Purpose: To enter audit results for an audit program.
To Access: Audit & Compliance - Perform Audit - select an audit program - Open Audit Program.
Audit results can be entered directly into the Enter Audit Result screen or via the Workpaper screen.
The top section of the screen shows information from the risk evaluation:
Note:
If the Result is
RED
in colour, it means that the audit resolution has not been
implemented. The Resolution Implementation Details button will
be RED
as well when the audit procedure is selected.
Click Select on the Audit Procedure list to select the audit procedure and details relating to the audit procedure will be displayed.
If the audit procedure requires sampling, enter the sample size tested and the number of errors found:
The error rate is calculated by the system (press the Calc button).
If the audit procedure does not require sampling, click the Pass or Fail button:
If you need to clear the Pass/Fail buttons, click the Clear button.
If you have collected audit evidence that is filed externally (not in the GuardianERM.Net system), enter a reference in the Document Reference field to identify the location of the evidence for retrieval later on. If the evidence is in electronic format and is stored in GuardianERM.Net, click the button next to the Document Reference to open the Attach Document screen.
If the audit result is Pass, a message 'Effective and efficient' is automatically entered into the Audit Result/Comment field upon saving if the field is left blank. You can overwrite the message and put in your analysis of the result and or comments. This field is 255 characters long so be brief.
If there is anything to report, write that into the Audit Report field. You can enter unlimited text into this field. Enter 'Y' in the Report field will include this item in the audit report, otherwise, it will be stored in the audit program but will not appear on the audit report.
If the audit result is Fail, a message Failed will be entered in the Audit Result./Comment field upon saving if the field is left blank. You will be required to enter a resolution and a resolution due date before you can save the audit result. When the resolution is implemented, click the Details button to enter the implementation date and implementation notes (eg. where actual control implemented is not the same as what was proposed).
You can also select a cause for the audit failure.
The selection items can be managed by clicking the Cause link. You can add, modify or delete items on the pop-up panel.
When a resolution is complex, you may use the Issues Log and link the audit to the issue by clicking the Issues Log button in the Resolution Implementation panel.
It may provide good reference if you enter a message like 'Managed in Issues Log" in the resolution field. When you click the Issues Log button and if you have already recorded an issue for this audit, the system will open the issue, otherwise, a new issue will be created.
Select a Fail Alert Status to flag the seriousness of the failed control.
You may change the name of the person who performed the audit procedure.
You have two options to save the audit results:
If an audit procedure appears more than once within an audit program, eg. attached to different controls or the same control attached to different risks or the same risk attached to different organisation units, you have the choice of saving the results for the selected audit procedure only or for all the same audit procedures attached to different controls, risks or organisation units. Externally linked documents, however, will only be saved to the selected audit procedure, regardless of which save button is clicked.
You can print the audit program or the audit report by pressing the corresponding button.
When an audit program is complete and ready to be reviewed or finalised, click the Mark Program as Completed button. You must have entered a comment in every audit procedure in the Audit Result/Comment field and all failed audits must have a resolution and resolution due date entered before the audit program can be marked as completed. After the program is marked completed, a pop-up will appear and you have the option of sending an email to the selected person with Audit Finalisation authority. When an audit result is reviewed, the Review button will display Reviewed.
See also: