Module: Risk Management
Purpose: To set the details of an audit procedure once attached to a control.
To Access: Risk Management - Risk Evaluation (or Risk Review) - select an audit - select Edit from the Risk Select Action dropdown list.
Data Fields:
Audit Type: Select the type of audit from the list and click Add Audit Type to add this audit type to the audit procedure. If you want to create a new audit type click the New button next to the dropdown list. An audit procedure can be performed by different people in different types of audits, eg. internal audit, quality audit, peer review and self assessment. GuardianERM allows an audit procedure to have multiple audit types.
Audit Sample: Whether the audit procedure requires testing a sample of documents or transactions.
Tolerable Error Rate: When Audit Sample is 'Yes', the maximum error rate in percent that can be tolerated before the control being tested is considered to have failed. The TER is not applicable where no audit sample is used.
Sample Type: The source of the audit sample. This is used for creating separate audit workpaper schedules for convenience of recording audit sample test results. For example, if you are testing payments, the sample type may be invoices or cheques.
Sample Size: The required sample size for this audit procedure. This value is copied to future audit programs created but can be modified at the audit program level.
Functions:
View History: View a history of changes for the various audit types of the audit procedure.
Save Data: Save changes to the data.
The system also displays results from the latest audit or control checklist.
Click the View button to view the details of the audit or control checklist results.
To Add an Audit Type:
Select an audit type from the dropdown list. If the desired audit type is not on the list, create one by clicking the New button next to the dropdown list.
Click the Add Audit Type button. The selected audit type will appear in the Audit Type List.
Click the Save button.
Configure the sampling details if required for the audit type.