How InComm Payments Automates Critical Processes with AuditBoard
In our Spotlight on Success series, Tasha Simpson (Manager, Vendor Risk) at InComm Payments, shares how she secures customer data on a global basis.
Previously, InComm Payments has shared how they cultivated relationships of trust with the business and accelerated their risk management program.
How has AuditBoard elevated your third-party risk management strategy?
When we conduct vendor risk management, we are responsible for ensuring that we’re evaluating all risks that may be posed to our customers. The biggest value AuditBoard has brought to our team is eliminating manual processes previously necessary to complete our day-to-day tasks to evaluate third-party risks.
The time it takes to complete assessments has decreased significantly. Our stakeholder interactions have improved because everything is centrally located, and our processes have been streamlined. Now, no one has to be a super user of Excel. It’s easier to communicate with business and service owners.
With AuditBoard, we can conduct our continuous monitoring in a way that works with our assessment schedules. Ever since implementation, AuditBoard has partnered with us so that if we ever experience issues, they resolve them quickly. Regarding our functions within the team, we can scale easily because AuditBoard allows us to implement repeatable, automated processes.
2024 InComm Payments Success Story:
In our Spotlight on Success series, Amanda Pope, Vice President of Audit and Risk Management at InComm Payments, shares how she’s accelerating her risk management program by making data-driven decisions.
This update builds on our 2021 and 2024 interviews with InComm Payments. Hear how InComm Payments — a technology innovator for prepaid products like gift cards and other payment devices — makes sure they are meeting their industry’s complex regulatory requirements and more, including how the team:
- Mapped regulations to controls with AuditBoard’s CrossComply to discover specific controls that met multiple needs.
- Saved time by engaging issue owners to make their own updates, which is possible due to the intuitive, user-friendly platform.
- Leveraged a single source of record to provide one-click risk management reporting, and began to draw new connections into how issues are correlated.
2021 InComm Payments Success Story:
Tell us a little about your team at InComm Payments.
My team is made up of three different departments. Risk management has five people, with ERM, operational risk, cyber security risk, compliance risk, and vendor risk. Internal audit has eight people and performs IT, operational, and financial audits. Our assurance team has four people and manages all of our SSAE team reporting, PCI certifications, HITRUST certifications, and any other regulatory certifications.
Prior to using AuditBoard, we used SharePoint with Excel documents and Word documents. I saw AuditBoard at an IIA conference and saw the user-friendliness of it. It’s very intuitive, not overly prescriptive, and not too demanding. We wanted something that would be easy to use, and that’s why we chose AuditBoard.
How has using AuditBoard improved the issue management process and reporting?
The biggest efficiencies we’ve seen since implementing AuditBoard have been in the issue management follow-up processes. That click-of-the-button WorkStream process — having users go directly into AuditBoard to make their updates — has been a huge time-saver. We now send out a monthly report of outstanding issues and management action plans to executive leadership. This has driven more oversight of issues and traction on management action plans.
We send out all of our issue management updates to issue owners, and that has them engaged with the tool. They’re starting to see how issues correlate and how we have to show work and evidence of how the issues are being remediated. We use that data to create an enterprise risk management committee deck that goes out every quarter, and we are in the process of moving that to monthly. AuditBoard has made it a lot easier for us to do that reporting, because it’s a click of the button to get the data.
How has using AuditBoard improved your reporting data and read-outs?
In AuditBoard we included a field for an ERM committee update. We have users input a summary sentence that we can include in our update — why we’re behind or why we’re on track. Once we get all of that information, we’re able to pull the reporting out of AuditBoard and drop it into a PowerPoint. This has made it so much easier for us to pull that data in a very efficient manner.
Your business is in a heavily monitored space with a lot of different compliance regulations. What industry-specific needs has AuditBoard been able to help with?
InComm Payments covers financial services, healthcare compliance, lottery and gaming, utilities… and giving people means of paying for goods and services. One of the biggest challenges we face as a company is having so many regulations and guidelines to follow, and we had previously not had a great way of organizing our controls in all of our processes and programs. We were able to do a very distinct mapping between all of the regulations to specific controls and realized we may have one control that meets six or seven regulations, instead of having one for every single regulation.
The biggest efficiency gained is when we implemented CrossComply we were able to lay out all the regulatory frameworks and tie those to our underlying controls. Now we have our controls built out in the SOXHUB, and once we started identifying issues coming out of the assurance or audit work, we were able to tie it back to a regulatory framework. We’re able to view those issues and risks in a different light and really talk about how these could impact our compliance — how our issues and risks can impact our regulation, and how we are complying with it.
How has using AuditBoard strengthened your team’s audit methodology?
I really enjoy using AuditBoard because I believe all the fields that we have to include drive home good audit methodology. AuditBoard helps us have a stronger control environment — and risk environment, as well — and we’ve been able to adapt our risk assessments to be even better than they were before. It’s really pushing us to improve.
What are your future plans for using AuditBoard?
Looking to the future, I’m very excited to have AuditBoard working with us to help drive the conversations around the risk environment that InComm Payments is facing, and how those risks can be mitigated. We want to start using AuditBoard and WorkStream to confirm all of our narratives and our controls and use that to get updates to make sure we have the right information when we go into an audit.
