Image provided by NASA/NSSDC
This site is not endorsed by NASA. |
Audit Findings during Internal and External Examinations
One of AuditAlert’s many
features is being a repository for an organization’s audit
findings, whether they are generated by the internal
audit staff via an internal audit documented in AuditAlert (or
the compliance staff during a self-assessment review) or
copied and pasted from a regulator’s (or any external audit)
examination report. AuditAlert allows
the organization to manage the remediation process surrounding
audit and examination points. Within the application an audit
finding includes:
- general information surrounding the audit
point such as its priority, impact classification, exception
type, critical dates, etc.,
- the description of the audit finding,
- the internal audit or compliance staff’s
recommendation, if applicable,
- the auditee’s action
plan, which
is input via AuditAlert Web,
- the auditee’s management update to
the original action plan for audit
committee presentation also input via AuditAlert Web and
- the associated follow-up work on each completed
audit point, which is performed by the audit or compliance
staff.
Using AuditAlert’s Audit
Point form provides
a management tool for the auditor,
ensuring that the remediation process is performed in a timely
manner. The Audit Point form has various sections (tabs at the
top of the form) as described below. Each bullet point below
represents an individual form within the Audit Point functionality
in AuditAlert:
- General An
audit finding is documented by the
auditor in AuditAlert by
creating the Audit Point during the audit, automatically
forming a link between
the two. An external audit
finding would
simply be linked to a regulator's examination setup in
AuditAlert.
Initially an abbreviated regulatory examination would be
created in AuditAlert for
tracking purposes and then the audit finding is copied from
the examination report (received from the regulators upon
conclusion of their examination) and pasted into a new Audit
Point form.
Other than how the Audit Point is created in AuditAlert,
the remaining process for an internal and an external audit
finding is exactly the same.
read more
and see screenshots>>
- Audit Point The
auditor documents the audit finding in the Audit Point form
at any time during or after the audit. The Audit Point form
as well as all other text fields in AuditAlert include
edit tools, a spellchecker and a dictionary. For an external
examination the audit finding is copied from the examination
report and pasted in this form. The date, time, and the auditor’s
name are displayed in the form when the audit point is originally
created and subsequently updated, if applicable.
read
more and see screenshots>>
- Recommendation The
recommendation by
the auditor is included in this form. The date, time, and the
auditor’s name are displayed in the form when the recommendation
is originally created and subsequently updated, if applicable.
read
more and see screenshots>>
- Assignment The
processes within the Audit Point function are assigned to
various audit staff members as to who can update the text
forms in the Audit Point, as to who can update the status of
the Audit Point and who is responsible for follow-up work
after the auditee indicates
in AuditAlert Web that
the resolution of the audit finding has been completed. The
auditor also assigns the management member of the organization primary
responsibility for the remediation of the Audit
Point.
read
more and see screenshots>>
- File & URL References An Audit
Point can reference a file (PowerPoint presentation,
Adobe PDF, Word document, scanned documents, etc.) or URL
(an external website’s address on the Internet or the
organization’s Intranet) to support and further explain
the audit finding. This section may also be updated by the auditee via AuditAlert Web to
substantiate their work during the remediation process and
subsequently by the auditor to document their follow-up work.
read
more and see screenshots>>
- Action Plan The Action
Plan describes the remedy that has been prepared
by the auditee to correct and prevent the circumstance
documented in the Audit Point going forward. The Action
Plan is pulled into the Examination Report,
if requested, and into the Audit Point Status Report,
if requested. The auditee enters the Action
Plan via AuditAlert Web.
Future updates to the Action Plan are documented in AuditAlert as management
summary (see below) updates, which are described
later in this document.
read
more and see screenshots>>
- Responses Via AuditAlert Web,
the auditee can delegate and bring in-house experts
into the remediation process. The conversation thread between
these individuals substantiating the remediation process is
documented in this form. Once a comment is added and
saved, an email message is released to the staff listed. This
function acts as a project-task manager for the auditee.
read
more and see screenshots>>
- Management Summary After
culling through the internal dialog amongst the staff in the
Responses form,
the auditee, via AuditAlert Web, can
create a more informed update to the original Action
Plan in the management summary form.
read
more and see screenshots>>
|
|
