Internal Audit Flow

1. Context

Enables mapping of Processes for Legal Entities through direct entry or through continuous import from company systems. Manages the repository of the various types of Controls (262, 231, Privacy, Entity Level Control, IT General Controls, etc. and Company) by assigning them the Responsible, the Area, Mode, Type, Frequency, Test plan, etc. Allows the creation of Test Plans. Manages the structure of internal and external auditors, the related requirements and suitability.

2. Audit Universe Identification

It allows the generation and coverage of the Universe Audit to support the definition of the program and the audit plans based on priority and coverage indexes: Results of previous audits: presenting the level of implementation of the action plans; Risk-based: in the presence of a Risk Management model, the system allows processes and controls to be associated with risks. The risk assessment is an element for the construction of the program and the audit plans; 262-based: the acquisition of the economic and patrimonial balance sheet represents a further element for the construction of the program and the audit plans.

3. Definition of the annual program and Audit plans

It allows the definition of the annual audit program in the various areas and legal entities, the generation of individual plans for the definition of the agenda of activities and the controls that will be investigated, the detection through appropriate checklists, during the execution, of the objective evidence , to the preparation of the report of the results and to the list of NC / OSS and relative AC. Audit plans can be modified graphically in Gantt charts. A workflow is available to define priorities and approve the list of audits to be performed. It is possible to attach documents and support images also through the use of tablets. The alerts are automatically sent in the schedule on the home page of the different contacts and forewarned via email.

4. Drafting of the report and evaluation of the management

It allows the generation of reports, after performing the audits, at the different organizational levels, activating escalation processes based on the definition of rules and assessment by the management, before the final closure of the audit report.

5. Communication of results

It allows the communication of results to the different types of users involved. In the case of the presence of the Risk Management Model, it allows the assessment of the controls to be sent to the dedicated structure for the purpose of a possible update of the risk assessment itself.

6. Improvement Activities

It allows the management of the improvement activity plan both by implementing the proposals of the audited departments and those formulated by the internal and external auditors.