The Active Risk Manager Audit Management module was designed from the outset to meet the specific needs of organisations who have a risk based approach to audit and quality management.By already having the world’s leading enterprise risk management software product, the majority of our customers thought it was obvious that we should also provide them with the capability to add the “third line of defence” to the overall governance framework through a new assurance module integrated with the existing Enterprise Risk module.

With the objectives of the risk based audit process in mind our customers can now:

• produce and analyse their audit universe based on an advanced risk assessment of their processes and business units

• plan their audits for the coming years to map against the universe model

• transform paper-based documentation into a dynamic audit programme

• engage and execute their audits with automated document management and reporting

• raise new risks based on the findings of weaknesses that feed into the ERM process

• communicate and track recommended actions efficiently

ARM Audit Management

This enables improved governance of ongoing audit-related activities, data and processes without the limitations of manual or stand-alone solutions.

It is a process supported by the Institute of Internal Auditors (IIA) standards.

Product data sheet

Key Benefits• Ability to leverage the existing ERM risk and control universe

to plan and scope audits based on the largest risks and most important controls to the business

• Ability for audit to contribute to the enterprise risk management process through the raising of new risks identified through the audit

• Centralised audit documentation and processes and linkage of the audit work papers with collected evidence, observations and recommended remedial actions in a single, secure solution

• Ability to roll up audit status and results to critical elements of the business hierarchy and operational infrastructure as well as being able to engage external service providers

• Significant time saving for auditors in following up audit recommended actions

• Improved Audit performance reporting through the powerful data filtering and custom reporting features

• Very fast time to value due to the powerful configuration capability of the system that can be performed by business users rather than highly skilled technical consultants

• Implement either in-house or in the cloud to achieve hassle free service and even faster implementation

Key FeaturesRisk driven Audit Universe Document your targeted audit entities, and determine audit scope by completing dynamic risk assessments of your audit universe. These fully configurable assessments reveal the inherent and control risk associated with each audit entity; the solution uses the assessment results, in combination with past audit history, to automate the scheduling of audit engagements for each entity.

Structured Audit programmes and sub-programmes Create processes for different types of audits and assurance programmes. For instance internal audit, quality management, Health & Safety and Compliance audits. Set up terminology and data capture screens as you need them.

Build centralized libraries of procedures that can be related to multiple audit. The solution supports approval workflows to ensure that once approved information cannot be amended unless by someone with the appropriate security level. The software has configurable email alerts to automatically alert audit staff of their pending tasks. Develop project stages of the audit process that fit with the defined audit process – for instance the ability to configure an “Engagement” phase in the audit whereby the process owner and department owner are communicated with regarding the scope, objectives and timing of planned audit.

Execute Audit Plans Capture the results of audit tests in fully configurable work papers, and attach supporting documentation and review notes. Draft and communicate audit recommendations to address weaknesses in a collaborative manner with auditee’s. Retrospectively analyse any changes made to the audit plan, through the different phases of the audit through a searchable data history trail looking at before and after images of the information amended during review sessions by senior management and auditee’s.

Automate the Audit Follow-up Process Remove the need to chase, meet, email and call audit action owners through automated email reminders and the ability for auditee’s to access their actions through a very simple web based portal. Ensures the auditor is informed of any updates by auditee’s by returning email alerts informing the auditor of the updates made.

Increase the ability to deliver valuable business information Use the advanced data filtering sub-system to slice and dice audit information and present this to either a set of standard reports or the powerful report and dashboard builder. From performance dashboards on action KPI’s to audit plan registers to fully automated audit reports that can be stored in final signed off versioning or saved in PDF, Word or any other format required for presentation.

EMEA Headquarters

Sword Active Risk 1 Grenfell Road Maidenhead Berks SL6 1HN UNITED KINGDOM

Tel: +44 (0)1628 582500

US Headquarters

Sword Active Risk, Inc. 13221 Woodland Park Road Suite 440 Herndon, VA 20171 UNITED STATES

Tel: +1 (703) 673 9580

Australia

Sword Active Risk Pty Ltd 40/140 William Street Melbourne VIC 3000 AUSTRALIA

Tel: +61 3 9229 3850

www.sword-activerisk.com info@sword-activerisk.com Twitter @SwordActiveRisk

SAR | v1.0 | 20.06.14