mega grc 3.2 en - audit user guide

8/6/2019 Mega Grc 3.2 en - Audit User Guide

1/52

MEGA GRC Audit

User Guide


2/52

MEGA GRC Suite 3.2

1st edition (January 2010)

Information in this document is subject to change and does not represent a commitment on the part of MEGA

International.

No part of this document may be reproduced, translated or transmitted in any form or by any means without

the express written permission of MEGA International.

MEGA International, Paris, 1996 - 2010

All rights reserved.

MEGA GRC Audit and MEGA are registered trademarks of MEGA International.

Windows is a registered trademark of Microsoft Corporation

The other trademarks mentioned in this document belong to their respective owners.


3/52

CONTENTS

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Main Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Audit repository management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Document repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Audit plan and mission management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Mission execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Mission and recommendation follow-ups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Collaborative work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Convent ions Used in the Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Presentation of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Audi t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

User Profi les . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Audit manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Mission manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Managing the Audit Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Creating an Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Managing Auditor Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Managing Auditor Skills. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Defining skills for each user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Viewing skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Preparing Audi t P lans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Creating Audit Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18Defining a Calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Creating Audit Missions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Creating a mission manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Creating a mission from a program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Managing Audit Missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20


4/524 MEGA GRC Au d i t

Contents

Accepting a mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Specifying audit mission scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Scheduling missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Viewing unassigned missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Preparing Audit M iss ions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Assigning Auditors to an Audit Mission. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Viewing auditor availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Viewing auditor skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Assigning an auditor to a mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Managing Mission Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Creating an audit theme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Creating an audit activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Specifying audit activity scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Scheduling Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Displaying the activities report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Modifying an activity from a Gantt diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Checking assignment of auditors via reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Managing Workpapers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Creating a workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Announcing and Starting a Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Viewing the announcement letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Sending the announcement letter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Starting the Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Executing Audit Missions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32Proposing a New Mission . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Managing Workpapers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Viewing and completing workpapers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating a workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Creating Audit Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Creating audit findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Sending Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Managing M iss ion Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Generating RTF documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Saving Audit Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Reports and Audit Fo llow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

Recommendation Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Recommendation follow-up reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Viewing your recommendation list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Defining a steering calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Audit Plans Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Comparing audit plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Action Plan Follow-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Audit Activity Follow-Up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Managing the Audi t Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44Audit repository principle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Managing Mission Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Creating a mission program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Creating an audit mission from a mission program . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Managing Activity Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Managing Workpaper Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Managing Form Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Managing Audit Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48


5/52

Conten

Managing operational document templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48


6/526 MEGA GRC Au d i t

Contents


7/52

INTRODUCTION

MEGA GRC Audit offers a simple and flexible solution adaptable to the specific requirements ofeach internal audit department to improve audit quality and to enhance decision-making capacity.

Based on a proven methodology, MEGA GRC Audit helps internal auditors to optimize processes,

increase action plan follow-up capacity, support findings, standardize best practices and improvetransparency of results and information traceability.

"Main Features", page 8

"Conventions Used in the Guide", page 10

"Presentation of this Guide", page 11


8/528 MEGA GRC Audit

ntroduction

MAIN FEATURES

Audit repository management Audit templates Mission, activity, workpaper and associated checklist templates Creation of an operation mission template

Document repository Help capitalize on legal notices and best practices Generate operations documents Creating customizable mission reports

Audit plan and mission management Management of annual and multiannual audit plans

Mission scheduling and planning according to established priorities Building mission plans with predefined and manual checklists Audit template management Task management for auditors and auditing teams Assignment of auditors as a function of missions Definition of skills and level required to perform specific missions

Mission execution Task assignment Workpaper generation from templates or risks/controls matrix Possibility of documenting findings and associating recommendations Collection of auditee comments and progress follow-ups

Approval workflow management Access to methodological documents

Mission and recommendation follow-ups Progress follow-ups aligned with approbation workflow Recommendation follow-ups and action plans involving auditees Management of the different mission stages and the transition between

stages

Use of milestones to collect and report the implementation progress rate


9/52

Introducti

Main Featu

Reporting Analytical reports to follow up recommendations and action plans Generation of audit announcement letters, executive audit, summaries,

and complete audit reports

Several standard reports support audit team activity analysis

Dashboard for mission follow-ups Gantt charts to prepare audit plans and missions and to manage auditorresources

etc.

Collaborative work Secure Web-based environment Configurable workflows Management of exchanges between auditors and auditees Document sharing Sending messages with attachments



ntroduction

CONVENTIONS USEDINTHE GUIDE

Remark on the preceding points.

Definition of terms used in this guide.

A tip that may simplify things.

Compatibility with previous versions.

Things you must not do.

Commands are presented in this way: File > Open.The names of MEGA products and technical modules are presented in this way:MEGA.

Very important remark to avoid errors during an operation.


11/52

Introducti

Presentation of this Gu

PRESENTATIONOFTHIS GUIDE

This user guide is supplemented by:

MEGA GRC Com m on Feat ur es, guide describing commonfunctionalities of the MEGA GRC Suiteplatform.

Guides dedicated to modules MEGA GRC Com pl ian ce & Cont rol and MEGA GRC Risk.

Administrator guide.



ntroduction


13/52

1

AUDIT

Internal auditing exists in various legal and cultural environments, as well as in organizations ofdiffering size, complexity and structure.

An internal audit is an independent, objective assurance and consulting activity designed to add

value and improve organization operations. It helps an organization achieve its objectives bybringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk

management, control, and governance processes (source: IIA).

MEGA GRC Audit offers a simple and flexible solution, adaptable to the specific needs of eachinternal audit organization unit, and a methodology integrating international standards. It helpsinternal auditors to optimize processes, increase action plan follow-up capacity, support findings,

standardize best practices and improve transparency of results and information traceability.

Internal auditors can use the audit module as support in the execution of classic audit missions(mission preparation, execution and follow-up) or as continuous auditing support.

Thanks to their integration in MEGA GRC Suiteand its database,users can access descriptions of risk and control systems and theirassessment with MEGA GRC Com pl ian ce & Cont ro l , and risk mapping

with MEGA GRC Risk.

The following points are covered here:

"User Profiles", page 14

"Managing the Audit Team", page 15

"Preparing Audit Plans", page 18

"Preparing Audit Missions", page 23

"Executing Audit Missions", page 32

"Managing Mission Documents", page 37

"Reports and Audit Follow-Up", page 39

"Managing the Audit Repository", page 44

The functionalities presented here can be configured. For more

information on possible customizations, see the administrator guide.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/



1

USER PROFILES

For the MEGA GRC Audit module, there are by default three user profiles:

Audit Manager Audit Mission Manager Auditor

Operational users can connect to the application without beingassociated with a predefined profile. For example: auditee manager.

Audit managerThe audit manager ("Audit Manager" profile) is responsible for preparation of theaudit plan. For more details, see "Preparing Audit Plans", page 18.

This user is also responsible for defining and maintaining the audit repository, whichincludes:

Programs (mission programs, particularly for recurring missions).

Reference documents to be provided to audit teams. Operational document templates used during audit execution to produce

different reports.

Skills.

For more details on the audit repository, see "Managing the AuditRepository", page 44.

Mission managerThe mission manager ("Audit Mission Manager" profile) is nominated by the auditmanager as being responsible for execution of the mission. This includes:

Preparing the mission (assigning auditors, managing audit activities,defining mission scope).

For more details, see "Preparing Audit Missions", page 23. Reporting on the mission to the auditee manager.

For more details, see "Announcing and Starting a Mission", page 31.

Supervising mission execution (follow-up of recommendations made byauditors).

Generating the mission final report and submitting this for validation tothe auditee manager.For more details, see "Managing Mission Documents", page 37.

AuditorThe auditor ("Auditor" profile) is responsible for progress of the audit activity in the

field.

For more details, see "Executing Audit Missions", page 32.


15/52

Aud

Managing the Audit Te

MANAGINGTHE AUDIT TEAM

Before scheduling audit missions, the audit manager must set up appropriate audit

teams and assign roles and responsibilities.To do this, the audit manager has tools available that enable definition and display

of the skills of team members.

An auditor is a person with skills required to execute an audit(source ISO 19011:2002)

Creating an Auditor

To create an auditor:

1. Select Audit > Team Management > Manage Auditors and click

Insert in the right pane of the window.

2. Specify the Code and the Name of the auditor. The code corresponds to the user login in the connection window.

3. Select Profile "Auditor".4. Select an Organization Unit.5. Click Save.

The new auditor is created.



1

Managing Auditor Responsibilities

MEGA GRC Audit allows you to manage controls, processes and risk and control

systems that are the responsibility of a given auditor. You can create or connectcontrols, processes and risk and control systems to the auditor.

To connect an existing control to the auditor:

1. In Audit > Team Management > Manage Auditors, select thedesired auditor and click View.

2. In the Responsibilities section, select the Controls Managed tab and

click Search.3. In the search window that appears, select the desired controls and click

Connect.

To connect a process or a risk and control system to an auditor,proceed in the same way as above in the corresponding tabs.

Managing Auditor SkillsMEGA GRC Suite enables management and viewing of skills for each auditor.

To do this, you must first define skill types, a list of skills, and skill levels. For moredetails on skill definition, see the Administrator guide.

Defining skills for each user

To define skills:

1. Select Audit > Team Management > Manage Skills by Auditor.2. Select a user and click the Define Skills button.

In the page that appears, you can specify user skills as a function ofpreviously defined skills, skill types and skill levels.

Example of skills

V iew ing aud i to r expe r i ence

The Experience section allows you to view mission categories, missions and

activities executed by the auditor.

Viewing skills

To view the skills and skill levels available within the team:

Select Audit > Team Management > Auditors/ Skills Matrix.


17/52

Aud

Managing the Audit Te

A list appears. You can sort the list by skill, skill level and user by clicking the headerof the corresponding column.

You can also view auditor skills graphically before assigning amission. For more details, see "Viewing auditor skills", page 23.



1

PREPARING AUDIT PLANS

The audit plan is prepared by the audit manager ("Audit Manager" profile).

The audit manager must also build the repository of the auditbefore scheduling missions (define mission and activity programs,workpaper templates etc.). For more details, see "Managing the AuditRepository", page 44.

Creating Audit Plans

The audit manager ("Audit Manager" profile) defines an audit plan over a period ofone year. This plan contains all missions to be executed over the year.

The audit plan is a description of the expected scope and conduct ofthe audit. It is carried out in accordance with auditing standards andpractices. It comprises a description of the audit approach and the

planning schedule. It comprises several audit missions carried outduring a given period.

To create an audit plan:

1. Select Audit > Preparation > Audit Plans > Audit Plans.2. Click Insert.3. Enter the name of the audit plan in the Description field.4. Select the audit plan Responsible User.5. Select a Per iodin the corresponding box.

An audit period corresponds to the fiscal period over which auditmissions or assessment sessions are carried out.

This is often a period of three years in the audit framework.

6. Specify a Begin Date and End Date for the audit plan.7. Click Save.

The audit plan is created.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/


19/52



1

Creating a mission from a programTo help you select missions to be executed, you can use as a basis programs thathave not yet been executed. You can then decide to create a mission from a mission

program that has not yet been executed.

A mission program is a mission template relating to the main

characteristics of an audit mission. For more details on mission programs, see "Managing MissionPrograms", page 44.

To view programs not yet executed:

1. Select Audit > Preparation > Audit Plans > Unassigned Missions.2. Select a Period in the drop-down list.

The list of unexecuted programs for the selected period appears.

To create a mission from an unexecuted program:

1. Select a program in the list and click the Create Mission fromProgram button.

2. In the search window that appears, select an audit plan and click Createa Mission.A mission is created. It carries the same name as the mission program.

Managing Audit Missions

Accepting a mission

You can view missions that have been proposed and that could form part of an auditplan.

To view missions that could form part of an audit plan:

Select Audit > Preparation > Audit Plans > Suitable Missions for

Plan.

The list that appears shows:

Missions proposed by auditors or audit mission managers. Missions created from a program.

From here you can accept missions and associate them with an audit leader.

Specifying audit mission scopeThe audit manager can specify mission scope, for example processes, risks andcontrols concerned by the mission.

To specify mission scope:

In the page of an audit mission, expand the Scope section and connect

the required elements.

By default, risks and controls connected to selected processes areautomatically connected here. In addition, only controls associated withselected risks are connected.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/


21/52

Aud

Preparing Audit Pla

Scheduling missionsYou can schedule your missions by displaying a Gantt report by entity, manager ormission.

To display a report enabling scheduling of missions:

1. Select Audit > P reparation > Audit Plans > Schedule Missions.

2. Select a plan and a report type.In the report that appears, you can click a mission to modify it and specifythe estimated number of auditors, the estimated workload, the planned

begin and end dates, etc.

The number of auditors required per month for the selected audit plan is indicatedat the bottom of the report.

Viewing unassigned missions

To view missions that have not yet been assigned: Select Audit > Preparation > Audit P lans > Unassigned Missions.

Missions for which no audit leader has yet been indicated appear in thelist.



1

To specify an audit leader:

1. Select a mission in the list.2. Click the Edit button.3. Select an audit leader in the corresponding field.4. Click Save.


23/52

Aud

Preparing Audit Missio

PREPARING AUDIT MISSIONS

When the audit plan has been prepared by the audit manager, the mission manager

("Mission Manager" profile) can prepare audit missions.

The audit manager can also carry out these mission preparationtasks.

Assigning Auditors to an Audit Mission

MEGA GRC Suite allows the mission manager to view the availability and skills ofauditors and, based on these, to assign auditors to missions.

Viewing auditor availability

To view auditor availability:1. Select Audit > Preparation > Missions > Assign Missions.2. Select an audit plan in the first drop-down list in the right pane of the

window.3. If required, select a calendar period in the second drop-down list.

4. Click the Display button.5. In the frame at top left, select the audit mission.6. In the frame at top right, select the user.

Its availability is indicated in the lower frame of the window.

Viewing auditor skillsIn the assign mission page, when carrying out the operations described above to

display auditor availability, you can also display auditor skills.



1

To display auditor skills (at the same time as auditor availability):

Select the Auditor Skills and reselect an auditor.

A graphic appears. It shows:

in blue: skills of the auditor concerned.For more details on their creation, see the Administrator guide.

in red: skills required for the mission.These are defined in the mission program serving as a template for the

mission; for more details, see "Defining skills required for missions", page45.

in yellow: the maximum level possible for a skill type.

This graphic allows you to select the auditor most suitable for the mission.

Assigning an auditor to a mission

To assign an auditor to a mission:

1. From the assign mission page, in the frame at top left, select the desiredaudit mission .

2. In the frame at top right, select a user.3. Click the Auditors button.

The name of the selected user appears in the column corresponding to theaudit mission.


25/52

Aud


Managing Mission Content

To access mission content:

In the page of a mission, select the Work Program tab.

In this tab you can create a tree of content of your mission.The basic element of the mission is the workpaper. Themes and activities can beused to group workpapers.

Themes can be created to organize mission content. Audit activities constitute an additional level enabling grouping of

workpapers.

From this tree you can also create findings and recommendations, depending onyour position in the tree and your profile. Hierarchy is as follows:

Audit themes Audit activities Workpapers Findings Recommendations

Creating an audit themeAudit mission content can be divided into themes. Before creating activities andworkpapers, you can therefore create audit themes.

To create an audit theme:

1. In the page of a mission, select the Work Program tab.2. Select Insert > Audit Theme.3. Enter a Description and a Parent audit theme (if you wish to create a

tree of themes).



1

4. Enter comments if required.5. Click Save.

You can view the tree of themes and sub-themes created. You can nowcreate audit activities and workpapers.

Creating an audit activity

Crea t i ng an aud i t ac t i v i t y m anua l l y

An audit activity is an element of an audit mission that can relate to a set ofprocesses, applications, risks or controls to be audited in an enterprise organizationunit. It is assigned to an auditor.

To create an audit activity:

1. On the page of an audit mission, select the Work P rogram tab.2. Select Insert > Audit Activities.3. Enter the name of the audit activity in the Description field.4. Connect the audit activity to a Theme if you wish the activity to be

located under a theme in the tree.

5. Click Save.The audit activity appears in the the tree of the Work Program tab under

the specified theme.

Crea t i ng ac t i v i t i es and wor kpapers au tom at i ca l l y

Having specified mission scope, and if you are in the appropriate workflow status

(after schedule validation and before mission announcement), you can generateactivities automatically.

The audit plan to which the mission is attached must have beenvalidated to be able to create activities from mission scope.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/


27/52

Aud


To generate activities from mission scope:

1. At the top of the mission page, click the Generate Activities button.

An intermediate window appears proposing selection of a form templatefor corresponding workpapers.

2. Click Generate Activities.

The following elements are automatically created:

An activity per process indicated in the scope. A workpaper per risk/control pair to be audited. A form (based on the form template) per workpaper.

To view activities generated:

Select the Work Program tab of the mission.

You can also view:

Workpapers from the page of an activity.

Forms from the page of a workpaper.



1

Specifying audit activity scopeIn an audit activity page, Activity Scope section, you can specify the auditedobject, for example:

Applications Controls

Org-Units Process Risks

When a business process is linked to a mission, risks and controlsconnected to the process can be automatically connected to themission. For more details, see the Administrator guide.

Scheduling Activities

You can display a Gantt diagram to schedule mission activities.

Displaying the activities report

To display the activities report:

1. Select Audit > Preparation > Missions > Assign & Schedule

Activities.2. Select an audit plan and a calendar period if required.3. Click Display.


29/52

Aud


4. Select a mission in the list that appears.

A Gantt diagram displaying mission activities appears in the bottom partof the page.

Completed activities appear in green.



1

Modifying an activity from a Gantt diagram

To modify an audit activity:

1. In the Gantt diagram, click the bar representing the activity over time.A window opens allowing you to modify the activity, in particular its dates.

2. Make the necessary modifications and click Save.

Checking assignment of auditors via reports

To view auditors assigned by calendar period and by mission:

Select Audit > Preparation > Missions > Report - Auditors by

Mission.

To view missions assigned to each auditor by calendar period:

Select Audit > Preparation > Missions > Report - Missions by

Auditor.

Managing Workpapers

Workpapers serve as the basis for the auditor for execution of his/her mission.

A workpaper comprises points to be checked on a given subject inthe course of an audit activity.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/


31/52

Aud


Workpapers obtained directly via a mission program contain forms, which containquestions and answers.

Creating a workpaperWorkpapers can be created automatically from the mission scope. For more details,

see "Creating activities and workpapers automatically", page 26.You can also create workpapers manually.

To create a workpaper manually:

1. In the page of an audit activity, Workpapers section, click Insert.2. Enter a Description .3. Enter your comments or observations.4. Click Save.

You can also create workpapers from the Work P rog ram tab of amission.

Announcing and Starting a Mission

Having completed specifications necessary for accomplishment of the mission, youcan generate and send an announcement letter to the manager of the auditedentity.

Viewing the announcement letterYou can view the announcement letter before passing to the mission announcement

workflow step.

To view the announcement letter:

1. Select Audit > Preparation > Missions > Missions in P reparation.2. Select a mission, click the Generate Document button and select

Announcement Letter.The document appears. You can save this before sending.

Sending the announcement letter

To announce the mission:

In the main page of the mission, click the Announce Mission button.

The mission can then be started.

Starting the MissionHaving sent the mission announcement letter, the mission can then be started.

You must previously have assigned mission activities to an auditor, specified

appropriate dates, etc.To start the mission:

In the main page of the mission, click the Start Mission button.



1

EXECUTING AUDIT MISSIONS

The auditor has two menus for viewing his/her assigned tasks:

Home > My Responsibilities Audit > Operational Domain

Proposing a New Mission

During execution of missions, the auditor can propose a new mission, which theaudit manager must then accept.

To propose a mission:

1. Select Audit > Operational Domain > Mission Proposals > CreateMission Proposal.

The mission creation page appears.2. Enter a Description, select an Audit Plan and click Save.3. At the top of the page, click the Propose a Mission button.

You can also create a mission proposal but submit this later, viamenu Aud i t > Opera t i ona l Doma in > M i ss i on Proposa l s > My P roposa l t o be Submi t ted .

The mission changes status. It becomes "Mission Proposed".

It must then be accepted by the audit manager to be included in the list of missionsin preparation.

Managing Workpapers

Workpapers are files or work documents that serve as a basis for the auditor in

execution of the mission. They contain points to be assessed and serve as a basis

for interviews carried out by the auditor during the course of the audit.

A workpaper comprises points to be checked on a given subject inthe course of an audit activity.

The auditor can create his/her own workpapers, or base these on workpapertemplates in the context of a mission program. Workpapers are also createdautomatically depending on scope of the activity.


33/52

Aud

Executing Audit Missio

Viewing and completing workpapersWorkpapers may have been generated automatically:

by risks/controls defined in mission scope. by the workflow.

To view workpapers to be completed:

Select Audit > Operational Domain > Work Area > My

Workpapers.

You can also access workpapers from the page of an activity.

To complete a workpaper:

1. Select a workpaper and click the Complete W orkpaper button.2. Answer the questions by selecting values from those proposed in the

drop-down lists.3. Click Save.

To complete all workpapers at one time:

1. On the page of the activity, click the Complete All W orkpapers button.

A page appears allowing you to answer all workpapers present in the list

at one time.2. Select a form from the list provided for this purpose.

The corresponding workpapers appear.

You can reply and enter a comment if required.

Creating a workpaperYou can also create workpapers manually if required.

To create a workpaper manually:

1. In an audit activity page, Workpapers section, click the Insert button.2. Enter a Description and your comments.

In this case, the workpaper is not necessarily connected to aworkpaper template (which is a workpaper model). You can simply

enter free text in the workpaper comment.3. Click Save.

Creating Audit Findings

The objective of the audit is to establish, for an organization at a given moment,findings on compliance of a system related to determined audit criteria.

Audit criteria are a set of determined policies, procedures or requirements (sourceISO 19011: 2002).

Differences from these audit criteria can be detected. These differences should berecorded in audit findings.

Audit findings should accurately and honestly reflect audit activities, obstaclesencountered, differing views of auditors and those audited, and any unresolvedquestions.



1

Audit findings can indicate compliance or non-compliance as well as opportunitiesfor improvements.

Audit findings are the results of the evaluation of the collected auditevidence against audit criteria. Audit findings can indicate eitherconformity or nonconformity with audit criteria or opportunities forimprovement (source ISO 19011:2002). 2002).

Findings are accessible by default from audit activities. For more details on findingsbehavior configuration, see the Administrator guide.

Creating audit findingsCreation of a findings must be done from an audit activity. Audit activities areaccessible via Audit > Operational Domain > Context > Activities.

To create findings:

1. In the page of an audit activity, Findings section, click Insert.2. Select a Finding Type.

You can for example specify if findings are positive or negative.

3. Enter a Recommendation P roposal if required.4. Enter your conclusions in the Remarks box.

5. Click Save.

You can also create findings from the Work P rog ram tab of amission.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/


35/52

Aud

Executing Audit Missio

Sending Recommendations

Recommendations are accessible from missions, audit activities and findings. for

more details on recommendation behavior configuration, see the Administratorguide.

Audit team members meet to review audit findings and information collected duringaudit activities The resulting audit conclusions can indicate a need forrecommendations.

A recommendation describes what must be done to correct noncompliance detectedduring an audit.

To create a recommendation:

1. In the page of a finding, select the Recommendations tab and clickInsert.

2. Enter the text of your recommendation in the Details box.3. Specify the recommendation name in the Description field.4. Click Save.



1

Recommendations are visible in a specific tab of a mission page.

You can also create recommendations from the Work P rog ramtabof a mission.


37/52

Aud

Managing Mission Docume

MANAGING MISSION DOCUMENTS

Generating RTF documentsYou can generate several documents in RTF format from a mission:

the announcement letter. the audit mission follow-up report: this contains a description of the

mission, its scope, audit activities of the mission, and an indication ofmission progress.

Mission description: this document lists mission themes and sub-themes.

To generate a document concerning a mission:

1. Select Audit > Operational Domain > Context > Missions.2. Select the desired mission and click the Generate Document button.3. In the sub-menu, select :

"Mission Description" "Announcement Letter" "Audit Mission Report"

An RTF document is generated.

HTML format reports are also accessible via menu A u d it > A u d i t Repor t i ng . Availability of these reports varies according to the profilewith which you are connected.

Saving Audit AttachmentsYou can manage attachments/documents connected to the mission from the pageof the mission.

To add a document:

1. In the page of an audit mission, select the Document Follow-Up tab.

2. Above the tree, click the Insert button.3. Enter a Description .4. Select a file by search from the File Name box.5. Select the "Audit" Document Category or one of the proposed sub-

categories.



1

6. Click Save.Your document is now available in the document tree.


39/52

Aud

Reports and Audit Follow-

REPORTSAND AUDIT FOLLOW-UP

Certain reports allow you to follow progress of audit missions. Depending on your

profile, these reports concern:

audit plans recommendations action plans audit activities

Auditors can access only those reports concerningrecommendations and action plans.

The steering calendar system assures follow-up of recommendations.

Recommendation Follow-Up

MEGA GRC Suite enables different methods of recommendation follow-up:

via reports via the steering calendar

Recommendation follow-up reportsYou can generate several types of recommendation follow-up report via Audit >Audit Reporting > Recommendations.

Recommendation follow-up report example



1

Viewing your recommendation listTo access your recommendations:

1. Select Audit > Audit Reporting > Recommendations > MyRecommendation Follow-Up.

2. Specify if you wish to display On Time Recommendations or Late

Recommendations.3. Click Calculate.The list of your recommendations appears.

Defining a steering calendarThe steering calendar also enables recommendation follow-up by requesting

persons concerned to indicate progress of work at regular intervals.

The steering calendar is a recommendation follow-up calendar. It allows the audit

manager to fix dates by which a measure of progress is achieved. The calendar isdefined for an entity.

To create a steering calendar, see the Administrator guide, chapter"Administrating MEGA GRC Suite", paragraph "Defining application

generic values".

Audit Plans Follow-Up

MEGA GRC Suite allows the audit manager to follow-up an audit plan result as a

function of its different criteria.

To view follow-up of a given audit plan:

1. Select Audit > Audit Reporting > Audit Plans > Audit Plan Follow -

Up.2. In the right pane of the window, select an audit plan, a calendar period if

required and begin and end dates .

3. Click Calculate.The report presenting progress of the audit plan is displayed.


41/52

Aud


Tabs indicate:

missions started missions completed the number of missions per category and state of progress (in progress,

validated, etc.)

the workload by category of mission and state of progress.

Comparing audit plansA report enables comparison of audit plans on the basis of the status of missions

they contain.

To assure follow-up of the different audit plans:

1. Select Audit > Audit Reporting > Audit Plans > Audit P lanComparison.

2. Select the audit plans you wish to compare, holding the keydown.

3. Click the Calculate button.



1

The report displays the status of audit plan missions:

by Status (mission status) by Timing (late, OK) by Priority by Score (score attributed to mission)

by Category etc.

Action Plan Follow-Up

Following audit conclusions and possible recommendations, you can initiate and

manage action plans.

To follow-up action plans: Select Audit > Audit Reporting > Action Plans.

For more details on action plans, see the MEGA GRC Com m onFeatures user guide.

Audit Activity Follow-Up

A report allows you to view progress of activities by auditor.

To access this report:

1. Select Audit > Audit Reporting > Activities > Activity Progress ionby Auditor.

2. Select an auditor, a begin date and an end date.


43/52

Aud


3. Click Calculate.The generated report presents:

the mission of which the activity is part, its status and workload the activity, its status and workload the number of recommendations and findings concerning the activity



1

MANAGINGTHE AUDIT REPOSITORY

The audit manager and administrator have tools available in the audit module

enabling them to manage the audit repository.

Audit repository principleHere you will find "templates" serving as a basis for creation of recurrent missions.

The principle is the following:

You create a mission program, which contains activity programs. These activityprograms contain workpaper templates, which are based on form templates.

Correspondence between concepts and templates

Managing Mission Programs

Creating a mission programA mission program enables simple creation of audit missions from certain predefinedmain characteristics. It enables simple management of recurrent missions to beexecuted over a predefined period.

A mission program is a mission template relating to the maincharacteristics of an audit mission.

Concept Model

Mission Mission program

Activity Activity program

Workpaper Workpaper template

Form Form template


45/52

Aud

Managing the Audit Reposito

To create a mission program:

1. Select Audit > Audit Repository > Audit Program > M ission

Programs, and click Insert in the right pane of the window.

2. Enter the name of the mission program in the Description field.3. Specify the Category of the mission (process, regulatory obligation,

quality, etc.).4. Specify the Origin.

This specifies the client of the mission (internal or external origin).

5. Specify the other fields that interest you and click Save.

The other fields you can specify are the following:

Justification: here you can enter a comment justifying usefulness ofthe new mission program.

Estimated Number of Auditors: the estimated number of auditorsnecessary for execution of this type of mission.

Estimated Duration: the estimated duration for a mission based on thismission program.

Mission Priority: priority of a mission based on this program. Last Execution Date: last date on which a mission based on this

mission program was executed.

Estimated Workload (M-D): estimated number of man-daysnecessary for execution of a mission based on this program.

Def i n i ng sk i l l s requ i red fo r m issions

In the mission program, you can specify skills of auditors enabling them to carry outmissions based on this program.



1

To define the required skills:

1. In the page of a mission, select the Skills tab.2. Connect the skills you consider necessary.

When assigning auditors to a mission, you will be able to compare skills of auditorsand skills required for the mission. For more details on the report providing this

information, see "Assigning Auditors to an Audit Mission", page 23.

Def i n i ng an ac t i v i t y p rog r am

The mission program should be based on an activity program, in the same way asa mission is based on activities. For more details on activity programs, see

"Managing Activity Programs", page 46.

Creating an audit mission from a mission program

To create an audit mission from a mission program:

1. Select Audit > Audit Repository > Audit Program > Mission

Programs, select the mission program and click Create Mission From

Program in the right pane of the window.2. In the window that appears, select the desired audit plan and click

Create Mission.

The audit mission created is connected to the specified audit plan. You can open it

and modify its characteristics to suit your requirements.

Managing Activity Programs

An activity program enables simple creation of audit activities from certainpredefined main characteristics.

An activity program is an activity template relating to the maincharacteristics of an audit activity to be carried out.

To create an activity program:

1. Select Audit > Audit Repository > Audit P rogram > ActivityPrograms and click Insert in the right pane of the window.


47/52

Aud

Managing the Audit Reposito

2. Specify the name of the activity program in the Description field, andspecify the Mission Program.

3. Click Save.

Managing Workpaper Templates

A workpaper template is a predefined point to be checked. It servesas the basis for creation of a workpaper that is assessed in the course ofan audit activity.

To create a workpaper template:

1. Select Audit > Audit Repository > Audit Program >Workpaper

Templates and click Insert in the right pane of the window.

2. Enter the name of the workpaper template in the Description field.3. Click Save.4. In the page of the workpaper template, connect a form template.

A form template is a list of predefined questions designed to assessa point to be checked in the course of an audit activity.

Managing Form Templates

A form template is a list of predefined questions designed to assessa point to be checked in the course of an audit activity.

A form template serves as the basis for creation of a form:

in the framework of activity creation from an activity program, in the framework of mission workflow.

To create a form template:

1. Select Audit > Audit Repository > Audit Program > FormTemplates and click Insert in the right pane of the window.

2. Enter a Description and click Save.You can now create a question.

3. In the Question section, click Insert.4. Enter the text of the question in the Description box and click Save.

You can now create the answers to this question.

5. Select the question and click the View button.
http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/http://risk_manager_glossary.pdf/



1

6. In the Answer section, click Insert.7. Enter the text of your answer in the Description field.8. Select the Deficient check box if the answer concerns a deficiency.9. Click Save.10. Create other answers in the same way.

Your form template is now ready to use.

Managing Audit Documents

Managing operational document templatesOperational document templates are document templates used as a basis forcreation of RTF format documents.

By default, document templates are provided for:

Announcement letter. Audit mission follow-up report: Audit plan description.

Mission description.

To define content of a document template:

1. Select Audit > Audit Repository > Audit Documents > Operational

Document Templates.2. Expand the tree of the document template that interests you.3. Select an element of the document template and click the Edit button.4. Select the fields you want to include in the final document by selecting

the corresponding check boxes.


49/52

INDEX

A

action planfollow-up . . . . . . . . . . . . . . . . . . . . . . . . . .42

activity programcreating . . . . . . . . . . . . . . . . . . . . . . . . . . .46

definition . . . . . . . . . . . . . . . . . . . . . . . . . .46

announcementletter . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

announcement lettermission . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

assignmentauditor

mission . . . . . . . . . . . . . . . . . . . . . . . . . 24

report . . . . . . . . . . . . . . . . . . . . . . . . . . 30

auditactivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

activity program . . . . . . . . . . . . . . . . . . . . .46attachments . . . . . . . . . . . . . . . . . . . . . . . . 37

audited element . . . . . . . . . . . . . . . . . . . . . 28

document template . . . . . . . . . . . . . . . . . . .48

findings . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

generalities. . . . . . . . . . . . . . . . . . . . . . . . . 13

mission

creating . . . . . . . . . . . . . . . . . . . . . . . . 32

report . . . . . . . . . . . . . . . . . . . . . . . . . . 37

plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

follow-up. . . . . . . . . . . . . . . . . . . . . . . . 40

preparing . . . . . . . . . . . . . . . . . . . . . . . . . .18

profiles . . . . . . . . . . . . . . . . . . . . . . . . . . .14

recommendation . . . . . . . . . . . . . . . . . . . . . 35

repository. . . . . . . . . . . . . . . . . . . . . . . . . . 44

schedule . . . . . . . . . . . . . . . . . . . . . . . . . .19

monitoring. . . . . . . . . . . . . . . . . . . . . . . 40

team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

theme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

workpaper . . . . . . . . . . . . . . . . . . . . . . . . . 32

audit activityfollow-up . . . . . . . . . . . . . . . . . . . . . . . . . 42

manually. . . . . . . . . . . . . . . . . . . . . . . . . . 26

modifying . . . . . . . . . . . . . . . . . . . . . . . . . 30

scheduling . . . . . . . . . . . . . . . . . . . . . . . . 28scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

workpaper . . . . . . . . . . . . . . . . . . . . . . . . 26

audit attachment . . . . . . . . . . . . . . . . . . . . . 37

audit leaderprofile . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

audit managerprofile . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

audit mission . . . . . . . . . . . . . . . . . . . . . . . . 32accept . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

announcement letter . . . . . . . . . . . . . . .31, 37

audit

report . . . . . . . . . . . . . . . . . . . . . . . . . 37

content. . . . . . . . . . . . . . . . . . . . . . . . . . . 25

creating . . . . . . . . . . . . . . . . . . . . . . . . . . 19

milestone . . . . . . . . . . . . . . . . . . . . . . . . . 19mission program . . . . . . . . . . . . . . . . . . . . 46

modifying . . . . . . . . . . . . . . . . . . . . . . . . . 21

preparing . . . . . . . . . . . . . . . . . . . . . . . . . 23

program . . . . . . . . . . . . . . . . . . . . . . . . . . 44

proposing . . . . . . . . . . . . . . . . . . . . . . . . . 32

scheduling . . . . . . . . . . . . . . . . . . . . . . . . 21

scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

starting . . . . . . . . . . . . . . . . . . . . . . . . . . 31

unassigned . . . . . . . . . . . . . . . . . . . . . . . . 21

audit plancreating . . . . . . . . . . . . . . . . . . . . . . . . . . 18

follow-up . . . . . . . . . . . . . . . . . . . . . . . . . 40

auditorassigning . . . . . . . . . . . . . . . . . . . . . . . . . 23

availability . . . . . . . . . . . . . . . . . . . . . . . . 23

creating . . . . . . . . . . . . . . . . . . . . . . . . . . 15

experience . . . . . . . . . . . . . . . . . . . . . . . . 16

profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Responsibilities . . . . . . . . . . . . . . . . . . . . . 16

role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24



ndex

skill . . . . . . . . . . . . . . . . . . . . . . . . . . . 16, 23

availabilityauditor . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

C

calendar period . . . . . . . . . . . . . . . . . . . . . . . 19

D

datemission . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

documentaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37audit mission . . . . . . . . . . . . . . . . . . . . . . . 37

document templateaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

E

experienceauditor . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

F

findingsaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

creating . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

follow-upaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

form templateaudit

creating . . . . . . . . . . . . . . . . . . . . . . . . 47

G

Ganttaudit activity. . . . . . . . . . . . . . . . . . . . . . . .29

Gantt diagramaudit activity. . . . . . . . . . . . . . . . . . . . . . . .29

M

milestonemission . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

mission managerprofile . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

mission programcreating . . . . . . . . . . . . . . . . . . . . . . . . . . .44

creating mission . . . . . . . . . . . . . . . . . . . . .20

definition . . . . . . . . . . . . . . . . . . . . . . . . . .44

last execution . . . . . . . . . . . . . . . . . . . . . . . 45

mission report . . . . . . . . . . . . . . . . . . . . . . . . 37

O

originmission . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

P

periodaudit plan . . . . . . . . . . . . . . . . . . . . . . . . . .18

consolidation. . . . . . . . . . . . . . . . . . . . . . . .18

profileaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

R

recommendationaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

follow-up . . . . . . . . . . . . . . . . . . . . . . . . . .39


51/52

Ind

sending . . . . . . . . . . . . . . . . . . . . . . . . . . .35

steering calendar . . . . . . . . . . . . . . . . . . . .40

reportmission

audit. . . . . . . . . . . . . . . . . . . . . . . . . . . 37

repository

audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44responsibilityauditor. . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

S

scheduleperiod

adding . . . . . . . . . . . . . . . . . . . . . . . . . 19

scopeaudit activity. . . . . . . . . . . . . . . . . . . . . . . . 28

audit mission . . . . . . . . . . . . . . . . . . . . . . . 20

scoremission . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

skilldefining . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

maximum coverage . . . . . . . . . . . . . . . . . . . 24

required . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

defining. . . . . . . . . . . . . . . . . . . . . . . . . 45

view . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

graphically. . . . . . . . . . . . . . . . . . . . . . . 23

steering calendaraudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

T

teamaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

themeaudit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

document. . . . . . . . . . . . . . . . . . . . . . . . . .37

treework program. . . . . . . . . . . . . . . . . . . . . . . 25

W

work programaudit mission . . . . . . . . . . . . . . . . . . . . . . . 25

workpaper . . . . . . . . . . . . . . . . . . . . . . . . . . 30audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

complete all . . . . . . . . . . . . . . . . . . . . . . . 33

creating

manually . . . . . . . . . . . . . . . . . . . . . . . 33

workpaper template

audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47creating . . . . . . . . . . . . . . . . . . . . . . . . . . 47


52/52

ndex