Mega GRC 3.2 en - Audit User Guide
Mega GRC 3.2 en - Audit User Guide
Mega GRC 3.2 en - Audit User Guide
User Guide
CONTENTS
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 . . . . . . . . . . . . . . . . . . . . . . . . .8 . . . . . . . . . . . . . . . . . . . . . . . . .8 . . . . . . . . . . . . . . . . . . . . . . . . .8 . . . . . . . . . . . . . . . . . . . . . . . . .8 . . . . . . . . . . . . . . . . . . . . . . . . .8 . . . . . . . . . . . . . . . . . . . . . . . . .9 . . . . . . . . . . . . . . . . . . . . . . . . .9 . . . . . . . . . . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . . . . . . . . . . 11
Main Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audit repository management . . . . . . . . . . . . . . Document repository . . . . . . . . . . . . . . . . . . . . Audit plan and mission management . . . . . . . . . Mission execution . . . . . . . . . . . . . . . . . . . . . . Mission and recommendation follow-ups. . . . . . . Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . Collaborative work . . . . . . . . . . . . . . . . . . . . . . Conventions Used in the Guide. . . . . . . . . . . . . . . . Presentation of this Guide . . . . . . . . . . . . . . . . . . .
Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
User Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audit manager . . . . . . . . . . . . . . . . . . . . . . . . Mission manager . . . . . . . . . . . . . . . . . . . . . . . Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing the Audit Team . . . . . . . . . . . . . . . . . . . . Creating an Auditor . . . . . . . . . . . . . . . . . . . . . . . Managing Auditor Responsibilities . . . . . . . . . . . . . Managing Auditor Skills. . . . . . . . . . . . . . . . . . . . . Defining skills for each user . . . . . . . . . . . . . . . Viewing skills . . . . . . . . . . . . . . . . . . . . . . . . . Preparing Audit Plans . . . . . . . . . . . . . . . . . . . . . . . Creating Audit Plans . . . . . . . . . . . . . . . . . . . . . . . Defining a Calendar . . . . . . . . . . . . . . . . . . . . . . . Creating Audit Missions. . . . . . . . . . . . . . . . . . . . . Creating a mission manually . . . . . . . . . . . . . . . Creating a mission from a program . . . . . . . . . . Managing Audit Missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 . . . . . . . . . . . . . . . . . . . . . . . .14 . . . . . . . . . . . . . . . . . . . . . . . .14 . . . . . . . . . . . . . . . . . . . . . . . .14 . . . . . . . . . . . . . . . . . . . . . . . . 15 . . . . . . . . . . . . . . . . . . . . . . . .15 . . . . . . . . . . . . . . . . . . . . . . . .16 . . . . . . . . . . . . . . . . . . . . . . . .16 . . . . . . . . . . . . . . . . . . . . . . . .16 . . . . . . . . . . . . . . . . . . . . . . . .16 . . . . . . . . . . . . . . . . . . . . . . . . 18 . . . . . . . . . . . . . . . . . . . . . . . .18 . . . . . . . . . . . . . . . . . . . . . . . .19 . . . . . . . . . . . . . . . . . . . . . . . .19 . . . . . . . . . . . . . . . . . . . . . . . .19 . . . . . . . . . . . . . . . . . . . . . . . .20 . . . . . . . . . . . . . . . . . . . . . . . .20
Contents
Accepting a mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Specifying audit mission scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Scheduling missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Viewing unassigned missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Preparing Audit Missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Assigning Auditors to an Audit Mission. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Viewing auditor availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Viewing auditor skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Assigning an auditor to a mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Managing Mission Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Creating an audit theme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Creating an audit activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Specifying audit activity scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Scheduling Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Displaying the activities report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Modifying an activity from a Gantt diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Checking assignment of auditors via reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Managing Workpapers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Creating a workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Announcing and Starting a Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Viewing the announcement letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Sending the announcement letter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Starting the Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Executing Audit Missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Proposing a New Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Managing Workpapers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Viewing and completing workpapers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Creating a workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Creating Audit Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Creating audit findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Sending Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Managing Mission Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37 Generating RTF documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Saving Audit Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Reports and Audit Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Recommendation Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Recommendation follow-up reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Viewing your recommendation list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Defining a steering calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Audit Plans Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Comparing audit plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Action Plan Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Audit Activity Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Managing the Audit Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Audit repository principle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Managing Mission Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Creating a mission program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Creating an audit mission from a mission program . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Managing Activity Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Managing Workpaper Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Managing Form Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Managing Audit Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Contents
Contents
INTRODUCTION
MEGA GRC Audit offers a simple and flexible solution adaptable to the specific requirements of each internal audit department to improve audit quality and to enhance decision-making capacity. Based on a proven methodology, MEGA GRC Audit helps internal auditors to optimize processes, increase action plan follow-up capacity, support findings, standardize best practices and improve transparency of results and information traceability. "Main Features", page 8 "Conventions Used in the Guide", page 10 "Presentation of this Guide", page 11
Introduction
MAIN FEATURES
Audit repository management
Audit templates Mission, activity, workpaper and associated checklist templates Creation of an operation mission template
Document repository
Help capitalize on legal notices and best practices Generate operations documents Creating customizable mission reports
Mission execution
Task assignment Workpaper generation from templates or risks/controls matrix Possibility of documenting findings and associating recommendations Collection of auditee comments and progress follow-ups Approval workflow management Access to methodological documents
Reporting
Analytical reports to follow up recommendations and action plans Generation of audit announcement letters, executive audit, summaries, and complete audit reports Several standard reports support audit team activity analysis Dashboard for mission follow-ups Gantt charts to prepare audit plans and missions and to manage auditor resources etc.
Collaborative work
Secure Web-based environment Configurable workflows Management of exchanges between auditors and auditees Document sharing Sending messages with attachments
Introduction
CONVENTIONS USED IN THE GUIDE
A tip that may simplify things. Compatibility with previous versions. Things you must not do.
Very important remark to avoid errors during an operation. Commands are presented in this way: File > Open. The names of MEGA products and technical modules are presented in this way: MEGA.
10
11
Introduction
12
1
AUDIT
Internal auditing exists in various legal and cultural environments, as well as in organizations of differing size, complexity and structure. An internal audit is an independent, objective assurance and consulting activity designed to add value and improve organization operations. It helps an organization achieve its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (source: IIA). MEGA GRC Audit offers a simple and flexible solution, adaptable to the specific needs of each internal audit organization unit, and a methodology integrating international standards. It helps internal auditors to optimize processes, increase action plan follow-up capacity, support findings, standardize best practices and improve transparency of results and information traceability. Internal auditors can use the audit module as support in the execution of classic audit missions (mission preparation, execution and follow-up) or as continuous auditing support.
Thanks to their integration in MEGA GRC Suite and its database, users can access descriptions of risk and control systems and their assessment with MEGA GRC Compliance & Control, and risk mapping with MEGA GRC Risk.
The following points are covered here: "User Profiles", page 14 "Managing the Audit Team", page 15 "Preparing Audit Plans", page 18 "Preparing Audit Missions", page 23 "Executing Audit Missions", page 32 "Managing Mission Documents", page 37 "Reports and Audit Follow-Up", page 39 "Managing the Audit Repository", page 44
The functionalities presented here can be configured. For more information on possible customizations, see the administrator guide.
13
1
USER PROFILES
For the MEGA GRC Audit module, there are by default three user profiles:
Audit manager
The audit manager ("Audit Manager" profile) is responsible for preparation of the audit plan. For more details, see "Preparing Audit Plans", page 18. This user is also responsible for defining and maintaining the audit repository, which includes:
Programs (mission programs, particularly for recurring missions). Reference documents to be provided to audit teams. Operational document templates used during audit execution to produce different reports. Skills.
For more details on the audit repository, see "Managing the Audit Repository", page 44.
Mission manager
The mission manager ("Audit Mission Manager" profile) is nominated by the audit manager as being responsible for execution of the mission. This includes:
Preparing the mission (assigning auditors, managing audit activities, defining mission scope). For more details, see "Preparing Audit Missions", page 23. Reporting on the mission to the auditee manager. For more details, see "Announcing and Starting a Mission", page 31. Supervising mission execution (follow-up of recommendations made by auditors). Generating the mission final report and submitting this for validation to the auditee manager. For more details, see "Managing Mission Documents", page 37.
Auditor
The auditor ("Auditor" profile) is responsible for progress of the audit activity in the field. For more details, see "Executing Audit Missions", page 32.
14
Creating an Auditor
To create an auditor: 1. Select Audit > Team Management > Manage Auditors and click Insert in the right pane of the window. 2. Specify the Code and the Name of the auditor.
The code corresponds to the user login in the connection window.
3. 4. 5. The new
Select Profile "Auditor". Select an Organization Unit. Click Save. auditor is created.
15
Example of skills
Viewing skills
To view the skills and skill levels available within the team: Select Audit > Team Management > Auditors/Skills Matrix.
16
A list appears. You can sort the list by skill, skill level and user by clicking the header of the corresponding column.
You can also view auditor skills graphically before assigning a mission. For more details, see "Viewing auditor skills", page 23.
17
1
PREPARING AUDIT PLANS
The audit plan is prepared by the audit manager ("Audit Manager" profile).
The audit manager must also build the repository of the audit before scheduling missions (define mission and activity programs, workpaper templates etc.). For more details, see "Managing the Audit Repository", page 44.
To create 1. 2. 3. 4. 5.
an audit plan: Select Audit > Preparation > Audit Plans > Audit Plans. Click Insert. Enter the name of the audit plan in the Description field. Select the audit plan Responsible User. Select a Period in the corresponding box.
An audit period corresponds to the fiscal period over which audit missions or assessment sessions are carried out. This is often a period of three years in the audit framework.
6. 7.
Specify a Begin Date and End Date for the audit plan. Click Save. The audit plan is created.
18
Defining a Calendar
A calendar can be connected to the audit plan. The calendar is made up of calendar periods. This calendar is not required, and is used for information only in reports.
Calendar periods should be distinguished from the period indicated at creation of the audit plan, the latter being required and considered as a reporting period.
To create 1. 2. 3.
a calendar: Select Audit > Preparation > Audit Plans > Calendars. In the right pane of the window, click Insert. Enter the name of the calendar in the Description field, and enter Begin and End dates. 4. Click Save. You can then divide the calendar into calendar periods. To divide the calendar: 1. In the Calendar Period section, click Insert. 2. Specify the description, as well as begin and end dates for the calendar period. 3. Click Save. 4. Create other calendar periods in the same way. When the calendar has been created, you can connect it to an audit plan.
6.
Click Save.
19
1
Creating a mission from a program
To help you select missions to be executed, you can use as a basis programs that have not yet been executed. You can then decide to create a mission from a mission program that has not yet been executed.
A mission program is a mission template relating to the main characteristics of an audit mission. For more details on mission programs, see "Managing Mission Programs", page 44.
To view programs not yet executed: 1. Select Audit > Preparation > Audit Plans > Unassigned Missions. 2. Select a Period in the drop-down list. The list of unexecuted programs for the selected period appears. To create a mission from an unexecuted program: 1. Select a program in the list and click the Create Mission from Program button. 2. In the search window that appears, select an audit plan and click Create a Mission. A mission is created. It carries the same name as the mission program.
20
Scheduling missions
You can schedule your missions by displaying a Gantt report by entity, manager or mission. To display a report enabling scheduling of missions: 1. Select Audit > Preparation > Audit Plans > Schedule Missions. 2. Select a plan and a report type. In the report that appears, you can click a mission to modify it and specify the estimated number of auditors, the estimated workload, the planned begin and end dates, etc.
The number of auditors required per month for the selected audit plan is indicated at the bottom of the report.
21
1
To specify an audit leader: 1. Select a mission in the list. 2. Click the Edit button. 3. Select an audit leader in the corresponding field. 4. Click Save.
22
4. 5. 6.
Click the Display button. In the frame at top left, select the audit mission. In the frame at top right, select the user. Its availability is indicated in the lower frame of the window.
23
1
To display auditor skills (at the same time as auditor availability): Select the Auditor Skills and reselect an auditor. A graphic appears. It shows:
This graphic allows you to select the auditor most suitable for the mission.
24
Themes can be created to organize mission content. Audit activities constitute an additional level enabling grouping of workpapers.
From this tree you can also create findings and recommendations, depending on your position in the tree and your profile. Hierarchy is as follows:
25
1
4. 5. Enter comments if required. Click Save. You can view the tree of themes and sub-themes created. You can now create audit activities and workpapers.
5.
Click Save. The audit activity appears in the the tree of the Work Program tab under the specified theme.
26
To generate activities from mission scope: 1. At the top of the mission page, click the Generate Activities button. An intermediate window appears proposing selection of a form template for corresponding workpapers.
An activity per process indicated in the scope. A workpaper per risk/control pair to be audited. A form (based on the form template) per workpaper. Select the Work Program tab of the mission.
You can also view: Workpapers from the page of an activity. Forms from the page of a workpaper.
27
1
Specifying audit activity scope
In an audit activity page, Activity Scope section, you can specify the audited object, for example:
When a business process is linked to a mission, risks and controls connected to the process can be automatically connected to the mission. For more details, see the Administrator guide.
Scheduling Activities
You can display a Gantt diagram to schedule mission activities.
28
4.
A Gantt diagram displaying mission activities appears in the bottom part of the page.
29
1
Modifying an activity from a Gantt diagram
To modify an audit activity: 1. In the Gantt diagram, click the bar representing the activity over time. A window opens allowing you to modify the activity, in particular its dates.
2.
Managing Workpapers
Workpapers serve as the basis for the auditor for execution of his/her mission.
A workpaper comprises points to be checked on a given subject in the course of an audit activity.
30
Workpapers obtained directly via a mission program contain forms, which contain questions and answers.
Creating a workpaper
Workpapers can be created automatically from the mission scope. For more details, see "Creating activities and workpapers automatically", page 26. You can also create workpapers manually. To create 1. 2. 3. 4. a workpaper manually: In the page of an audit activity, Workpapers section, click Insert. Enter a Description. Enter your comments or observations. Click Save.
You can also create workpapers from the Work Program tab of a mission.
31
1
EXECUTING AUDIT MISSIONS
The auditor has two menus for viewing his/her assigned tasks:
You can also create a mission proposal but submit this later, via menu Audit > Operational Domain > Mission Proposals > My Proposal to be Submitted.
The mission changes status. It becomes "Mission Proposed". It must then be accepted by the audit manager to be included in the list of missions in preparation.
Managing Workpapers
Workpapers are files or work documents that serve as a basis for the auditor in execution of the mission. They contain points to be assessed and serve as a basis for interviews carried out by the auditor during the course of the audit.
A workpaper comprises points to be checked on a given subject in the course of an audit activity.
The auditor can create his/her own workpapers, or base these on workpaper templates in the context of a mission program. Workpapers are also created automatically depending on scope of the activity.
32
by risks/controls defined in mission scope. by the workflow. Select Audit > Operational Domain > Work Area > My Workpapers.
You can also access workpapers from the page of an activity.
To complete a workpaper: 1. Select a workpaper and click the Complete Workpaper button. 2. Answer the questions by selecting values from those proposed in the drop-down lists. 3. Click Save. To complete all workpapers at one time: 1. On the page of the activity, click the Complete All Workpapers button. A page appears allowing you to answer all workpapers present in the list at one time. 2. Select a form from the list provided for this purpose. The corresponding workpapers appear. You can reply and enter a comment if required.
Creating a workpaper
You can also create workpapers manually if required. To create a workpaper manually: 1. In an audit activity page, Workpapers section, click the Insert button. 2. Enter a Description and your comments.
In this case, the workpaper is not necessarily connected to a workpaper template (which is a workpaper model). You can simply enter free text in the workpaper comment.
3.
Click Save.
33
1
Audit findings can indicate compliance or non-compliance as well as opportunities for improvements.
Audit findings are the results of the evaluation of the collected audit evidence against audit criteria. Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement (source ISO 19011:2002). 2002).
Findings are accessible by default from audit activities. For more details on findings behavior configuration, see the Administrator guide.
5.
Click Save.
You can also create findings from the Work Program tab of a mission.
34
Sending Recommendations
Recommendations are accessible from missions, audit activities and findings. for more details on recommendation behavior configuration, see the Administrator guide. Audit team members meet to review audit findings and information collected during audit activities The resulting audit conclusions can indicate a need for recommendations. A recommendation describes what must be done to correct noncompliance detected during an audit. To create a recommendation: 1. In the page of a finding, select the Recommendations tab and click Insert.
2. 3. 4.
Enter the text of your recommendation in the Details box. Specify the recommendation name in the Description field. Click Save.
35
1
Recommendations are visible in a specific tab of a mission page.
You can also create recommendations from the Work Program tab of a mission.
36
the announcement letter. the audit mission follow-up report: this contains a description of the mission, its scope, audit activities of the mission, and an indication of mission progress. Mission description: this document lists mission themes and sub-themes.
To generate a document concerning a mission: 1. Select Audit > Operational Domain > Context > Missions. 2. Select the desired mission and click the Generate Document button. 3. In the sub-menu, select : "Mission Description" "Announcement Letter" "Audit Mission Report" An RTF document is generated.
HTML format reports are also accessible via menu Audit > Audit Reporting. Availability of these reports varies according to the profile with which you are connected.
2. 3. 4. 5.
Above the tree, click the Insert button. Enter a Description. Select a file by search from the File Name box. Select the "Audit" Document Category or one of the proposed subcategories.
37
1
6. Click Save. Your document is now available in the document tree.
38
Auditors can access only those reports concerning recommendations and action plans. The steering calendar system assures follow-up of recommendations.
Recommendation Follow-Up
MEGA GRC Suite enables different methods of recommendation follow-up:
39
1
Viewing your recommendation list
To access your recommendations: 1. Select Audit > Audit Reporting > Recommendations > My Recommendation Follow-Up. 2. Specify if you wish to display On Time Recommendations or Late Recommendations. 3. Click Calculate. The list of your recommendations appears.
40
Tabs indicate:
missions started missions completed the number of missions per category and state of progress (in progress, validated, etc.) the workload by category of mission and state of progress.
3.
41
1
The report displays the status of audit plan missions:
by Status (mission status) by Timing (late, OK) by Priority by Score (score attributed to mission) by Category etc.
42
3.
the mission of which the activity is part, its status and workload the activity, its status and workload the number of recommendations and findings concerning the activity
43
1
MANAGING THE AUDIT REPOSITORY
The audit manager and administrator have tools available in the audit module enabling them to manage the audit repository.
Concept
Mission Activity Workpaper Form
Model
Mission program Activity program Workpaper template Form template
44
To create a mission program: 1. Select Audit > Audit Repository > Audit Program > Mission Programs, and click Insert in the right pane of the window.
Enter the name of the mission program in the Description field. Specify the Category of the mission (process, regulatory obligation, quality, etc.). 4. Specify the Origin. This specifies the client of the mission (internal or external origin). 5. Specify the other fields that interest you and click Save. The other fields you can specify are the following: 2. 3.
Justification: here you can enter a comment justifying usefulness of the new mission program. Estimated Number of Auditors: the estimated number of auditors necessary for execution of this type of mission. Estimated Duration: the estimated duration for a mission based on this mission program. Mission Priority: priority of a mission based on this program. Last Execution Date: last date on which a mission based on this mission program was executed. Estimated Workload (M-D): estimated number of man-days necessary for execution of a mission based on this program.
45
1
To define the required skills: 1. In the page of a mission, select the Skills tab. 2. Connect the skills you consider necessary. When assigning auditors to a mission, you will be able to compare skills of auditors and skills required for the mission. For more details on the report providing this information, see "Assigning Auditors to an Audit Mission", page 23.
To create an activity program: 1. Select Audit > Audit Repository > Audit Program > Activity Programs and click Insert in the right pane of the window.
46
2. 3.
Specify the name of the activity program in the Description field, and specify the Mission Program. Click Save.
To create a workpaper template: 1. Select Audit > Audit Repository > Audit Program >Workpaper Templates and click Insert in the right pane of the window.
2. 3. 4.
Enter the name of the workpaper template in the Description field. Click Save. In the page of the workpaper template, connect a form template.
A form template is a list of predefined questions designed to assess a point to be checked in the course of an audit activity.
in the framework of activity creation from an activity program, in the framework of mission workflow.
To create a form template: 1. Select Audit > Audit Repository > Audit Program > Form Templates and click Insert in the right pane of the window. 2. Enter a Description and click Save. You can now create a question. 3. In the Question section, click Insert. 4. Enter the text of the question in the Description box and click Save. You can now create the answers to this question. 5. Select the question and click the View button.
47
1
6. 7. 8. 9. 10. In the Answer section, click Insert. Enter the text of your answer in the Description field. Select the Deficient check box if the answer concerns a deficiency. Click Save. Create other answers in the same way. Your form template is now ready to use.
Announcement letter. Audit mission follow-up report: Audit plan description. Mission description.
To define content of a document template: 1. Select Audit > Audit Repository > Audit Documents > Operational Document Templates. 2. Expand the tree of the document template that interests you. 3. Select an element of the document template and click the Edit button. 4. Select the fields you want to include in the final document by selecting the corresponding check boxes.
48
INDEX
A
action plan activity program announcement
follow-up . . . . . . . . . . . . . . . . . . . . . . . . . . 42 creating . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 definition . . . . . . . . . . . . . . . . . . . . . . . . . . 46 letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 mission . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 auditor mission . . . . . . . . . . . . . . . . . . . . . . . . . 24 report . . . . . . . . . . . . . . . . . . . . . . . . . . 30 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 . 46 . 37 . 28 . 48 . 33 . 13 . 32 . 37 . 18 . 40 . 18 . 14 . 35 . 44 . 19 . 40 . 15 . 25 . 32
audit activity
. . . . . . audit attachment . follow-up . manually. . modifying . scheduling scope . . . . workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 26 30 28 28 26 37
audit mission . . . . . . . . . . . . . . . . . . . . . . . . 32
accept . . . . . . . . . . announcement letter audit report . . . . . . . . content. . . . . . . . . . creating . . . . . . . . . milestone . . . . . . . . mission program . . . modifying . . . . . . . . preparing . . . . . . . . program . . . . . . . . . proposing . . . . . . . . scheduling . . . . . . . scope . . . . . . . . . . . starting . . . . . . . . . unassigned . . . . . . . . . . . . . . . . . . . . . . . . 20 . . . . . . . . . . . . . . . 31, 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 25 19 19 46 21 23 44 32 21 20 31 21
audit
activity. . . . . . . . . activity program . . attachments . . . . . audited element . . document template findings . . . . . . . . generalities. . . . . . mission creating . . . . . report . . . . . . . plan . . . . . . . . . . . follow-up . . . . . preparing . . . . . . . profiles . . . . . . . . recommendation . . repository. . . . . . . schedule . . . . . . . monitoring. . . . team . . . . . . . . . . theme . . . . . . . . . workpaper . . . . . .
49
Index
skill . . . . . . . . . . . . . . . . . . . . . . . . . . . 16, 23 auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
availability
G
Gantt
C
calendar period . . . . . . . . . . . . . . . . . . . . . . . 19
Gantt diagram
M
milestone mission manager
mission . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 . 20 . 44 . 45 . 37
D
date document
mission . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 audit mission . . . . . . . . . . . . . . . . . . . . . . . 37 audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
mission program
document template
E
experience
auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
O
origin
mission . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
F
findings follow-up
audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 creating . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 audit creating . . . . . . . . . . . . . . . . . . . . . . . . 47
P
period profile
audit plan . . . . . . . . . . . . . . . . . . . . . . . . . . 18 consolidation. . . . . . . . . . . . . . . . . . . . . . . . 18 audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
form template
R
recommendation
audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 follow-up . . . . . . . . . . . . . . . . . . . . . . . . . . 39
50
Index
report
workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . 30
audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 complete all . . . . . . . . . . . . . . . . . . . . . . . 33 creating manually . . . . . . . . . . . . . . . . . . . . . . . 33 audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 creating . . . . . . . . . . . . . . . . . . . . . . . . . . 47
repository
workpaper template
responsibility
S
schedule scope score skill
period adding . . . . . . . . . . . . . . . . . . . . . . . . . 19 audit activity. . . . . . . . . . . . . . . . . . . . . . . . 28 audit mission . . . . . . . . . . . . . . . . . . . . . . . 20 mission . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 . 24 . 24 . 45 . 16 . 23
steering calendar
audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
T
team theme tree
audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 document . . . . . . . . . . . . . . . . . . . . . . . . . . 37 work program . . . . . . . . . . . . . . . . . . . . . . . 25
W
work program
audit mission . . . . . . . . . . . . . . . . . . . . . . . 25
51
Index
52