ABOUT BAILLIE GIFFORD
Baillie Gifford is a wholly owned private partnership that adds value to clients, companies, and society by providing thoughtful, long-term investment management services. The company was founded in 1908 and is headquartered in Edinburgh, with five additional locations around the globe. Baillie Gifford employs nearly 1,200 people and has funds under management and advice of approximately £207 billion.
The internal audit function at Baillie Gifford has been on a journey of growth over the past four years in response to the firm’s increasing complexity. The function has aligned its focus to the firm’s broader strategic priorities to provide independent assurance over the controls operating in areas of higher risk.
During this period, the audit team has grown from five to ten people — and at the same time has evolved its working practices to standardize and refine the end-to-end audit lifecycle, culminating in the revision and formalization of its internal audit methodology.
Pete Ferguson, senior audit manager at Baillie Gifford explained: “During the last two years, we have been undertaking a step-by-step process looking at how we evolve our audit practices. The next logical step was to consider the need for a centralized audit system so we could enhance our process for documenting audits and how we capture and monitor risk information.”
While the risk management team at Baillie Gifford had invested in a new Riskonnect operational risk system, the internal audit function was still working with manual processes and relying on Excel and Word.
Pete Ferguson: “We were planning, capturing, and tracking audit activity through Excel spreadsheets, with all of our documentation held on internal network drives. This became unsustainable, complex, and unwieldy, as we grew both as a function and as a firm.”
THE BUSINESS CASE FOR CHANGE
Pete Ferguson: “The opportunity provided by a centralized audit system would enable the team to accurately capture key audit information and ensure we consistently apply our methodology, bringing together the whole process from annual audit planning and risk assessments through into individual audit plans and reviews. The ability to capture and monitor risks and controls, link audit findings to control weaknesses, and report in an efficient and effective manner would make the whole process much more scalable and efficient. Having direct access to the operational risk system was an added bonus.”
The audit team performed some initial investigations into the various audit solutions, reviewing systems that were known to them already, as well as modern systems like Riskonnect.
Pete Ferguson: “We had individual experiences within the team of using more traditional systems, and we compared these to Riskonnect. Our first impression of the Riskonnect Internal Audit solution was that we really liked the aesthetics of how it was presented. It seemed very user-friendly, and we were attracted to the ability to link directly into the risk management system. Another key aspect was the ability to configure the system flexibly, so we could adapt it to our needs over time.”
The team from Baillie Gifford went through a rigorous process of understanding how the system worked and how it could be adapted to fit in with its defined audit methodology. This involved working with the Riskonnect team to brainstorm ideas in planning workshops together with demonstrations of the system, leading to an agreed scope of works for the configuration changes. The teams then worked together on the configurations and amendments prior to going into user acceptance testing.
Pete Ferguson: “The part that was really important to me and that really stood out was the continuous engagement and support throughout the process with Riskonnect.”
Baillie Gifford went live with Riskonnect’s Internal Audit solution after just a few months of configuration and setup. Four months after “go live,” the audit planning cycle and several audits had already been completed.
Pete Ferguson: “We have now configured our audit universe, been through our annual plan, and completed a number of audit reviews on the system. We haven’t experienced any significant glitches with Riskonnect, and the system has performed as we wanted and expected.”
The team has now built a range of reporting using Riskonnect together with Tableau as its chosen internal reporting visualization tool.
Pete Ferguson: “The linking of data directly into Tableau has meant that we can see quickly at the touch of a button all of our audit statuses, open actions, and findings, all of which we used to track using Excel. We have also now learned how to change and adapt the way Riskonnect presents fields, so we can make modifications to field descriptions, layouts, and reporting ourselves without having to rely on Riskonnect. The adoption of a modern system like Riskonnect’s Internal Audit solution is enabling us to continue to transform the way that we audit. It provides a more dynamic solution to help us to continue providing value to the business.”