Interview with Fabio Accardi, Audit Director, Astaldi
- Improve the effectiveness of controls
- Increase company productivity
- Meet the requirements of control bodies
- Internal audit to provide insights for improvements to management
- Created value for the company
- Improved communication with management and Supervisory Board
- Managed resources more effectively
- Streamlined work and introduced effciencies
- Standardized work
In recent years, Astaldi underwent several signifcant changes that formed the starting point for its relationship with MEGA International.
When Astaldi became a public company in 2002, listed on the STAR segment of the Borsa Italiana, the Italian stock exchange, it prompted a new change management process within the company. Strong company growth, fueled by new fnancial resources acquired as a public company, was generated by competitive changes that began with a signifcant contraction in the Italian domestic market.
As this occurred, Astaldi’s business changed from 70% Italian customers and 30% international customers to the exact opposite. One factor behind Astaldi’s growth was the use of innovative project fnancing instruments, using concessions. With Astaldi’s core business in construction, concessions were a growing trend.
In 2011, Astaldi acquired the Italian branch of Busi Impianti (NBI). Diversifcation was important, both from a technological and a commercial point of view, because it led to the creation, within the Group, of an area dedicated to industrial plants, generating interesting synergies and opportunities.
Why did Astaldi select MEGA HOPEX’s solution?
Astaldi is an international company operating in many countries and nearly all continents, with numerous offces, subsidiaries and commercial initiatives. The complexity of the company triggered new risk, control and governance requirements. Because of this, we determined the need for a specialized software solution, primarily to support internal audit activities.
With operations becoming much more complex in the construction industry, concessions and plant engineering, and project management requiring new tools and techniques, the need for a solution became a primary focus.
There were two main goals. The frst was focused on improving effectiveness and reaching assurance objectives related to control functions. This was regarded as an indispensable mission for the internal audit function of a public company of this size. The second goal was economic and strategic nature: allow the internal audit group to create value for the company by operating in an advisory capacity to provide management with insights on ways to make improvements. In this area, it was important to comply with the Italian Code of Conduct. Another must: the internal audit function had to provide an adequate return on investment.
What was the selection process for HOPEX Internal Audit and how were governance activities previously handled?
The Astaldi Internal Audit Service started in 2011, with the assistance of Ernst & Young Financial Business Advisors (EY). The goal was to align internal activities in terms of defnition and performance, adhere to the best international practices and meet the Italian Code of Conduct.
The Regulation recognizes internal audit as a central function within the internal control system, so it is essential that it operate in an integrated manner. Therefore, the compliance and risk management departments are subject to a general review by the internal audit. When this need is combined with the requirement for quality assessment and objective certifcation that activities are done according to industry standards, it is clear that an appropriate tool is necessary for internal audit.
Because of these needs, especially quality assessment and the desire to adhere to industry standards, Astaldi sought an appropriate tool to help meet its goals.
For the selection, we followed a structured evaluation process that was developed to satisfy our specifc goals and needs. The evaluation was carried out with the support of EY and was based on the assessments of analysts such as Gartner, Inc., who assess the offerings of major market players.
From the regulatory compliance point of view, the tool had to support the evaluation process of control suitability and effectiveness within the control and risk management system (SCIGR), our governance pillar.
With our goals for effciency in the internal audit function established, we launched a software selection process. Because the software required an initial investment, the ROI over time had to be effective and provide value to the business.We expected that the software would allow for better understanding and planning of objectives, resources and activities. This would then result in a standardization of processes to allow more work to be done in less time and with fewer resources.
The quality of reporting was one of the most important factors in choosing HOPEX internal Audit. It provides the ability to generate reports according to procedures and organizational units, signifiantly improving the fow of information and internal management. Both assurance and advisory roles improved because of the MEGA solution, which went to the heart of the challenges.
What selection criteria did you use before choosing HOPEX Internal Audit?
The detailed list of requirements that we used in our evaluation included:
- Coverage of the governance, risk and control requirements as defned by Astaldi, especially for controls at the general and detailed levels
- Excellent references
- Maturity of the solution
- Positioning of the company by analysts
- The type of web-based solution
- Flexibility of the solution; one that could easily be adapted to our specifc industry needs
- Presence of a support staff on site and a help desk service with national and global presence
There were more technical criteria also:
- The ability to access the solution offine and download the data. Astaldi often operates inremote areas, with without or with limited Internet access
- Adaptability and fexibility of the solution with respect to business process modeling, which is complex since Astaldi operated with many orders and projects
Based on these key criteria, HOPEX Internal Audit was positioned on the short list, along with two other vendors. Following a rigorous process, with maximum transparency and clear deadlines, we identifed MEGA’s software as the ideal solution for internal audit activities. The help of EY was crucial, especially because the frm provided an external, objective evaluation that aided our decisions.
How did you hear about MEGA International?
We frst met the MEGA team at conferences and industry events, such as those sponsored by the Institute of Internal Auditors (IIA) and the Global Networking Strategy.
Is HOPEX Internal Audit used throughout the company or just within the Department?
The solution is used by Astaldi’s Internal Audit Service. Besides being the chief audit executives, we are also the ethics ffcers of the Group. Therefore, we deal with compliance with the Code of Ethics and the Italian Criminal Corporate Law (Legislative Decree No. 231 of 2001, known as “Law 231”), and provide support to the supervisory bodies of Astaldi and its subsidiaries. As a result of this company structure, the HOPEX solution is also used for integrated compliance.
The Supervisory Board of Astaldi and those of the subsidiaries require an audit to meet the requirements of Law 231. This is quite distinct from audit activity for internal control purposes.Astaldi could not fully comply with Law 231 by operating with manual methods or without a structured approach.
The frst phase of the project was primarily targeted to audit activities for internal control, and was consistent with an approach considering the entire Astaldi system of risks and controls.
There was also a focus on risks, through corporate risk management, which in Astaldi, is managed by a separate department. The constant interchange with this group gave us fundamental input on risk issues, which included identifcation of the risk universe and the greatest risks, as well as defnition of the company’s risk appetite. All of this information was captured in the control system. For risk management, in particular, the corporate risk management provides us with feedback and inputs that are essential to defne audit plans for the purposes of internal control.
The second phase of the project was based on our initial experience, and focused on improvements to the system, especially relating to reporting, planning and directional activities.
The kickoff of the project within Astaldi was meant to implement a control system in order to meet Law 231. After the development of an internal audit operations manual approved by the Board of Internal Control, Compliance Handbook 231, the reference guide for the second phase of the project, was formalized.
There is a signifiant advantage to using HOPEX Internal Audit for compliance purposes with regard to Law 231. This is due to our decision to have the groups handling internal audit and compliance maintain the information related to the law in a single repository. The HOPEX platform makes it possible for multiple groups to use a single repository through separate logins.
Astaldi has chosen the software as a service (SaaS) option of HOPEX Internal Audit. Why did you make this choice?
We opted for SaaS for one simple reason: the reduction of the number of people and groups involved. If we had chosen an “in-house system”, we would have called on the internal IT team continuously for support. We didn’t think this would be the most effiient option. SaaS allows us to take advantage of the ease-of-use and best practices with the offering.
Would you change anything related to your work with MEGA and its products?
After completing the frst year of operation with HOPEX Internal Audit, I would make the same choices. However, I would put more emphasis on internal training workshops and on-the-job training, perhaps providing additional resources for this and setting aside specifc days for it. While training represents an initial fnancial outlay, it can help in optimizing the return on investment.
What results and benefts has Astaldi obtained through the use of HOPEX Internal Audit?
While we are still in the initial phases, there are already returns at this point.
Everyone on our team can operate using a single, shared system. The introduction of the tool was an opportunity to initiate a process to align protocols, business models, process nomenclature and more. Our company is moving toward structure and alignment more than in the past. This requires greater coordination, especially at the operating level.
We expect HOPEX Internal Audit to become fully operational in 2017, and we also expect results that can be measured by the number of hours of work saved. For now, we are very pleased with our choice to work with MEGA.
What is the next step for Astaldi with MEGA?
As the next step, we expect to complete the optimization process, extend the use of the software both for other regulatory needs and in other divisions beyond Astaldi S.p.A., such as at the Group level. We want to create an integrated system that will also involve other audit circles within our organization, creating interfaces that allow us to better interact with the compliance and risk management groups.
- Complete the optimization process
- Extend the use of the software internally
- Improve compliance and risk management globally
- HOPEX Internal Audit
- HOPEX Platform
- MEGA Services Team
ASTALDI is a leading Italian contractor, among the top 100 worldwide in the construction industry, and also works with concession projects. Founded more than 90 years ago, it has operated in over 60 countries worldwide developing complex and integrated initiatives (design, construction, management). The company has solid expertise and highly specialized human resources. Publicly traded since 2002, it closed 2015 with total revenues of EUR 28 billion, a consolidated turnover of EUR 2.9 billion and about 11,000 employees.