Once upon a time….. Goldilocks was wandering through the IIA 2019 Conference. She was not in a good mood. She had quarrelled with her boss about the state of their company’s internal control environment and had stormed off to the conference without any idea what sort of solution they should have.
The conference was a forest of people and stands – it was all a little scary for her, and she didn’t know where to start, mainly because when she thought about it she honestly didn’t know what she was looking for.
The first solution she saw was a tactical spreadsheet based approach. This seemed like a great idea at first – her company’s control environment was still quite immature, and everybody knew how to use a spreadsheet, even Big Boss! We could document it all in spreadsheets and then record all the daily happenings too – perfect! But wait, what are we going to do with the evidence? And what if people start messing about with all the spreadsheets and make their own versions?
And while everyone can use a spreadsheet, not everyone is of the same ability (remember that 8,000 page blank document she printed and blocked the colour printer for half a day?). It’s going to be cumbersome and inefficient, and as unstable as a house made of straw. Everyone will get trapped in a bog of administration, preventing all our teams from focusing their skills on their day job, especially those grumpy wolves in front office (why do we call them the first line of defence?!!). This could end up using up so much of peoples’ time, controlling the controls! No – that isn’t going to work in the long run. That solution was too basic.
She kept exploring the conference.
Then she saw the integrated GRC solutions. There were lots of these and they all looked very impressive. They seemed to do everything – documenting, cataloguing, impact assessment, risk methodology, incident management, root cause analysis, investigative case management, auditing, testing, capital allocation, fraud detection, automation, third party evaluation, statistical modelling, predictive analysis, artificial intelligence, Modified Bayesian Statistical Inference (whatever that is!).
The list went on with more and more and more features…oh dear this was way too much, and they were all seemed so big, cumbersome and inflexible – everyone would need to go on a week’s training course just to learn the basics (and remember what happened when the Three Little Pigs went on that residential course far far away…). Also everyone on the stands seemed a little impersonal, all a bit corporate. And then there’s the cost! Even Rumpelstiltskin didn’t charge this much.
No, these solutions were way too complicated.
Goldilocks was starting to feel tired, but she didn’t have time to sleep, so she decided to take a break from all these solutions and have a complimentary mini croissant and coffee and chat to some of the other delegates. They were also feeling a bit confused and overwhelmed. At least she didn’t feel alone.
Then she saw the ICE stand, not too far off the path. At first glance their solution seemed too simple, yet really intuitive to use – covering all the key areas that they needed in an internal control & compliance solution: documenting, evidencing, monitoring, testing and workflow to keep track of all the actions.
Then she realised that the simplicity was exactly what she was looking for – this would be easy to implement across the whole organisation, and could be up and running in a matter of days! And there was a safe secure repository to keep everything, including all the evidence that was currently strewn across the whole organisation. Plus the ICE team seemed kind and friendly, they would be great people to work with. It was definitely reasonably priced too. They would also provide friendly personal support once up and running, so there really would be a happy ever after implementation…
Not the end, but the beginning: Talk to us about implementing ICE at your organisation.
ICE is a nimble and practical internal control and compliance solution that focuses on engaging and enabling all three lines of defence. It provides a standard and transparent backbone to your organisation’s control environment at all levels of maturity.
ICE were proud to again be a sponsor of #IIA2019, the Chartered Institute of Internal Auditor’s flagship annual two-day conference in London, with over 500 delegates from the private, public and charity sectors.