectiveness of the internal control framework.

Implementation of Continuous Control Monitoring thanks to dedicated tools to improve efficiency.

Why ArtimIS?

GRC expertise

Seniority of Consultants & Certifications to the key,
15 years of experience in GRC and on different application environments: SAP, Oracle & Workday
Strong proximity and good understanding of the challenges of the different executive members (Finance, Internal Audit, Internal Control, Compliance & IT)

Pragmatism

Pragmatic, agile, and aligned approach to the implementation strategy of market standards (COSO 2 & ISO 31000/2009 RM)
Proven experience in GRC program management and change management (communication, video, game challenge, training, …),

Complementarity

Proposition of a complete team combining Business (Internal Control & SOx) and Technical expertise on ERPs: SAP (ECC / S4 Hana / Ariba / Fiori) and Oracle (eOBS/Fusion/JDE/NetSuite/PeopleSoft)
Proposition of GRC technical experts on SAP GRC (Access Control, Process Control, Risk Management), Oracle RMC (with Selected Partner for GRC Go to Market strategy), Galvanize (ControlBond, AuditBond, ComplianceBond, RiskBond, …)

Sustainability

Competitive service costs compared to large Audit and Consulting firms,
Highly advantageous GRC technical implementation and support service costs thanks to our nearshoring/offshoring approach.
60% of our revenue comes from loyal customers and 40% from new customers who trust us and whom we will retain.

The seniority of our consultants and our broad experience enable us to bring a pragmatic and agile approach in our project management when it comes to compliance projects.

Benoit Pachot, Partner at ArtimIS