The new audit section provides risk-based assurance, advice and analysis to help the organization meet its objectives and improve the effectiveness of its risk management, control and governance processes.
With the new internal audit section you can effectively manage your risks by identifying potential risks, assessing internal controls, monitoring their operation, ensuring regulatory compliance and communicating the results to senior management.
→ Available in the Audit management system ⚡
How to create the audit program?
To create the context of the audit you must go to the "Audit program" section and click on the "Create audit program" button, there you will find a board where you must enter some mandatory information and other optional information that will help you to complement the information.
Name: Give a name that allows you to give context to the audit program, it can be related to the regulation that is going to be audited or the time in which the process is going to be audited.
Objective: Write an objective that shows the purpose of the audit, since this is the basis for how the process will be executed and assessed.
Scope: Specifically establishes the audit coverage, i.e. processes, level of detail, etc.
Standards to be assessed: Choose the standards to be assessed in the audit.
Start date and end date: Indicate the time in which all the processes of planning, execution, reporting and closing of the audit will be carried out.
Type of audit: Choose the type of audit to be performed from the following:
First part: Audits that are performed internally in the organization.
Second part : Audits to be performed on a supplier, customer or counterparty.
Third part: Audits with certifying bodies or regulatory entities.
Lead auditor: Select the lead auditor to lead the audit process.
Program specifications: Indicates the strategy of the audit program, what the stages, frequency, resources, etc. will be. You can use this step as an audit schedule to have a clearer planning of how to approach the process.
Program attachments: Attach the necessary documents for the program, such as the standards you are going to use as a basis, the
regulations, any regulations, auditors' resumes, etc.
How to define the audit processes?
To define the processes that are linked to the audit program, you must go to the associations section and choose the "Processes" option and click on the "Associate" button, there you will find the processes previously created, click on the "+" icon of the process of interest.
How to associate the audit team?
After you have chosen a lead auditor, you can associate more people who will work as part of the audit team. To associate these people you should go to the associations section and choose the option "Audit team" and click on the "Associate" button, there you will find all the profiles and roles created previously, click on the "+" icon to the people of interest.
How to create the audit plan?
To create the audit plan select the "Audit plan" section and then click on the "Add a plan" button. There you will need to fill in the following items:
Add processes: Select a process from the list of processes previously defined in the associations section. Not all the processes of the organization are shown.
Add auditor: Selects the auditor in charge of the plan, among the auditors previously chosen in the audit team section.
Dates: Select the start and end date of the activity, which must be within the previously selected date.
Date of the specific ceremony: Select the date of the audit execution.
After selecting all the above items you must click on the "Save" button.
How to manage the audit plan?
To manage the audit plan, click on the arrow on the right side of the plan of interest. There you will find a checklist and a summary of the entire audit plan.
Checklist: The checklist is an important step as it functions as evidence and allows traceability of the execution of the audit plan. The checklist is based on items that you can create according to the topics that you are going to ask and assess during the audit, for each of the items you must take into account the following information:
Question: It is the information that you are going to ask the auditee, it is recommended to make open questions that allow other questions and answers to emerge in order to achieve a better identification of the findings.
Auditees of the item: Who is going to be the auditee, which person of the process is going to receive the audit, all openly or only one person.
Related standards: The standards that were included in the context.
Add additional help: Enter additional information that can guide the auditor in the assessment process.
To continue click the save button and return to the main screen where you were creating the audit program, now click the "Create" button.
How to create the checklist in bulk?
You can also add checklist items in bulk by clicking on the "cloud with the up arrow" icon.
There a box will appear, where you will find on the right hand side the requirements that your file must have in order to be uploaded successfully. On the left side you will find the box to upload the file and a guide template that you can download to do it properly.
After uploading the file with the data, the tool will show you the match between the fields in the tool and those added in the document, you can edit the fields that are optional. Now click on the upload button and you are done!
How to send the audit plan to execution?
Click on the previously created audit program and then click on the "View more" button, now click on the audit plan option and choose the plan of interest, then click on the arrow on the right side of the selected plan and finally click on the "Send to pending execution" button.
Important: After sending to execution you can no longer edit the plan.
How to execute an audit plan?
If you were chosen as an auditor or auditee of an audit plan you will receive a notification email. If you are the auditor you will be able to execute the audit plan by entering the audit program and then the assigned audit plan. Now click on the start execution button and start the execution. When you click the start run button you will find the following steps in each of the items in the checklist:
The question that was initially posed and the answer options: complies, does not comply or does not apply.
The non-conformance is that it does not comply. The software marks according to what it is told:
- A conformance with observation then yellow.
- If it is "No" it turns red, there is no opportunity for improvement, a nonconformity with observation.
- NA: does not apply, it is not taken into account in the assessment and rating. More answers can be included, but for now the software handles these three: yes, no, NA.
The type of finding is optional, you can choose between opportunity for improvement and observations: The opportunity for improvement is a suggestion from the auditor, it is not mandatory to comply with it and the observations have to be remedied since there is a Nonconformity.
Auditee Comment is what the auditee says and it is not mandatory, but it helps the auditor to make a proper closure of the audit and easily identify the findings.
Auditor's comment is the analysis that the auditor makes to the auditee, it specifies what the finding was and proposes something that will help in the remediation process.
Evidence: It is essential to attach evidence in the audit plan since an audit without evidence is practically a lost audit, you cannot place findings and not justify or support them with evidence of what happened.
When the execution of each of the items is finished, the "end audit" or "send remediation" button is activated.
How to perform the remediation of the audit program?
If there are any findings, the "send to remediation" button is activated, which is the next step. A commitment date for remediation, the remediation plans to be executed and how they will be managed are raised.
After the remediation plans are closed the auditor proceeds to close the audit plan, which is the last stage and can then deliver the information to the lead auditor who will close the entire audit program and generate the overall audit report.
Important: It does not make a specific report per plan, but it makes a general report for the whole audit program.
End audit: if there are no findings, I can end the audit plan because there is no remediation stage.