iAUDITINFORMATION SUPPORT FOR INTERNAL AUDIT PROCESSES

ON-LINE SOLUTION FOR PLANNING, PERFORMING

AND MONITORING ACTIVITIES AT ALL STAGES OF THE INTERNAL AUDIT

iAudit covers the basic process of internal audit work - the strategicand annual planning, implementation and management of auditreviews and enables the management of audit programs, findingsand recommendations made. The solution supports risk-basedinternal audit processes, includes monitoring the implementationof recommendations and allows the creation of various auditreports.

The solution is intended for all users who perform the function ofthe internal auditor in the company as well as other users involvedin the internal audit process such as auditors, risk managers,company management, auditees, heads of organizational units andothers.

FOCUSED ON SUPPORTING THE DAILY WORK

The main focus of iAudit is supporting the work of the internal audit by:

• ensuring uniform planning and reporting procedures in accordance with the internal audit standards and individual expectations;

• enabling auditors to carry out administrative work in easier and simpler way with e-mail templates, report templates, automatic reminders, audit status changes;

• providing shorter audit cycles, since auditors perform work in a faster, more transparent and simpler way;

• improving the organization's risk and control register through continuous monitoring and reports;

• enabling easy monitoring of recommendation statuses and statistics of all audit reviews;

• making it easy to upgrade with the functional needs of users;

• enables automatic reminders and automatic status change for recommendations, risk analysis, report generation;

• enabling multi-user work;

• enabling centralized control and management of the internal audit system.

Audit Universe

Audit universe is built in a tree-like structure. The number of levels in the tree structure is not limited anddepends on the size of the company, number of business activities and accepted internal audit policy.Audit universe allows preparing any number of tree structures that represent companies or subsidiarieswithin the group. As business activities change over time, the audit environment is adopted easily withstatus and structure change.

KEY FUNCTIONALITIES

Operational planning is intendedfor planning daily audit activities.Planned and extraordinaryaudits are automaticallytransferred into the operationalplan for every auditor with thepossibility of additional editing.Planned activities such asholidays, absence from work andother non-audit activities, arealso marked in the operationalplan.

Risk Analysis and Planning

iAudi is also a risk assessment tool for audit planning on strategic and annual levels. With a combination ofdifferent risk criteria, it can be prepared and adjusted the scale and policy for estimating the risk of aparticular audit area. With risk analysis strategic and annual plans can be created in a couple of hours. iAuditapplication includes strategic, yearly and operational planning.

Strategic planning is based onmulti-year projections and doesnot contain detailed daily plans. Itis a choice of audit areas (businessactivities) that will be audited inspecified years within a particularaudit cycle. Audit cycle is adjustableand can last up to five years. Foreach auditing year a yearly plan canbe created. Strategic planning isnot a necessary condition for yearlyplanning. Users can create a yearlyplan without creating a strategicplan. If a company is using strategicplanning for its auditing, certaindata of the strategic plan areimported into the annual planningfor a specific year.

Annual planning is preparedbased on the audit universe, risksof audit areas, available humanresources and former audits. Foreach annual audit plan, a riskanalysis of the organization'sbusiness activities is firstprepared. Then regular auditsthat are supposed to beperformed are entered. Eachaudit is also defined withestimated duration and auditteam members.For each individual auditor alsoplanned time estimations fornon-audit activities (consulting,management, external clients,etc.) are entered.

Enterprise Risk RegisterThe purpose of the risk register is to record all types of risks that negatively affectthe business objective of the organization. It enables the entry and managementof risks and their assessments.

To estimate risk for individual audit areas, risk factors are chosen from apredefined table. Beside basic risk factors such as management assessment, auditassessment and time distance, users can determine for themselves additional riskfactors that also affect the business of the organization.

For each risk factor an importance of the factor could be defined by a weightfrom 1 to 100%, with which the risk factor contributes to the final assessment ofthe risk analysis of each audit area.

Audit Work ManagementAudit jobs can be monitored through stages. Audit stages are controlled via user-defined specific events.Each internal audit cycle consists of the following stages: Planning stage,Preparation stage, Executing stage and Reporting stage.

Implementing an audit can be based on planned or extraordinary audits. In everycase the progress of every audit is followed by providing different statuses.

The audit work management contains basic information about every audit (title,purpose, objectives, time frames, audit members, imported work program,findings, recommendations, reviews, documentation, comments).

Audit Programme RepositoryThis is a register of audit working templates thatcan be imported into a partial audit. It has anunlimited number of partial audit workingtemplates that can be imported into a particularaudit. In this way, we can create a complete auditwork programme.

Recommendation RegisterRecommendation register is automaticallycollecting recommendations which are createdduring implementation stage of audits. Eachrecommendation is tracked by its status and itspriority. Register also includes automaticreminders which can be fully managed withinautomatic jobs.

Sending RecommendationsiAudit also supports the forwarding ofrecommendations and related reminders in e-mails. Each sent e-mail has a unique link forquick access to the recommendation, where anunlimited number of comments can be entered.Attachment in any format can be also enclosedto each comment as the evidence.

DocumentationDocument management allows documents to beimported for each audit task. At the stage ofcreating the audit, the structure of the documentsystem is built and versioned according to theneeds. Each audit task contains a standardizedfolder structure that can be changed according tothe needs of the user. The Document ManagementSystem supports the use of templates for draftingaudit reports, final reports, minutes,questionnaires, etc.

CalendarWithin the calendar also activities such aseducation, monitoring implementation ofrecommendations, sickness leave are planned foreach auditor.The calendar provides an overview of all scheduledauditor‘s activities on an annual, monthly and dailylevel.

QuestionnaireSending a questionnaire is enabled for members ofthe audit team when the audit is completed. Eachmember of the audit team can send aquestionnaire to selected auditees. Respondentsrespond to the questionnaire directly via the link tothe iAudit application. Each auditor has an optionto quickly obtain information on the respondentquestionnaire and to monitor statistics for selectedquestionnaire.

Analysis and ReportingWith a combination of different search filters it ispossible to prepare different analysis of the auditsperformed and statuses of the recommendations,which can be exported to PDF, MS Word and Excel.Basic audit reports have predefined templates thatcan be edited by users themselves.

Integrated Document Management System

The application has integrated DocumentManagement System (DMS). In audit creationphase the DMS structure is automatically buildbased on predefined folder structure template,which can be modified according to user’sneeds. Document can be uploaded in every stepof audit. The integrated DMS also supportstemplating. With templates reports can be buildsuch as draft of audit reports, final reports, auditreports, minutes, etc.

Fully customized terminology and workflows

In the implementation phase, company-specificterminology and workflows can be customizedwith pre-built BPM.

Intuitive and user-friendly user interface

Interfaces are standardized which makes themvery intuitive and simple to use.

Active Directory and Role-based permissions

The application supports Active Directoryintegration and users‘ permissions can becompletely managed with Active DirectorySecurity Roles.

Multilingual supportThe application has multilingual support.Currently it supports Slovene and Englishlanguage and it can be easily translated in otherlanguages.

TECHNICAL SPECIFICATIONS Requirements for system software

Physical or virtual server

Operating system Windows server or Linux - distribution must supportJava Platform SE8 or higher

Java EE Application Server Wildfly (or other)

Database PostgreSQL 9.5 (or higher)

RAM min 4GB

Processing power 2xCPU core

SMTP server for sending e-mails from the application

Optional: Microsoft AD (integrated authentication and authorization)

ProtocolsHTTPS protocol is used as an external communications protocol.

Requirements for 3rd party software

Microsoft AD integration (integrated authentication and authorization)

Microsoft Word and Excel

PDF Viewer

Supported document formatsSolution uses open source BIRT reporting tools with possibility of exporting data in PDF, XLSX, DOCX and CSV format.

Supported devices Supported devices are workstation, laptop and tablet with installed internet browser.

Contact us for more information:

Mateja Čampa Chief Sales and Marketing OfficerE mateja.campa@gora.siT +386 1 23 44 863 | M +386 31 616 347