Smart Audit: Why Automation is the Future of Workday Auditing
Businesses in every industry are grappling with an ever-changing legal and regulatory landscape. As compliance legislation evolves and new data protection and privacy laws emerge, organisations must fully comply with the latest rules or face costly repercussions. The risks of non-compliance are grave. Companies that fail to comply with directives such as the Sarbanes Oxley Act (SOX) or the General Data Protection Regulation (GDPR) could face hefty fines, criminal charges and devastating damage to brands and reputation.
Unsurprisingly, the COVID-19 pandemic has added an extra layer of complexity to managing internal controls. With employees working from home and out of physical managerial oversight, companies must have the right systems in place to monitor actions and spot anomalies that could be a risk to compliance.
Costs of compliance are mounting
Navigating this legal labyrinth can be expensive. According to research, organisations spend on average of between $1m and $2m a year on SOX compliance alone. Financial services companies spend $1.23m, government / public sector bodies spend $1.64m, and healthcare organisations spend $2.31m.
What’s more, auditing costs are set to rise this year. A survey by Gartner shows that 62% of organisations expect their external audit fees to increase in 2021 due to a range of pressures, including COVID-19 impacts. To mitigate escalating costs, organisations are turning to automation to support compliance. In fact, the same Gartner study found organisations that automate at least 25% of their internal controls pay 27% lower audit fees on average.
As the leading ERP, Workday forms the backbone of many of our customers’ daily operations. While housing all your data in one place is a huge advantage during audit season, creating evidence to prove controls are robust can still be a challenge if you must do it manually. Manual auditing and evidence gathering can be time-consuming, prone to human error and requires Workday expertise.
At Kainos, we want to help our customers simplify the Workday auditing process through automation. That’s why we’ve developed Smart Audit. Built by Workday audit experts for Workday users, Smart Audit offers complete control, knowledge and evidence that your controls are robust and your data is protected at the click of a button.
What is Smart Audit?
Smart Audit provides a continuous, automated audit of your Workday setup, reducing reporting costs and risks of non-compliance. With Smart Audit, you can easily protect highly sensitive personnel data and detect and mitigate against toxic permissions that in the wrong hands could lead to fraud. It also enables you to monitor appropriate access to key workflows and configuration while staying on top of unauthorised changes.
With Smart Audit, you can:
- Check against known compliance risks: Smart Audit comes with pre-built controls enabling you to run best practice checks immediately without any configuration.
- Be up and running fast: An out-of-the-box solution and quick to set up, Smart Audit allows you to detect and resolve issues within minutes.
- Proactively monitor your environment: Automated alerts minimise any opportunity for someone to exploit an issue and help you close gaps quickly.
- Gain visibility: Smart Audit covers all Workday tenants, including production and sandbox.
As Smart Audit customer and Head of Systems at Man Group Tim Perkins says: “There’s virtually no way that any other tool could do the same job that Smart Audit does. It’s just going to a level of granularity that we couldn't achieve with another tool.”
Three key use cases for Smart Audit
Smart Audit channels all actions and alerts into an easy-to-use dashboard. At a glance, you can see who is able to perform actions and check if it is appropriate, and, if a data breach occurs, Smart Audit immediately shows you who did it, when and how. This dashboard view is key – it enables users to act fast in the event of a problem. Here are three use cases where Smart Audit is helping organisations manage compliance risks:
- Secure Segregation of Duties
Segregation of Duties (SoD) is about preventing employees from having two or more permissions that when combined could create the opportunity to commit fraud. For example, a person might be able to initiate a one-off payment such as a bonus, approve the payment, and even edit the payment details of the recipient to be their own, without any need for additional approval. It would be almost impossible for many enterprises to identify all such combinations manually, rendering them vulnerable to a compliance breach. Smart Audit continuously analyses your configuration and alerts you of any SoD risks throughout your organisation so you can take immediate action. - Protect data across all tenants
In our experience, companies with even the most robust of internal controls tend to focus compliance monitoring on production environments. However, teams regularly use their non-production environments—Sandbox, Sandbox Preview or Implementation tenants, which are copies of production for important tasks such as testing. Testing changes in non-production environments to check for errors before going live is of course best practice and strongly recommended, but each non-production environment carries the same compliance risks as the live environment. On top of that, testing teams generally have more permissions than employees operating in production. Smart Audit treats all Workday tenants the same, ensuring you can proactively avoid data breaches and quickly manage them if they occur. - Spot anomalies in user behaviour
Staff accessing highly personal information is not necessarily an indication of inappropriate behaviour. For instance, an HR Administrator might need access to all employee personal data as part of their role. However, it’s the additional context that Smart Audit surfaces that is key in determining if the behaviour is appropriate. If for example, the HR Administrator looks at sensitive information out-of-hours, or is looking repeatedly at their peers' or manager's data—that could indicate unusual activity. Smart Audit can spot such anomalies in user behaviour and send an alert for investigation.
The Smart Way to Audit Workday
At Kainos, we understand our customers’ auditing needs. Our partnership with Workday dates back to 2011, and our team comprises more than 1000 Workday experts, including developers, consultants and project leads. We’re even a Workday customer ourselves. Companies cannot afford not to have complete control over data protection compliance. Smart Audit reduces risks, costs and audit fatigue while increasing compliance, visibility and staff engagement. It’s the future of Workday auditing.