Case for Action Taken Reporting on Audit Findings through IDEA
Brian Element
Hello Group Members,
We came across a novel and compelling case for IDEA usage recently.
The Internal Audit Reports for the last 5 years were digitised in a MS-Access Database with the following key fields ~
Business, Location, Financial Year, Review Period, Function Reviewed, Audit Start Date, Audit End Date, Audit Finding Observation, Risk Category, Monetary Impact, Responsible Member, Action To be Taken Due Date, Action Taken Date, Action Taken By, Compliance Verified Date, Compliance Verified By
With such valuable underlying data within IDEA some of the following illustrative reports were built using IDEA ~
(a) High Risk category findings with a monetary impact of less than say 1 million - Direct Extraction
(b) Moderate Risk category findings with a monetary impact of more than say 1 million - Direct Extraction
(c) The Audit Team had identified key words like 'Theft', 'Pilferage', 'Shortage', 'Misappropriation' and other such words of severity which would fall under a High Risk category audit finding. So Audit Finding Observation fields containing these words/strings with a 'Low' or 'Medium' Risk Classification by the side were identified - Direct Extraction
(d) Open Findings pending Action Taken beyond 2 months - Aging
(e) Action taken Findings pending compliance verification beyond 1 month - Aging
(f) The Same Responsible Member having High Risk Categories of findings across different Locations in different Financial Years - Duplicate Key Exclusion
(g) The Top Audit Finding by Financial Year, Location and Function based on monetary impact - Top Records Extraction
So with a measured and planned effort of digitizing Action Taken Reports, much insight can be derived from the compliance process.
Best Regards
Group Admin Team