Wilmington’s Internal Audit Department transformed its risk assessment and audit processes by streamlining data analysis and enhancing collaboration across city agencies. This shift improved efficiency, provided real-time insights, and achieved a 600% ROI, setting a new benchmark for collaboration in line with the IIA’s Three Lines Model.

Introduction

Wilmington, Delaware, situated at the confluence of the Christina River and Brandywine Creek boasts a beautiful restaurant-filled waterfront and walkable downtown showing pride in their historical architecture. Wilmington provides a relaxed feel with easy access to bustling Philadelphia. The city uses its $282 million budget to serve a population of 71,000. 

Wilmington’s Internal Audit Department operates on a modest $1.03 million budget and a team of five. As with all internal audit functions, they play a crucial role in the city’s governance, serving as the third line of defense and providing the public transparency and accountability of city functions. 

Audit management have embraced the collaborative framework of the three-lines model from the Institute of Internal Auditors. To maintain independence, their primary function is to review city operations and provide recommendations, while city agencies make decisions and implement changes. 

Auditor Williams found a way to do this at scale:

“With ThirdLine, we all have the same information. Departments can look at the risks in real-time, while we can review the process to ensure it was followed correctly. This transparency helps us avoid ‘gotcha’ moments and promotes proactive risk management.”  - Auditor Williams

Wilmington’s Internal Audit Department is tasked with examining financial controls and performance across city agencies. As users of the Tyler Enterprise ERP system, auditors need to extract information from this complex system, which integrates various data sources such as transactions, employee details, and audit logs. This process can be challenging due to the intricate nature of the relational databases involved. Auditors don’t typically have direct access to underlying tables and rely on front-end access and reports or city agencies to provide downloads of data.

The Wilmington Audit Department operates under an ethos of transparency and independence, promoting a collaborative environment with their auditees. They believe in sharing information about risks early and often to avoid surprises and have extended training opportunities to other departments to align everyone on audits, risks, and controls. This approach aligns with the Institute of Internal Auditors’ (IIA) three-lines model, which highlights the importance of collaboration between audit and management to reduce organizational risk.

‍

The Challenge

Auditor Terence Williams and Audit Manager Tamara Thompson lead the department with a clear vision: foster a culture of continuous improvement and collaboration. They emphasize the importance of sharing ideas and information with city managers to strengthen the city's control structure. By providing departments with resources, tools, and best practices, they aim to support city agencies in understanding and managing risks effectively. The department's stance is clear—they provide information, but decision-making and implementation are up to the city agencies.

“We aim to be as transparent as possible. This platform allows us to use the same data and results,” said Audit Manager Thompson

Despite their proactive approach, Wilmington’s Audit Department faced significant challenges in achieving effective collaboration and risk management across city agencies:

1. Data Complexity and Accessibility Issues: The city’s Tyler Enterprise (Munis)ERP system generated reports that were not user-friendly or effective in highlighting risks and control failures. The Audit Department found the process of updating Excel spreadsheets cumbersome and time-consuming, limiting their ability to provide timely and actionable insights. They needed a more efficient way to access and analyze data to identify potential issues before they became significant problems.
2. Language Barriers: Auditors and managers often speak different languages regarding risk and controls. While auditors focused on risk mitigation and control structures, managers prioritized operational efficiency and resource management. This disconnect led to misunderstandings and blind spots in risk identification and mitigation.‍
3. Lack of Understanding and Engagement: There was often a gap in two-way communication between the Audit Department and city managers. Managers were not always actively involved in risk monitoring, and the lack of a shared understanding hindered effective collaboration. This gap made it difficult for departments to engage proactively in risk management and often left them reactive rather than proactive.

The Solution

Implementing ThirdLine’s two flag-ship products: 1. No-Code Analytics & Reporting and 2. Roles & Permissions

To address their challenges, Wilmington’s Audit Department adopted ThirdLine’s analytics and Segregation of Duties software. ThirdLine provided a comprehensive solution that transformed how the department interacted with their ERP data and city managers:

1. Simplifying Data Complexity: ThirdLine streamlined the process of data analysis, making it easier for the Audit Department to identify and address control failures and risks. The platform’s automation capabilities meant that hundreds of analytics could run continuously, providing real-time insights without the need for manual updates. This shift allowed the department to focus on strategic risk management rather than getting bogged down in the minutiae of data analysis. 

“For departments to actively monitor and see breakdowns, ThirdLine provides more visibitility to the data and helps management be better at defending the system,” noted Auditor Williams.

2. Bridging Language Gaps: ThirdLine’s platform enabled both auditors and city managers to view real-time data on risks and control issues, fostering a shared understanding. By using the same data and terminology, the Audit Department and city managers could communicate more effectively, reducing misunderstandings and building a common language around risk and controls.‍
3. Enhancing Understanding and Engagement: The analytics platform provided departments with a better understanding of their control systems by actively involving them in the risk management process. Departments could see real-time breakdowns and monitor risks as they occurred, giving them the tools they needed to defend their systems and take ownership of risk management.

The Results

The implementation of ThirdLine’s Audit Analytics and Segregation of Duties software led to several tangible improvements for Wilmington:

• Hundreds of No-Code Analytics for Audit & Management: Within six months, Wilmington’s Audit Department successfully implemented hundreds of analytics across various departments. This comprehensive approach ensured that risks were continuously monitored and addressed, leading to a more robust control environment. Wilmington can estimate over a  600% ROI when compared to the cost implement a typical standup of a continuous audit program of this scale: taking over 3 years of a data scientist and auditor’s full time salaries, plus any alternative software licensing used to connect to the ERP and create the scripts. . 
• Improved Collaboration and Communication: By providing a common platform for data analysis, ThirdLine facilitated better communication and collaboration between the Audit Department and city managers. This improved understanding and engagement resulted in a more proactive approach to risk management across the city.
• Increased Efficiency and Reduced Manual Effort: The automation capabilities of ThirdLine significantly reduced the time spent on manual data analysis and reporting. The Audit Department could now rely on real-time analytics to provide insights, saving time and resources that could be redirected toward more strategic activities.‍
• Broader Engagement Across Departments: Nearly every major department in Wilmington, including Finance, Purchasing, Accounts Payable, Business Licenses,, Economic Development, and Public Works, has engaged with ThirdLine’s software. This widespread adoption has led to ongoing collaboration and continuous improvement, with departments actively working with ThirdLine analysts to enhance specific functionalities.

Conclusion

Wilmington, DE, has demonstrated the power of using analytics to improve collaboration and risk management across city operations. By adopting ThirdLine’s analytics platform, the Audit Department has not only enhanced its own processes but also fostered a culture of proactive risk management and collaboration among city managers. Through improved communication, engagement, and data accessibility, Wilmington is setting a new standard for how city agencies can work together to achieve common goals.

₁ ThirdLine Implementation for first year. vs a data scientist at 90k and auditor at 80k plus 8k subscription to alternative software for three years to get over 200 analytics developed and automated with dashboarding.

‍

Call to Action

Interested in learning how ThirdLine’s solutions can enhance collaboration and risk management in your city? Contact us today to discover how we can help your organization achieve similar results