How Boomi Built Its Robust Internal Controls Program
Waseem Samaan is an expert at establishing robust internal controls. And this experience, along with building audit functions from the ground up, led him to become Head of Internal Audit & SOX at Boomi, a software company specializing in integration platform as a service (iPaaS), API management, and master data management and data preparation.
When he joined Boomi, Waseem knew the audit team would benefit from technology to save time, reduce risk, and streamline processes end-to-end. That’s where the Workiva platform came in.
Automating internal controls and audit processes
Waseem had Workiva’s connected GRC platform on his mind long before he joined Boomi. In fact, he asked to get the Workiva platform during the interview process because of the benefits he experienced at previous companies.
Part of my interview process was me requesting the platform: ‘We need Workiva—can I get it?’
Head of Internal Audit & SOX at Boomi
Before using the Workiva platform, Waseem described internal controls and audit processes as manual and, at times, messy. Sending back-and-forth emails with colleagues. Running and waiting for reports to complete. Keeping track of controls and findings in multiple locations.
“This is my third time implementing Workiva,” Waseem said. “The platform streamlines the process from beginning to end.”
With the automation capabilities, Waseem said the Workiva platform has saved him significant time and costs. “The tool really saves you money, whether it's on external consulting fees or internal headcount,” Waseem said.
One of the Workiva platform’s standout automation features not found with other GRC tools—and one of his favorite internal controls features—is when the provided by client (PBC) requests automatically populate in the work papers.
“When I think of Workiva, I think automation,” Waseem said. “There are a few features that stand out to me. One is being able to securely collect PBCs and another is having the PBCs automatically populate in your work papers. That's what differentiates Workiva from the competitors—you don't get that with other tools.”
In addition, he loves having data at his fingertips—without actually needing to lift a finger.
“The reporting and the tracking and the project management elements are done for me. I just log in and the metrics are there,” Waseem said.
One-stop shop for streamlined success
Centralizing the internal controls process is key for Waseem. Being able to bring all collaborators, including external auditors, into one cloud platform for evidence, testing, and more is another reason why he brought Workiva’s GRC platform to Boomi.
“It gives us one central place to be able to confirm controls, keep track of controls, and keep track of findings,” Waseem said. “It's very easy for me as the head of the department to review and approve items.”
In addition, it gives key stakeholders visibility into all vital testing and risk information.
“It’s a one-stop shop where I can get an overview of anything and everything I want,” Waseem said. “I can run reports at any time, see what's open from PBC, who on my team has started testing controls, who hasn’t, and where we are in the process.”
Confidence in collaborators
Restricted access is one way to mitigate risk throughout the internal controls process. Prior to using the Workiva platform, Waseem said that it was difficult—and risky—to collect information from multiple departments.
“In audit, you’re dealing with payroll data and all kinds of confidential information,” he said. “You wonder, ‘Did I restrict this to the appropriate people? Who has access to this?’ With Workiva, you don’t have to worry about that.”
The advanced permissions feature allows Waseem to restrict access to just the control owners, helping reduce risk no matter how many collaborators are involved.
Leading the way in audit
With Waseem’s extensive experience, he has a couple pieces of advice for anyone starting a career in internal audit.
“Ask questions and don't be afraid to speak your mind,” Waseem said. In addition, when it comes to building an internal audit or SOX program as he has in past roles, he said technology is a critical component to deploying robust internal controls.
“Get software. You're going to need it,” he said. “It saves you so much time and energy and reduces risk and repeated work.”
See how the Workiva platform can simplify your audit, risk, and compliance processes. Request a demo today.
Learn how the Workiva platform simplifies governance, risk, and compliance.