Internal Audit Management: Creating Value for Astaldi
Challenges
- Improve the effectiveness of controls
- Increase company productivity
- Meet the requirements of control bodies
- Internal audit to provide insights for improvements to management
Results
- Created value for the company
- Improved communication with management and Supervisory Board
- Managed resources more effectively
- Streamlined work and introduced effciencies
- Standardized work
Interview with Fabio Accardi, Audit Director, Astaldi
Astaldi underwent several significant changes in recent years, forming the starting point for its relationship with MEGA International.
When Astaldi became a public company in 2002, listed on the STAR segment of the Borsa Italiana, the Italian stock exchange, it prompted a new change management process within the company. Strong company growth, fueled by new financial resources acquired as a public company, was generated by competitive changes that began with a significant contraction in the Italian domestic market.
As this occurred, Astaldi's business changed from 70% Italian and 30% international customers to the exact opposite. One factor behind Astaldi's growth was innovative project financing instruments using concessions. With Astaldi's core business in construction, concessions were a growing trend.
In 2011, Astaldi acquired the Italian branch of Busi Impianti (NBI). Diversification was necessary, both from a technological and a commercial point of view, because it led to the creation, within the Group, of an area dedicated to industrial plants, generating interesting synergies and opportunities.
Why did Astaldi select MEGA HOPEX's solution?
Astaldi is an international company operating in many countries and nearly all continents, with numerous offices, subsidiaries, and commercial initiatives. The company's complexity triggered new risk, control, and governance requirements. Because of this, we determined the need for a specialized software solution primarily to support internal audit activities.
With operations becoming much more complex in the construction industry, concessions, plant engineering, and project management requiring new tools and techniques, a solution became a primary focus.
There were two primary goals. The first was focused on improving effectiveness and reaching assurance objectives related to control functions. This was regarded as a vital mission for the internal audit function of a public company of this size. The second goal was economical and strategic: allow the internal audit group to create value for the company by operating in an advisory capacity to provide management with insights on improvements. Complying with the Italian Code of Conduct in this area was essential. Another must: the internal audit function had to provide an adequate return on investment.
What was the selection process for HOPEX Internal Audit, and how were governance activities previously handled?
The Astaldi Internal Audit Service started in 2011 with Ernst & Young Financial Business Advisors (EY) assistance. The goal was to align internal activities regarding definition and performance, adhere to the best international practices and meet the Italian Code of Conduct.
The Regulation recognizes internal audit as a central function within the internal control system, so it must operate in an integrated manner. Therefore, the compliance and risk management departments are subject to a general review by the internal audit. When this need is combined with the requirement for quality assessment and objective certification that activities are done according to industry standards, it is clear that an appropriate tool is necessary for internal audit.
Because of these needs, especially quality assessment and the desire to adhere to industry standards, Astaldi sought an appropriate tool to help meet its goals.
We followed a structured evaluation process developed to satisfy our specific goals and needs for the selection. The evaluation was carried out with the support of EY and was based on the assessments of analysts such as Gartner, Inc., who assess the offerings of major market players.
From the regulatory compliance point of view, the tool had to support the evaluation process of control suitability and effectiveness within the control and risk management system (SCIGR), our governance pillar.
With our goals for efficiency in the internal audit function established, we launched a software selection process. Because the software required an initial investment, the ROI over time had to be effective and provide value to the business. We expected the software would allow for a better understanding and planning of objectives, resources, and activities. This would then result in a standardization of processes, allowing more work to be done in less time and with fewer resources.
The quality of reporting was one of the most critical factors in choosing the HOPEX Internal Audit. It provides the ability to generate reports according to procedures and organizational units, significantly improving the flow of information and internal management.
The MEGA solution improved both assurance and advisory roles, which went to the heart of the challenges.
What selection criteria did you use before choosing HOPEX Internal Audit?
The detailed list of requirements that we used in our evaluation included the following:
- Coverage of the governance, risk, and control requirements as defined by Astaldi, especially for controls at the general and detailed levels
- Excellent references
- Maturity of the solution
- Positioning of the company by analysts
- The type of web-based solution
- The flexibility of the solution, one that could easily be adapted to our specific industry needs
- Presence of support staff on-site and a help desk service with a national and global presence
There were more technical criteria also:
- The ability to access the solution offline and download the data. Astaldi often operates in remote areas without or with limited Internet access.
- Adaptability and flexibility of the solution concerning business process modeling, which is complex since Astaldi operated with many orders and projects
Based on these critical criteria, HOPEX Internal Audit was positioned on the shortlist, along with two other vendors. Following a rigorous process with maximum transparency and clear deadlines, we identified MEGA's software as the ideal solution for internal audit activities. The help of EY was crucial, primarily because the firm provided an external, objective evaluation that aided our decisions.
How did you hear about MEGA International?
We first met the MEGA team at conferences and industry events, such as those sponsored by the Institute of Internal Auditors (IIA) and the Global Networking Strategy.
Is HOPEX Internal Audit used throughout the company or just within the Department?
Astaldi's Internal Audit Service uses the solution. Besides being the chief audit executives, we are also the ethics officers of the Group. Therefore, we deal with compliance with the Code of Ethics and the Italian Criminal Corporate Law (Legislative Decree No. 231 of 2001, known as "Law 231") and provide support to the supervisory bodies of Astaldi and its subsidiaries. As a result of this company structure, the HOPEX solution is also used for integrated compliance.
The Supervisory Board of Astaldi and those of the subsidiaries require an audit to meet the requirements of Law 231. This is quite distinct from audit activity for internal control purposes. Astaldi could not fully comply with Law 231 by operating with manual methods or without a structured approach.
The project's first phase was primarily targeted to audit activities for internal control and was consistent with an approach considering the entire Astaldi system of risks and controls.
There was also a focus on risks through corporate risk management, which in Astaldi, is managed by a separate department. The constant interchange with this Group gave us fundamental input on risk issues, including identifying the risk universe and the most significant risks and defining the company's risk appetite. All of this information was captured in the control system. For risk management, in particular, corporate risk management provides us with feedback and inputs essential to define internal control audit plans.
The project's second phase was based on our initial experience and focused on improvements to the system, especially relating to reporting, planning, and directional activities.
The project's kickoff within Astaldi was meant to implement a control system to meet Law 231. After the development of an internal audit operations manual approved by the Board of Internal Control, Compliance Handbook 231, the reference guide for the project's second phase, was formalized.
There is a significant advantage to using HOPEX Internal Audit for compliance purposes with Law 231. This is due to our decision to have the groups handling internal audits and compliance maintains the information related to the law in a single repository. The HOPEX platform allows multiple groups to use a single repository through separate logins.
Astaldi has chosen the software as a service (SaaS) option of HOPEX Internal Audit. Why did you make this choice?
We opted for SaaS for a straightforward reason: reducing the number of people and groups involved. If we had chosen an "in-house system, " we would have continuously called on the internal IT team for support. We didn't think this would be the most efficient option. SaaS allows us to take advantage of the offering's ease of use and best practices.
Would you change anything related to your work with MEGA and its products?
After completing the first year of operation with HOPEX Internal Audit, I would make the same choices. However, I would emphasize internal training workshops and on-the-job training, perhaps providing additional resources and setting aside specific days. While training represents an initial financial outlay, it can help optimize the return on investment.
What results and benefits has Astaldi obtained through HOPEX Internal Audit?
While we are still in the initial phases, there are already returns.
Everyone on our team can operate using a single, shared system. The introduction of the tool was an opportunity to initiate a process to align protocols, business models, process nomenclature, and more. Our company is moving toward structure and alignment more than in the past. This requires greater coordination, especially at the operating level.
We expect HOPEX Internal Audit to become fully operational soon, and we also hope results can be measured by the number of hours of work saved. We are happy with our choice to work with MEGA.
What is the next step for Astaldi with MEGA?
As the next step, we expect to complete the optimization process and extend the use of the software both for other regulatory needs and in other divisions beyond Astaldi S.p.A., such as at the Group level. We want to create an integrated system involving other audit circles within our organization, developing interfaces that allow us to better interact with the compliance and risk management groups.
Next steps
- Complete the optimization process
- Extend the use of the software internally
- Improve compliance and risk management globally
Solutions
- HOPEX Internal Audit
- HOPEX Platform
- MEGA Services Team
About ASTALDI
ASTALDI is a leading Italian contractor, among the top 100 worldwide in the construction industry, and also works with concession projects. Founded over 90 years ago, it has operated in over 60 countries worldwide, developing complex and integrated initiatives (design, construction, management). The company has solid expertise and highly specialized human resources. Publicly traded since 2002, it closed 2015 with total revenues of EUR 28 billion, a consolidated turnover of EUR 2.9 billion, and about 11,000 employees.