RSA Archer Audit Management
Transform Your Internal Audit Function
Overview:
- Gain control of the complete audit lifecycle
- Improve collaboration among audit, risk and compliance teams
- Generate useful audit committee reports
Internal audit departments are struggling to deliver strategic leadership, coordinated assurance and other services their stakeholders need, but this task isn’t easy. According to a 2014 PwC study, more than half of senior management does not believe internal audit adds significant value to their organization. Your organization faces a rapidly changing regulatory and business risk landscape, and your internal audit strategy may not be positioned to adapt to these changes. In addition, while internal audit has typically been a compliance function, the expectation now is that dynamic risk planning should be incorporated into approaches and results.
Existing approaches, tools and expertise are historically positioned around point-in-time, static audit planning. Decentralized documentation captured in multiple tools and systems make it difficult to integrate, and there is often static reporting and limited coordination of objectives among risk, compliance, and audit groups. Lack of visibility into findings generated by other business functions makes tracking the status of all findings and remediation efforts a difficult and time-consuming challenge for internal audit. In turn, this makes creating the necessary reports for the Audit Committee and senior management a resource and time-consuming process. And unfortunately, these reports are often out-of-date as soon as they are completed.
Fewer resources and more responsibility for your internal audit team require changes to the current audit approach. As your team strives to change the perception of internal audit’s value within your organization, you must take a coordinated, risk-based approach to audit to implement this transformation.
Transform audit with a risk-based approach
Your current audit approach is very compliance-focused and more reactive than proactive. Unfortunately, this means your team cannot focus on helping the business evaluate new risks and opportunities because you are spending much of your time evaluating past performance of controls. By incorporating a risk-based approach and collaborating with risk and compliance functions, you can integrate the appropriate view of risk into your evaluation of the most critical areas of the business and organizational controls. This also allows you to focus on strategic business initiatives and highlight your audit team’s value to the organization.
Conclusion
With RSA Archer, you can truly align risk to the business to support your executive team’s goals of growth and profit improvement, and raise the risk conversation to that of performance. From early evolution to program maturity, no one gives you the tools to effectively leverage your audit function better than RSA Archer.
Benefits:
Improves Your Control Over the Complete Audit Lifecycle
By providing a single, authoritative system for all of your audit management needs, RSA Archer allows you to consolidate your entire audit process and documentation in one system. This makes it easier to manage the audit lifecycle and quickly review staffing and budgets.
Promotes Collaboration with Risk and Compliance Functions
RSA Archer Audit Management features best practices based on the latest Institute of Internal Audit standards and COSO framework so that your internal audit team can partner more effectively and share data with colleagues across risk and compliance.
Helps to Align Internal Audit with Business Priorities
By aggregating risk and control information from across an organization on one system of record, RSA Archer Audit Management allows audit teams to prioritize their activities based on business imperatives and the latest risk assessments.
Enables Proactive Management of Risks and Controls
By providing access to information, resources and results from risk and compliance teams, RSA Archer Audit Management gives audit teams better visibility into key risks and under-performing controls. Real-time dashboards ensure your team is achieving audit plans.
Advantage:
RSA Archer Audit Management puts you in control of the complete audit lifecycle, enabling improved governance of audit-related activities, while also providing integration with your risk and control functions. With RSA Archer, you can transform the efficiency of your audit department, complete riskscoped audits more quickly, and partner with the business to achieve your organization’s goals.
Automate Audit Processes
Managing audit plans and workpapers in static documents or standalone systems that do not interact with your business, risk and compliance teams certainly limits your ability to collaborate. Collecting and coordinating audit findings and results in a meaningful and timely manner across these different groups is a manual, painful process that results in static, point-in-time reports.
RSA Archer Audit Management enables you to consolidate your entire audit process (audit entities, audit planning, engagements, findings) into one system. You can manage the audit process and team and quickly review your audit staffing, budgets, and resource allocation. Real-time dashboards help identify gaps and ensure you are achieving your audit plan.
RSA Archer also allows you to streamline the findings management process, focus on the most critical issues, and report what is most important to the management team and audit committee. This technology becomes even more powerful when other risk and compliance groups also use Archer, improving your ability to communicate the status of collaborative activities and leverage their work.
Dynamically Adjust Risk-Based Audit Plans
Your time may often be focused on repetitive, compliance-driven audit testing. As a result, you are not positioned to implement a more risk-based audit approach that is increasingly expected by regulators, governing bodies, and executives.
RSA Archer Audit Management offers out-of-the-box best practices aligned with the latest Institute of Internal Audit (IIA) standards and Committee of Sponsoring Organizations (COSO) framework. These best practices enable you to partner with your risk and compliance counterparts to share operational risk and control data, and then align audit plans and prioritize efforts based on the organization’s business priorities and latest assessment of operational risk. Integrating these risk and control systems drives alignment between audit and other teams regarding prioritization and execution of risk and compliance activities. In addition, you can more clearly understand the current state of the business, which leads to better audit planning and scoping.
Rally Risk & Compliance Team to Tackle Pressing Issues
Audit teams do not always leverage information, resources and results from other risk and compliance teams. As a result, you lack visibility into key risks and underperforming controls.
With RSA Archer Audit Management, all issues raised by internal audit, other risk and compliance teams, or management can be housed and cataloged within one central system to provide business workflow and a holistic view of their significance and remediation status for all business teams. Internal audit can also choose to leverage control testing and risk assessment and mitigation by other teams to better evaluate the current status, quality, and effectiveness of your organization’s risks and controls, while summarizing and prioritizing critical results to the audit committee and your risk and compliance counterparts. This establishes greater transparency and a higher level of trust throughout the organization.
Use Cases:
Many times, the audit team cannot focus on helping the business evaluate new risks and opportunities because they are spending time evaluating past performance of controls. Using RSA Archer Audit Management, you can incorporate more of a risk-based approach and collaborate with risk and compliance business partners. Plus, your organization can integrate the appropriate view of risk into evaluation of the most critical areas and controls. This also allows you to focus on strategic business initiatives that show the audit team’s value to the organization. RSA Archer Audit Management provides several use cases to meet your specific business needs and progress in the audit maturity journey, including the following options.
Issues Management
RSA Archer Issues Management lays the foundation for your GRC program to manage issues generated by audit, risk and compliance teams. The use case includes the Business Hierarchy to establish the corporate structure and provides better accountability for risk and compliance issues, and workflow to manage findings, remediation plans and exceptions to address risks and associated resolutions.
RSA Archer Issues Management allows you to create a consolidated view into all issues. With an organized, managed process to escalate issues, you get detailed, rolled-up visibility into risks and efforts to close and address risks. Workflow for proper sign-off and approval for issues, remediation plans, and exceptions ensures identified issues are managed and mitigated. Your organization will see quicker reaction to emerging risks, creating a more proactive and resilient environment while reducing costs.
Archer Audit Engagements & Workpapers
RSA Archer Audit Engagements & Workpapers enables you to define your audit entities and universe, perform audit engagements, maintain workpaper documentation, and report on audit results in a consistent and timely manner. RSA Archer Audit Engagements & Workpapers helps you transform the efficiency of your audit department, complete better-scoped audits more quickly, and decrease external audit fees.
Audit Planning & Quality
RSA Archer Audit Planning & Quality enables internal audit teams to risk assess their audit entities and make audit plans for engagements in the coming year. Since RSA Archer Audit Planning & Quality integrates rich risk management and control information, internal audit can ensure their audit objectives are aligned with management, enterprise risk management, and other related groups. In addition, the use case allows audit managers to manage the audit team and staff audit engagements with the right personnel. RSA Archer Audit Planning & Quality also offers quality assessment of your audit function for improved governance of audit-related activities.
Documentation:
Download the RSA Archer Audit Management Datasheet (.PDF)