b4n after    
About b4nAfter
Products
Contact Us
Home
 
Administrative Solutions for Business
 Risk Assessment, Audit Planning & Time Management

Image provided by NASA/NSSDC
This site is not endorsed by NASA.


General Overview

AuditAlert allows the audit administrator to create an annual audit plan based on the risk assessment score results assigned to each audit entity within the organization’s audit universe. The audit plan lists all audit entities to be examined for the upcoming plan year (or years if a multi-year plan). The audit plan allows the audit administrator to assign audit staff members to each audit entity or examination as it is referred to in AuditAlert. The audit administrator annually establishes the total available hours for each staff member in the Staff Profile. The audit administrator allocates staff, fieldwork dates and budgeted-hours to each examination included in the plan. As the audit staff members work on an examination they will account for their actual hours, which provides the audit manager with the ability to review actual vs. budget-hours by staff member, by examination, and by the plan.  

To expedite a new audit plan, last year’s audit plan is copied creating new examinations within the new audit plan. This process automatically carries forward assigned staff, the risk assessment scorecard including scores, budgeted hours, scope, objective, audit programs, reference material, etc, on an examination basis. This becomes the current year’s starting point for the audit planning process.

Steps involved in the audit plan cycle:

  • Select risk factors to be incorporated into a risk assessment scorecard
  • Assign a risk weight to each risk factor
  • Create a risk assessment scorecard(s) to be used for each examination in the audit plan
  • Assign a “score” to the risk assessment scorecard for each examination
  • Review the results of the risk assessment scoring for the audit universe and assign a “frequency” (annual, biennial or triennial) for each examination
  • Create any new audit entity to be examined, thereby completing the audit universe
  • Create the audit plan, which can be a one, two or three year plan or “copy” last year's audit plan as a draft for the current year's plan
  • Assign total available hours for each audit staff member in the Staff Profile
  • Assign audit staff from a drop-down list to each examination
  • Establish budgeted-hours for each assigned staff member
  • Audit staff members account for their actual hours by examination
  • Track actual vs. budgeted hours by assigned examination, audit staff member and, in aggregate, the plan
  • Generate comparative displays / reports (budget vs. actual)

The Main Menu of AuditAlert consists of four areas that directly impact the audit plan process:

  1. Categories,
  2. Risk Scorecard Templates,
  3. Audit plans and
  4. Time Sheets.

Main Menu

Before an audit plan can be created, the audit administrator must develop a risk assessment scorecard(s) that will be included in each examination comprising the organization’s audit universe so that an overall risk assessment score sheet can be reviewed. Using the score sheet, the audit administrator can determine the frequency that the examination should be audited based on the amount of risk calculated for each examination.

In order to create a risk assessment scorecard the audit administrator must create audit plan “categories” for risk factors. This is purely for reporting purposes. After the audit plan categories are created (AuditAlert delivers five basic categories) then the individual risk factors are created (AuditAlert delivers approximately 30 risk factors). Once the risk factors are created then the audit administrator must create a risk assessment scorecard(s). From the risk factors delivered as well as created, a selection of such factors must be linked to the risk assessment scorecard. As each risk factor is linked, AuditAlert will require:

  • a description for each risk factor (for those that were created by the audit administrator),
  • assignment of 5 risk levels (no risk, low risk, average risk, moderate risk and high risk) of possible scoring for each risk factor (for those that were created by the audit administrator),
  • a description of each risk level and
  • that each risk factor be assigned a risk weight.

The total risk weight of all risk factors must equal 100% for a scorecard.  If more than one risk assessment scorecard will be used, AuditAlert will require that one of the scorecards be designated as the default (this should be the scorecard that will be linked to the majority of the examinations). Once an audit plan is created the default scorecard will be incorporated into each examination comprising the audit universe. For those examinations that will not use the default scorecard, the audit administrator must go into each examination and select from a drop-down list the applicable scorecard to be used. Using a default precludes having to go into 100% of the examinations and selecting from a drop-down list.
 
General Overview
Creating a Risk Assessment Scorecard Template
Establish Examination Risk Score
New Audit Plan
Summary Information Displays
Copying an Existing Audit Plan