Audit universe and risk assessment
According to International Standards for the Professional Practice of Internal Auditing and the Institute of Internal Auditors (IIA), the fundament for designing a work plan for internal auditors is risk analysis.
In AdaptiveGRC, the audit universe includes a database of audit objects, such as processes, business lines, companies, external suppliers, applications, etc.
The AdaptiveGRC system enables you to perform risk analysis in each of the audit areas on the basis of questionnaire input and risk-calculating algorithms.
Strategic audit planning
(for a 5 year period)
The AdaptiveGRC solution allows you to configure a strategic schedule of audit reviews in the organization within a 5-year period, one that accounts for levels of risk related to each area (notably, audit processes) as well as the dates and results of recent audits.
Such planning results in the creation of a strategic audit plan for areas that ought to be audited in the following years.
Annual audit planning
(one year period divided into quarters)
The annual audit plan generated by AdaptiveGRC contains a general description of tasks that the internal audit team is going to perform over that period. As a fruit of cooperative intra-organization labor, this annual audit plan should consider both short- and long-term company goals. The AdaptiveGRC system allows you to define within the annual plans the composition of audit teams, as well as to distribute person-days allocated to each task among the team members.
As part of annual planning, you can also plan audit tasks for each quarter of the given year.
The system allows you to automatically allocate person-days to teams and to define the composition of each team, as well as to distribute and swap person-days between teams.
Audit work in stages
Defining an audit is divided into several stages, each flagged with a status. Depending on the current status of the audit, only certain fields can be filled in. The users of the system, in accordance with the role they play in the audit process, fill in information, change the status, validate data and move to the next stage of the audit process.
The audit can be assigned the following statuses:
Monitoring of post-audit recommendations and actions
While auditing is being performed on location, the system allows you to monitor the degree to which the control mechanisms meet your predictions. Should there be any discrepancies, you can have these listed and any post-audit recommendations and corrective actions registered and assigned. Following this you can monitor work progress.
AdaptiveGRC gives you access to comprehensive monitoring of the implementation of post-audit recommendations through real-time access to information about the status of each recommendation as well as reporting to the individuals involved.
Reporting and automatic system notifications
The system can generate a variety of reports to assist you in analyzing the organization’s situation precisely and to clearly present the results of all audit actions.
The AdaptiveGRC system notifies its users about all significant changes in running audits as well as about any action required from each user.
User notifications include:
- when the audit is ready and sent to the Auditor,
- when all audit questions are answered,
- when the audit is completed,
- what the deadlines for each post-audit action are,
- all status changes for post-audit actions.