b4n after    
About b4nAfter
Products
Contact Us
Home
 
Administrative Solutions for Business
 Audit Findings during Internal and External Examinations

Image provided by NASA/NSSDC
This site is not endorsed by NASA.


General Overview

There are various tabs (forms) laid out in logical order covering the different stages of the remediation process pertaining to the Audit Point, which are displayed along the top of the Audit Point form below. The auditor is responsible for completing the General, Audit Point, Recommendation and Assignment forms. The auditor can attach supporting Files & URLs. The auditee can put together their Action Plan, can also attach supporting Files & URLs, manage the remediation process via the Responses tab, which is an electronic bulletin board for the auditee and his/her staff, and provide management summary updates to the original action plan via the Management Summary form. All of the auditee's actions take place in AuditAlert Web. These actions automatically update the forms below for the auditor’s review.

 

number01_24x24 Examination information - The Audit Point is linked to the examination that initiated the audit finding whether it be an internal audit, a self assessment review or a regulatory examination. The period that was covered by the examination, the examination name and number, the associated Questionnaire’s name (the audit program and number), if applicable, and the audit program’s question, if applicable, are displayed in this section of the General form.
number02_24x24 Critical dates - The Audit Point identification number generated by AuditAlert is displayed. Additionally, there are a number of critical dates displayed as described below:

Release Date - This is the date that an email message is delivered to the auditee who is assigned responsibility to remediate the Audit Point. The email message references the Audit Point(s) and provides a link to the auditee that when selected takes them to AuditAlert Web. Included in the email notification is the "action plan due date."

  1. Proposed Due Date - This is the date that the remediation process is expected to be completed by the auditee.
  2. Revised Due Date - If the "proposed due date" for completion of the Audit Point cannot be attained, then a "revised due date" is added to the Audit Point. When the "revised due date" is originally added or subsequently changed, an email message is sent to the auditee.
  3. Reminder Date - If selected, the auditee receives a reminder notice on this date if the Audit Point has not been marked as completed.
  4. Completed Date - This date is initiated by the auditee in AuditAlert Web when the Audit Point is "marked as completed." The audit staff has the ability to put the status of the Audit Point back to "released," which in turn generates an email message to the auditee informing him or her that the completion status has not been accepted by the audit staff.
  5. Action Plan Due Date - This is the date that the audit staff requires an Action Plan to be completed in AuditAlert Web by the auditee. This allows ample time for the audit staff to review the action plan before the final Examination Report is released to management. There are repercussions if the Action Plan is not completed as follows:
    1. Action Plan Reminder Date
      If selected, an email reminder notice is generated and sent to the auditee a predetermined number of days before an Action Plan is due, if an Action Plan is not already in place.
    2. Action Plan Overdue
      The auditee receives an overdue notice for an Audit Point that does not have an Action Plan in place the day after the "action plan due date" is reached.

number03_24x24 Description and other information - This section of the Audit Point describes the subject and a further reference of the audit finding, the audit classification and the exception type from separate drop-down lists.
number04_24x24 Status and time-stamps – There are various statuses associated to an Audit Point as follows:

  1. Not Yet Released – this is the initial status when an Audit Point is created in AuditAlert by the audit staff but the “release date” has not yet been reached.
  2. Released – this is the second stage for an Audit Point. When the “release date” is reached an email message relating to the Audit Point is automatically distributed to the auditee by AuditAlert.
  3. Cancelled – only the audit staff assigned with applicable rights can change to this status. An email message is automatically sent to the auditee and the audit staff when an Audit Point is “cancelled.”
  4. Completed – either the primary auditee or audit staff with applicable rights can change the status from “released” to “completed.”
  5. Overdue AuditAlert recognizes that the Audit Point has reached the "proposed due date” or, if applicable, the “revised due date” without the Audit Point being “marked as completed” by the auditee. An email message is automatically sent to the auditee and the audit staff.
  6. ReOpened – the primary auditee or audit staff with the applicable rights can change a “completed” status to “reopened.” An email message is automatically sent to the auditee and the audit staff.
  7. Locked – audit staff with the applicable rights can change the status from “completed” to “locked.” No further changes can be made by the auditee or the audit staff.

The date, time, and the associated staff member’s name are displayed on the form when the Audit Point is originally created, subsequently updated, if applicable, when a response is updated and when the Audit Point is Locked.

When the audit staff is informed by AuditAlert via email that the auditee has “marked the Audit Point as completed” (status changes from “released” to “completed”), they review the auditee’s response and supporting documents, if applicable, and accept or reject the status change. If they accept the status change, they can change the status to “mark as locked” using the   AP Marked Locked  button.
number05_24x24 Reporting - This feature provides the audit staff with flexibility beyond the filters used in the creation of the Examination Report and the Audit Point Status Report. The audit staff decides if they want the Audit Point to be excluded from either report.

For example, the Audit Point may be considered insignificant and therefore will not be reported to management. The auditor wants to monitor the remediation process via AuditAlert, therefore they assign the Audit Point to the auditee, who in turn documents the remediation progress in AuditAlert Web.
number06_24x24 Priority - This field indicates the priority rating from a drop-down list created by the organization.

Once the general information is completed the auditor will select the SAVE button and AuditAlert will respond that the “Audit Point ID: 189 has been saved” in the Information Box (not shown in this example).

 
 
General Overview
Audit Point
Recommendation
Assignment
File & URL References
Action Plan
Management Summary