Using Audit Engagements & Workpapers

The Audit Engagements & Workpapers use case supports the following processes.

Managing audit readiness

The Audit Engagements & Workpapers use case allows you to document your organization's infrastructure (for example, devices, applications, facilities, and business processes) and reference them to audit engagements. You can also document information about audit staff members, external contacts and capture the skills of each staff member in order to help assign the right auditors to engagements. You can also create a library of standard audit programs and procedures that can be copied into individual audit engagements to save time and drive consistency.

Defining audit entities

The Audit Entity application provides a single, centralized location to capture details about each area that could be the subject of audit scrutiny, based on the audit methodology or approach. If the Audit methodology chosen is risk-based Audits, then the subject of scrutiny could be one of the following: Business Units, Business Processes, Facilities, Applications, or Risk Register records. If the methodology chosen is control-based Audits, then the subject of scrutiny could be one of the following: Business Units, Business Processes, Facilities, Applications, Process Narratives, Compliance Scope, or Control Procedure records.

You can define each audit entity and create a ‘universe’ of audit entities, relate the entity to cross-referenced records in other applications, and assign audit and business ownership to each audit entity.

Creating plan entities

Once an audit entity is identified as a target for an audit engagement, based on factors such as risk, regulatory scrutiny, or strategic value, the plan entity is required in order to accurately link the audit entity to any audit engagements. Each time you select the same audit entity for an engagement, you are specifying the details of the audit for that audit engagement. For example, one year you may select an audit entity to be included in an audit engagement as just a Department Review, which requires a limited scope. In the next year, that same audit entity is included in another audit engagement, but this time as a full-blown Operational Audit, which requires more resources and a larger scope. The plan entity captures the name of the plan entity, the type of audit engagement, the objective and scope, and the stakeholders.

Managing audit engagements

Use the Audit Engagement application to manage the audit engagement through its lifecycle. Create and scope the engagement, assign resources, out scope content ignored for the current audit engagement, generate workpapers, document and review observations, complete fieldwork, manage findings, track the tasks associated with the resolution, and complete wrap-up on the engagement.