What are audit engagements and workpapers?
Audit engagements are the mechanism that internal audit teams use to scope, plan and execute their evaluations of risks and associated internal controls, and related areas of their organization. Audit workpapers are the means to document the results of their evaluations, or test work.
Why is the proper execution of audit engagements, including workpaper documentation, so important?
A significant challenge internal audit teams face managing their audit engagements is lack of risk-driven audit coverage, inconsistency and inefficiency. Many internal audit groups cannot focus more time on risk and compliance activities because they are too absorbed in administrative work. Further, audit procedures and engagements are often performed inconsistently, and audit teams spend countless hours inefficiently managing audit resources.
They also struggle to track the status of engagements and workpapers because their teams use multiple documents and systems. Teams cannot effectively reconcile their time and expense back to their audit plan nor report real-time updates to audit executives. They lack visibility into the status of findings generated during past audits. Audit reports are not easily updated with changes to audit findings, remediation plans and workpapers, and there are constant fire drills getting information to external auditors.
RSA Archer Audit Engagements & Workpapers
The RSA Archer Audit Engagements & Workpapers use case addresses the problems outlined above through key features that include:
- Audit universe tracking with automatic updates on time and expense from audit engagements
- Best practices and industry standards are built into workflows for audit engagement and workpaper documentation, review and approval workflow
- Centralized Audit Program Library and workpaper repository
- Audit report and planning memo templates
- Audit findings and remediation plan management with review comments capabilities through the RSA Archer Issues Management use case (see Data Sheet)
- Offline audit engagement capabilities
With RSA Archer Audit Engagement & Workpapers, you will be able to:
- Ensure audit engagements and workpapers are performed consistently and per prevailing standards
- Reduce external auditor time and requests by allowing them to self-serve the information they need
- Easily generate audit reports with up-to-date detail and findings
- Free up time to place more focus on risk-based auditing and strategic projects
Provide management and the Board with the information they need more readily
Often, internal audit teams cannot focus on helping the business evaluate new risks and opportunities because they are spending too much time performing administrative and duplicative tasks. The RSA Archer Audit Engagements & Workpapers use case helps transform the efficiency of the audit department, complete better-scoped audits more efficiently, and decrease audit expenses. The use case is also integrated with other RSA Archer risk and compliance use cases enabling your organization to move toward Integrated Risk Management (IRM). As your company drives business growth with new initiatives, technology adoption or market expansion, your overall governance, risk and compliance (GRC) or IRM program must evolve, innovate and manage risk with more agility and integration than before. Managing the audits performed by internal audit - the third line of defense, alongside risk management and compliance testing performed by second line of defense groups, and control self-assessments performed by management is one ingredient to becoming more integrated, efficient and effective across all three lines of defense.
RSA Archer can help your organization manage multiple dimensions of compliance and risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.