Protecht.ERM Showcase: Manage the full lifecycle of risk management in one system
Register Now

The Internal Audit function has always been an integral part of any organisation, giving independent comfort to stakeholders that the governance and the control environment are operating as expected and and in an effective way. As part of that work, recommendations to improve systems and processes are often provided.

The starting point for any risk-based internal audit is to understand the risks associated with key business functions or processes, and the controls that mitigate either the likelihood of the risk occurring or its impact.

 

An audit plan is then prepared to address key risk areas over a certain time period. Each audit in the plan is then executed with work-papers being completed, audit reports and findings issued to relevant stakeholders.

How can enterprise risk management software help this process?

If we think about the core basics of an enterprise risk management (ERM) system we should see:

  • Risk and control self-assessments done at the business unit level
  • Control testing done by the first line
  • Continual monitoring through key risk indicators and compliance questions
  • Incident capture
  • Treatment plans

With this information in a single application internal auditors can:

  • Quickly view the risk and control assessments for departments to understand the key risks.
  • See connected information (RiskInMotion) to form an opinion as to how well the risk is being managed. For example, a large number of control test failures, incidents and metrics outside of the expected operating range for a key risk would direct audit activities to that area or process.

However, we can also apply technology to support more of the audit process. 

Firstly, an ERM application with flexible form technology allows internal auditors to capture audit plans for a certain time horizon. The plan ‘form’ references library information already in the application such as business units being targeted, auditees (users), risks and controls being addressed and the expected time the audit will be executed.  At this early stage, we see a clear connection to the risk assessments being done by the divisions, and the risks being addressed by the audit.

Assuming most auditors still like executing work-papers outside of the application, the ERM application can still be a repository for completed reports and their associated findings.

Findings in traditional internal audit roles have the following weaknesses:

  • Findings are not connected to a risk – making aggregation against the risk profile difficult if not impossible.
  • Findings are kept in an excel file for tracking with manual emails generated to owners to provide an update on recommended actions that is then transposed into the master excel file.

For the first weakness, internal audit findings can be connected to the central library of risks and controls.  In the screenshot below we can see the connected risk for this finding, being fed from the central library of risks.
Internal Audit Blog 1

For the second weakness of findings stored in excel files, an ERM application resolves these key problems by:

  • Centrally storing the findings
  • Automatically generating emails for update requests and closure reviews.
  • Allowing owners to directly update the finding and or associated actions in the application.

This activities reduce the amount of time the internal audit team is spent administrating the findings. Audit trails in an ERM application are also more robust than an excel file, to see how the finding has been modified over time.

Finally, a good ERM application has the ability to quickly generate live dashboards for Audit and Board reporting, again reducing the administrative burden for internal auditors. They should also show a clear picture of the internal audit findings and their overall impact on the risk (RiskInMotion).

Internal Audit Image Blog

 For more information about Protecht.ERM and how can we help you, please visit our website.

 

Related Articles

feature image
Enterprise Risk Management, Risk Management, Internal Audit, Internal Auditors

The 20 Critical Questions Directors Should Ask About Internal Audit Resourcing 

Organisation requirements 1. Does the internal audit function have the right amount of competent and professional resources to provide the right...
Read more
feature image
ERM, Risk Controls, Risk Manager, Risk Management Software, Videos, Webinars

Controls Assurance Webinar

Awesome Controls Assurance: The Confidence to Go Faster This event was done live on Oct.22nd 2019. Access the recording here. “The greatest potential...
Read more
feature image
Key Risk Indicators, Risk Management Framework

Some features of the Protecht.ERM 8.4 release.

In this short video, Peter Walker, Chief Technology Officer at Protecht, gives a quick overview of  some of the new features that the development...
Read more
blog-cta-footer-bg

Subscribe to the Knowledge Centre

Get the latest thought leadership on risk, compliance, health and safety and internal audit industry trends, challenges, methodologies, and insights. You will receive notifications directly in your inbox once a month.

Subscribe Now
© The Protecht Group
PROTECHT.ERM
Request a demo
Resources
ABOUT
CONTACT US

Australia & Pacific

Level 8, 299 Elizabeth Street
Sydney NSW 2000
Australia
+61 2 8005 1265
info@protecht.com.au

Europe, the Middle East & Africa

1st Floor, 60 Gresham Street
London EC2V 7BB
United Kingdom
+44 (0) 203 978 1360
info@protechtgroup.com
Protecht.ERM Showcase

Manage all your risks with an easy to use and configurable system

Learn how you can engage your users and manage the full life-cycle of risk management within one system.

See it in Action