What is audit planning?
Audit planning is the practice where internal audit functions assess the risk across their audit universe and determines the audit engagements they need to perform in the months and quarters ahead. They plan their audits based on risk and compliance gaps, strategic objectives of the organization, important topics and other priorities.
What is audit quality measurement?
Audit quality measurement is the execution of quality surveys to monitor the effectiveness and comprehensiveness of audit processes. These surveys provide key insight on how well the audit function is meeting the business' needs and working with business and IT management during an audit.
Why is audit planning and quality important?
According to PwC’s 2018 State of the Internal Audit Profession Study and survey of more than 2,500 audit executives, 82% of innovative audit functions collaborate with other lines of defense to align technology tools' uses and functions, vs. 45% for non-innovative audit functions. Internal audit’s main challenge is not having access to broad, dynamic enterprise risk and control information and analysis, but it's actually using the information for agile audit planning. Instead, many audit teams rely only on their point-in-time risk assessments to drive audit work. This prevents internal audit from adjusting their audit plans to rapidly changing risks and business concerns.
With decentralized audit plan and risk assessment documentation captured in multiple tools and systems that are difficult to integrate, there is no easy, fluid way to manage audit plans, let alone coordinate objectives among risk and compliance groups. Internal audit is also under pressure from audit committees and management to improve their processes; yet their quality control procedures are sporadic, inconsistent and difficult to follow up on.
RSA Archer Audit Planning & Quality
The RSA Archer Audit Planning & Quality use case addresses the problems outlined above through key features that include:
- Complete workflow to create and assess audit entities, perform risk assessments, and create and manage audit plans
- Workflow to schedule audits and tie forecast and actual expense and time in between audit engagements and the audit plan
- Centralized location for storing and managing audit plans, audit entities, and assessment results
- Audit quality assurance and review questionnaire workflows
With RSA Archer Audit Planning & Quality, you will be able to:
- Execute a more dynamic, risk-driven audit plan that is easily adjusted to match the organization’s priorities and focuses on the most important risks
- Easily provide Board-level reporting that keeps the audit committee well-informed of the status of audit plans, risks and critical findings
- Demonstrate the strategic value of internal audit and more efficient use of audit resources
- Reduce external auditor fees by providing self-access to information they need
RSA Archer Audit Planning & Quality enables internal audit teams to define their audit universe, assess risks and plan audit engagements that better address risk, and manage their audit staff and audit schedule. RSA Archer Audit Planning & Quality is a critical element of Integrated Risk Management (IRM). Since RSA Archer Audit Planning & Quality integrates management risk and control information, internal audit can ensure their audit objectives are aligned with IRM teams and play their essential role as the third line of defense. As your company drives business growth with new initiatives, technology adoption or market expansion, your internal audit function can evolve and react to risk with more agility and integration than ever before.
RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.