Increasing numbers of organizations are looking to integrate their risk and audit functions to provide greater assurance to the business that key processes, risks and controls are being managed in accordance with governance policies and best practices. This is becoming more demanding given the ever increasing complexity of organizations and the quantity and categories of audits that need to be managed, while gathering, processing and reporting risk data across multiple silos can also be a challenge.
Active Risk Manager (ARM) Audit Management offers assurance providers within an organization the complete set of capabilities to support the planning, terms of reference, fieldwork and reporting needs of corporate assurance departments. With ARM, all audit information is managed in a single location under a complete framework. Audit reporting is automated, management actions based on findings can be tracked and shared with departments being audited.
ARM streamlines the process of managing and conducting audits in a risk-based approach to assurance.
ARM is configurable to support different types of audits and enables management of the complete audit lifecycle including:
- Audit universe, planning and scheduling
- Management of the Terms of Reference (or Engagement) stage of the audit to set the correct level of expectation with the departments being audited
- Field execution, electronic work papers including linkage to checklists, procedure documents and any other forms of documentation
- Workflow driven approval of the audit process
- Production of standard audit reports and recommendations
- Management and implementation of audit findings and remediation
- Designed to match recommended audit management processes such as the Institute of Internal Auditors.
- Provides flexibility to support organization-specific processes and audit procedures
- Streamlined review of audit recommendations by those audited.
- Ability to link risks and the audit process delivering risk based prioritisation for audits.
- Audit able to provide increased assurance to risk and control owners regarding integrity under a three lines of defence model.
- Auditors able to contribute to the risk identification process thereby making it more robust and valuable.
- The audit team can create their own management reports offering better self-sufficiency in communicating audit information
- Enforced security of audit sign-off delivering increased process governance.
ARM can be used either stand-alone or integrated with the full ARM Enterprise Risk Management solution.