Challenges
Banco de Costa Rica (BCR) is one of country’s leading financial service providers with a reputation as one of the most profitable and best run banks in Latin America. The organization’s Internal Audit (IA) department previously only used a data analysis tool to test controls and monitor the compliance of 10 relevant rules at each of its 150 branches.
This practice, however, didn’t allow the bank to properly or adequately control the branches’ response to exceptions—especially with 1,500 reports to review (10 rules per branch). BCR could also not easily determine which branches had replied to or acted in a timely manner regarding alerts. The volume of reports and lack of centralized communication procedures delayed internal control initiatives, and the department was seen as extremely reactive.
There was also the tedious but very important task of monitoring hundreds of thousands of financial transactions per day to ensure regulatory compliance. BCR’s IA department needed a solution that aided in their mandate for proactive internal control initiatives and that monitored all electronic transactions.
Solution
BCR selected CaseWare Monitor (now Alessa) to support the exceptions being found by their data analysis tool, facilitate more efficient analysis and investigations, and ensure IA’s focus remained on proactively mitigating risks. The system is set up so that the solution is able to:
Monitor all electronic transactions
Automatically distribute exceptions, compliance rules and reports to the appropriate branch personnel
Use case management to properly manage workflows of issues across all branches
Automate the execution of scripts
BCR’s IA department has gained control of the exceptions generated by their data analytic tools and has effectively managed the workflow that determines how exceptions are processed and analyzed by the branches.
The bank is also able to run their rules automatically and be assured that follow-up notifications are being sent to branch personnel. Any breaches in their business process rules that haven’t been replied to within a set timeframe are automatically escalated, allowing IA to identify which offices have not dealt with control breaches.
Results
BCR’s IA department has been able to implement corrective actions for unresponsive branches. They now have timely resolution on more than 95% of the alerts sent to the branches every month. BCR also enjoys the following benefits:
Month-end reporting is now automatic and takes hours instead of days
IA has a repository of cases and issues as well as their remediation history
More than 300 rules-based tests have been implemented to automatically monitor more than 300 controls