Audit Planning & Quality Use Case Design

The Audit Entity application provides a single, centralized location to capture details about each area that could be the subject of audit scrutiny, such as business processes, organizational units (such as departments), specific topics (for example, a regulation, such as FFIEC), IT infrastructure and applications, and other individual areas.

Through the Audit Entity application, you can:

• Define each audit entity and create a "universe" of audit entities.
• Scope each audit entity for the control-based audit by relating the entity to cross-referenced records in the Business Units, Business Processes, Facilities, Applications, Process Narratives, Compliance Scope, and Controls applications.
• Scope each audit entity for the risk-based audit by relating the entity to cross-referenced records in the Business Units, Business Processes, Facilities, Applications, and Risks applications.
• Assign audit and business ownership to each audit entity.
• Perform audit entity risk assessments.
• Compare audit risk assessments to management assessments of risk.

The IA Engagement and Assessment Results application captures historical audit engagement and risk assessment results for the Audit Entity application for maintaining audit integrity, reporting, and comparing historical information. The application uses trending charts and historical data from a data feed. Trending charts capture two years of data and allow you to view and capture any changes to risk assessment questions before the historical record is created through an Archer to Archer data feed.

The Audit Engagement application serves as an Internal Audit mechanism for creating, managing, tracking, and reporting on individual audit engagements. The application allows users to determine the audit engagement’s scope, schedule and staff resources for the audit, create and manage workpapers, perform audit testing, document observations and findings, and draft the audit report. All tasks can be performed in either online or offline mode.

The Audit Plan application allows you to create and manage audit plans. The audit plan includes a plan name, description, and estimated start and end date. You can also include items in the plan by associating the plan with records from the Plan Entity application. The plan entity record creates a link between previously defined audit entity records and the audit plan record. The audit plan enables you to capture and track other information for the audit plan, such as plan hours and expenses. The audit plan contains a workflow for review and approval, links to audit engagements, and enables ongoing management and reporting on the audit plan. The audit plan includes Advanced Workflow, which streamlines and automates the review and approval process. Two report objects provide the progress and status of the various Engagements and the effectiveness of Workpapers associated with the Engagement records. This structure facilitates approving the plan and reporting to the Audit Committee, communicating with management, and monitoring the overall status of the audit plan on an ongoing basis.

Once an audit entity is identified as a target for an audit engagement, based on factors such as risk (from the audit entity risk assessment), regulatory scrutiny, or strategic value, the entity is included in an audit plan. The Plan Entity application allows you to associate an audit entity with an audit plan and audit engagement by creating an individual plan entity that can be edited and updated as necessary.

• The plan entity is a record designed to capture the name of the plan entity, planned hours and expenses, as well as the type of audit engagement and resource type.
• The plan entity record cross-references the audit entity to the audit plan.

The Base Availability application allows you to capture the general availability of each member of your audit team and view information related to the contact record, such as position start and end dates, employment type (full, part time), and days and hours per week the contact typically works. Records in the Base Availability application affect the calculation in the Estimated Resource Utilization report, which helps you effectively determine the utilization of and allocate resources to audit engagements.

The Degrees and Certifications application allows you to capture information about team members' education, certifications, and degrees. You can track issue and expiration dates, whether Continuing Professional Education (CPE) is required, and other information.

This information helps you assign audit staff with the appropriate background to specific audit engagements and tasks.

The Expense Reports application stores and maintains all expense reports, which are composed of individual records called expense slips. This application also contains workflow for review, where a designated reviewer may approve or deny expenses and provide review comments.

The Expense Slips application is a sub-component of the expense report and is hidden from the layout. The application includes detailed line items in an expense report. These line items are integrated into the Expense Reports application, where they can be submitted for review.

The Internal Audit Customer Survey questionnaire documents the results of customer surveys that are sent to the audit customer at the conclusion of the audit. The feedback can be utilized to evaluate the performance and effectiveness of the audit procedures and staff that conducted it.

During the Wrap Up phase of the engagement, the Internal Audit Customer Survey and the Internal Audit Quality Assurance Review Checklist questionnaires allow you to evaluate the audit team performance on the engagement. You can create reports or display the Wrap Up tab in the engagement to communicate the results with the Audit Committee.

At the end of the year, the Internal Audit Department Annual Review is completed to evaluate the audit team across multiple engagements. With the Executive Management access role, Audit Committee members can view the results of the Internal Audit Annual Review and all other surveys on their dashboards and create reports.

The Internal Audit Quality Assurance Review Checklist questionnaire allows you to document the quality assurance review of both the audit engagement and the audit team at the conclusion of the engagement.

The Question Library application stores assessment questions that you can reference and copy into a questionnaire. Each question is stored as an individual record, and each record contains information including the question and answer text as well as information necessary to display and score the question. Depending on the solution that you have licensed, the Question Library contains a large set of pre-built questions by default. In addition, you can add new questions and store them in the Question Library.

The Timesheet Task application allows auditors to capture their actual time spent on audit tasks and in each phase of an engagement. The time reported rolls up through an appointment to the audit engagement as billable or non-billable categories, such as vacation, sick time, or training.

Manages the IA organization and oversees the audit team, the assessment of the audit universe, and subsequent planning. The CAE or IAD works with audit management and teams in the planning and performing of audit engagements, reports to the Audit Committee and executive management, and coordinates work with external auditors.

Works with the CAE or IAD to oversee IA, receives audit results focusing on critical matters, selects external auditors, and provides recommendations to the board of directors.

Consists of multiple levels in an organization, such as vice presidents, directors, and managers. IA managers oversee a functional area within the IA department, such as a region, discipline, product lines, or subject matter areas. IA managers report to the CAE or IAD and are responsible for helping assess the audit universe, determine the audit plan, oversee audit engagements, and lead audit teams.

Scopes and plans engagements and testing, reviews testing, drafts reports, and oversees internal auditors on engagements. The lead, sometimes called an audit senior, reports to a manager or director.

Works on audit engagements. The internal auditor reports to a lead, auditor, manager, or director for specific engagements and may be a subject matter expert for certain audit types or areas.

Provides Audit Business Owners with information about audit entities created by IA pertaining to their organization, internal audit customer surveys that they need to complete, and open findings assigned to them from audit engagements.

Provides Audit Executives an aggregate view of the audit universe, including planning, scheduling, risk-based prioritization, staffing, and management of audit entities. From the dashboard, Audit Executives can view details around audit plans and their performance; audit entity status, prioritization, and risk profile; open findings generated by audit engagements; and management risk coverage of audit plans.

Provides information about findings, remediation plans, and exception requests that are related to the audit program.

Note: You may want to add this dashboard to the Issues Management workspace. It is not displayed there by default.

Provides Audit Managers an aggregate view of the audit universe, including planning, scheduling, risk-based prioritization, staffing, and management of audit entities.

Provides a portal for auditors to access their recurring or ongoing tasks.

Displays the Estimated Resource Utilization report, which calculates an estimated percentage allocation and an estimated percentage billable for all qualified resources over the date range of the report.

The feed allows you to auto scope an audit entity based on Risk or Control based approach and populates the Controls, Risks, Information Assets, Facilities, Applications and Devices based on the Audit Scope.

This data feed creates a copy of the scoped records for Audit entities tagged to Audit Engagement through a plan entity.

This JavaScript data feed out scopes any scoped content to be out scoped as a part of this engagement. The data feed also out scopes the related Risks and Controls when the feed out scopes the related scoped entity.

This feed creates audit workpapers (both levels) based on the audit grouping attribute that is defined in the audit engagement and audit program library.

These feeds create audit workpapers (both levels) from the audit program library based on a individual selection in an audit engagement.

This feed makes a copy of the audit entity record in the IA Engagements and Assessment Results application, for purposes of maintaining integrity, reporting, and comparing historical information.

This feed creates audit workpapers for audit engagement and Audit Procedure for respective inscoped Control Procedure based on the audit grouping attribute that is defined in the audit engagement.