Image provided by NASA/NSSDC
This site is not endorsed by NASA. |
| 1. |
|
| 2. |
|
| 3. |
|
| 4. |
|
| 5. |
|
| 6. |
|
| 7. |
|
| 8. |
|
| 9. |
|
| 10. |
|
| 11. |
|
| 12. |
|
| 13. |
|
|
1. Each quarter I have to prepare a senior management report listing
all outstanding audit and examination points and the applicable
status. How does AuditAlert
facilitate this?
AuditAlert
is a repository for an organization’s audit findings,
applicable action plan, management updates to
the action plan, and the associated follow-up work
performed on each audit point by the audit staff. It is a management
tool for the internal audit function, as well as senior management,
ensuring that the remediation process is performed in a timely
manner.
The audit staff documents an audit finding in
AuditAlert by indicating
applicable critical dates that will be monitored by AuditAlert
for email notification and reminder notices (such as proposed
due date, release date, next reminder date, and action plan due
date), a description of the audit point, the proposed recommendation,
and assignment of the audit staff and the auditee who will be
responsible for the management of the remediation process
Below is an audit finding that was created during
the examination. There are several screenshots indicating the
workflow process when creating such audit finding with some of
the salient sections of each screenshot hi-lighted.
|
 |
 |
 |
 |
| The auditee
will be notified of open assigned audit points via an email message
that contains an embedded link
to AuditAlert Web. Clicking
on the embedded link
within the email message takes the auditee to AuditAlert
Web, where they will update the current period’s
management summary to the original action plan. This puts the onus
of keeping management up-to-date directly on the auditee.
(Normally an action plan has already been prepared by the auditee
in AuditAlert Web and
included in the Examination Report.) |
|
There are four intertwined dates
that are used by AuditAlert
during, in your case, each quarterly senior management meeting:
“For Status Report”
(or meeting) date – This is the date when the senior
management committee will meet to review the status of audit and
examination points. This is usually based on a pre-established frequency
throughout the calendar year. These dates are established in AuditAlert
along with the “notify auditee date,”
which is the date that AuditAlert
will provide advance email notice to the auditee (if the
auditee has an outstanding Audit Point) that they are to
update the management summary section of the audit
point in AuditAlert Web
before the conclusion of the “finalize by”
date.
“Finalize By”
(by Auditees) date –
This is the last day that a management summary
for an outstanding audit point can be updated for inclusion in this
period’s Audit Point Status Report.
Report Distribution Date
- This is the date that the Audit Point Status Report
is automatically distributed via email to the senior management
committee. This is normally distributed a few days before the meeting
date.
The person responsible for creating
the Audit Point Status Report would do
a “search” (see the top screenshot on the right) on
the status of audit points marked as “in process” and
click on the Create Report button (see the middle screenshot
on the right). A professional report (to the right is an example
of a page from the “Status of Audit and Examination Points”)
would be generated in Microsoft Word format. This report could be
printed or distributed by email from within Word. The audit point,
recommendation if any, critical dates, priority, and the formal
response are culled from the database. (see the bottom screenshot
on the right).
Return to top |
Click to zoom
Click to zoom
Click to zoom
|
|
2.
Each quarter I have to chase down managers to get them to respond
to assigned audit and examination points? How will AuditAlert
change my life?
The auditee will be notified of “in-process”
assigned audit points via an email message (to the right) that
contains an embedded link
to AuditAlert Web
(the browser-based application used by auditees). Clicking on
the embedded link
within the email message takes the auditee to AuditAlert
Web, where they will update the current
period’s
management summary to the original action plan.
This puts the onus of keeping management up-to-date directly
on
the auditee. (Normally an action plan has already been
prepared by the auditee in AuditAlert
Web during or at the conclusion of field work
so that it is included in the Examination Report
generated by AuditAlert.)
The screenshots (to the right) display the AuditAlert
Web Search screen that displays
all “in-process” (the "status" filter was selected)
audit points assigned to the auditee and the subsequent selection
by the auditee of
audit point # 7.
There are four intertwined dates that are used
by AuditAlert in
preparation for senior management meetings:
 “For
Status Report” (or meeting) date – This is
the date when the senior management committee will meet to review
the status of audit and examination points. This is usually based
on a pre-established frequency throughout the calendar year. These
dates are established in AuditAlert
along with the  “notify
auditee date,” (not displayed) which is the date
that AuditAlert
will provide advance email notice to the auditee (if
the auditee has an outstanding audit point) that they
are to update the management summary section
of the audit point in AuditAlert
Web before the conclusion of the “finalize
by” date.
 “Finalize
By” (by Auditees) date – This is the last
day that a management summary for an outstanding
audit point can be updated for inclusion in this period’s
Audit Point Status Report.
 Report
Distribution Date - This is the date that the Audit
Point Status Report is automatically distributed
via email to the senior management committee. This is normally
distributed a few days before the meeting date.
Return to top
|
Click to zoom
Click to zoom
|
|
3. My responsibility
is to ensure senior management that all audit and examination
points are being worked on and to keep them abreast of the status.
It is nearly impossible for me to do this. How will AuditAlert
track the status of each outstanding point?
The audit staff can view the internal conversation
from within the Responses screen (a tab at
the top of the Audit Point form) to insure
that work is in fact being performed. The dialog is between
the primary person assigned responsibility to remediate
the audit point, his or her delegated staff, and any in-house
experts brought into the remediation process. To the right
is an excerpt of dialog amongst several non-audit management
staff members being
viewed
by the audit staff via AuditAlert.
The screenshot below that is the same information being displayed
in AuditAlert Web
for the primary person assigned responsibility, delegated staff
and in-house experts.
|
Click to zoom
|
As it is your responsibility,
you could review all “in-process” audit and examination
points before the “finalize by” date
(see question # 2 above for an explanation) is reached to ensure
that work is in fact being done. If you are not satisfied
with the status, then you can click the “Request a Status
Update from the selected Email Recipients” check box,
type in your comment (optional), click Save, which will then
generate
an email message to the assigned group. You should not have to
review each “in-process” audit
point. AuditAlert
is going to send email reminder notices at the designated
time to the assigned auditee.
Return to top |
Click to zoom
|
|
4. I spend hours formatting quarterly reports that will
be reviewed by senior management. I collect email messages and Word
documents from various managers then copy and paste into one document.
How will AuditAlert facilitate this
process?
Select the Examination
and Findings Report button on the main menu and then
click on the New Audit Point Status Report button.
Select the appropriate filters (indicated at the top of the
first screenshot below)
then select the Search button for the audit points
that you would like to generate a report based on. Click the Create
Report button, which will bring up the Audit
Point Status Report form (the middle screenshot below).
You will then be asked to make further choices such as name the
report, select the staff members
you
would
like to
circulate the
report to, and add a comment that will be picked up
in the email message generated by AuditAlert
or just run the report for yourself. Click on the Build
Report
button (the last screenshot below).
AuditAlert
will list all your drafts as well as the final report. You can delete
drafted versions to keep you library of reports clean.
Return to top |
 |
 |
 |
| Click to zoom
|
|
|
5.
Can the auditee delegate or bring in experts within the organization
to collaborate on responses without having numerous meetings?
Once the primary responder (the
auditee) is assigned by the audit staff to an audit point,
that person can delegate to his/her staff and / or bring in-house
expertise to help remediate the action plan via
AuditAlert Web by
selecting the Add New Response / Comment button
on the applicable audit point. This displays an electronic bulletin
board (or chat room) for the staff to collaborate on the status
of the action plan. This provides the auditee
with up-to-date information to formulate a timely management update
to the action plan for the next senior management committee meeting.
The delegated staff and/or in-house
experts are notified by email that containes an embedded link
to AuditAlert
Web whenever they are assigned or requested
to provide a response or an update as secondary responders
for an audit point.
The auditee is informed via email whenever a response
is added to an audit point by the secondary responders (delegated
staff and in-house experts) and can view the internal conversation
amongst his/her staff at any point in time.
To the right is an excerpt of dialog
amongst several delegated staff members.
Return to top |
Click to zoom
|
|
6. How does the
auditee communicate with staff within AuditAlert
and keep each other aware of their assigned task status within
a project to resolve an audit point?
AuditAlert
utilizes the organization’s email system as a delivery channel
to keep staff abreast of documented comments and responses during
the remediation process for each audit point. Whenever a comment
or response is added and saved in AuditAlert
Web (the browser-based form that allows the auditee
to respond to assigned questions and audit points), email is automatically
generated that will include the embedded link to AuditAlert
Web. Anyone listed can send
a comment, respond or ask a question to anyone on the email list
within the audit point.
Return to top
|
Click to zoom
|
|
7. How can I use AuditAlert
to manage the regulator’s “first day letter?”
AuditAlert
segments the “first day letter” functionality from
the internal audit functionality so that staff outside the internal
audit department, such as the compliance staff, can manage this
process.
The examination is identified
and created within AuditAlert.
Questionnaires are created via the “templates” section
and are used to mirror image the first day letter questionnaires
received from the regulators by simply breaking out the individual
sections of the first day letter into multiple Questionnaires
and
assigning to the appropriate managers (see the top screenshot to
the right for an example of an examination and the applicable
Questionnaire in AuditAlert).
You request the first day letter from the regulators in Word
or WordPerfect
format
then
simply
copy
and paste into the Questionnaire.
Each member of management is notified
by email that includes an embedded link to AuditAlert
Web for assigned questions
within each Questionnaire requiring a response (see the bottom
screenshot to the right for an example of a section of a Questionnaire
assigned to an individual in AuditAlert
Web). In addition to
the written response, documentation can be affixed
to the
response
that
may
include files or URLs contained on the organization’s
Intranet.
As an additional benefit AuditAlert
allows you to utilize Questionnaires from year-to-year by selecting
the appropriate Questionnaire and simply clicking Save as
a New Questionnaire and making the appropriate
changes.
Return to top |
Click to zoom
Click to zoom
|
|
|
8. I currently copy and paste sections and questions within a section
of the first day letter into numerous email messages and assign
to senior management for their responses. Can this be eliminated
with AuditAlert?
The Questionnaires can be used
to manage the first day letter received from the regulators by simply
breaking out the individual sections of the first day letter into
multiple Questionnaires and assigning the appropriate managers via
a drop-down list. Request the first day letter in Word or WordPerfect
format then simply copy and paste each question into the Questionnaire.
Each section of the first day letter should be a separate Questionnaire.
A “release” date is established when creating the Questionnaires,
which is then used by the control program running on the server.
The control program will generate an email message that is sent
to the individual senior managers.
The screenshot indicates three
components:
1. The first day letter Questionnaire
received from the regulators (in this example it is a self-assessment
questionnaire that we downloaded from an OTS website and simply
copied a particular question to show the ease of use).
2. The Questionnaire template
that is being created (in the example question # 5 from the self-assessment
questionnaire is copied and pasted into an AuditAlert
Questionnaire that already has seven questions, which were previously
copied and pasted).
3. The question copied into the
AuditAlert Question
form, the number being assigned (#8), the permitted responses
(this obviates the auditee from selecting as easier choice as “Yes”
is not listed), and the one or more auditees or senior manager assigned
to respond.
Return to top
|
Click to zoom
|
|
9. I manually track responses to the first day letter and send reminder
notices to non-responders. Can AuditAlert
help me eliminate this administration nightmare?
AuditAlert
will monitor the responses and non-responses in the database and
automatically generate email reminder notices to the individuals
indicated as non-responders on the selected “reminder”
date (see the example to the right of an email message sent with
an embedded link to the corresponding list of questions to be completed
in AuditAlert Web).
Also, unlike your email approach,
you will not have to locate the question in a Word document
and
paste the contents from the email message. This is all done via
AuditAlert Web by
each individual manager as they will be accessing and responding
to their associated questions and attaching documents or URLs,
if required (see the example to the right of a question selected
from the list of questions assigned in AuditAlert
Web).
Return to top
|
Click to zoom
Click to zoom
|
|
|
10.
My responsibility is to assimilate all responses to the first day
letter and create a document that is delivered to the regulators?
The responses and any supporting
documents and URLs will be managed by AuditAlert.
After all responses are received, you have two options, i.e., either
print the Questionnaires and the documents supplementing the responses
or provide the regulators with access to AuditAlert
with “read-rights.” The latter is the recommended approach.
The regulators can then print whatever they would like.
The screenshots indicate two views
of responses; (1) the overview of all responses and (2) the user-friendly
display of an individual question and the list of supporting documents
and URLs. You can open the supporting documents and URLs from either
screen.
Return to top
|
Click to zoom
|
|
|
11.
I put together binders of responses including printout of documents which
support each response to questions in the first day letter. Is there
document management within
AuditAlert?
Absolutely! The responders that
have been assigned questions in the first day letter can
attach any document (spreadsheets,
Word, WordPerfect, images, etc.) an/or URL to support their response.
(The screenshot to the right is an example of an opened PDF
file and an opened URL attached to support the response.)
The regulators should be given
read-only permissions to AuditAlert
OR
b4nAfter
has an export function that allows the audit staff or compliance
staff to create a CD or DVD, which they may distribute to the examination
team which includes the responses and documents supporting each
response.
Return to top
|
Click to zoom
|
|
12.
Can I reuse last year’s audit programs and internal control
questionnaires as my starting point for the current year’s
audit?
In AuditAlert
this is extremely easy. You simply open last year’s examination
and select the Prepare as New Examination button
and change the dates and select the Save button
(see the screenshot to the top-right for an example). The
new examination carries forward the content in a number of
forms (such as the objective, background, scope, announcement
letter, laws and regulations, questionnaires, open audit points,
etc.).
AuditAlert requires
the audit staff to change critical dates to reflect this year’s
examination period under review (see the screenshot to the
bottom-right for an example). The content in the forms carried
forward would then be updated by the audit staff, as necessary,
to reflect changes. (This is a quick method to prepare for the
audit plan for the upcoming year.)
Return to top
|
Click to zoom
Click to zoom
|
|
13.
I have to assimilate information from various sources to create
the “examination report” that I distribute at the
conclusion of each audit. Can this be automated within AuditAlert?
The Examination Report is a
Microsoft Word document, which presents the purpose,
scope, and results of the audit. The content of the Examination
Report is pulled from AuditAlert’s
database and includes the following:
-
objective,
- scope,
- laws, regulations, guideline, best practices,
etc.,
- conclusion (opinion),
- audit findings,
- recommendations and
- action plans.
The screenshot to the right displays the objective,
scope, and laws and regulations from the AuditAlert
database for this particular examination. Additionally, the report
is clearly marked in both the footer and header as a “draft.”
In the second screenshot is another excerpt from
the same Examination Report indicating an audit
finding, the rating of such audit finding, the recommendation
and management’s action plan.
Return to top
|
Click to zoom
Click to zoom
|
|
