Automated information system «Internal Audit»

The internal audit management system allows you to automate all the processes of the internal audit department of the company:

- risk-based planning of activities of the internal audit department;

- resource planning;

- planning and documentation of internal audits;

- quality control of planning and implementation of audits;

- preparation of reports on audit;

- control of the formation by management of corrective action plans;

- monitoring the implementation by management of corrective actions developed based on the results of audits;

- preparation of reports for the Audit Committee, Board of Directors, executive management;

- support in the implementation of the requirements of the quality assurance and improvement program of internal audit.

The object approach used in AIS IA allow to plan and conduct audits of the company in various sections - business processes, organizational units, and other audit objects, the risks of which are recorded in the system. This approach allows to systematically formulate a risk-based audit plan, focusing on the most important and risky areas, and at the same time covering the entire company’s activities on a strategic outlook.

The system is built on a modular approach and includes the following functional modules:

- PLANNING

- CONDUCTING OF AUDITS

- MONITORING

Functional characteristics of AIS IA

PLANNING

1. Formation of the audit Universe and selection of audit objects in the plan according to the level of risk, frequency of audits and other parameters.
2. Formation and adjustment of the annual activity plan of the internal audit department.
3. Formation and updating of the current plan, including both scheduled and unscheduled audits, and other activities.
4. Distribution of annual plan of audits among employees, taking into account non-working days (holidays, vacations, etc.), trainings, as well as the time limit for unscheduled audits and special tasks.
5. Preservation and systematization of information on the implementation of quality assurance and improvement programme of internal audit.
6. Formation of reports on the planning and implementation of internal audit activity plans.

CONDUCTING OF AUDITS

1. Planning and implementation of the audit based on a risk-based approach .
2. Collection, systematization and storage of audit evidence in a structured manner.
3. Documenting the results of audit procedures .
4. Preservation and systematization of information on deficiencies identified during the audit. The possibility of a qualitative and quantitative assessment of the materiality of the identified deficiencies .
5. Support for the deficiencies classifier, which allows typing the identified deficiencies, identifying systemic deficiencies.
6. Monitoring the status of audit procedures and documenting deficiencies identified during the audit.
7. Ensuring the exchange of official information regarding the ongoing audit between members of the audit team.
8. Supervision of the audit, quality control of working documentation.
9. Preparation of reports based on the results of the audit.

MONITORING

1. Monitoring the completeness of the preparation of corrective action plans by the management based on the recommendations of the internal audit, control of the compliance with the deadlines for preparing and approving corrective action plans.
2. The preservation and systematization of information on corrective actions.
3. Registration of the results of corrective actions. maintaining supporting documentation in a structured form.
4. Monitoring the timing and status of the implementation of corrective actions by management.
5. Ensuring the exchange of information regarding the status of the implementation of corrective actions between auditors and management.
6. Preparation of reports on the implementation of corrective action plans. The data export on the deficiencies identified following the results of the audit and corrective actions that were taken from the register system.

Reference Data Management

Management of reference data on AIS IA provides:

- convenient storage and use of data of the company and its subsidiaries and affiliates, departments, business processes, risks and control procedures;

- customized statuses of the main objects of the system (audit, audit procedure, deficiency, corrective action, etc.);

- editable audit templates;

- editable book of reference;

- support for deficiencies classifiers, identified during the audits;

- structured storage of internal audit's organizational and methodological documents.

The advantages of using AIS IA

Control of compliance with international standards of internal audit.

Effective resource planning.

Using a single methodology adopted by the company / holding due to standardization of procedures and audit documentation.

Improving the work efficiency of auditors through standardization, automation of routine operations, use of templates for audit and standard procedures.

Ensuring the quality of internal audit by supporting the implementation of the requirements of the support program and improving the quality of internal audit, including monitoring the planning and implementation of audits.

Simple, convenient and intuitive user interface.

Possibility of simultaneous work of hundreds of users, flexible scalability.

Ensuring the security and confidentiality of information.

Training for use of AIS IA, technical and methodological support for users of the system.

Installation and Setup Information

The system consists of three components:

1. Web application (front).
2. Server business logic (api).
3. The subsystem of reports (reports).

To install and operate AIS IA, you need:

• - PostgreSQL database version 9 or higher.
• - PHP interpreter version 7.1 or higher (php_fpm recommended).
• - Web server (nginx recommended).
• - Linux family operating system.

After purchasing software licenses, we will send you the AIS IA distribution kit, detailed instructions for installation and setup of the system.

Recommended AIS IA Implementation Procedure