Bank of Cyprus and TeamMate+ Audit

The oldest bank in Cyprus turns to TeamMate+ to align its audit work for the future

Panayiotis Koumousis, manager IT audit & data analytics for the internal audit division, Bank of Cyprus, explains how TeamMate+ is helping to woo auditees and management.

Bank of Cyprus is both a domestic retail bank and a global financial services organisation listed on the London and Cyprus Stock Exchanges. So, when its team of 40 internal auditors discussed what they would need to perform their role in future, they looked for a solution to help them tackle today’s challenges and emerging risks.

“We faced several major challenges,” explains Panayiotis Koumousis. “We had time-consuming administrative processes and were limited by cumbersome Excel-based files. There was too much administration in our follow-up processes and inconsistencies in the way team members carried out audits.”

The internal audit team is split across departments in the bank’s technical control framework. Some work in financial services, some in operations and some in technology. There are also dedicated teams for investigations and data analytics.

“We wanted to move to a paperless audit environment, enhance the effectiveness and quality of our audits, make our processes more consistent, increase collaboration with auditees and streamline our reporting and follow-up activities,” Koumousis says. “We wanted a centralised platform that would help us to automate our audit processes, produce an inventory where we could centralise our risk controls, working papers and findings, and enhance collaboration with auditees.”

TeamMate+ was the only solution that met all these needs. The project began in September 2018 and went live in April 2019. A year later, Koumousis has a long list of the benefits he has seen – and those he expects to see in future.

• “We now have multi-tasking teams working on the same papers, which is enhancing their integrity and our accountability. We have real-time interaction with auditees and this is making them more willing to collaborate with us. All our risks, controls and working papers are stored online and are easy to access,” he says. “We can produce standardised, consistent reports for the board and our customers.”
• In the audit follow-up process, the team no longer sends emails, makes phone calls or shares Excel files – all communications are online. Koumousis says the process has improved efficiency and integrity, increased productivity and enhanced the user experience for auditors and auditees.
• Audit preparation, scheduling, assignments, approvals and monitoring are all done automatically, which has reduced audit time and means that actions are supported with evidence. Continuous risk assessment means that the risk status of each entity is constantly monitored throughout the audit cycle. Workpapers and audit evidence are centralised, saving auditors time organising, processing and reviewing files. Reporting to committees and management and analysis of audit information is better presented, and the timelines, quality and user experience have all improved. The libraries and templates in TeamStore save preparation time in every audit.
• More broadly, Koumousis credits the implementation with enabling “transformation in internal audit”. “Internal auditors are now more efficient in performing their daily activities and our auditees feel happier about the way they collaborate and the results they are getting,” he says.

Further benefits have come from extending the automation to the bank’s investigation processes, self-assessment of retail controls, regulatory monitoring and external audit monitoring.

Koumousis says that the board now considers TeamMate+ to be “a valuable partner in the organisation’s digital journey and the future success of Bank of Cyprus” and he now wants to develop the system further. “There are several new functionalities we want to use. We are keen to enhance the way we schedule resources, manage our time, leverage enhanced automation potential and increase our use of data analytics.”

Strong corporate governance is essential to maintaining the bank’s long-term reputation, and TeamMate+ is helping to ensure its systems are fit for a global, automated and integrated 21st-century financial services industry.

Fit for the future

George Zornas, internal audit director at Bank of Cyprus, explains how he and his team have adopted new technology and changed the way they work to offer management what it most needs, when it most needs it.

What is the future of internal audit? What will the internal audit function of the future look like? And what skills will internal auditors need if they are to remain relevant and provide the critical support that organisations need?

These are the million-dollar questions for all internal audit teams and ones that George Zornas, internal audit director at Bank of Cyprus, is keen to answer. His team of internal auditors has implemented substantial changes to put them in a better position to meet the bank’s current and future needs. The change does not stop here – like the business, internal audit must constantly evolve – but, he says, they now have a clearer idea of what they will need to be and to do to add value in a rapidly changing global marketplace.

For a start, internal auditors must become “insight generators”. “This is imperative,” Zornas says. “Becoming an insight generator means moving away from being merely a problem-solver, to being someone who assists management to develop their strategic thinking. It means providing insights that help management to achieve their goals and raising red flags about potential problems before they materialise.”

Audit functions must evolve from being reactive to being proactive. Auditors need to focus more attention on emerging risks and to rely more on technology to highlight anomalies at transactional level.

All auditors must become competent at using, and understanding the potential of, data and technological solutions.

“As internal audit evolves, it will need to use technology to the utmost extent,” Zornas says. “We have already used it to create a paperless office and to become far more efficient. Technology is vital to help us address issues before they materialise and to provide the information we need to help management promptly.”

A three-year audit plan is now “absurd” he adds. “Risk is not static, it changes all the time. Plans must evolve with the risks.”

He describes data analytics as the “internal audit tool of the future” and it was a priority for Zornas when he chose a solution to support the audit transformation programme. It was also a stated requirement from the audit committee and the board.

“Using data analytics has made us more efficient and has enabled us to identify red flags that require further investigation,” he says. “These were issues that were previously hard to spot, or were extremely time-consuming. In future, I want all our audits to incorporate data analytics and all our auditors to be able to conduct them.”

The Covid-19 challenge

“Covid-19 was the black swan of the decade – nobody expected it and nobody was properly prepared,” Zornas says. However, the changes that his team had already implemented meant that they could react swiftly to the emergency when it arose. They revised their audit plan immediately, postponing audit engagements that were no longer a priority and introducing those that would be needed to assess the emerging risks arising from the pandemic.

This put the team’s data analytics, collaboration, communication and planning capabilities to the test and enabled Zornas to demonstrate in practice how the new systems increased the auditors’ ability to respond and add value to management.

Improved data analytics capabilities have enabled his team to apply continuous risk monitoring to identify whether issues justify further attention, so they can focus on the things that really matter to the business now.

Zornas was proud of the way the team responded. “An internal audit manager should be able to motivate staff and assist them to accept change,” he says. “My role is to be beside my colleagues, to motivate them and to help them enable management to achieve its goals.”

The changes Zornas and his team implemented to make them fit for the future have already helped them to add value when faced with challenges that none of them expected. More change will follow, but they can now feel confident that they start from the strongest possible basis.