Audit Engagements & Workpapers

Archer Audit Engagements & Workpapers enables you to track your audit universe, perform audit engagements, maintain workpaper documentation, perform testing, and report on audit results in a consistent and timely manner. Archer Audit Engagements & Workpapers helps you transform the efficiency of your audit department, complete better-scoped audits more quickly, and decrease internal audit time and external audit fees.

For the key features and benefits of this use case, see the Data Sheet on the Archer Community: https://community.rsa.com/docs/DOC-40093

How Audit Engagements & Workpapers fits into a risk and compliance program

Audit Engagements & Workpapers is a use case in the Audit Management solution area. The following sections describe the use cases that Audit Engagements & Workpapers requires as a prerequisite, which use cases you can upgrade to as your audit program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.

Prerequisite and next use cases

The following table shows how this use case fits into the overall Audit Management solution area.
Issues Management	Audit Engagements & Workpapers	Audit Planning & Quality

Establish your business hierarchy Consolidate and coordinate findings and remediation plans from risk, compliance, audits, and other assessments Manage exceptions with appropriate risk sign-off acceptance.	Document your audit universe Create audit engagements and workpapers Create a centralized Audit Program Library and workpaper repository Perform audit testing Manage audit findings and remediation plans, and capture audit observations	Plan audits based on risk assessments Manage staff and schedule audits Create audit plans Evaluate the audit team

Related use cases in other solution areas

The following table shows the use cases in other solution areas you can integrate for additional business context and functionality.
Application	Use Cases	Primary Purpose(s) of the Relationship
Control Procedures / Control sets	Controls Assurance Program Management IT Controls Assurance IT Risk Management Risk Inventory and Top-Down Assessment	When you scope by Control Procedures as an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Control Procedures record.
Risk Register	Risk Catalog Risk Inventory and Top-Down Assessment ISMS IT Risk Management	When you scope by Risk Register as an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Risk Register record.
Process Narratives	Financial Controls Monitoring	When you scope by Process Narratives into an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Process Narratives record.
Business Unit	IT Asset Catalog Cyber Incident & Breach Response	When you scope by Business Units as an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Business Unit record.
Applications	Audit Engagements & Workpapers Business Continuity & IT Disaster Recovery Planning Third Party Governance IT Asset Catalog IT Controls Assurance Information Security Management System PCI Management IT Security Vulnerabilities Program IT Risk Management Cyber Incident & Breach Response Data Governance Operational Risk Management	When you scope by Applications as an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Application record.
Facilities	Audit Engagements & Workpapers Business Continuity & IT Disaster Recovery Planning IT Controls Assurance Information Security Management System PCI Management IT Risk Management Cyber Incident & Breach Response	When you scope by Facilities as an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Facilities record.
Business Processes	Audit Engagements & Workpapers IT Controls Assurance IT Risk Management Data Governance	When you scope by Business Processes as an audit entity, this allows the Data Feed Manager to populate the related risks and controls associated with the Business Process record.
Compliance Scope	Control Assurance Program Management	When you scope by Compliance Scope as an audit entity, this Allows the Data Feed Manager to populate the related risks and controls associated with the Compliance Scope record.

Note: The Audit Planning & Quality use case allows you to scope your audit entities by additional relationships: to risks and control procedures; authoritative sources, policies, and corporate objectives; and to information assets, products and services, and third parties. These relationships are only available if you have also licensed use cases that contains these applications.

Get started