Automation of internal audit based on innovative and information solutions. Internal audits Comprehensive automation of state external audit control issues
3. Regulatory references
ISO 9000:2005 - “Quality management systems. Fundamentals and vocabulary.
ISO 9001:2008 - “Quality management system. Requirements".
ISO 19011:2002 - "Guidelines for the verification of quality management systems and (or) environmental protection."
4. Terms, abbreviations and symbols
Terms and Definitions:
Audit (verification) - a systematic, independent and documented process of obtaining audit evidence and their objective evaluation in order to establish the degree of implementation of agreed criteria (ISO 9000:2005).
Auditor - a person who has demonstrated the personal qualities and competence necessary to conduct an audit (ISO 9000:2005).
Group of auditors - one or more auditors conducting the audit with the involvement (if necessary) of technical specialists.
Applied abbreviations:
DP - documented procedure
QMS - quality management system
Legend:
Branching/Merging Process Operations
5. Description of the process
5.1 Fundamentals
QMS audit at KPMS is carried out in order to:
- determine the level of QMS compliance with the requirements of ISO 9001:2008;
- determine the level of compliance of the QMS with the requirements of internal regulatory documents.
The audit can be carried out as scheduled (based on the annual audit plan) and unscheduled (based on the order of the General Director).
The frequency of a scheduled audit should be at least once every six months.
The authorized person for quality is responsible for organizing audits.
The lead auditor is responsible for conducting audits.
The annual internal audit plan is developed and approved no later than December 20. The annual plan of internal audits is developed by the Quality Commissioner. When planning internal audits of the QMS, it is envisaged mandatory check each of the departments, each of the processes and each of the requirements of ISO 9001:2008.
Before each audit, an audit schedule is developed. The schedule is developed one week before the date of the audit.
To conduct internal audits, a lead auditor, auditors and technical specialists are appointed from among the company's employees. Candidates for the lead auditor and auditors are determined by the Quality Commissioner. The appointment of the lead auditor and auditors is carried out by order of the General Director for personnel. The order may indicate the date of appointment. If the term is not specified, then the lead auditor (auditors) is considered to be appointed indefinitely and loses its status as an auditor only on the basis of the order of the general director on the appointment of a new lead auditor (auditor) or upon dismissal from the company.
Technical specialists are appointed (if necessary) for each audit on the proposal of the lead auditor. The appointment of technical specialists is carried out in the order for the organization to conduct an internal audit.
When scheduling the audit, the distribution of auditors and technicians to the objects of audit should exclude the possibility of them checking the departments in which the auditors and technicians work.
The AVACOR platform solution is a Russian development that meets international standards. It allows you to automate the full cycle of internal audit and control processes (including their planning, implementation and analysis of results) in accordance with International professional standards internal audit. The product is suitable for solving problems of both small and medium-sized businesses and large distributed companies with a complex organizational and territorial structure.
The solution provides centralized storage, processing and access to operational information on the processes of internal audit and analysis of performed checks. It allows you to generate both reporting documents according to standardized templates, as well as operational and analytical reports for various periods of time and in different sections.
AVACOR is a solution for companies that have their own internal audit service. The platform will provide automated information support for all processes life cycle conducting an internal audit.
The scalability of the system allows you to choose an effective configuration that takes into account the characteristics of communication channels, the architecture of servers and workstations: a three-level configuration, work via the Internet or terminal access.
The AVACOR solution is included in the Unified Register of Russian Programs for Electronic Computers and Databases.
Functionality:
- Activity planning and resource management.
- Planning audits.
- Performing internal audits.
- Planning for the implementation of audit recommendations.
- Registration and analysis of internal audit risks.
- Data analysis and generation of analytical reports on inspections.
- Administration.
- Support for the process of coordination and approval of reporting.
- Support for the work of users in the System.
Advantages:
- Unification, standardization of documentation for a clear regulation of planning, conducting and processing the results of inspections (audits).
- Implementation of control over the implementation of audit procedures.
- Systematization of information on conducted checks (audits).
- Improving the means of analyzing information for making managerial decisions.
- Identification of dynamics for specific types of violations and shortcomings of the system internal control.
- Prompt receipt of information on identified violations and shortcomings in the context of: objects of audit and control (business processes, divisions and subsidiaries and affiliates), employees who conducted a specific inspection (audit), etc.
- Improving the efficiency of decision-making and information transfer.
- Ensuring the security and confidentiality of information.
2018: Cooperation with RusRisk
As you know, in 2016, the Digital Design company launched a solution for automating internal audit, control and risk assessment, called AVACOR. Experts in internal audit took part in the work on the decision. “One of the modules of the AVACOR system is Risk Management, designed to automate processes from risk assessment to monitoring the implementation of measures to reduce them. For further development functionality of the module and the system as a whole, it is important to take into account modern trends, the needs of the professional society, therefore we see great potential in cooperation with RusRisk in this direction,” says Ruslan Abdrakhmanov, head of the AVACOR Digital Design business line.
Other aspects of this cooperation are the examination and development of standards and GOSTs within the framework of the technical committee 010 "Risk Management" of Rosstandart, as well as the opportunity for IT company specialists to pass national and European certification and improve their risk management competencies.
Introduction
1. Historical background, functions and tasks of automation of audit activity.
1.1. Prerequisites for the automation of audit activities.
1.3. Regulatory regulation of the use of computers in the audit.
2. Software for automated information technologies for auditing.
2.1. automated information Technology audit activity.
2.2. Software used by the auditor.
3. Automation of external and internal audit using special package programs, their comparative analysis
Conclusion
List of used sources.
INTRODUCTION
The modern management system of an enterprise, organization, firm is distinguished by a rather complex information system. This is primarily due to the abundance of external and internal information flows, the variety of types of information circulating in the management system.
The leading role in it is played by the accounting information system, in which reliable and complete information about the property, liabilities, and business operations of the management object is formed. Information base accounting, in turn, is the basis for information and analytical systems and systems of internal and external audit. In this regard, in professional activity accountant, financial analyst, auditor, the importance and role of information systems, technologies, automation of accounting, analysis, audit processes.
This paper discusses the main processes and tools for automating audit activities, the specifics of internal and external audit in a computer environment.
Research objectives:
a) to study the functional tasks of automation of audit activities.
b) analyze the automated information technology of audit activities.
c) identify features and character traits software used by the auditor.
The relevance of this work lies in the objective need to automate audit activities. In conditions of high competition in the market, it is very important for the purposes of objective and high-quality accounting that economic entity work on internal control, accounting and other management processes were automated.
1. Historical background, functions and tasks of audit automation
1.1. Prerequisites for automating audit activities
Today it is impossible to imagine the field of human activity associated with the processing of information without the use of computer technology. Quite naturally and organically, computers find application in auditing.
Audit is an independent verification of accounting and financial (accounting) statements of organizations and individual entrepreneurs.
Since the beginning of the 90s of the XX century, when the acquisition of a personal computer in Russia has ceased to be a problem, an active process of introducing information technologies into the practice of accounting for enterprises and organizations has begun. A large number of specialized programs have appeared on the software market, various in functionality, quality of execution, complexity. Subsequently, generally recognized leaders were determined among the manufacturers.
The programs used today are very diverse and their number is impressive. It can be stated that today in organizations of various directions and scales of activity, accounting without the use of computer technology is already perceived as an exception to general rule. Thus, the use of computers and information technology in the audit is a requirement of the time.
One of the disadvantages Russian audit is the low level of manufacturability of the organization and conduct of audits and the provision of services related to the audit. Large and medium-sized Western audit companies that have accumulated many years of experience are characterized by high level development of audit technology, the active use of computer technology in the audit. They have well-developed audit procedures in their arsenal that allow them to quickly and efficiently perform audit procedures, effectively using both highly qualified personnel and numerous assistants.
Such a "conveyor" method helps to reduce the time of the audit, increase its efficiency, and quickly adapt personnel. Performing simple tasks at first, the young specialist has prospects for growth, the change of assistants is painless.
Promising direction of development modern technologies audit is its automation. Moreover, one determines the other: the more technologically advanced the process, the more formalized it is, the easier it can be automated, and the more automation tools the "technologist" has in his arsenal, the wider the range of operations that he can automate.
1.2. Functional tasks of the computer information system of audit activity
To ensure the quality of the services provided, audit companies must implement the functions of developing procedures, documents, accounting forms that comply with applicable audit standards, as well as determine the level of materiality, audit risk, and sample size. At the same time, even the allocation of an employee in the staff of an audit firm who deals exclusively with these issues will not help solve the problems associated with processing a large amount of data, as well as filling out a large number of documents when planning, conducting an audit and analyzing the data received. In this regard, one way or another, questions arise about the automation of ongoing routine audit procedures.
Since the audit is based on a sampling basis, the auditor, in order to calculate the optimal sample size, must resort to mathematical statistics and probability theory, which greatly complicates the calculations.
The implementation of an automated audit is regulated by the standard of audit activity "Conducting an audit using computers" (approved by the Audit Commission under the President of the Russian Federation on July 11, 2000, protocol No. 1). According to this standard, the auditor, considering the possibility of applying certain audit procedures, should be guided by the rules (standards) of audit activity N 5 "Audit Evidence" and N 20 "Analytical Procedures".
It follows that the audit program should offer an audit methodology that is fully consistent with auditing standards.
Another requirement for the audit program is the ability to use the client's accounting database for sampling and analysis in order to save the auditor's labor and time. The program should contain all the necessary forms (working papers of the auditor) to document the work done. It is desirable that the program has a user-friendly interface and does not require special knowledge in the field of programming, and also has a clear algorithm of work.
When conducting an audit in the COD system, the purpose of the audit and the main elements of its methodology are preserved. The presence of the COD environment significantly affects the process of studying the accounting system of an economic entity and its accompanying internal controls by the auditor.
Usage technical means leads to a change in individual elements of the organization of accounting and internal control:
- to check business transactions, along with traditional primary accounting documents, primary accounting documents on a machine medium are also used;
- permanent reference indicators can be checked against data stored in computer memory or on machine-readable media;
- instead of traditional hand molds bookkeeping, a form of accounting can be used that is focused on progressive methods of generating output information and ensuring its reliability, combining synthetic accounting with analytical systematic with chronological, as well as increasing the efficiency and ease of use of accounting and reporting information.
The auditor should not force (directly or indirectly) the audited economic entity to use the COD system known to the auditor. The auditor's recommendation regarding the use of a particular COD system is possible only if the auditor provides an audit-related service to an economic entity in organizing the COD system at the request of the latter.
An economic entity is obliged to provide the audit organization with the necessary access to the COD system. Failure (incomplete fulfillment) of this condition is a limitation of the scope of the audit in the COD system, as a result of which the audit organization may require the provision of the documents it needs on paper. In audit organizations, computers can and are already actively used both for automation managerial work the audit organization itself, and for auditing economic entities. At the same time, the concept of "using a computer to conduct an audit" is very general and may include the following types of work (Table 1.1) .
Table 1.1
Options for using computers in auditing
| Option | Types of work performed using a computer |
| I | Printing, editing basic standard forms audit documents, questionnaires, tables, questionnaires and other |
| II | Performing all kinds of calculations, processing tabular data |
| III | Use of the regulatory and legal reference base in electronic form (systems such as "Garant", "Kodeks", "ConsultantPlus"). |
| IV | Organization of requests to an electronic database generated in an automated accounting system (ASBU) |
| V | Verification of individual calculations performed at ASBU accounting areas |
| VI | Obtaining accounting registers and an alternative balance sheet using an electronic database generated in ASBU |
| VII | Holding complex analysis financial condition economic entity |
There are three stages of the technology of the auditor's work in the conditions of CIS AD:
1) preparatory stage;
2) conducting an audit;
3) the final stage.
At the preparatory stage, information about the client, general ledger data, financial statements and other information is studied and recorded in the database. The auditor's study of the accounting and internal control system of the entity being audited is determined by the computer data processing system (CDP) used by him. When conducting an audit in the COD system, the purpose and basic approaches to determining the methods of conducting an audit are preserved. At the same time, the CODE affects the auditor's study of the accounting and internal control system of the entity being audited.
Working in the CODE environment, the auditor studies the organizational form of data processing, the accounting form and its automated sections, the use of a local or network data processing option, and the provision of data archiving and storage. The auditor should also describe the technical, software, technological support of the CODE. He evaluates the capabilities of a computer system in terms of its flexible response to changes in economic legislation, the formation management reporting, carrying out analytical procedures, as well as the degree of qualification of accounting personnel in the field of information technology.
When determining the auditor's risks arising from the audit of financial statements, due to the influence of the COD, one should be guided by the rule (standard) "Risk assessment and internal control. Characterization and accounting of the computer and information system environment".
The use of the COD system significantly affects the organizational structure of an economic entity. The concentration of management functions, data and programs for their processing introduce risks into the accounting and internal control system. When using the COD system, the circle of persons having access to accounting records is expanding. This leads to the emergence of risks associated with the lack of primary documents and accounting registers, the inability to monitor the posting of credentials and reporting, as well as the access of unauthorized users to the database and programs of the COD system.
1.3. Regulatory regulation of the use of computers in auditing
The fact of the need and possibility of using information technology in the audit is generally recognized. Here we can mention the theoretical, methodological and practical works devoted to APCS. The issues of using computers and information technologies in auditing are covered by international auditing standards and regulations on international auditing practice, federal and Russian rules (standards) of auditing.As part of the International Standards on Auditing (ISA), which were in force until 2006, one standard and five provisions on the methodological practice of audit are devoted to computer topics, in the version of Russian standards (RSA) such problems are reflected in three standards. In the federal standards being developed (FSA), one standard on this issue is planned (Table 1.2).
Of all the active this moment Russian auditing standards, only one concerns automation - "Audit in terms of computer data processing." At the same time, the issues regulated by this standard do not exhaust the range of problems faced by Russian auditors, on the one hand, and accountants and business leaders, on the other, when interacting in the conditions of electronic processing of accounting and financial information. So it makes sense for both of them to get acquainted with international experience.
From table 1.2. it can be seen that the most significant of the standards related to audit automation have been developed for Russian auditors.
Table 1.2.
International and Russian auditing standards
|
№ p/p |
International Auditing Standards and Regulations on International Auditing Practice | Russian Auditing Standards | ||
| Code | Name | Year publications |
Name | |
| I | 401 | Audit in the environment of computer information systems | 1998 | Audit in a computer environment data processing |
| 2 | 1001 | IT environment - offline personal computers |
||
| 3 | 1002 | IT environment - online computer systems | ||
| 4 | 1003 | IT Environment - Database Systems | ||
| 5 | 1008 | Risk assessment and internal control system Characteristics of CIS and related risks | 2000 | Risk assessments and internal control. Characterization and accounting of the environment of computer and information systems |
| 6 | 1009 | Audit Methods Using Computers | 2000 | Conducting an audit using computers |
Regulatory developments in the field of automated audit are presented in a number of documents of the International Committee of Auditing Practice of the International Federation of Accountants: "Auditing in a Computer Information Systems (CIS) Environment" ("Auditing in a computer information environment"), "Risk Assessment and Internal Control - CIS Characteristics and Considerations" and "Computer-Assisted Audit Techniques".
The first of these documents has the status of an international standard. The other two are included in international system standardization of audit activities as international provisions on audit practice. The goals of the standards are very good. Firstly, they are designed to unify the requirements for auditing in a computer environment, so that auditors receive methodological support, and users of their services know what to expect from audits in automated accounting. Secondly, these documents contain practical advice for auditors on the specifics of audit procedures in a computer environment.
This document covers general provisions organizing an audit in automated accounting and specific issues of planning an audit in a COD (computer data processing) environment. You can talk about the CODE environment if the enterprise uses computer equipment to process such a volume of accounting and financial information that auditors consider significant from the point of view of the overall reliability of financial statements. And it does not matter whether the company uses computer methods on its own or entrusted it to a third party.
Both international and Russian auditing standards oblige auditors to take into account the impact of the ICD on the organization and conduct of audits. To do this, auditors must have a sufficient understanding of the COD system used by the enterprise. Now this task in most cases is inseparable from the auditors' understanding of the specifics of the accounting and internal control services of the audited enterprise.
At the same time, there are no exorbitant requirements in the field of computer competence for auditors. If special computer knowledge at a professional technical level is required, then auditors can involve an expert who, for example, will help them assess the reliability of a complex computer system or assist in the formation of registers that are convenient for verification procedures in a particular audit area. But in any case (whether an expert is involved or not), the auditor is entirely responsible for the conclusions of the audit, so it still makes sense for him to figure out all the significant issues of automation himself.
Obviously, based on the idea: " a good start- half the battle", the developers of the international standard have provided recommendations for planning an audit in automated accounting. The practice of organizing audits convinces of the fairness of this approach. How well auditors understand the features of an automated accounting service at the initial stage of interaction with enterprise managers and accountants depends , whether the group of auditors will be rationally selected: will it consist, for example, only of auditors and assistants (experienced in general automation issues) or will it be necessary to connect a computer technology specialist.
International Standard draws the attention of auditors to the fact that when planning it is necessary to assess the level of complexity of automated accounting in the enterprise. The CODE system is considered to be rather difficult if:
- the computer performs complex calculations in relation to financial information and automatically makes postings;
- the computer automatically performs operations that are essential for the business of the enterprise;
- the volume of operations is so significant that it is difficult to trace possible errors in data processing;
- automated procedures for exchanging data on transactions with other enterprises and organizations are applied;
- a computer system with a hierarchical structure has been introduced at the enterprise;
- the enterprise uses complex computer management programs that supply information directly to the accounting system.
Depending on the level of complexity of the COD system used by the enterprise, the auditors preliminarily outline the key parameters of the audit, primarily the scale and schedule of work. At this stage, it is in the interests of both auditors and business leaders to decide on the availability of all necessary computer information for auditing. To perform automated procedures, auditors should use copies of the enterprise's work files to completely eliminate the risk of accidental damage to the originals. If the enterprise provides for the preparation of internal reports (for example, for management needs), then providing them to auditors can speed up the audit.
According to the international standard, when planning audit procedures, all the main features of automated accounting should be taken into account. COD systems are characterized by a reduced level of human involvement in operations. On the one hand, this minimizes the errors inherent in manual data processing, but on the other hand, it reduces the possibility of everyday tracking of errors and violations. It is especially unpleasant if errors were made during the installation or modification of the software and remained unnoticed for a long time.
Another "headache" for both the head of the enterprise and the auditor is the impossibility of a complete separation of responsibilities and powers in the COD environment and, as a result, the potential danger of data manipulation.
Denoting the problems, the international standard draws the attention of auditors to the advantages of automated accounting, which should be used to the maximum to increase the effectiveness of the audit. Firstly, the competent implementation and operation of automated accounting increase the level of reliability of accounting information. In this regard, the following can serve as favorable signs: proprietary support for the software used by the enterprise; a good level of computer training of accounting personnel; ensuring the physical protection of the COD means and strict control over the computer system (the relevant procedures may be regulated by the internal instructions of the enterprise).
Secondly, a skillfully organized CODE system enables the management of the enterprise to use effective analytical methods work with information in order to review and control financial and economic transactions. Thus, thanks to automation, there are additional tools to strengthen internal control at the enterprise, which contributes to improving the quality (that is, the relevance, completeness and reliability) of financial statements. This circumstance is taken into account by auditors and, when developing an audit plan, as a rule, leads to a reasonable reduction in the number of detailed checks of turnover and account balances.
Thirdly, the COD system provides auditors with the opportunity to work in an automated mode with significant amounts of accounting data. At the same time, the cost of man-hours turns out to be much less than when using archaic techniques.
It is easy to see that the third option is the most favorable and preferable, in which both the economic entity and the audit organization use computers to automate information processing.
2. Software for automated information technologies for auditing
2.1. Automated information technologies of audit activity
IN modern conditions one of the most important managerial functions at the enterprise is the function of control over the activities of the control object. The accounting and financial control system should include:
- system of accounting, financial and management accounting organizations;
-system of internal control and audit;
-independent (external) audit control;
- state financial control.
The accounting system processes source documents, a systematic recording of business transactions and summing up the results of financial and economic activity. Accounting is directly related to control, since it must guarantee the safety of assets, the efficient use of own and borrowed money, the reliability of accounting and reporting information created in the economic system.
The system of internal control and audit is created by the management of the organization, its main goals are:
- effective production, economic and financial activities of the organization;
- compliance with the management policy of each employee of the organization;
- Ensuring the safety of the property of the organization.
To achieve these goals necessary condition is the consistency of the accounting system and the system of internal control and audit, which should ensure:
-continuity, timeliness and completeness of reflection of business transactions in the accounting system;
-completeness and reliability of accounting (financial) statements;
- application of accounting and other information systems that automate the main procedures for the formation of an information accounting base;
- suppression of the possibility of misappropriation or inefficient use of the property of the organization;
- timely identification of cost deviations from previously planned ones with an analysis of the causes of deviations and the identification of those responsible;
- establishment of conformity now operating system document management to a modern level and the improvement of this system to increase the efficiency of the internal control and audit system itself.
Internal audit is part of the internal control and audit system and can take various organizational forms:
-independent structural subdivision reporting directly to the head of the organization;
- an independent structural subdivision of the head organization, exercising control over subsidiaries and dependent organizations.
Internal audit is carried out by employees of the organization and is intended for on-farm control of the financial condition, sources of costs, diagnosing the management system, identifying reserves and providing the administration with recommendations to improve the efficiency of the organization.
External audit is an independent examination financial reporting organization on the basis of verification of compliance with the accounting procedure, compliance of economic and financial transactions with the legislation of the Russian Federation, completeness and accuracy of reflection in the financial activities of the organization.
The main purpose of an external audit is to establish the reliability of the accounting (financial) statements of an economic entity in all existing aspects.
At the initial stage of planning an audit, the auditor (or audit organization) must acquire sufficient knowledge of the accounting and internal control and audit systems of the organization, have the right to communicate freely and fully with internal auditors.
The external audit technology consists of the following main stages.
1. Preparatory activities, prior to the commencement of the audit:
- choice of economic entity;
- determination of working conditions, conclusion of an agreement with an economic entity;
- determination of the composition of the auditing audit team and the appointment of its leader, selection, if necessary, of outside specialists;
2. Scheduling the test:
- obtaining and analyzing information about the activities of an economic entity;
- conducting a preliminary analytical check and risk assessment;
- preliminary check and evaluation of the effectiveness of internal control
- development general plan audit check;
- final inspection and final assessment of internal control;
- selection of the main directions and methods of verification of financial statements using appropriate tests of operations and analytical verification procedures;
- adjusting the audit plan.
3. Implementation of the audit in accordance with the developed plan.
4. Control over the quality of the audit:
- supervision of the audit;
- verification of the work of assistants, individual auditors and specialists involved;
- consideration of disagreements with the economic entity and making a decision on the admissibility or inadmissibility of continuing the audit;
- conducting additional special checks caused by the identification of significant errors, violations of norms and illegal actions of an economic entity.
5. Completion of the audit:
- preparation of an audit report;
- preparation of the final conclusion on the results of the audit.
Implementation of the listed technological stages is closely related to the study by the audit organization of the accounting and internal control system of the client.
Automation of accounting and other management functions has an impact on the organization of classroom activities. They began to distinguish:
- audit outside the computer environment with traditional manual accounting technology;
- audit to the computer environment when using accounting and other information systems of enterprise management.
The software tools are designed to check the content of the client's computer files. The list of tasks performed by audit programs is quite wide:
- verification and analysis of records based on the criteria of their quality, completeness, consistency and correctness;
- testing of calculations;
- comparison of data from different data of different files in order to identify incomparable data;
- obtaining a representative sample during a selective audit;
- access to data, their ordering, grouping according to different criteria, etc.
As verification data, the auditor can use either the actual data of the client (in whole or selectively), or control data prepared by the auditor. The control data is entered into the customer's information system in order to check the correct functioning of the customer's computer programs. Test data is the basis of system testing. For the control data, the auditor prepares the results calculated in advance on their basis, they must cover the entire spectrum of economic activities. Testing a customer's information system against test data is more productive than testing against the customer's own data.
2.2. Software used by the auditor
The software of the system used by the auditor during the audit should provide:1) analysis of the content of the database formed in the accounting department of the economic entity, if it exists and is available;
2) control of indicators contained in the accounting registers of an economic entity;
3) testing of algorithms used in the automated accounting system;
4) monitoring the compliance of indicators contained in the forms of financial statements with the data of accounting registers or a database formed in the accounting department when processing primary documents;
5) using the capabilities of search and reference information systems in the field of normative and legislative acts regulating accounting and auditing in the Russian Federation;
6) formation of audit documentation (working and final).
Automated audit software is based on two types of programs - batch programs and target programs.
Batch programs are a set of programs general purpose. These programs provide a wide range of processing functions, data analysis, as well as the preparation and printing of reports.
Targeted programs are designed to perform audit engagements in specific situations. These programs are compiled by auditors, or by the client organization in agreement with the audit firm.
The following groups of programs are used in audit activities:
- office programs;
- legal reference systems;
- accounting programs;
- programs financial analysis;
- special software for auditing activities.
Office programs include spreadsheets, database management systems, and word processors.
Spreadsheet processors have powerful computing capabilities, business graphics and database management. They are widely used in audits and are used to create various working tabular documents (budgets, reports), alternative balance sheets, various analytical tables, presenting the information received in graphical form. The most common programs are MSExcel, Lotus1-2-3.
With the help of database management systems such as MSAccess, the auditor can sample business transactions, check individual reporting forms generated by accounting programs and intended for printing.
Word processors, such as MSWord, WordPad, Notepad, Lexicon, are used at all stages of the audit that require the creation and quality of audit documents. They are used in the preparation of audit contracts, programs, plans, working papers, conclusions, various references and requests.
Word processors allow you to create and edit documents, prepare them for publication, check their spelling, print, and distribute electronically. In the process of working on documents, the constant information of the main document and the variable information of the source are merged, integrated documents are created with the inclusion of external objects (pictures, sound files), and text documents are saved in selected formats.
Reference and legal systems (LCS) are necessary in the process of auditing as legal support and a source of legal information for the auditor. The SPS is a system of legally processed and promptly updated legal information in combination with search and other service software tools.
SPS operating in Russia are represented by the following groups:
- non-state ATP of mass replication;
- small-circulation non-state SPS;
- state SPS.
Non-state ATPs of mass replication are represented by such well-known ATPs as ConsultantPlus (JSC ConsultantPlus), GARANT (NPP Garant-Service), Kodeks (ZAO [!!! In accordance with Federal Law-99 dated 05.05.2014, this form changed to non-public Joint-Stock Company] "Information Company" Kodeks "). This group is perhaps the most common and used of all the above.
Small-circulation non-state SPS are represented by SPS "USIS" (legal information agency INTRALEX), "Yuristkonsul't", "Referent II" and others.
State SPS are represented by SPS "Etalon" (NCPI under the Ministry of Justice of the Russian Federation), STC "Sistema".
Accounting programs during automated audits serve as the object of verification. So, the correctness and legality of the program used in the process of accounting and its application (verification of algorithms) are checked. Representatives here are "1C" (series of programs "1C: Accounting"), "IT" (family "BOSS"), "Atlant-Inform" (series "Accord"), "Galaktika - Parus" (series of programs "Galaktika" and "Sail"), "DITS" ("Turbo Accountant") and many others.
Financial analysis programs are used in the audit to assess the financial condition of the enterprise at the moment, and its development trends in the future. Based on these programs, forecasts for the development of the client's business are developed, which allows him to take the most profitable strategic management decisions and evaluate the attractiveness of a particular project.
Representatives of these programs are Audit Expert, FinEkAnalysis, Vash financial analyst" and etc.
3. Automation of external and internal audit using special package programs, their comparative analysis
The Express Audit system is a software package designed to automate the audit of financial and economic activities commercial enterprises and organizations, as well as the efficient and convenient creation and storage of working audit documentation.The developers of the system are the consulting group "Termika" and N.P. Baryshnikov, a practicing auditor, CEO audit firm "Baryshnikov and Co." The automated system "ExpressAudit" in accordance with the Rules (standards) of audit activity in the Russian Federation can be used by audit organizations for:
a) developing an overall audit plan and program;
b) creation working documentation audit;
c) study and evaluation of accounting systems and internal
its control of the inspected economic entities;
d) obtaining audit evidence on the reliability of financial statements;
e) obtaining a reliable idea of compliance by an economic entity with the requirements of regulatory enactments;
f) organization of intra-company audit quality control;
g) conducting an initial audit of the initial and comparative indicators of financial statements;
h) preparation of the written information of the auditor and the auditor's report on the results of the audit.
The material is structured into sections (19 in total) and presented in the form of questions and answers to them on all aspects of the financial and economic activities of enterprises and organizations. Moreover, in addition to questions common organization accounting and taxation, including:
- organizational matters;
- accounting policy organizations;
- accounting and taxation of operations with fixed assets, intangible assets, materials;
- production costs
- cash;
- Accounting for finished products;
- calculations;
- capital, financial results, securities;
- the procedure for the formation of indicators of accounting and tax reporting and etc.
In addition, tables are given on the analysis of the financial and economic activities of commercial organizations. The basic version of the system also reflects the specifics of accounting and taxation in trade. At the moment, the system contains a separate block section "Auditor's working documents", which are required by a specialist not only at the time of the audit, but throughout the entire audit activity.
Working with this system, which is based on the Codex for Windows software package, consists of four stages:
- filling out the survey card;
- selection of the survey topic (accounting section);
- answers to questions on the chosen topic;
- generating a report.
Fill out a survey card. The survey card may include data about both the audit firm and the audited object. All information contained in the card is included in the protocol, and then the report.
Choice of survey topic. The next step is to select the object of verification from the presented 19 blocks. Each block is presented in the form of a chapter with sections that detail this topic in a certain direction. To select the topic of the survey, you need to transfer one heading from the left side of the plate to the right. At will, any number of chapters and sections can be selected, depending on the volume of events to be organized.
Answers on questions. The number of questions varies depending on the chapter chosen. The structure of the question consists of three elements: the text, the normative basis of the question and the author's comment. The program has four possible options response:
- compliance with the regulatory framework;
- discrepancy;
- incomplete compliance;
- the auditor's opinion on the appropriateness of the question in this situation.
When violations of the standards are identified and the appropriate answer option is selected, it is required to fill out the “Comment” card in order to reflect the information that may be necessary in the subsequent analysis of this issue.
Formation of the report. The final document of the audit is the report. At the same time, before compiling it, it is necessary to get acquainted with the protocol, which contains information about the object being checked, the date of the check, the number of questions that the auditor had to answer or answered. In the event that the answers to the questions are compiled sequentially, the protocol will be generated automatically after the answer to the last question from those proposed on the topic. You can also review the preliminary protocol at any time or change the answer to a previously discussed question by pausing the current survey.
Based on the protocol, at the request of the user, a report is generated that is identical in content and structure to the analytical part, and also contains elements of the final part of the audit report. The report includes data on the audited object, general results of checking the state of internal control of an economic entity, accounting and reporting, compliance with the law when performing financial and business operations, as well as an indication of normative act, which the financial statements must comply with. The generated report can be imported into the MS Word text editor and, after revision, have the form of an audit report.
In the system, each section of accounting corresponds to certain questions that need to be answered, each question must be accompanied by an appropriate extract from regulatory documents, and there are author's comments on sections that require special attention. Thus, the auditor can check the statements without wasting time searching for regulatory documents to clarify any point of contention. Provided information service, consisting in the monthly addition and updating of the materials set out in the "ExpressAudit".
This version of the program is intended for the formation of working documents of the auditor in the process of checking commercial enterprises and organizations. The developers intend to develop the program in at least four directions:
- creation of versions that take into account the industry specifics of the audited organizations;
- reflection of the regional characteristics of the audit;
- improvement of the interface and other characteristics that provide the most convenient work with the program;
- development of new sections.
Russian scientists B.E. Odintsov and A.N. Romanov believed that the main attention should be paid to the creation of some kind of computer information system that provides a “man-machine” approach to auditing. This system assumes a significant separation of functions: a person, i.e. a decision maker (DM), performs the functions of logical analysis, and a computer performs the functions of organizing and conducting quantitative calculations, the logical structure of which is implemented by software tools created on the basis of the algorithms developed by the decision maker (procedural method problem solving).
According to I. I. Pilipenko, all kinds of surveys, questionnaires regarding the use of information systems in auditing activities indicate that practicing auditors, audit firms do not use specialized programs for auditing to an insufficient extent. There are factors that limit the use of specialized automated programs in auditing. One important factor is the use by audit firms software products general purpose: text editors, spreadsheets, database management systems. Another factor is lack of awareness audit companies about automation systems designed for auditing activities. The relevance makes it necessary to study the market of audit programs in order to determine the need and possibility of their implementation in audit firms.
According to Goldberg E.Ya., the Audit Assistant program is the first attempt to create a really working audit system, in order to solve audit problems at all stages of its implementation, the Audit Assistant program is. In the literature known to the authors, the audit system model has the following structure:
a) a knowledge acquisition module, which is designed to form a knowledge base. The knowledge base has two components: the rule base and the fact base.
b) rule base, contains procedural knowledge in a standard form.
c) base of facts.
d) an audit execution module used to initialize the system operation and form audit reports.
In general, there are two strategies in the creation of audit systems: minimizing the cost of entering initial data; minimizing the risk of missing erroneous actions in financial documentation. The creators of this software application are aware of the complexity of the task taken on and the imperfection of its individual parts, inevitable for the first version. Nevertheless, given the urgent need for such a program, they take the liberty of offering it for practical use.
Currently, the following full-featured audit automation programs are presented on the Russian market: IT Audit: Auditor (Master-Soft), ExpressAudit: PROF (TERMIKA Consulting Group), AuditXP Complex Audit (Goldberg-Soft ").
Table 3.1
Popular programs for complex automation of audit activities
| No. p / p | Program |
Stated purpose programs |
Manufacturer |
Year release |
| 1 | IT Audit: Auditor | Comprehensive audit automation | OOO Master-Soft www.audit-soft.ru | 2005 |
| 2 | ExpressAudit: PROF | Integrated system automation of the audit | Consulting group "TERMIKA", N. P. Baryshnikov (based on SPS "Kodeks")www.termika.ru | 2004 |
| 3 | AuditXP "Complex Audit" | Automation of audit activities | "Goldberg-Soft" (based on Turbobukhgalter)www.auditxp.ru | 2005 |
Forms of audit risks that arise as a result of the use of computer data processing programs:
- technical risks - risks associated with technical issues, methods of processing accounting information that is directly used, the organization of accounting and internal control in the implementation and use of information automated systems. Caused by poor-quality work of technical means, the use of unofficial software, the difference in the characteristics of hardware and software, lack of proper general technical service and control.
- risks associated with the procedure for processing accounting data - may be associated with errors in the development of the system, its small circulation, use for other purposes. Cases of using programs that are not intended for accounting are not excluded. It is the responsibility of the auditors to determine whether the client's system is being applied correctly.
- risks associated with accounting and control - caused by insufficient organization of the client's employees to use the accounting information processing system, lack of a clear differentiation of obligations and responsibilities of the client's employees, dissatisfaction with the formation of an internal control organization, inept system of protection against an unauthorized approach to the information base (absence), loss of data.
- risks associated with the professionalism of the auditor - associated with an incorrect assessment of the system for processing accounting and analytical data, incorrect construction of the test system, distorted interpretation of facts.
At various conditions risks may rise or fall. It is possible to distinguish between these factors influencing the level of audit risk in terms of automated data processing:
a) The risk of errors and deviations in accounting increases at:
1) dispersal of a computer automated network;
2) large-scale remoteness of computer devices;
3) low level of acquired knowledge of accounting personnel in the field of information technology;
4) lack of a system of internal control over the functioning of the environment for computer processing of analytical and accounting data;
b) The risk of shortcomings and deviations in accounting decreases at:
1) introduction of licensed accounting automation programs;
2) implementation and development of timely software;
3) use of special software for automated processing of accounting data;
4) the use of a possible modification of some forms of control through the use of software specially developed for audit firms to automate audit activities;
5) coordinated information policy of the subject with the main use of the computer data processing system;
6) development strategic plan and strategies for the development of an automated data processing system of an economic entity.
Avoidance possible errors gives the auditor in his practice to expose the cause of their occurrence, pay attention to some existing issues, eliminate the impact on the quality and reliability of information.
To implement the above tasks, the auditor must have additional knowledge and skills in the field of computer processing of audit data. The minimum requirements for auditors should be the possession of computer terminology and the ability to understand the sequence of computer operations performed.
Not many auditors believe that computer proficiency is not necessary in many cases, especially when technical professionals and specialists are involved in the work. Lack of such experience can lead to incorrect formation of conditions for technical specialists and misinterpretation of the results. Practical skills in working with numerous automated computer data processing systems are necessary for auditors to justify the assessment of the use of the system by the audited entity.
To the number negative points Russian market computer programs, one should attribute the conditions that their development takes place without appropriate expertise for the possibility of optimizing control operations; the issue of managing the market of accounting programs is almost not solved at all. The definition of the problem is seen in the fact that all automated programs that provide accounting must undergo free or independent examination, as well as certification by licensing authorities. After the issuance of the document by this authority computer program can be applied in practical activities. Such a procedure can contribute to the legalization of the Russian market of accounting programs, determine the potential for using audit operations within a particular program, and reduce the likelihood of errors by program authors and programmers. In addition, this approach will create a real opportunity for the organization of auditors to implement control actions in the conditions of automated processing of accounting data, since it will be possible to build a verification methodology in advance, implementing it to a specific program.
Special software for audit activities is developed by audit organizations for the implementation of various audit tasks. There are three approaches to organizing these programs:
- the first approach contains the greatest risk, here a set of texts (worksheets) is used, reduced to the choice of the answer "yes / no" (test mode), while the client's accounting information is ignored;
- the second approach requires considerable time to enter the client's accounting information, the program is focused on the primary accounting information of the synthetic and analytical level;
- the third approach combines the previous approaches.
We have considered the main methods of automating the audit process, however, despite their diversity, this problem is quite relevant and unresolved, software developers are currently tasked with automating and standardizing the activities of auditors at all stages of the audit: from preparing and planning a general audit to collecting, organizing and processing final documents in accordance with applicable standards, with all this, taking into account the industry specifics of domestic enterprises.
For the highest quality, most accurate audit Russian enterprises In modern conditions, we propose to use the AuditXP program “Audit Complex”, which is based on the program “Auditor Assistant” by E. Goldberg, which allows you to create a really working audit system aimed at solving audit problems at all stages of its implementation.
Using the AuditXP software product "Audit Complex" from our point of view has a number of advantages compared to others:
- automation of audit activities not only large, but medium, small audit organizations, as well as individual auditors, in accordance with the current federal rules (standards) of auditing and International Auditing Standards;
- increases the efficiency of quality control of working documentation;
- ensures compliance of activities with audit standards and corporate standards;
- the application of the standards offered by this program allows you to improve the professional level and quality of work of auditors by proper organization their work;
- introduced the ability to import and export procedures at all stages of the audit, allowing auditors to share responsibilities for auditing different sections, work on the road using laptop computers;
- contains more than 500 procedures, forms, reference tables, reports on all stages of the audit.
- proposes to use the original methodology for conducting an audit, which contains built-in algorithms for calculating, planning, forming and analyzing a sample, selecting types of identified violations and automatically drawing conclusions on sections of the audit and the final conclusion;
-includes a methodology for audit quality control, a block of analytical procedures and financial analysis;
-Built-in form editor makes it possible to create new, modified existing forms of audit procedures, as well as completely change the audit program to the internal standards of the organization.
We propose to supplement it in the next versions with the following materials:
- a list of frequently encountered errors during the audit;
- background information for the most complex sections of the audit;
- section "Analytical part of the conclusion".
Modern conditions dictate the transition to the automated implementation of the functions of the auditor, which significantly saves labor costs and auditor time. The implementation of an automated audit is based on extensive software that is constantly updated and improved over time. All the special audit programs discussed above were developed by Russian companies and are widely used at present. Each of them is able to ensure the effective implementation of both external and internal audit (with the exception of AuditModern, since the program is intended only for internal audit). Based on this, when choosing a software product, the main criterion is its cost. So, the cost of the products we have considered today is presented in Table 3.2. According to the table, we can say that the most accessible software products for companies are "IT Audit: Auditor" and Audit XP "Audit Complex".
Table 3.2.
The cost of software products in the field of audit automation
Thus, in conclusion, I would like to note that the introduction of automated systems into the activities of audit firms is a necessity. The use of specialized licensed software will help improve the efficiency and quality of the work provided by the audit firm.
Internal audit is integral part internal control and is carried out at the enterprise (organization) in the interests of its owners. At the same time, the purpose of internal audit is to provide information to the management and the board of directors of the enterprise, mainly in such areas as:
- analysis of the accounting system;
- analysis of cost items, account balances;
- profit and sales forecast;
- the financial analysis.
In a competitive and tough regulation in which Russian companies are forced to work, the organization of an effective internal audit service is becoming a paramount task of corporate governance.
The internal audit function should be structured in such a way as to assist the organization in achieving its objectives. This primarily means providing recommendations to improve the efficiency of business processes. The internal audit function can be used by management to conduct independent evaluation business components such as quality corporate governance, risk management and business transparency. Financial control at the enterprise is designed to detect deviations from accepted corporate standards as early as possible, violations of the principles of legality, efficiency and savings in the use of material resources.
The main methods for collecting evidence are chosen by the internal audit service independently or are determined by internal audit standards, which should be drawn up on the basis of federal auditing standards.
The final stage of the internal audit is the preparation of a report on the audit of the financial and economic activities of the enterprise, both in general and in certain areas of its activity. This suggests that in the long term, the internal audit service can become a kind of forge for the future management personnel of the company, as it is an excellent "testing ground" for acquainting prospective employees with all aspects of the organization's activities.
For problem solving methodological support internal audit consulting group "TERMIKA" offers the following products:
- software products:
- "ExpressAudit: PROF"- a software package, the use of which makes it possible to conduct an audit in an automated mode based on a methodology built on the generally accepted practice of auditing, taking into account the requirements of the Federal Rules (Standards) of Auditing. The main task of the software package used as a system for automating the activities of internal audit services is to verify the accuracy of accounting and tax reporting. The system offers a ready-made universal methodology for conducting an audit of accounting and tax reporting of any commercial organization, developed by a group of methodologists, taking into account the Chart of Accounts and part two of the Tax Code of the Russian Federation. A feature of this technique is the systematic collection of audit evidence, carried out in the form of answers to questions that require mandatory control during the audit. In order to make the auditor's work as functional and productive as possible, in addition to security question the system stores extracts from regulatory documents that regulate the requirements Russian legislation on this issue, as well as the authors' comments by a group of methodologists describing various aspects of the implementation of these requirements. The questions contained in the system are regularly updated (once every 4 weeks). The previous versions of the questions are also stored in the system during the audit, if for the period of the audit the normative basis of the question was different from current state, the edition of the question can be changed to the current one for the period being checked. This methodology takes into account the industry and regional specifics of the audit.
If the organization has its own methodology for conducting internal audit, it can also be entered into the system.
- "ExpressAudit: PROF"- a software package, the use of which makes it possible to conduct an audit in an automated mode based on a methodology built on the generally accepted practice of auditing, taking into account the requirements of the Federal Rules (Standards) of Auditing. The main task of the software package used as a system for automating the activities of internal audit services is to verify the accuracy of accounting and tax reporting. The system offers a ready-made universal methodology for conducting an audit of accounting and tax reporting of any commercial organization, developed by a group of methodologists, taking into account the Chart of Accounts and part two of the Tax Code of the Russian Federation. A feature of this technique is the systematic collection of audit evidence, carried out in the form of answers to questions that require mandatory control during the audit. In order to make the auditor's work as functional and productive as possible, in addition to security question the system stores extracts from regulatory documents that regulate the requirements Russian legislation on this issue, as well as the authors' comments by a group of methodologists describing various aspects of the implementation of these requirements. The questions contained in the system are regularly updated (once every 4 weeks). The previous versions of the questions are also stored in the system during the audit, if for the period of the audit the normative basis of the question was different from current state, the edition of the question can be changed to the current one for the period being checked. This methodology takes into account the industry and regional specifics of the audit.
- information products:
- "Electronic Library of the Auditor"– a thematic set filled with the widest range of reference and other information necessary in the daily work of each auditor. The set includes a dictionary on auditing, as well as more than 10 books and monographs on the problems of internal and external audit, the transition to IFRS, the development and development of federal standards, etc.
- "Auditor's statements"(with an archive since 1997) is an electronic version of the magazine, in which leading Russian experts advise readers on the introduction of new laws and regulations, suggest interpretation of controversial situations, and highlight the experience of leading audit firms. Also, the journal highlights the problems of legislative activity, methodological aspects of certification of auditors, topical issues of the development of accounting and taxation. Headings are kept on various types of audit, most of the Russian standards on auditing have been published.
AuditModern SYSTEM SOLUTION FOR INTERNAL AUDIT AND INTERNAL CONTROL SERVICES Developer: ACG "Integrated Business Service" AuditModern - Russian program for automating the activities of Internal Audit and Control Services: Provides risk-based internal audit using the principles and conceptual approach of the COSO model. Helps Internal Audit operate in accordance with the International Standards on Internal Auditing, and Internal Control conduct activities to ensure compliance with the requirements of sections 302 and 404 of the Sarbanes-Oxley Act (SOX). It takes into account the peculiarities of internal audit, internal control and the specifics of doing business in Russia and the post-Soviet countries. Accumulates the experience of internal auditors of leading companies, financial institutions, banks in Russia and the CIS countries (the System already contains the methods and specifics of more than 160 terms of reference on automation of VA and VC services). Offers a conceptually new approach to internal audit.
Why the task of automation arose Increase in information flows Requirements for the speed of information processing and decision-making are increasing every day The lack of trained and competent specialists sets the task of typing and preserving previous experiences The requirements of regulators and management companies provide for a large reporting documentation and fast response to requests
In the conditions of international integration, there is a need to follow the strict requirements of international standards of internal audit. Compliance with them is impossible without the use of specialized automated systems Why automation is necessary
Selection of automation system parameters Proper setting of automation goals and selection of automated functionality Platform / programming language Possibility and depth of integration with external applications and databases Implementation of automation on its own or use finished product The cost of buying or building a system
Dedicated system - unlike Excell or Access: It is a life-sustaining system for the company, which stores a complete history of customer relationships and is able to simultaneously manage the quality and performance of employees. On-line and off-line reports at any time in any slices. Concurrent Users. Friendly interface. Possibility to raise information at any time. Automation of activities through business processes. Integration with other company systems. Unified information storage with high levels of information protection Powerful data protection analytics. Applied Automated Tools
Automation of IAS and ICS as a component of company automation: The tasks of internal audit include: Checking and evaluating the effectiveness of the internal control system (ie “control over control”). The principles of independence of internal audit make it impossible to audit within the system. In order to search and find violations, errors and distortions for a competent assessment of the actual effectiveness of the ICS, the auditor must be “outside the system”, with his own tools that are not related to the system.
Over the 9 years of our company's experience, we have been approached more than once after an unsuccessful experience in creating their own programs by companies that are not specialized software developers (large audit companies tried to create based on own experience a program for automating their activities, IAS of large holdings created a program for their service). Significant resources have been expended by companies, but ready-made solutions, capable of satisfying all users even within the same company - did not appear. The development of the AuditModern system took more than three years, taking into account the allocation of resources of auditors, methodologists and programmers. In order to create the System, a large amount of experiments was reworked various companies and different approaches. Further work is underway to improve and improve the System, which, as part of the user update, is released in new versions. Own development within the company
In Russia and the CIS countries, AuditModern is currently the only program for automating IA and VC services, adapted to our national specifics. Specialized software In the West, the number of users of systems of this level is more than 120 thousand.
The cost of owning AuditModern is several times cheaper (purchase, updates, implementation, support). The initial cost of acquiring AuditModern is 3 times cheaper than similar Western models. User support (a large number of partners in Russia and CIS countries). The specifics and realities of the conditions of the post-Soviet space are taken into account. Contains methods and practical developments of more than 160 tech. tasks of the NVA of Russia and the CIS countries. Western systems that automate the activities of internal audit
Activity planning Business surveys - risk identification: In the System, software, or Web-form
Key principles Risk-based approach to internal audit Audit scheduling, resource allocation Use of audit engagement templates, descriptions and working papers Shared knowledge base, archiving Reports and graphs for management
Development Use of numerous past experiences and knowledge for auditing Introducing changes to the System of new provisions and instructions governing the activities of the Internal Audit Service Easy and convenient customization of any reports, graphs and diagrams Rigid consolidation of roles, rights and powers
The system ranks the risk as high/medium/low depending on the significance. Risks whose value exceeds the risk appetite are flagged for inclusion in the annual/quarterly audit plan. Further, the head of the Internal Audit Service edits the annual / quarterly plan for audits, indicating the goals of the audit, terms, volume, employment of specialists and other necessary parameters. Risk map and annual plan The risk manager (risk management department), and in the absence of such positions - the internal auditor himself (Internal Audit Service) in accordance with past experiences (reports on past audits) - identifies the main risks present in the Organization (Holding) . Further, they classify and evaluate the probability of occurrence and the consequences / impact of these risks, sending out questionnaires to the owners of these risks.
Audit engagement planning The audit manager generates audit engagements using audit engagement templates (from the Methodology section). Next, he assigns performers to work and details the performance of the work in accordance with the performer's skill level (or removes unnecessary details added automatically from the audit template).
The auditor performs the audit procedures assigned to him and fixes the results (saves audit evidence in the appropriate folder in any format: word document, Excel, audio, video recording, document scan, photo, link to a file posted in public resources). Auditing
Necessary correspondence with officials and employees of the organization, as well as with external organizations(except personal) are automatically stored in a common database for the possibility of use and further work by a specialist whose access level allows using this information. Synchronizing data with Outlook
Among other tools of the auditor in the System, it is possible to formalize questions and answers in a questionnaire, which can be filled in by the auditor himself, when interviewing the employees of the Enterprise, and by the employees to whom the questions are intended, using the System on their own. Questionnaires, risk assessment At the same time, the result of filling out the questionnaire will be a risk assessment: high / medium / low, or another gradation depending on your internal company standards. In addition, when polling more than one person, it is possible to combine answers into the majority response graphs.
If it is necessary to bring relevant homogeneous information to the right people, the System provides templates for letters that are automatically generated and filled with information according to the situation, as well as a mass mailing module: Notifications and bulk mailings .
Fixing violations, deviations, shortcomings and comments The auditor fixes the shortcomings identified in the process of performing audit procedures. Disadvantages are classified in a certain way and, if necessary, added to the disadvantage template database for further use. When fixing a deficiency, a potential (existing) risk is determined. The auditor identifies the risk associated with the identified violation, thereby supplementing (correcting) the risk map. At the end of the project, the audit manager evaluates the impact and consequences of the risk(s).
Next, the auditor writes recommendations for correcting violations, addressing the recommendation to the official responsible for this business process. Following the recommendation executive notes in the System the result of its execution. Monitoring the implementation of recommendations allows you to get feedback from the Enterprise in order to revise the risk map and the annual audit plan for the following periods. Auditor's recommendations
Auditor all agreed issues on various types risks and business processes are entered into a common knowledge base, ready-made phrases from which are then used when writing recommendations, comments, for the audit report. Agreed questions, knowledge base
All norms and rules in order to streamline the work and quickly enter the position of a new employee are entered into the audit library, excerpts and quotes from which auditors use during work. Quick search and filter system allows you to quickly find the right type phrase from a huge knowledge base. intracompany teaching materials
The auditor's report is generated upon completion of the audit in the form in which managers are accustomed to seeing the report, while its formation by the auditor takes no more than a minute: after all, all the text has already been written when performing the procedures, the System only automatically reduces record to record sequentially. If necessary, you can generate reports: Separately for completed / not implemented recommendations; Significant / not significant shortcomings; In the context of the company's business processes; With the total amount of financial consequences for the Enterprise (subject to the input of this information at the time of verification); Another filter that is necessary for the perception of the text. Auditor's report
Services Consulting and methodological services for audit companies. Sale, implementation and maintenance of software products for auditing. Adjustment of the software on intracompany standards, updating of products. Organization and holding of seminars, round tables to familiarize personnel with software for auditors. Training of personnel to work with programs in the client's office, support in the form of on-line consultations. Conducting various seminars, trainings on current topics in auditing.
Popular
- Photo Print Pilot - print photos at home
- Epson Easy Photo Print - photo printing application
- How to behave in a job interview
- What is the difference between a supermarket and a hypermarket?
- Feathered evil: what happens in the nest where the cuckoo threw her egg
- Eagle owls and owls How to determine the sex of a long-eared owl
- What year did the Internet appear
- Owl as a pet How to distinguish the gender of an owl
- Birds of the Moscow Region (photo and description): large predators and small birds A bird that makes different sounds
- The Board of Directors of the PIK group of companies re-elected the board of the company Aleksey Kozlov Pik