Audit Management Solution (‘AMS’) is a module
offered as part of Active Risk’s suite of Active Risk
Manager (ARM) software solutions.  It has been designed
to provide a complete set of capabilities around the planning,
fieldwork and reporting needs of corporate internal audit and quality management departments.

NDA Case Study

By way of background, in 2007 NDA Audit operated a risk based audit process via an internal team of five NDA staff supported with the assistance of external auditors, as required.

The NDA required a system to integrate with its existing bespoke Risk Management system and to manage audits through to report delivery. The system needed to be compatible with industry standard reporting packages and to include an archive of conducted audits for a predetermined retention period.  Most importantly the system had to be extremely flexible in order to support the NDA Audit process and to support change in this process over time.

Core functionality required by the NDA included:

• Audit planning and allocation of resources
• Field work including risk and controls identification, working papers, findings and conclusions
• Audit recommendations tracking
• Management information & reporting to stakeholders
• Reporting capabilities to include findings, controls, testing methods, recommendations and action plans
• Quality Management, Health & Safety and Security Assurance

AMS was developed for the NDA to meet these requirements in the following manner:

Audit planning and allocation of resources
Using the planning dashboard, views can be opened for months, quarters and years allowing audit management to be informed of what audits are planned and which auditors are assigned to which audit.  The tasks functionality allows users to reserve auditors for planned audits.  Detailed plans about the audits can be tracked including details of the status of the audit, staff allocated including details of holidays and training commitments.

Hence an overall picture of the audit planning process is available and the filtering capability of the software allows ‘view at a glance’ information on e.g. audits by business department, by resource and audit resourcing status.

Audit field work
AMS supports the management of the full audit process conducted in the field including the definition of the objectives, terms of reference, risks, controls and tests to be carried out that are relevant to the audit, preliminary and final field work supporting surveys, working papers, findings, conclusions and recommendation.

This provides a central repository of audits that are updated in real-time and can be accessed by any authorised audit team member. This makes the audit process more efficient as common documents and tasks are standardized and if required full document management control put in place to ensure version control and workflow based sign off thereby improving the integrity of audits.

Audit recommendation tracking*
AMS holds recommendations from all audits and is able to log, track, monitor progress and report on them.  The reporting and filtering functionalities allow reports and views to be prepared by business area, type or audit enabling users to analyse common threads in the recommendations.

Management information and reporting to stakeholders*
AMS provides report capabilities which allow users to produce standard reports as follows:

• Audit Terms of Reference report
• Field work report
• Final Audit Report including findings, recommendations and conclusions
• Management Information with statistics of audits, numbers of findings, close out of actions etc.

The reports themselves are templates with standard text that can be edited.

Quality Management, Health & Safety and Security Assurance
AMS also supports audit related needs for the assurance of the Quality Management, Health & Safety and Security and Surveillance processes of the NDA. This additional functionality including KPI tracking and surveys can be configured for different user communities in the business.

Summary

AMS is now being used to good effect in support of the NDA’s business requirements from an Internal Audit perspective.

* These areas of functionality were not developed by Active Risk formerly Strategic Thought for the NDA.  They were separately developed by Active Risk formerly Strategic Thought and then incorporated into the base product.