How Winshuttle Supports Audits and 3 Lines of Defense in Finance

By Clinton Jones on Nov 9, 2016

If you have a palate for change, you must be inclined to make change for the better.  A financial audit is subject to continuous change and in the realm of SAP, this can be particularly challenging. Internal audits have a key role in the corporate governance structure to provide assurance on managing risks. To ensure the effectiveness of risk management, your management team needs to be able to rely on adequate line functions – including monitoring and assurance functions around the efficacy of operations and controls reporting within the organization.

Audits Assessment Results Statgist Strategize Concept

An audit provides assurance that these monitors and controls exist and are being adhered to. The ‘Three Lines of Defense’ model is a way of explaining the relationship between these functions, and serves as a guide to how responsibilities should be divided.

The first line of defense is management controls and internal control measures. The second line is the scrutiny, oversight and review of business activities by personnel like controllers, systems security, risk assessors, quality managers, inspectors or compliance officials. Some of these functions are merged with audit functions in smaller organizations, but in an ideal world, an audit is the third line of defense.

As the third line of defense, internal audits (and the internal audit function) review activities of the business in relation to the first line of defined controls and measures, against the proof of inspection by the second line of defense. They then report findings and recommendations to senior management and any relevant governing body or audit committee. The 3rd line provides an independent perspective and challenge to work practices which strengthen the organization’s ability to report accurately and manage risk around systems and controls. Additional lines of defense include external audits and regulatory scrutiny – however these are outside the control of the organization.

A model for the three lines of defense

Winshuttle assists the third line of defense by providing reporting mechanisms within both the Studio and Foundation products, with governance capabilities to help provide insight into how Winshuttle is used in conjunction with Excel and SAP or Forms with Workflow and SAP.

WS-Whitepaper-imageLearn more about how Winshuttle can assist with Audit and Compliance challenges when working with SAP systems by reading this whitepaper.


About the author

Clinton Jones is a Director for Finance Solutions Management at Winshuttle where he has worked since 2009. He is internationally experienced having worked on finance technologies and business process with a particular focus on integrated business solutions in Europe, the Middle East, Africa and North America. Clinton serves as a technical consultant on technology and quality management as it relates to data and process management and governance for finance organizations globally. Prior to Winshuttle he served as a Technical Quality Manager at SAP and with Microsoft in their Global Foundation Services group.

Questions or comments about this article?

Tweet @Winshuttle to continue the conversation!