PAWS - Pentana Audit Work System software
Transcript of PAWS - Pentana Audit Work System software
PAWSPentana Audit Work System
Audit and Risk Management Software and Services
Clients
Who are they? Risk managers Internal Auditors Other Assurance Providers
What do they do? Why do they want PAWS software?
Users
Automates and speeds up the process, notably report generation
Enable timely management review of work, particularly when reviewers are off-site
In-house development rarely works, is resource-dependent, expensive and often badly documented
A package should incorporate industry best-practice and lessons learnt in other companies
Enables better co-ordination between risk management, internal audit and other assurance providers
Some general reasons
Conduct reviews to ensure that risks have been identified correctly and that risk mitigation is appropriate throughout the organisation
Check that key controls are working properly Make recommendations to improve the controls in
terms of both efficiency and effectiveness Ensure that action is taken to rectify any weaknesses
found Report to the company’s Audit Committee on the
overall effectiveness of management Co-ordinate all the assurance activities in the
company.
Internal auditors
PAWS makes it much easier to reuse previous audit work. Setting up a traditional paper audit file is very time-consuming
Manual action tracking is very resource-hungry and frustrating. Often this is the key feature IA teams are looking for.
The system allows auditors to work off-site much more easily.
Audit reports can be generated very quickly, making them more useful to management.
Helps co-ordination with other assurance providers and the risk management team, reducing duplication and misunderstanding.
Enables IA assessment of risk to feed directly into the risk register.
Specific reasons - IA
The official IRM definition of Risk Management: Risk Management is the process which aims to help
organisations understand, evaluate and take action on all their risks with a view to increasing the probability of their success and reducing the likelihood of failure.
Risk management gives comfort that the business is being effectively managed and helps the organisation confirm its compliance with corporate governance requirements.
Initially many organisations put Risk Management into the Internal Audit Department. Only recently are the two functions separating, although obviously still closely linked. Some companies still only have one function.
Risk management
Create and verify the organisation’s risk profile by undertaking regular (usually quarterly) reviews and interviews
Gather information that might affect the risk profile: internal such as acquisitions or change in management external such as changes in legislation or public opinion.
Determine risk appetite and risk treatment How much risk can we tolerate? How much do we need/want to spend on risk mitigation? How do we mitigate risk? Controls? Insurance? Other?
Risk managers
Business Risk Self Assessment is becoming increasingly popular but is a very resource-heavy activity. PAWS makes it much easier to co-ordinate and monitor.
Internal Audit will always use the latest risk register and therefore focus their resources on the correct risks.
Good visual risk reports that senior management can understand at a glance.
Helps thinking on risk appetite, which can be a difficult concept to get to grips with.
Specific reasons - RM
Health and Safety Compliance Security Claims Inspectors External Audit, etc.
Assurance providers
• Conduct reviews to ensure that specific areas of risk have been addressed
Usually require specialist technical knowledge
Make recommendations to improve the controls in terms of both efficiency and effectiveness
Ensure that action is taken to rectify any weaknesses found
PAWS makes it much easier to reuse previous review work or set up and copy standard reviews which are often very specific or technical.
Electronic storage of working papers, particularly photographs, a big benefit
External Auditors can quickly assess the risk profile and the assurance work undertaken.
Specific reasons - Assurance
RiskAssessment
AuditPlan
Audit Schedule
Audit 1 Audit 2 Audit 3
Suggested IA Process 1)
Plan Audit(staff, scope)
Assess Risks andcontrols
Interview KeyBusinessPersonnel
Interviews
Create ControlTest Plan
Data Analysis
Testing(walkthru,sampling,etc)
FindingsAudit ReportActionsFollow-ups
Suggested IA Process 2)
Integration Audit Planning Risk Assessment Work paper Management Resource planning & time tracking Issue and action tracking
Flexible reporting Standard, report designer, Word/Excel links,
custom reporting
Pentana
Audit trails and history System-enforced IAD standards Improved security & control Highly configurable user interface Experienced audit-based assistance May appear complex initially, but
Needed to meet client requirements Many functions can be hidden or made simpler
through use of role based security
PAWS
PAWS
Technical proof of concept Appoint a champion Install on test/production server Audit configuration Pilot use Reports and templates Data conversion/interfaces Training
Implementation