How The Toro Company Successfully Evolved to Comply With Rigorous New Requirements
In our Spotlight on Success series, Christopher Giesler (IT Audit Manager) and Heather Leavitt (Internal Controls & Accounting Policy Manager) share how The Toro Company leveraged AuditBoard’s connected risk platform to develop an enterprise risk management strategy and meet increasingly rigorous requirements from external auditors. The Toro Company, an agricultural machinery manufacturer based out of Bloomington, MN, is a leading worldwide provider of innovative solutions for the outdoor environment.
Hear how this team reduced manual controls, crafted effective compliance policies, and developed an enterprise risk management strategy by switching from spreadsheets and SharePoint to AuditBoard, including:
- Developing an operational technology environment by completing a full mapping of NIST 8183.
- Crafting compliance policies that are effective, reasonable, and accomplish their intended goals.
- Reducing manual controls and transitioned to cloud-based technology that meet increasingly rigorous requirements from external auditors.
- Leveraging AuditBoard’s CrossComply, SOXHUB, OpsAudit, RiskOversight solutions together to develop an enterprise risk management strategy in an official capacity.
Tell us a little about The Toro Company.
“Here at the Toro Company, we are a family of brands. Our primary brands are Toro itself, coupled with Ditch Witch, ExMark, Spartan, and Boss Snowplow as our primary leaders in our brand space with many, many more after that. Everything that we do helps push product out the door at the end of the day.” – Christopher Giesler, Manager of IT Internal Audit at The Toro Company
What previous challenges were you experiencing with manual solutions?
“I get product out the door by making sure that we can be a publicly-traded company, making sure we’re following the compliance rules, and making sure that our policies are effective, reasonable, and accomplish the goals that they’re supposed to accomplish. One of the things we learned was that spreadsheets and SharePoint weren’t going to cut it long-term for the number of controls that we had. Requirements from our external auditors were increasing and becoming more rigorous. That ultimately led us to try to find something that was a little more optimized andeasier to work with — a place to have everything in the single source of truth. That’s what led us to AuditBoard.” – Christopher Giesler, Manager of IT Internal Audit at The Toro Company
What are the biggest differences in Toro’s processes after implementing AuditBoard?
“One of the key things that I’ve seen with the adoption and the implementation of AuditBoard is the engagement with our users. They are able to really own their own controls and their documentation for those controls, so we’re able to reach them faster, they’re able to access more information, and they’re able to trust the information better. We’ve been able to standardize the documentation so everyone’s looking at the same thing. We’ve added procedures, and having that single source of truth has given everyone a single place to go instead of multiple team sites or network drives or other folders that as people transition to different roles get lost.” – Heather Leavitt, Manager of Internal Controls & Accounting Policy at The Toro Company
How has AuditBoard made your job easier?
“When it comes to ROI we don’t view AuditBoard necessarily as a time saver per se but more of an extensibility enabler. It allows us to go further with the same hours. Our staff are more efficient, they can get to more places. The work is cleaner and easier to review. We’re faster to find problems and get them in front of people so that they can be resolved more easily. We have a much easier time tracing issues with the issues management module, and that really allows us to actually follow up, nail it all down, and give comfort to our leadership and our board that we’re not only finding things, but that they’re being remediated to our satisfaction.
We’ve certainly enhanced our ability to start doing ERM in a more official capacity. We’d had something before, but we’re now in a much better state with CrossComply. We’re working on managing our policies and we did a full mapping of NIST 8183 for operational technology environment, which was an interesting endeavor because we were able to leverage the NIST preloaded framework and also put in our own custom framework.” – Christopher Giesler, Manager of IT Internal Audit at The Toro Company
How has AuditBoard helped Toro plan ahead for the future?
“The biggest value I think and the greatest reason I’m happy to have AuditBoard is that I can see the fruits of our effort. I see that effectiveness come through andhow I can get other people excited about looking at connected risk throughout the organization. I can see their eyes light up and understand why it’s important to look at risk and controls, even though it’s a topic they generally try to avoid. – Heather Leavitt, Manager of Internal Controls & Accounting Policy at The Toro Company
“The roadmap that we have going forward is much longer than what we could do in a year, let alone a couple. There’s definitely places where we are still trying to lever more value out of the tool, but we’ve already done a lot in our first three years. So looking ahead to our next three years and squeezing more value out of it as we go. We don’t have any doubt in our mind that AuditBoard will continue to produce value and results, and be a valuable part of our toolkit.” – Christopher Giesler, Manager of IT Internal Audit at The Toro Company