|
1. The Pentana Audit Work System (PAWS) |
 |
The Pentana Audit Work System (PAWS)
The Pentana Audit Work System (PAWS) is an integrated suite of software
designed by Pentana to manage a wide range of risk, audit and corporate
governance procedures. PAWS can help you to:
* Comply with various international auditing requirements, including
Sarbanes-Oxley, Turnbull and COSO.
* Improve control over your business and focus resources on the risks and
issues that most concern you.
* Gain better and more timely management information on which to base your
decisions, through our extensive analysis and reporting features.
* Perform more efficient and effective assignments, such as audits or risk
reviews.
* Involve your business units more actively in Control Risk
Self-Assessment and in the timely completion of agreed actions.
Replace your old, often unreliable, spreadsheet or PC-database systems
with a system that is robust, flexible, accessible and easily scaleable.
PAWS comprises the following product modules:
* PAWS Universe – for the definition of business units or processes.
* PAWS Planet – for the performance of audits and assignments
* PAWS Action Satellite – for web-based action tracking and questionnaires.
* PAWS Risk Satellite – for web-based risks and controls management
including Control Risk Self-Assessment across the entire business.
There are also optional links with Retain Resource Planning and Time
Management modules for comprehensive staff and resource management.
PAWS runs on a SQL Server database. The database can be replicated for
multi-site use and a check-out feature allows individual assignments to
be updated collaboratively while disconnected from the network. Work
papers can be attached at many levels in the software. Small
installations can use the licence-free MSDE desktop edition of SQL
Server.
Terminology and concepts
This section lists some of the key concepts and the terminology that we
use throughout this document and in the default software installation.
You can fully customise the terminology displayed in the software to
match the terms with which you are familiar.
* Universe – This describes the complete population of entities and audits
that are present on your system.
* Entities – This can include physical entities such as ‘head office’ or
can represent processes such as ‘revenue cycle’. You can complete a
Risks & Controls Register against each entity and also perform ‘audits’
of an entity.
* Audits - An 'audit' is any type of assignment in which work is performed
in respect of an entity. Audits may be of different types. Each entity
can have an unlimited number of audits. You can only perform ‘tests’ and
raise ‘actions/recommendations’ within the context of an audit.
* Global risk assessment – This term describes the systematic assessment
of relative risk across entities in your universe, typically for the
purpose of prioritising and scheduling audits.
* Risks & Controls Register – This is an integrated module in which you
can define and assess specific risks and their mitigating controls and,
within the context of an audit, perform tests and document any resulting
actions. You can maintain a Risks & Controls Register for each entity in
your universe.
* Objectives, Risks and Controls – These are the three primary levels of
our Risks & Controls Register. An objective can have any number of risks
attached to it, and any number of controls can help to mitigate each
risk.
* Accounts and Assertions – These are concepts when managing controls over
financial reporting, especially to assist auditors in meeting their
attestation objectives in accordance with the PCAOB standards (see
www.pcaobus.org/pcaob_standards.asp). Accounts are elements of your
financial reports (e.g. ‘Accounts receivable’) and Assertions help you
assess whether the accounts are correctly stated (e.g. ‘Existence
or Occurrence’).
* Areas – Within the context of an audit, tests are grouped by ‘area’.
* Tests – A ‘test’ is any item of work that is carried out within the
context of an audit. Tests are typically designed to address risks and
controls, but they may also represent audit admin. tasks such as
‘Perform satisfaction survey’.
* Points Arising – This term describes the various matters that may arise
during the course of an audit. This typically includes ‘findings’ (i.e.
the points that generate an ‘action’ – see below), ‘review points’,
‘points forward’ or any other classification that applies in your
organisation.
* Actions – This describes a typical life cycle of ‘finding à
recommendation à response à agreed action’ with which Internal Audit
departments are often familiar within the context of an audit. This
model can also be applied equally to other contexts, such as Risk Reviews, etc.
* Audit Report – This describes the formal output of an audit, being some
sort of a report to the management of the ‘client’.
*
Contacts - Contacts are people who ‘belong’ to an entity and who may
typically perform control risk self-assessments and/or be responsible
for addressing the agreed actions that arise from an audit. You can
allow entity contacts to have ‘business user’ (Web) access to the
system.
* Business users – Business users are entity contacts who have been set up
as restricted users within the system. Business users can typically only
access the optional PAWS Action Satellite and PAWS Risk Satellite
modules.
|
|
2. Paisley Enterprise GRC
|
 |
Paisley Enterprise GRC™
Paisley Enterprise GRC™ is a comprehensive audit, financial controls
management, enterprise risk management, operational risk management, IT
governance and compliance software solution purpose-built to address
integrated governance, risk and compliance requirements.
Optimized for Global 2000 organizations, Paisley Enterprise GRC provides
greater efficiency, improves collaboration and reduces the time and
resource costs associated with governance, risk and compliance. Paisley
Enterprise GRC provides a common solution for each GRC process owner
with shared functionality for common activities such as risk assessment,
process documentation, and issue tracking. Leveraging a shared data
model, Paisley Enterprise GRC enables the consistent sharing of
definitions and terms, organizational reporting structures, and
relationships between controls and the associated audit results.
Eliminating the redundant efforts saves money by minimizing data entry,
improving accuracy and enhancing collaboration, efficiency and
consistency.
Paisley Enterprise GRC:
* Automates integrated compliance business processes
* Manages enterprise and operational risks
* Optimizes internal audit processes
* Reduces costs of financial controls compliance
* Provides visibility, oversight and assurance
* Available for delivery via on-site installation or through a hosted
application deployment model
|
|
3. ACL Audit Software |
 |
ACL Audit Software
ACL is the preferred software tool of audit and financial professionals
for data extraction, data analysis, fraud detection, and continuous
monitoring. Robust yet easy-to-use, ACL expands the depth and breadth of
your analysis, increases your personal productivity and gives you
confidence in your findings. With ACL, organizations can achieve fast
payback, reduce risk, assure compliance, minimize loss and enhance
profitability.
Providing a unique and powerful combination of data access, analysis and
integrated reporting, ACL reads and compares enterprise data—any data,
flat or relational databases, spreadsheets, report files, on PCs or
servers—allowing the source data to remain intact for complete data
quality and integrity. Used as a standalone PC application and/or as the
client with the Server Edition software, ACL employs a single,
consistent client interface and provides easy, immediate access to data.
For example, with a few clicks, you can move from analyzing server data,
to information stored on mainframes, to mySAP for ERP data, or networked
PCs. This ensures optimized performance and optimum flexibility in
accessing new sources of data.
Commands—a full range of analytical power from simple classifications to
complex tests—are already pre-programmed for data analysis. Automate
your analysis through continuous monitoring and real-time notification.
With ACL you can:
* Analyze data more quickly and efficiently, independently from your IT
department, with an intuitive user interface, pull down menus, toolbars,
and point & click commands
* Rapidly analyze transactional data in files of any size to ensure 100
percent coverage and the utmost confidence in your results
* Produce easy-to-understand reports—easily design, preview and modify
your results on-screen with drag-and-drop formatting
* Identify trends, pinpoint exceptions, and highlight potential areas of
concern
* Locate errors and potential fraud by comparing and analyzing files
according to end-user criteria
* Identify control issues and ensure compliance with standards
ACL desktop software is available for multiple languages. Localized
product versions—including English, French, German, Japanese, Polish,
Portuguese, Simplified Chinese and Spanish—provide assistance through
dialog boxes, menus, and help files in the language selected.
The just released ACL 9 represents the continued evolution of ACL
analytic technology and is focused on increased team collaboration and
enterprise IT standards readiness.
|
|
