AuditAlert
is a virtual workpapers solution that automates
the entire internal audit process, the regulator's examination
request for information and the compliance self-assessment review
process. It also automates the management
of audit and examination points and the audit
committee process relating to these findings. AuditAlert allows
for the effortless creation of the annual
audit plan using a risk assessment
scorecard approach and the management of actual
vs. budgeted hours. Management's responses to the regulator's
examination request for information is incorporated into a Microsoft
Word document delivered on a CD or any type of removable media,
including all applicable supporting files.
AuditAlert allows
the audit administrator to create an annual audit
plan based on the risk
assessment score results assigned to each audit entity
within the organization’s audit universe.
The audit plan lists all audit entities to be examined
for the upcoming plan year (or years if a multiple year
plan). The audit plan allows the audit administrator to
assign audit staff members to each audit entity or examination
as it is referred to in AuditAlert.The
audit administrator allocates staff, fieldwork dates and
budgeted-hours to each audit entity included in the plan.
As the audit staff members work on an examination they
will account for their actual hours via timesheets,
which provides the audit manager with the ability to review
actual vs. budget-hours by staff member, by examination,
and by the plan. |
Click to zoom |
AuditAlert allows
multiple risk assessment scorecards (operational,
compliance, IT-related, etc.) to be utilized. The audit administrator
creates the description of the risk assessment scorecard(s)
and then selects or creates risk factors that
will be incorporated into the scorecard. b4nAfter delivers
30 risk factors with the application. The audit administrator
can create, delete and amend existing risk factors. |
Click to zoom |
The process begins with the examination
preparation (image on right),
which encapsulates the examination as it documents
the type of audit performed, the location(s) examined,
critical dates, the workflow process (assignment
of audit staff, designation of auditees, objective,
scope, conclusion, etc.), and the associated questionnaires
(the generic term used in AuditAlert
for audit program(s), self-assessment reviews, surveys,
and internal control questionnaire(s)). Audit
findings are created and linked to the individual
questionnaires.
|
Click to zoom |
| To
facilitate the process, the prior examination is used as the starting point
for the current examination. Bring up the prior examination
preparation, click on the “save
as a new examination” button then simply
change the dates. Various forms of content, including the
objective, scope, staff assignments, auditee designations
and questionnaires
are carried forward as drafts for the audit staff to change
to accommodate the current examination. All related audit
findings pertaining to the prior period’s
examination that are still in-process also are linked to
the new examination. |
The auditor creates the objective, scope
and scope limitations, if any, for the examination,
creates new audit program(s) and internal control questionnaire(s)
or amends the prior examination's audit program(s)
and internal control questionnaire(s). The individual
audit steps and questions that comprise the questionnaire are assigned to the audit staff and the auditee. (image
below)
Click to zoom
|
Click to zoom |
The
examination preparation
process (image on left) can also be used to manage the first
day letter received from the regulators (if a financial
institution) by breaking out the individual sections of
the first day letter into multiple questionnaires.
The steps described to complete an internal audit are also
employed for the first day letter, except
that the number of forms (screens) in the workflow process
(tabs along the top of the examination
preparation form) is less than what is required
for an internal audit. |
After
preparing the questionnaires,
the individual questions are automatically distributed to
the assigned audit staff and auditees via email
(on the “release date” per the examination
preparation general form, click email image
below) notifying each group that they have questions that
must be answered by a defined “due date.”
For the auditee the email message contains an
embedded link to AuditAlert
Web, which is located internally on the
organization’s server. Clicking on the embedded
link within the email message takes the auditee
to AuditAlert Web
(screen image below on the left), displaying the questionnaires
assigned.
|
Click to zoom
|
Email Message
Click to read |
The audit staff simply opens AuditAlert
(the client program residing on their desktop) and selects the applicable
examination.
Clicking
on the Questionnaire I.D. button
(in the previous screenshot questionnaire I.D. # 9) in the
initial screen (form) displayed to the auditee
in AuditAlert Web
lists assigned questions for that questionnaire
(image on right). During the course of the examination responses
and attachments previously inputted are displayed. |
Click to zoom |
Click to zoom |
The auditee
clicks on the associated question (in the linked screenshot
question # 2) in AuditAlert
Web, which brings up the response form for
the auditee to complete (image on left).
The response drop-down
list is displayed. The auditee then selects the
appropriate response. If warranted, the comments section
is updated by the auditee and supporting documents
and / or URL links are added, if applicable.
|
The audit
staff responds to assigned questions or
can view a response created by the auditee via
AuditAlert
(image on right). The audit staff member can attach or view
supporting documents or URLs to an assigned question. They
can also create an audit finding and link
it to the question (as is the case in the image to the right). |
Click to zoom |
Click to zoom |
Electronic
review notes
(questions or comments) to the audit staff can be left on
various forms (screens), supporting documents, and responses
to questions throughout AuditAlert
(image on left). The audit staff in turn electronically
responds to a note
that has been assigned to them, thereby creating a threaded
conversation. There can be several notes left by different
reviewers on the same screen (form), supporting document
or response to a question.
The responder and reviewer
will be notified that a note or a response, respectively,
has been left for them upon opening AuditAlert
via a pop-up notification. There is also an email option,
which can be utilized by the reviewer to generate an email
message if a new note
is left and a response is required immediately. |
| Notes
become part of the database and can be easily found via
the Notes Search
form (image on right), which contains several search filters,
thereby accelerating the review process. Using AuditAlert
allows audit management to manage a number of examinations
at one time without having to physically control the workpapers
as you would in a paper world. Several members of the audit
staff and audit management can be in the same workpapers
and the same form at the same time. |
Click to zoom |
Each form,
document or response to a question in AuditAlert
is marked as reviewed by the reviewer(s) by simply clicking
on the review
button (the checkmark image next to the
notes
button below).
|
If the
checkmark is red
it means that it has been signed-off as being reviewed by
the current reviewer. It will also denote the number of
reviewers that have signed-off this form, document or response
to a question as being reviewed; in this case three reviewers.
|
 |
| If the checkmark is
blue it means
that it has been not been signed-off as being reviewed by
the current reviewer but has been reviewed by another reviewer(s).
|
 |
If the checkmark is
gray it means
that it has not been signed-off as being reviewed. |
 |
If
you move your mouse over the checkmark and the color is
either red
or blue, a
list of reviewers that have signed-off this form, document
or question will be displayed including the date and time
such review was processed in a pop-up box such as:
Murphy,
Jerry March 5, 2005 1:40 pm
Kehnle, John March 4, 2005 11:08 am
DeLeon, Steve March 2, 2005 4:51 pm |
|
Click to zoom |
There are
editing tools, a spell checker and a dictionary that are
applicable to all text boxes throughout AuditAlert
(image on left).
|
Internal
control weaknesses or breakdowns documented in the questionnaire
or ascertained through detailed transactional testing will
result in audit findings, which are incorporated
in the examination
report (image of report is at the end
of this web page). An audit point search screen
listing all audit points and various filters facilitates
a quick search (image on right). |
Click to zoom |
| AuditAlert
is a repository for an organization’s audit
findings, applicable action plan,
management updates to the action plan,
and the associated follow-up work performed on each audit
point by the audit staff. It is a management tool for the
internal audit function, as well as senior management, ensuring
that the remediation process is performed in a timely manner.
The audit staff documents
an audit finding in AuditAlert
by indicating applicable critical dates that will be monitored
by AuditAlert
for email notification and reminder notices (such as proposed
due date, release date, next reminder date, and action plan
due date), a description of the audit point, the proposed
recommendation, and assignment of the audit staff and the
auditee who will be responsible for the management
of the remediation process (images below).
|
 |
 |
 |
 |
| Click to zoom above
images |
Click to zoom
|
The
auditee will be notified of assigned audit
findings via an email message (image on right)
that contains an embedded
link to AuditAlert
Web (image on left). Clicking on the embedded
link within the email message takes the
auditee to AuditAlert
Web, where they will document the action
plan and management updates to the action
plan, attach supporting documents and / or URLs,
if applicable (a point-in-time copy of each will be
kept in the appropriate network drive for the audit staff),
and manage the remediation process with their staff using
the electronic bulletin board for collaboration. |
Email Message
Click to read |
Click to zoom |
AuditAlert Web
allows the primary coordinator assigned to an audit
or examination point to manage the resolution process by
treating each point as a project task. The primary coordinator
can delegate and bring in-house expertise into the resolution
process via the response/comment (electronic
bulletin board) screen (image on left).
All parties involved are fully aware
of what each party is doing thereby eliminating the infamous
“no one told me” response. From the conversations,
the auditee creates a formal management summary
update to the action plan so that reports
on the status of outstanding audit and examination points
can be generated at the click of a mouse.
|
The examination report can now be automatically
prepared from the aforementioned information. The audit
staff can create as many drafts of the examination
report as they would like distributing the report
through AuditAlert
as an attachment in an email message utilizing the security
and tracking features of Microsoft Word.
The final version is released in the same manner. |
Click to zoom |
Click to zoom |
You can
effortlessly create an up-to-the-second audit point
status report presented in management-style format
in Microsoft Word. AuditAlert
captures and generates a formal management report on all
audit findings presented to senior management
either from internal or external sources, indicates the
status of each audit point, the action plan,
and the latest management update to the action plan.
The audit staff can create as many drafts of the audit
point status report as they would like before officially
distributing the report through AuditAlert
as an attachment in an email message utilizing the security
and tracking features of Microsoft Word.
|
AuditAlert
utilizes the organization’s email system
to obviate manual, time-consuming administrative tasks. Critical
dates during the examination and throughout the remediation process
of an audit finding trigger the generation of email
messages.
The following dates or occurrences automatically generate email
messages:
•
examination announcement date,
•
examination report release date,
•
audit point release date,
•
action plan due date,
•
audit point revised resolution date,
•
audit point next reminder date,
•
audit point that is overdue,
•
management summary update notice and
•
notification of reviewer notes & response
  
|
