Internal audits play a key role in ensuring that risk management and regulatory compliance programs are effective. Many organizations are striving to enhance the efficiency of internal audit planning and execution, while also integrating audits with the risk management program. However, due to growing business complexities and regulatory requirements, the volume of internal audits has steadily increased.
In most organizations, audit teams are confronted with multiple demands, but limited resources. Many are fast realizing that point solutions and spreadsheet-based systems are no longer suitable to manage their internal audit programs. Instead, they are actively choosing to adopt a federated, collaborative, and automated approach to internal audit management, enabled by technology. This approach strengthens compliance and audit efficiency, as well as operational excellence.Download Fact Sheet
MetricStream Internal Audit Management App
The industry-leading MetricStream Internal Audit Management App helps you plan, manage, and track internal audits with ease and efficiency. The app streamlines audit planning and scheduling, audit execution, review and analysis of audit findings, creation of the final audit report, and follow-up activities. It also enables the audit process to be monitored from start to finish, and provides external auditors and regulators with access to audit data for pre-defined time periods.
Through an intelligent, risk-based approach to internal auditing, the app helps prioritize audit tasks and resources based on the areas of highest risk. It simplifies audit task management, improves auditor productivity, and enables better collaboration across audit teams. Powerful analytics and reporting tools, as well as graphical dashboards, provide real-time insights into audit findings and processes, helping you make informed decisions.
Why MetricStream Internal Audit Management App
Enhances Compliance with Audit Standards
Incorporates internal audit best practices, and supports the adoption of the IIA standards
Enables a Systematic and Consistent Approach to Audits
Standardizes and streamlines internal audit workflows across business units, divisions, and global locations, thereby minimizing inconsistencies
Supports Dynamic Audit Planning
Provides a clear view of the organization’s risk profile in order to plan and prioritize internal audits effectively
Optimizes Audit Productivity
Enables efficient utilization of audit staff by prioritizing resource allocation based on the most important objectives and areas of highest risk impact
Facilitates Proactive Issue Remediation
Helps identify internal audit issues, and provide recommendations to remediate them in a timely manner
Strengthens Audit Collaboration
Enhances communication and coordination on internal audits across the organization, and enables audit activities to be organized effectively
Ensures Enterprise-Wide Audit Visibility
Provides a comprehensive and in-depth view of internal audit processes in order to identify potential opportunities and areas of improvement
Aligns Internal Audits with ERM and Other Assurance Functions
Helps implement a common risk language for risk assessments and internal audits, thereby strengthening alignment between audits and ERM, as well as other functions
M7 Platform Highlights
Engaging and Personalized User Experience
Makes internal audit processes simple, context-sensitive, and personalized for each user; facilitates an intuitive and engaging user experience
Supports app configurations and extensions in an upgrade-safe and scalable manner through the MetricStream AppStudio configuration framework; helps the organization adapt to change quickly
Mobility and Layering
Provides a responsive interface that allows internal audit processes to be managed across devices; leverages a REST API integration framework to layer audit processes over heterogeneous IT systems and business critical infrastructure
Reporting and Analytics
Delivers powerful visualization tools and analytics to manage and monitor internal audit trends, data relationships, and actions in real time across the extended enterprise
Lean and Robust Architecture
Is built on a lean, modern, scalable, and extensible architecture that enables the global digital enterprises of today to seamlessly scale up and support new users, while also adding new apps and solutions to meet changing organizational needs
Audit Universe Management
Define and maintain the internal audit universe including auditable entities (such as business units, functions, and processes), and common libraries of risks and controls. Identify and map risks and controls to auditable entities, and attach associated policies and procedure documents for reference. Leverage the app’s audit universe view to determine the relationship between auditable entities, related risks, controls, and test procedures. Add, delete, or update the audit universe elements as necessary to meet changing business requirements.
Risk Assessment and Analysis
Document, manage, and assess organizational risks (strategic, financial, compliance, and operational risks) based on impact and likelihood. Leverage configurable methodologies and algorithms for risk assessments and computations. Based on the assessment results, plan internal audits, focusing on key risk areas. Store and reference the assessment results and other details during audit planning. Allow authorized users (such as the audit director) to override the risk assessment score, if needed.
Dynamic Audit Planning
Create an internal audit program involving multiple audits or audit projects. Ensure that each audit has a defined objective and scope tied to compliance and risk management processes. Make the audit universe the starting point of the plan, and gain comprehensive visibility into audit coverage. Leverage the app’s audit and risk advisor tools to gain visibility into the risks associated with auditable entities, as well as the details of previous audits. Define an internal audit plan that captures the key details of each audit project. Route the plan for reviews and approvals, if required. Allow multiple auditors to collaborate on a single overall audit plan. Organize audits in a logical structure and hierarchy with detailed checklists, evaluation criteria, and tasks for execution. Slice and dice entity data based on various dimensions. View the entities that have already been included in the audit plan, or that have an exception documented. Revise or update the audit plan till it is released for execution. Change audit projects easily with an option to trigger re-approvals as needed. Upload audit plans, copy audit data (planning and scoping details, as well as audit tasks), and refer to previous audits and templates. In addition, capture the minutes of meetings.
Plan the scope of the audit based on auditable entities, risks, organizations, and other options. Use the audit advisor tool to determine the available list of auditable entities, related risks, risk scores, risk trend data, and an estimate of the audit resource days needed to execute the plan. Access information on past audits along with their ratings and open issues, as well as proposed or future audits. Re-define the scope of the audit, if required. Add ad hoc risks based on changing business requirements or risk profiles, along with relevant review and approval processes. For reference, attach multiple documents (guidelines, policies, or procedures) related to the audit plan.
Schedule internal audits periodically, or trigger ad-hoc audits of internal departments or specific products and processes. Select the auditor or a team of auditors, and assign audit responsibilities with a due date. Ensure that automatic notifications are sent to the auditor as well as the entity to be audited. Revisit the scheduled audit plans as needed.
Auditor Profile Management:
Store the profiles of all internal auditors using the auditor profile management tool. Capture details such as auditor experience, skills, certifications, and credibility. Link auditor profiles to audit schedules to track the projects that team members are working on, and to ensure effective use of limited resources.
Enable audit managers to create work papers, assign them to the team, and monitor their status. In turn, give auditors the ability to execute the work papers assigned, test controls, log findings, and compile the results and details of tasks performed. Improve auditor productivity through capabilities for simultaneous audit task execution, collaborative reviews, field work approvals, printing of tasks or work papers, and task delegation.
Audit Task Management:
Create tasks for control assessments and testing based on the internal audit plan. Send them for review and approval, and then assign them to audit team members. Keep the process on schedule through automated email notifications and reminders. Ensure that escalations are triggered when due dates are not met. Enable authorized users to re-open approved tasks, and re-assign in-progress tasks.
Work Paper Management:
Prepare, organize, review, and retain documents or work papers leveraging the centralized, work paper management tool. Manage or monitor the work papers using review and approval workflows and status tracking reports. Copy deep links to audit documents to be included in work paper narratives for quick reference and review. Refer to documents received from the audit client as part of the pre audit questionnaires. Also, update source documents by downloading them, making the required changes, and re-uploading them with the same name (i.e. without changing the link in the work paper narrative).
Enable internal audit managers to efficiently allocate and manage work papers, and assign tasks for creating, reviewing, and approving these work papers based on roles and responsibilities, along with due dates. Ensure that auditors accomplish their tasks easily and efficiently, while seamlessly collaborating and sharing information with their co-auditors.
Collaborative Work Papers:
Allow multiple internal auditors to work together on a single work paper, and update it on an ongoing basis. Enable authorized users to identify co-auditors either while creating work papers or when working on them. Send email notifications to the co-auditors when a work paper is assigned, and when a co-auditor is removed from the list.
Record audit findings, along with detailed observations and recommendations using pre-defined templates and checklists. Manage different types of checklists (based on industry standards), including checklists with conditional questions and optional questions. Store the checklists centrally, and map them to any of the library elements (e.g. risks and areas of compliance). Select questions or procedures (from the library) when defining a checklist. Also, add controls and tests during control testing.
Update internal audit data in a streamlined and consistent manner using capabilities such as checklist version control and change-tracking tools. Attach documents as evidence, and cross-reference various work papers and other data. Upload work papers in Microsoft Excel formats, and use them as templates to create new work papers. While performing audits, attach multiple documents for each question in the checklist form. If needed, re-assign and re-open work papers post approvals.
Record and maintain review notes for reference or learning. Enable lead auditors and audit managers who are not part of the workflow to also provide coaching notes for in-progress tasks. These notes typically contain information about work paper changes, comments, questions, or feedback arising from work paper reviews. Record or attach the notes in the draft report, and retain or delete them based on the audit manager’s discretion.
Send out pre-audit questionnaires and document requests to auditees, and reference these documents or responses as evidence in work papers. Also, collect feedback about individual auditors and the audit methodology followed, post the audit Manage internal audit tasks and assignments on the go using mobile devices (laptops, tablets, and smartphones). Access audit forms and checklists, enter findings, capture supporting photos or images, and then push the results back into the MetricStream web app.
Offline and Mobile Capability:
Document internal audit findings at remote field sites, even without access to the corporate network using the offline audit capability (provided as part of the MetricStream platform). Take your task assignment forms offline (on notebook computers and hand-held devices), and enter findings as usual. Synchronize the data later with the central repository when you access the corporate network.
Manage internal audit tasks and assignments on the go using mobile devices (laptops, tablets, and smartphones). Access audit forms and checklists, enter findings, capture supporting photos or images, and then push the results back into the MetricStream web app.
Route internal audit findings and recommendations to the appropriate audit managers for review and subsequent actions, leveraging automated workflows. Send findings and proposed action plan details to the audited entity or auditee to seek clarifications on specific questions or issues observed, or to ensure that they agree with the data. Review the responses received, and provide feedback.
Audit Issue Management
Document, review, and prioritize internal audit issues. Assign resources for issue investigation and remediation. Define an action plan, capturing the required details. Send it to the owner, and track it to closure. Set up automatic alerts and notifications to ensure timely completion of the tasks.
Draft and Final Audit Report:
Generate and send draft and final internal audit reports to a pre-defined distribution list with streamlined review and approval workflows. Pull together findings and actions from various tasks and issues, and include them in the draft report. Monitor issues (included in the report) to closure.
Once the final audit report is published and the audit closure process is initiated, re-audit or follow up on the audit, if required. Enable authorized users to disallow audit closure, or re-open and re-work on closed audits.
Allow external auditors and regulators to access audit work papers and final reports for pre-defined time periods.
Other Reports and Metrics:
Gain comprehensive visibility into the internal audit process, and track each step to ensure timely execution. Access historical or real-time audit data and results for analysis. Leverage graphical executive dashboards and flexible reports with drill-down capabilities to view statistics by a variety of parameters (such as by audited entity, schedule, scope coverage, results (pass or fail), and issues triggered). Slice and dice the data from various perspectives, and draw out actionable insights to support intelligent decision-making.
Audit Resource and Time Management
Manage audit time and resources efficiently using the app’s resource management capabilities. Track globally dispersed audit teams, and allocate tasks based on each auditor’s skill sets (e.g. experience, subject matter expertise, qualifications, languages known). Assign audits based on a pre-determined budget of time or effort, defined in days. Generate Gantt Charts and reports to view details of audit schedules, staffing resources, and activities. Proactively distribute resources across audit projects (based on request and availability) through the app’s powerful project and resource scheduler. Keep in check instances of audit over-booking or conflicts. Change audit schedules easily using a drag and drop capability. Improve collaboration on audit activities, and enable better prioritization of tasks through features such as advanced audit pool management and audit milestone tracking tools, as well as distribution lists and shared calendars.
Audit Task Management:
Capture the time spent in auditing on a weekly or monthly basis through the app’s time-tracking capability. Allow partial filling of timesheets to record upcoming vacations or leave of absence. Copy data easily across timesheets, thereby saving time and effort. Leverage additional capabilities for timesheet report creation across organizational units, time periods, and audit or non-audit activities.