Dentistry 02.11.2019
0 (0 votes)

Automation of internal audit example. Self-test questions. Regulatory regulation of the use of computers in auditing

3. Normative references

ISO 9000:2005 – “Quality management systems. Fundamentals and vocabulary."

ISO 9001:2008 – “Quality management system. Requirements".

ISO 19011:2002 – “Guidelines for the audit of quality and/or environmental management systems.”

4. Terms, abbreviations and symbols

Terms and definitions:

Audit (verification) is a systematic, independent and documented process of obtaining audit evidence and evaluating it objectively in order to determine the degree of fulfillment of agreed criteria (ISO 9000:2005).

An auditor is a person who has demonstrated the personal qualities and competence required to conduct an audit (ISO 9000:2005).

Group of auditors - one or more auditors conducting the audit with the assistance (if necessary) of technical specialists.

Abbreviations used:

DP – documented procedure

QMS – quality management system

Legend:

Branching/merging process operations

5. Process description

5.1 Fundamentals

The QMS audit at KPMS is carried out with the aim of:

  • determine the level of compliance of the QMS with the requirements of the ISO 9001:2008 standard;
  • determine the level of compliance of the QMS with the requirements of internal regulatory documents.

The audit can be carried out scheduled (based on the annual audit plan) and unscheduled (based on the order of the general director).

The frequency of scheduled audits should be at least once every six months.

The quality officer is responsible for organizing audits.

The lead auditor is responsible for conducting audits.

The annual internal audit plan is developed and approved no later than December 20. The annual internal audit plan is developed by the quality officer. When planning internal audits of the QMS, a mandatory audit of each of the departments, each of the processes and each of the requirements of ISO 9001:2008 is provided.

Before the start of each audit, an audit schedule is developed. The schedule is developed one week before the audit date.

To conduct internal audits, a leading auditor, auditors and technical specialists are appointed from among the company's employees. The candidacies of the lead auditor and auditors are determined by the Quality Commissioner. The appointment of the lead auditor and auditors is carried out by order of the General Director for Personnel. The order may indicate the duration of the appointment. If the term is not specified, then the lead auditor (auditors) are considered to be appointed for an indefinite period and lose their status as an auditor only on the basis of an order from the general director to appoint a new lead auditor (auditor) or upon dismissal from the company.

Technical specialists are assigned (if necessary) to each audit upon the recommendation of the lead auditor. The appointment of technical specialists is carried out in an order for the organization to conduct an internal audit.

When drawing up an audit schedule, the distribution of auditors and technical specialists among the objects of inspection should exclude the possibility of them inspecting the units in which auditors and technical specialists work.

Introduction
1. Historical background, functions and tasks of audit automation.
1.1. Prerequisites for automation of audit activities.
1.3. Regulatory regulation of the use of computers in auditing.
2. Software for automated information technologies for auditing activities.
2.1. Automated information technologies for auditing activities.
2.2. Software used by the auditor.
3. Automation of external and internal audit using special package programs, their comparative analysis
Conclusion
List of sources used.

INTRODUCTION

The modern management system of an enterprise, organization, or firm is distinguished by a rather complex information system. This is primarily due to the abundance of external and internal information flows, the variety of types of information circulating in the management system.
The leading role in it is played by the accounting information system, which generates reliable and complete information about the property, liabilities, and business operations of the management object. The accounting information base, in turn, is the basis for information and analytical systems and internal and external audit systems. In this regard, in the professional activities of an accountant, financial analyst, and auditor, the importance and role of information systems, technologies, and automation of accounting, analysis, and audit processes is increasing.
This paper discusses the main processes and tools for automating audit activities, the specifics of internal and external audit in a computer environment.
Research objectives:
a) study the functional tasks of audit automation.
b) analyze automated information technologies for auditing activities.
c) determine the features and characteristics of the software used by the auditor.
The relevance of this work lies in the objective need to automate audit activities. In conditions of high competition in the market, it is very important for the purpose of objective and high-quality accounting that an economic entity has automated work on internal control, accounting and other management processes.

1. Historical background, functions and tasks of audit automation

1.1. Prerequisites for automation of audit activities

Today it is impossible to imagine the area of ​​human activity associated with information processing without the use of computer technology. Computers are quite naturally and organically used in auditing.
Audit is an independent verification of accounting and financial (accounting) statements of organizations and individual entrepreneurs.
Since the beginning of the 90s of the 20th century, when purchasing a personal computer in Russia ceased to be a problem, an active process of introducing information technologies into the accounting practice of enterprises and organizations began. A large number of specialized programs have appeared on the software market, varying in functionality, quality of execution, and complexity. Subsequently, generally recognized leaders emerged among the manufacturers.
The programs used today are very diverse and their number is impressive. It can be stated that today in organizations of various directions and scales of activity, accounting without the use of computer technology is already perceived as an exception to the general rule. Thus, the use of computers and information technology in auditing is the need of the hour.
One of the disadvantages of Russian auditing is the low level of technology in organizing and conducting audits and providing services related to the audit. Large and medium-sized Western audit companies that have accumulated many years of experience are characterized by a high level of development of audit technology and the active use of computer technology in auditing. They have in their arsenal well-developed inspection techniques that allow them to quickly and efficiently perform audit procedures, effectively using both highly qualified personnel and numerous assistants.
This “conveyor” method helps reduce audit time, increase its efficiency, and quickly adapt personnel. By performing simple tasks at first, the young specialist has prospects for growth, and changing assistants is painless.
A promising direction in the development of modern audit technologies is its automation. Moreover, one condition determines the other: the more technologically advanced the process, the more formalized it is, the easier it can be automated, and the more automation tools in the “technologist’s” arsenal, the wider the range of operations that he can automate.

1.2. Functional tasks of a computer information system for auditing activities

To ensure the quality of the services provided, audit companies must implement the functions of developing procedures, documents, accounting forms that comply with current auditing standards, as well as determine the level of materiality, audit risk, and sample size. At the same time, even assigning an employee to the staff of an audit firm who deals exclusively with these issues will not help solve the problems associated with processing a large volume of data, as well as filling out a large number of documents when planning, conducting an audit and analyzing the data obtained. In this regard, one way or another, questions arise about the automation of routine audit procedures.
Since the audit is based on a sampling basis, the auditor, to calculate the optimal sample size, must resort to mathematical statistics and probability theory, which significantly complicates the calculations.
The implementation of an automated audit is regulated by the auditing standard “Conducting an audit using computers” (approved by the Commission on Auditing under the President of the Russian Federation on July 11, 2000, protocol No. 1). According to this standard, the auditor, when considering the possibility of using certain audit procedures, must be guided by auditing rules (standards) No. 5 “Audit Evidence” and No. 20 “Analytical Procedures”.
It follows that the audit program must offer an audit methodology that fully complies with auditing standards.
Another requirement for the audit program is the ability to use the client’s accounting database to build a sample and analysis in order to save the auditor’s labor and time. The program must contain all the necessary forms (auditor's working documents) to document the work done. It is desirable that the program has a user-friendly interface and does not require special programming knowledge, and also has a clear operating algorithm.
When conducting an audit in the KOD system, the purpose of the audit and the main elements of its methodology are preserved. The presence of a CDS environment significantly influences the auditor’s process of studying the accounting system of an economic entity and the accompanying means of internal control.
The use of technical means leads to changes in individual elements of the organization of accounting and internal control:
- to verify business transactions, along with traditional primary accounting documents, primary accounting documents on computer media are also used;
- permanent normative and reference indicators can be checked using data stored in computer memory or on machine-readable media;
- instead of traditional manual forms of accounting, a form of accounting can be used that is focused on progressive methods of generating output information and ensuring its reliability, combining synthetic accounting with analytical accounting, systematic and chronological, as well as increasing the efficiency and ease of use of accounting and reporting information.
The auditor should not force (directly or indirectly) the audited economic entity to apply a code system known to the auditor. An auditor's recommendation regarding the use of a particular code system is possible only if the auditor provides an audit-related service to an economic entity in organizing a code system at the latter's request.
An economic entity is obliged to provide the audit organization with the necessary access to the code system. Failure to fulfill (incomplete fulfillment) of this condition is a limitation of the scope of the audit in the code system, as a result of which the audit organization may require the provision of the documents it needs on paper. In audit organizations, computers can and are already actively used both to automate the management work of the audit organization itself, and for conducting audits of economic entities. At the same time, the concept of “using a computer to conduct an audit” is very general and may include the following types of work (Table 1.1).
Table 1.1
Options for using computers in auditing

Option Types of work performed using a computer
I Printing, editing basic standard forms of audit documents, questionnaires, tables, questionnaires and other things
II Performing all kinds of calculations, processing tabular data
III Use of a regulatory and legal reference database in an electronic format (systems such as “Garant”, “Kodeks”, “ConsultantPlus”).
IV Organizing queries to an electronic database generated in an automated accounting system (ASBU)
V Checking individual calculations performed at ASBU accounting areas
VI Obtaining accounting registers and alternative balance sheets using an electronic database generated in ASBU
VII Conducting a comprehensive analysis of the financial condition of an economic entity
In each type of work presented in Table 1.1, the advantage of the computer version over the manual version is obvious. Currently, the issue of creating a comprehensive system for automating audit activities is relevant.
There are three stages of auditor work technology in the conditions of CIS AD:
1)preparatory stage;
2)conducting an inspection;
3) final stage.
At the preparatory stage, information about the client, general ledger data, accounting indicators and other information are studied and recorded in the database. The auditor's examination of the audited entity's accounting and internal control system is determined by the computer data processing system (CDS) he uses. When conducting an audit in the KOD system, the purpose and main approaches to determining the methods of conducting an audit are preserved. At the same time, the code affects the auditor's study of the accounting system and internal control of the audited entity.
Working in the COD environment, the auditor studies the organizational form of data processing, the form of accounting and its automated sections, the use of local or network data processing options, and ensuring data archiving and storage. The auditor must also describe the technical, software, and technological support of the code. He evaluates the capabilities of the computer system in terms of its flexible response to changes in business legislation, the generation of management reporting, the conduct of analytical procedures, as well as the degree of qualification of accounting personnel in the field of information technology.
When determining the auditor's risks arising during an audit of financial statements due to the influence of the code, one should be guided by the rule (standard) "Risk assessment and internal control. Characteristics and accounting of the computer and information system environment."
The use of the code system significantly affects the organizational structure of an economic entity. The concentration of management functions, data and programs for their processing introduces risks into the accounting and internal control system. When using the CODE system, the circle of persons with access to accounting records expands. This leads to risks associated with the lack of primary documents and accounting registers, the inability to monitor the posting of accounting data and reporting, as well as access of unauthorized users to the database and programs of the COD system.

1.3. Regulatory regulation of the use of computers in auditing

The fact of the need and possibility of using information technology in auditing is generally recognized. Here we can mention theoretical, methodological and practical works devoted to automated control systems. International auditing standards and regulations on international auditing practice, federal and Russian auditing rules (standards) are devoted to the use of computers and information technologies in auditing.
As part of the International Standards on Auditing (ISA), which were in force until 2006, one standard and five provisions on methodological auditing practices are devoted to computer topics; in the version of the Russian Standards (RSA), such problems are reflected in three standards. In the federal standards under development (FSA), one standard is planned on this issue (Table 1.2).
Of all the currently valid Russian auditing standards, only one concerns automation - “Audit in the conditions of computer data processing”. At the same time, the issues regulated by this standard do not exhaust the range of problems faced by Russian auditors, on the one hand, and accountants and business managers, on the other, when interacting in the conditions of electronic processing of accounting and financial information. So it makes sense for both of them to get acquainted with international experience.
From table 1.2. It is clear that the most significant standards related to audit automation have been developed for Russian auditors.

Table 1.2.
International and Russian auditing standards


p/p
International Auditing Standards and Regulations on International Auditing Practices Russian auditing standards
Code Name Year
publications		 Name
I 401 Audit in the environment of computer information systems 1998 Audit in a computer environment
data processing
2 1001 IT environment - standalone
personal computers
3 1002 IT environment - online computer systems
4 1003 IT Environment - Database Systems
5 1008 Risk assessment and internal control system, characteristics of CIS and associated risks 2000 Risk assessments and internal controls. Characteristics and accounting of the environment of computer and information systems
6 1009 Computer-assisted auditing methods 2000 Conducting an audit using
computers

Regulatory developments in the field of automated audit are presented in a number of documents of the International Committee of Auditing Practices of the International Federation of Accountants: “Auditing in a Computer Information Systems (CIS) Environment”, “Risk Assessment and Internal Control - CIS Characteristics” and Considerations" ("Assessment of audit risk and internal control taking into account the characteristics of the computer information environment"), "Computer-Assisted Audit Techniques" ("Computerized audit methods").
The first of these documents has the status of an international standard. The other two are included in the international auditing standardization system as international regulations on auditing practice. The goals of the standards are very good. Firstly, they are designed to unify the requirements for auditing in a computer environment so that auditors receive methodological support, and users of their services know what to expect from audits in automated accounting. Secondly, these documents contain practical recommendations for auditors on the specifics of audit procedures in a computer environment.
This document discusses the general provisions for organizing an audit in automated accounting and specific issues of planning an audit in a computer data processing environment. We can talk about a CDS environment if an enterprise uses computer technology to process such a volume of accounting and financial information that auditors consider significant from the point of view of the overall reliability of the financial statements. It does not matter whether the enterprise uses computer methods independently or delegates it to a third party.
Both international and Russian auditing standards oblige auditors to take into account the impact of code of practice on the organization and conduct of audits. To do this, auditors must have a sufficient understanding of the code system used by the enterprise. Now this task, in most cases, is inseparable from the auditors’ understanding of the specifics of the accounting services and internal control of the audited enterprise.
At the same time, exorbitant requirements in the field of computer competence have not yet been imposed on auditors. If special computer knowledge is needed at a professional technical level, then auditors can involve an expert in the audit, who, for example, will help them assess the reliability of a complex computer system or assist in the formation of registers convenient for verification procedures in a specific audit area. But in any case (whether an expert is involved or not), the auditor is entirely responsible for the conclusions of the audit, so it still makes sense for him to understand all the significant issues of automation himself.
Obviously, based on the idea: “a good start is half done,” the developers of the international standard provided recommendations for planning an audit in automated accounting. The fairness of this approach is confirmed by the practice of organizing inspections. How well the auditors understand the features of the automated accounting service at the initial stage of interaction with enterprise managers and accountants determines whether the group of auditors will be rationally selected: it will consist, for example, only of auditors and assistants (knowledgeable in general issues of automation) or you will need to involve a computer technology specialist.
The international standard draws the attention of auditors to the fact that when planning it is necessary to assess the level of complexity of automated accounting at the enterprise. The code system is considered quite complex if:
- the computer performs complex calculations regarding financial information and automatically makes entries;
- the computer automatically performs operations essential to the business of the enterprise;
- the volume of operations is so significant that it is difficult to track possible errors in data processing;
- automated procedures are used for exchanging data on transactions with other enterprises and organizations;
- the company has implemented a computer system with a hierarchical structure;
- the enterprise uses complex computer management programs that supply information directly to the accounting system.
Depending on the level of complexity of the code system used by the enterprise, auditors preliminarily outline the key parameters of the audit, primarily the scale and schedule of work. At this stage, it is in the interests of both auditors and business managers to resolve the issue of the availability of all necessary computer information for the audit. To perform automated procedures, auditors should use copies of the enterprise's working files to completely eliminate the risk of accidental damage to the originals. If the enterprise provides for the preparation of internal reports (for example, for management needs), then providing them to auditors can speed up the audit.
According to the international standard, when planning audit procedures, all the main features of automated accounting should be taken into account. CODE systems are characterized by a reduced level of human participation in operations. This, on the one hand, minimizes errors inherent in manual data processing, but on the other hand, it reduces the ability to routinely track errors and violations. It is especially unpleasant if errors were made during installation or modification of the software and remained undetected for a long time.
Another “headache” for both the head of the enterprise and the auditor is the impossibility of a complete separation of responsibilities and powers in the CDS environment and, as a consequence, the potential danger of data manipulation.
By identifying problems, the international standard also draws the attention of auditors to the advantages of automated accounting, which should be used to the maximum to improve the efficiency of the audit. Firstly, proper implementation and operation of automated accounting increases the level of reliability of accounting information. In this regard, favorable signs may include: proprietary support of the software used by the enterprise; good level of computer training of accounting personnel; ensuring physical protection of coded means and strict control over the computer system (the corresponding procedures can be regulated by the internal instructions of the enterprise).
Secondly, a skillfully organized CDS system allows enterprise management to use effective analytical methods of working with information in order to review and control financial and economic transactions. Thus, thanks to automation, additional tools appear to strengthen internal control in the enterprise, which helps to improve the quality (that is, relevance, completeness and reliability) of accounting reporting. This circumstance is taken into account by auditors and when developing an audit plan, as a rule, leads to a reasonable reduction in the number of detailed checks of turnover and account balances.
Thirdly, the COD system provides auditors with the opportunity to work in an automated mode with significant volumes of accounting data. At the same time, the cost of man-hours is significantly less than when using archaic techniques.
It is easy to see that the most favorable and preferable is the third option, in which both the economic entity and the audit organization use computers to automate information processing.

2. Software for automated information technologies for auditing activities

2.1. Automated information technologies for auditing activities

In modern conditions, one of the most important management functions at an enterprise is the function of monitoring the activities of the management object. The accounting and financial control system should include:
-system of accounting, financial and management accounting of the organization;
-internal control and audit system;
-independent (external) audit control;
- state financial control.
The accounting system processes primary documents, systematically records business transactions and summarizes financial and economic activities. Accounting is directly related to control, since it must guarantee the safety of assets, the effective use of own and borrowed funds, and the reliability of accounting and reporting information created in the economic system.
The internal control and audit system is created by the management of the organization, its main goals are:
-effective production, economic and financial activities of the organization;
-compliance with the management policy of each employee of the organization;
- ensuring the safety of the organization’s property.
To achieve these goals, a necessary condition is the consistency of the accounting system and the internal control and audit system, which should ensure:
-continuity, timeliness and completeness of reflection of business transactions in the accounting system;
- completeness and reliability of accounting (financial) statements;
-use of accounting and other information systems that automate the basic procedures for creating an information accounting base;
- suppression of the possibility of misappropriation or ineffective use of the organization’s property;
- identification in a timely manner of cost deviations from previously planned ones, with analysis of the causes of deviations and identification of those responsible;
- establishing compliance of the current document flow system with the modern level and improving this system to increase the efficiency of the internal control and audit system itself.
Internal audit is part of the internal control and audit system and can take various organizational forms:
-an independent structural unit reporting directly to the head of the organization;
-an independent structural unit of the parent organization that exercises control over subsidiaries and dependent organizations.
Internal audit is carried out by employees of the organization and is intended for internal control of the financial condition, sources of costs, diagnosing the management system, identifying reserves and providing the administration with recommendations for improving the efficiency of the organization.
An external audit is an independent examination of an organization’s financial statements based on verification of compliance with the accounting procedures, compliance of business and financial transactions with the legislation of the Russian Federation, completeness and accuracy of reflection in the organization’s financial activities.
The main goal of an external audit is to establish the reliability of the accounting (financial) statements of an economic entity in all existing aspects.
At the initial stage of planning an audit, the auditor (or audit organization) must obtain sufficient knowledge about the accounting and internal control and audit systems of the organization, and have the right to freely and fully communicate with internal auditors.
The external audit technology consists of the following main stages.
1. Preparatory activities before the start of the audit:
- selection of an economic entity;
- determination of working conditions, conclusion of an agreement with an economic entity;
- determining the composition of the audit team and appointing its leader, selecting external specialists if necessary;
2. Planning the inspection:
- obtaining and analyzing information about the activities of an economic entity;
- conducting a preliminary analytical check and risk assessment;
- preliminary check and assessment of the effectiveness of internal control
- development of a general audit plan;
- final check and final assessment of internal control;
- selection of the main directions and methods of checking financial statements using appropriate tests of operations and analytical testing procedures;
- adjustment of the audit plan.
3. Carrying out the inspection in accordance with the developed plan.
4. Quality control of the audit:
- monitoring the inspection;
- checking the work of assistants, individual auditors and external specialists;
- consideration of disagreements with an economic entity and making a decision on the admissibility or inadmissibility of continuing the inspection;
- carrying out additional special inspections caused by the identification of significant errors, violations of norms and illegal actions of an economic entity.
5. Completion of the audit:
- preparation of an audit report;
- preparation of the final conclusion based on the results of the inspection.
The implementation of the listed technological stages is closely related to the audit organization’s study of the client’s accounting system and internal control.
Automation of accounting and other management functions has an impact on the organization of auditory activities. They began to distinguish:
- audit outside the computer environment with traditional manual accounting technology;
- audit of the computer environment when using accounting and other enterprise management information systems.
Software tools are designed to check the contents of clients' computer files. The list of tasks performed by audit programs is quite wide:
- checking and analyzing records based on criteria of their quality, completeness, consistency and correctness;
- testing of calculations;
- comparison of data from different data from different files in order to identify incompatible data;
- obtaining a representative sample during a random audit;
- access to data, their ordering, grouping according to different criteria, etc.
As test data, the auditor can use either the client's actual data (in whole or selectively) or control data prepared by the auditor. Control data is entered into the client's information system in order to verify the correct functioning of client computer programs. Validation data is the basis of system testing. For control data, the auditor prepares results calculated in advance on their basis; they must cover the entire range of types of business activities. Testing a client's information system based on control data is more productive than testing based on data from the client itself.

2.2. Software used by the auditor

The software of the system used by the auditor during the audit must provide:
1) analysis of the content of the database formed in the accounting department of an economic entity, if it exists and is accessible;
2) control of indicators contained in the accounting registers of an economic entity;
3) testing of algorithms used in the automated accounting system;
4) monitoring the compliance of the indicators contained in the accounting reporting forms with the data of accounting registers or the database generated in the accounting department when processing primary documents;
5) use of the capabilities of search and reference information systems in the field of normative and legislative acts regulating accounting and auditing in the Russian Federation;
6) formation of audit documentation (working and final).
Automated audit software is based on two types of programs - packaged and targeted programs.
Batch programs are a set of general-purpose programs. These programs provide a wide range of functions for processing and analyzing data, as well as preparing and printing reports.
Targeted programs are designed to perform audit assignments in specific situations. These programs are compiled by auditors or by the client organization in agreement with the audit firm.
The following groups of programs are used in auditing:
- office programs;
- reference and legal systems;
- accounting programs;
- financial analysis programs;
- special software for audit activities.
Office programs include spreadsheet processors, database management systems, and word processors.
Table processors have powerful computing capabilities, business graphics and database management tools. They are widely used during audits and are used to create various working spreadsheet documents (estimates, reports), alternative balance sheets, various analytical tables, and present the received information in graphical form. The most common programs are MSExcel and Lotus1-2-3.
Using database management systems such as MSAccess, the auditor can sample business transactions and check individual reporting forms generated by accounting programs and intended for printing.
Word processors, for example MSWord, WordPad, Notepad, Lexicon, are used at all stages of the audit that require the creation and high-quality execution of audit documents. They are used in the preparation of audit contracts, programs, plans, working documents, opinions, various certificates and requests.
Word processors allow you to create and edit documents, prepare them for publication, check their spelling, print, and send emails. In the process of working on documents, constant information of the main document and variable source information are merged, integrated documents are created with the inclusion of external objects (drawings, sound files), and text documents are saved in selected formats.
Legal reference systems (LRS) are necessary in the audit process as legal support and a source of legal information for the auditor. SPS is a system of legally processed and promptly updated legal information in combination with search and other service software tools.
ATPs operating in Russia are represented by the following groups:
- non-state ATP of mass circulation;
- small-circulation non-state SPS;
- state ATP.
Non-state ATPs of mass circulation are represented by such well-known ATPs as “ConsultantPlus” (JSC “ConsultantPlus”), “GARANT” (NPP “Garant-Service”), “Kodeks” (CJSC [!!! In accordance with Federal Law-99 dated 05/05/2014 this the form was replaced by non-public joint stock company] “Information company “Kodeks”). This group is perhaps the most common and used of all the above.
Small-circulation non-state SPS are represented by SPS "YUSIS" (legal information agency INTRALEX), "Yuristkonsult", "Referent II", etc.
State SPS are represented by SPS “Etalon” (NCPI under the Ministry of Justice of the Russian Federation), STC “System”.
When conducting an automated audit, accounting programs serve as the object of inspection. Thus, the correctness and legality of the program used in the accounting process and its application are checked (verification of algorithms). Representatives here are "1C" (series of programs "1C: Accounting"), "IT" (family "BOSS"), "Atlant-Inform" (series "Accord"), "Galaktika - Parus" (series of programs "Galaktika" and "Sail"), "DIC" ("Turbo - accountant") and many others.
Financial analysis programs are used in audits to assess the current financial condition of an enterprise and its development trends for the future. Based on these programs, forecasts for the development of the client’s business are developed, which allows him to make the most profitable strategic management decisions and assess the attractiveness of a particular project.
Representatives of these programs are “Audit Expert”, “FinEkAnalysis”, “Your Financial Analyst”, etc.

3. Automation of external and internal audit using special package programs, their comparative analysis

The Express Audit system is a software package designed to automate the audit of the financial and economic activities of commercial enterprises and organizations, as well as the efficient and convenient creation and storage of working audit documentation.
The developers of the system are the consulting group "Termika" and N.P. Baryshnikov, a practicing auditor, general director of the auditing firm "Baryshnikov and Co." The automated system "ExpressAudit" in accordance with the Rules (standards) of auditing activities in the Russian Federation can be used by audit organizations for:
a) developing a general audit plan and program;
b) creating working documentation for the audit;
c) studying and evaluating accounting systems and internal
control over the economic entities being inspected;
d) obtaining audit evidence about the reliability of financial statements;
e) obtaining a reliable representation of the economic entity’s compliance with the requirements of regulatory acts;
f) organizing internal audit quality control;
g) conducting an initial audit of the initial and comparative indicators of financial statements;
h) preparation of written information from the auditor and the audit report based on the audit results.
The material is structured into sections (19 in total) and presented in the form of questions and answers to them on all aspects of the financial and economic activities of enterprises and organizations. Moreover, in addition to issues of general organization of accounting and taxation, including:
- organizational issues;
- accounting policy of the organization;
- accounting and taxation of transactions with fixed assets, intangible assets, materials;
- production costs
- cash;
- accounting of finished products;
- calculations;
- capital, financial results, securities;
- the procedure for generating accounting and tax reporting indicators, etc.
In addition, tables are provided for the analysis of the financial and economic activities of commercial organizations. The basic version of the system also reflects the specifics of accounting and taxation in trade. Currently, the system contains a separate block of the section “Auditor's working documents”, which are required by a specialist not only at the time of the audit, but also during the entire audit activity.
Working with this system, which is based on the Code for Windows software package, consists of four stages:
- filling out the survey card;
- choosing a survey topic (registration site);
- answers to questions on the selected topic;
- generating a report.
Filling out the survey card. The survey card may include data about both the audit firm and the audited entity. All information on the card is included in the protocol and then the report.
Selecting a survey topic. The next step is to select an object to check from the presented 19 blocks. Each block is presented in the form of a chapter with sections that detail this topic in a certain direction. To select a survey topic, you need to move one heading at a time from the left side of the plate to the right. If desired, any number of chapters and sections can be selected depending on the volume of events being analyzed.
Answers to questions. The number of questions varies depending on the chapter selected. The structure of the question consists of three elements: text, the normative basis of the question and the author's comment. The program provides four possible answer options:
- compliance with the regulatory framework;
- inconsistency;
- incomplete compliance;
- the auditor's opinion about the appropriateness of the question in this situation.
When identifying violations of standards and selecting the appropriate answer option, you must fill out a “Comment” card in order to reflect information that may be necessary in the subsequent analysis of this issue.
Generating a report. The final document of the audit is the report. Moreover, before drawing it up, it is necessary to familiarize yourself with the protocol, which contains information about the object being audited, the date of the audit, and the number of questions that the auditor had to answer or answered. If the answers to the questions are compiled sequentially, the protocol will be generated automatically after answering the last question proposed on the topic. You can also review the preliminary protocol at any time or change the answer to a previously reviewed question by pausing the current survey.
Based on the protocol, at the user’s request, a report is generated, which is identical in content and structure to the analytical part, and also contains elements of the final part of the audit report. The report includes data about the audited object, general results of checking the state of internal control of an economic entity, accounting and reporting, compliance with legislation when carrying out financial and business transactions, as well as an indication of the normative act to which the accounting statements must comply. The generated report can be imported into the MS Word text editor and, after modification, have the appearance of an audit report.
In the system, each section of accounting corresponds to certain questions that need to be answered; for each question, a corresponding extract from regulatory documents is necessarily provided, and for sections that require special attention, there are author’s comments. Thus, the auditor can check the statements without wasting time searching for regulatory documents to clarify any controversial issue. Information services are provided, consisting of monthly additions and updates of materials contained in ExpressAudit.
This version of the program is intended for generating auditor working documents in the process of auditing commercial enterprises and organizations. The developers intend to develop the program in at least four directions:
- creation of versions that take into account the industry characteristics of the organizations being audited;
- reflection of regional audit features;
- improving the interface and other characteristics to ensure the most convenient work with the program;
- development of new sections.
Russian scientists Odintsov B.E. and Romanov A.N. believed that the main attention should be paid to the creation of some kind of computer information system that provides a “human-machine” approach to conducting an audit. This system assumes a significant separation of functions: a person, i.e., a decision maker (DM), performs the functions of logical analysis, and a computer performs the functions of organizing and conducting quantitative calculations, the logical structure of which is implemented by software created on the basis of algorithms developed by the decision maker ( procedural method of solving a problem).
According to I.I. Pilipenko, all kinds of surveys and questionnaires regarding the use of information systems in auditing activities indicate that practicing auditors and audit firms do not sufficiently use specialized programs for auditing. There are factors limiting the use of specialized automated programs in auditing activities. One important factor is the use of general purpose software by audit firms: word processors, spreadsheets, database management systems. Another factor is the lack of awareness among audit companies about automation systems intended for audit activities. The relevance necessitates research into the market for audit programs to determine the need and possibility of their implementation in audit firms.
In the opinion of E.Ya. Goldberg, the “Auditor’s Assistant” program is the first attempt to create a really working audit system, with the aim of solving audit problems at all stages of its implementation is the “Auditor’s Assistant” program. In the literature known to the authors, the audit system model has the following structure:
a) a knowledge acquisition module, which is intended to form a knowledge base. The knowledge base has two components: rule bases and fact bases.
b) rule base, contains procedural knowledge in a standard form.
c) fact base.
d) audit execution module, used to initialize the system and generate audit reports.
In general, there are two strategies in creating audit systems: minimizing the cost of inputting source data; minimizing the risk of missing erroneous actions in financial documentation. The creators of this software application are aware of the complexity of the task undertaken and the inevitable imperfection of its individual parts for the first version. Nevertheless, given the urgent need for such a program, they take the liberty of offering it for practical use.
Currently, the following full-featured audit automation programs are presented on the Russian market: "IT Audit: Auditor" (Master-Soft), ExpressAudit: PROF (TERMIKA Consulting Group), AuditXP "Complex Audit" (Goldberg-Soft ").
Table 3.1
Popular programs for complex automation of audit activities
No. Program Stated purpose
programs 		Manufacturer Year
release
1 IT Audit: Auditor Comprehensive audit automation Master-Soft LLC www.audit-soft.ru 2005
2 ExpressAudit: PROF Comprehensive audit automation system Consulting group "TERMIKA", N. P. Baryshnikov (based on ATP "Code")www.termika .ru 2004
3 AuditXP "Complex Audit" Automation of audit activities "Goldberg-Soft" (based on Turboaccountant)www.auditxp .ru 2005

Forms of audit risks that arise as a result of the use of computer data processing programs:
- technical risks - risks associated with technical issues, methods of processing accounting information that is directly used, the organization of accounting and internal control during the implementation and use of automated information systems. Caused by poor-quality work of technical means, the use of unofficial software, differences in the characteristics of hardware and software, lack of proper general technical service and control.
- risks associated with the procedure for processing accounting data - may be associated with errors in the development of the system, its small circulation, or misuse. Cases of using programs not intended for accounting cannot be excluded. It is the auditors' responsibility to determine whether the client's system is being applied correctly.
- risks associated with accounting and control - caused by insufficient organization of the client’s employees to use the information processing system for accounting data, lack of clear differentiation of the obligations and responsibilities of the client’s employees, dissatisfaction with the formation of the internal control organization, ineffective system of protection against unauthorized access to the information database (absence), loss of data.
- risks associated with the professionalism of the auditor - associated with an incorrect assessment of the system for processing accounting and analytical data, incorrect construction of a test system, and distorted interpretation of facts.
Under different conditions, risks may increase or decrease. It is possible to distinguish between these factors influencing the level of audit risk in the context of automated data processing:
a) The risk of errors and deviations in accounting increases at:
1) dispersal of a computer automated network;
2) large-scale remoteness of computer devices;
3) low level of acquired knowledge of accounting personnel in the field of information technology;
4) lack of an internal control system over the functioning of the environment for computer processing of analytical and accounting data;
b) The risk of deficiencies and deviations in accounting decreases at:
1) implementation of licensed accounting automation programs;
2) implementation and development of timely software;
3) use of special software for automated processing of accounting data;
4) the use of a possible modification of some forms of control through the use of audit automation software specially developed for audit firms;
5) coordinated information policies of the subject with the main use of a computer data processing system;
6) development of a strategic plan and strategy for the development of a system for automated data processing of an economic entity.
The ability to avoid possible errors allows the auditor in his practice to expose the cause of their occurrence, pay attention to some existing issues, and eliminate the impact on the quality and reliability of information.
To implement the above tasks, the auditor must have additional knowledge and skills in the field of computer processing systems for audit data. The minimum requirements for auditors should be knowledge of computer terminology and the ability to understand the sequence of computer operations performed.
Not many auditors believe that computer skills are not necessary in many cases, especially when technical professionals and specialists are involved in the work. Lack of such experience can lead to incorrect formation of conditions for technical specialists and incorrect interpretation of the results obtained. Practical skills in working with numerous automated computer data processing systems are necessary for auditors to support their assessment of the auditee's use of the system.
Among the negative aspects of the Russian computer program market are the conditions that their development occurs without appropriate expertise on the possibility of optimizing control operations; The issue of managing the accounting software market has not been addressed at all. The definition of the problem is that all automated programs that provide accounting must undergo free or independent examination, as well as certification by licensing authorities. After the document is issued by this authority, the computer program can be used in practice. Such a procedure can contribute to the legalization of the Russian accounting software market, determine the potential for using audit operations within a specific program, and reduce the likelihood of errors by program authors and programmers. In addition, this approach will create a real opportunity for organizing auditors to implement control actions in the conditions of automated processing of accounting data, since it will be possible to build an audit methodology in advance, implementing it for a specific program.
Special audit software is developed by audit organizations to carry out various audit tasks. There are three approaches to organizing these programs:
- the first approach carries the greatest risk, it uses a set of texts (worksheets) that boil down to choosing a “yes/no” answer (test mode), while the client’s accounting information is ignored;
- the second approach requires significant time to enter the client’s accounting information; the program is focused on primary accounting information at a synthetic and analytical level;
- the third approach combines the previous approaches.
We have reviewed the main methods for automating the audit process, however, despite their diversity, this problem is quite relevant and unsolved; software creators are currently faced with the task of automating and standardizing the activities of auditors at all stages of the audit: from preparation and planning a general audit to the collection, systematization and execution of final documents in accordance with current standards, while taking into account the industry specifics of domestic enterprises.
For the highest quality, accurate audit of Russian enterprises in modern conditions, we propose to use the AuditXP “Audit Complex” program, which is based on the “Auditor Assistant” program by E. Ya Goldberg, which allows you to create a really working audit system aimed at solving audit problems at all stages its implementation.
Using the AuditXP “Audit Complex” software product, from our point of view, has a number of advantages compared to others:
- automation of audit activities not only of large, but medium-sized, small audit organizations, as well as individual auditors, in accordance with the current federal audit rules (standards) and International Auditing Standards;
- increases the efficiency of quality control of working documentation;
- ensures compliance of activities with auditing and corporate standards;
- application of the standards proposed by this program allows you to improve the professional level and quality of work of auditors through the proper organization of their work;
- the ability to import and export procedures at all stages of the audit has been introduced, allowing auditors to share responsibilities for conducting audits of different sections and work on the road using laptop computers;
- contains more than 500 procedures, forms, reference tables, reports on all stages of the audit.
- proposes to use an original audit methodology, which contains built-in algorithms for calculations, planning, sampling and analysis, selection of types of identified violations and automatic drawing of conclusions for sections of the audit and the final conclusion;
-includes audit quality control methodology, a block of analytical procedures and financial analysis;
-the built-in form editor makes it possible to create new, modified existing forms of audit procedures, as well as completely change the audit program to the internal standards of the organization.
We propose to supplement it with the following materials in future versions:
- a list of common errors during an audit;
- reference information for the most complex sections of the audit;
- section “Analytical part of the conclusion”.
Modern conditions dictate the transition to automated performance of auditor functions, which significantly saves labor costs and auditor time. The implementation of automated audit is based on extensive software that is constantly updated and improved over time. All of the special audit programs discussed above were developed by Russian companies and are widely used today. Each of them is able to ensure the effective implementation of audits, both external and internal (with the exception of AuditModern, since the program is intended only for internal audit). Based on this, when choosing a software product, the main criterion is its cost. Thus, the cost of the products we have considered today is presented in Table 3.2. According to the table, we can say that the most accessible software products for companies are “IT Audit: Auditor” and Audit XP “Audit Complex”.
Table 3.2.
Cost of software products in the field of audit automation

Thus, in conclusion, I would like to note that the introduction of automated systems into the activities of audit firms is a necessity. The use of specialized licensed software will help improve the efficiency and quality of work provided by the audit firm.

Implementation of an IT solution for internal audit will help cope with a large volume of data from the accounting system

Any automation allows you to save labor costs on standard operations. Internal audit is no exception. It can be automated in the following ways:

  • specialized domestic developments - “Complex Audit” (developed by Goldberg-Soft), “IT Audit: Auditor” (Master-Soft), “Express Audit” (Termika), AuditNET of the company of the same name;
  • in practice, modules of ERP systems are most often used, from foreign SAP, Oracle and Microsoft to domestic ones “1C”, “Compass”, “Parus”.

Fundamentally, internal audit automation involves obtaining data and creating reports based on it. The approach to automation is similar to any IT implementation project. At the beginning, the goals and objectives that the internal audit department solves are established, then its functional responsibilities are revealed. All business processes accompanying the solution of these problems are prescribed. It immediately becomes clear which department functions are standardized and therefore amenable to automation. Based on the received descriptions, a technical specification is drawn up.

The functional responsibilities of the internal audit department, including its standard functions, are primarily determined by positions in the company:

  • in Russia, the most common subordination is to the financial director (see diagram No. 1);
  • much less often, he reports directly to the general director (see diagram No. 2);
  • in public companies, the internal audit department must report directly to the audit committee of the board of directors (see diagram No. 3). Moreover, committee members should not hold management positions in the company.

Only the third option for the location of the audit department in the company's hierarchy ensures independence of judgment.
The data sources for the software solution that automates the activities of the department will be department databases without the possibility of making changes to them. Since there are no standards and recommendations for the construction of internal audit, each company composes them independently.

Explains the situation GALINA SHAFRONSKAYA, Chief Methodologist of the Department of Audit Methodology and Quality Control at BDO Unicon:
“There are recommendations from the Federal Financial Markets Service regarding a code of corporate conduct and the creation of internal audit departments in all public companies. But if in the USA there is an institute of internal auditors and corresponding standards for their work, then in Russia this process is at the stage of development.”

Control it yourself

Distancing from the issue of objectivity of control, if the internal audit department is subordinate to a financial unit, then the source of data for it will be the accounting system of the “heading” unit. In practice, the real needs of the enterprise will elude the auditor.

EXAMPLE 1
The Korovushka dairy plant experienced difficulties with reporting due to untimely reflection of transactions in the accounting system. An internal audit department was created, which reports to the financial director. The main task of the department is to control the timeliness of receipt of primary reports. Standard control points in this situation are the date of preparation of the primary document and the date of its entry into the accounting system. Thus, the primary document from the workshop where raw materials are released into production must enter the accounting system at a certain time, preferably on-line. The source of data for the software solution that automated the work of the internal audit department was the indicators of the document flow system and the financial accounting system. The tasks of the department that cannot be automated included issues of methodological development and issuing recommendations.

Here, automation helped save department labor costs. However, with this formulation of the task, the internal audit department ceases to be the body that controls the correctness of the preparation of financial statements. The results of its activities will not be useful to external auditors. While maintaining subordination to the financial director, such a department cannot be tasked with verifying the truth of the statements.

EXAMPLE 2
The general director of the Ivushka company wanted to establish timely release of reliable reporting. An internal audit department was created within the financial division. Standard control points are items of planned and actual budgets. The source of data for the program that automated the audit was budgeting and accounting systems.

The company's budget for the quarter included, among other things, the following:
– current expenses in the amount of 100 thousand rubles. However, an unexpected equipment breakdown increased them to 200 thousand rubles. In order for the fact to correspond to the plan, the accounting department recorded 100 thousand rubles in the current statements as expenses of the period, and the remaining 100 thousand rubles remained in advances issued and were reflected in the costs of the next quarter. The error was identified by the audit department during fact verification with primary documents;
– revenue of the Product Sales division in the amount of 2 million rubles. If the plan was fulfilled, the management of the company's functional divisions was rewarded with a percentage of revenue. Actual management and accounting reporting showed the fulfillment of this indicator. The internal audit department, checking the primary payment documents with the reporting, revealed that the accounting department reflected in the current quarter as the actual shipment of the current quarter 1.89 million rubles and the shipment of the next quarter in the amount of 110 thousand rubles.

Thus, the audit department verified the correctness of the fact, but not the plan. It turned out to be impossible to assess the objectivity of planned indicators, since data on the performance of functional units is not transmitted to auditors.

Tells TATYANA KOLODCHENKO, financial controller of the company "Medical Russia and CIS":
“My division is functionally subordinate to the company’s financial director and controls the correctness of the formation of financial statements both under RAS and IFRS, as well as the planning process. To manage planning, the Cognos EP product is used; fact reconciliation occurs in Excel. The company is now planning to automate this process.”

General Accountability

The option of reporting to the general director provides for greater control. However, then the activities of the head of the company fall out of the sphere of influence of the internal audit department - the audit concerns only lower-level managers. In this case, control points are located in all departments, which significantly increases the amount of information processed compared to the previous version. It is not the quality of company management that is assessed, but the diligence of subordinates. Critical points here may be:

  • targeted spending of funds;
  • objectivity in the selection of suppliers and clients;
  • formation of product prices.

In other words, all those areas where management has opportunities for abuse. During control, the internal audit department will periodically review primary information, analyze the plan-fact, check the presence of permitting signatures, the correctness of closing the period, monitor the marketability of prices and competitive conditions. In this case, plan-actual reconciliation and monitoring of external data, for example, using systems for searching unstructured information on the Internet, can be automated. What will remain outside the system is checking the originals of primary documents and searching for the reason for choosing not the most profitable supplier.

Tells OLGA SEMENKOVA, Head of the control department of the Bryansk medical center "Paracelsus":
“The main reason for creating my department, reporting directly to the CEO, is the lack of transparency in the process of selecting suppliers of medicines and consumables. As a result, overexpenditure on these items amounted to 20%. In addition, lack of control provoked abuse, and in business conditions the system of kickbacks has no right to exist.”

Life by the rules

If the internal audit department reports to the board of directors, then most often this means that the company is public or is preparing to become so. Audit automation allows you not only to save the labor costs of internal auditors, but also to simplify the external audit procedure.

Explains GALINA SHAFRONSKAYA:
“International Standard on Auditing ISA 610, Use of Internal Audit Work, states that external auditors, in determining the scope of their procedures, and therefore the cost of the audit, may examine the client's control system, including the independence, functions and output of internal audit. If external auditors find that the tasks performed by their “internal” counterpart, the goals it achieves, and management's response to internal audit reports are acceptable to the external auditor's work, then the external auditor may rely on the internal audit findings and reduce the scope of its detailed procedures. But so far the functions of Russian internal auditors and what they do do not allow us to rely on their work or take it into account when planning external audit procedures.”

Automation leads to a reduction in labor costs for internal audit department employees, helping the company save resources. But under certain conditions, the implementation of an IT product is simply necessary. For example, one of the company's activities, controlled by the internal audit department, is characterized by too much data. It is not possible to check the information manually. A similar situation arises among telecommunications service providers, where a huge amount of data from billing systems serves as a source of information about the services provided.

EXAMPLE 3
MTS shares are traded on the New York Stock Exchange, so the company is required to comply with the requirements of the Sarbanes-Oxley Act. MTS works in the ERP system Oracle e-Business Suite. To automate internal audit, the Oracle ICM module was introduced. It provides department employees with access to various databases generated using specialized modules and business applications. Including the billing system.

Automation of internal audit in companies operating within a complex corporate information environment will include points of control over the operation of information systems.

Errors in selection

When choosing a software product, the most common mistake is the lack of strict system requirements. The variety of offers and the low cost of domestic solutions can provoke a hasty choice and purchase.

The auditor tells EVGENY MURMANTSEV:
“My company acquired the domestic software product “Complex Audit”. All reporting forms, including Form 1 of the balance sheet (OKUD 0710001), profit and loss statement, statement of changes in capital, statement of changes in cash, Form 5 of the appendix to the balance sheet, are built for non-budgetary organizations. We check mainly budgetary enterprises, therefore the balance sheet and reporting forms must be generated according to OKUD 0503001: balance of execution of the estimate of income and expenses F.1 OKUD 0503001, balance of execution of the estimate of income and expenses F.1.1 OKUD 0503003, report on execution of the estimate of income and expenses of institutions and organizations financed from the budget of the constituent entities of the Russian Federation and local budgets F.1nn OKUD 0503010. Now we want to add these forms to the program.”

A representative of the developer company Goldberg Soft explains the situation:
“The program is focused on conducting audits of commercial organizations. Adding reporting from budgetary organizations to it is possible, but this will lead to a serious change in the audit methodology. The solution automatically forms an opinion on the reliability of a particular reporting line and checks the compliance of the balance sheet data of the audited entity with the data of its accounting database. Obviously, when the reporting form changes, these algorithms must also change. Otherwise, the audit automation program will simply turn into a set of automatically filled out forms and nothing more.”

Another common mistake is lack of forethought. When installing such software, not all companies think about further support for its performance. It is important to make a practical move - to include an employee in the project team who will subsequently continue working with the system.




AuditModern SYSTEM SOLUTION FOR INTERNAL AUDIT AND CONTROL SERVICES Developer: AKG “Integrated Business Service” AuditModern is a Russian program for automating the activities of Internal Audit and Control Services: Provides risk-oriented internal audit using the principles and conceptual approach of the COSO model. Assists Internal Audit to operate in compliance with International Standards on Internal Auditing and Internal Control to conduct activities to ensure compliance with Sections 302 and 404 of the Sarbanes-Oxley Act (SOX). Takes into account the features of internal audit, internal control and the specifics of doing business in Russia and the countries of the post-Soviet space. Accumulates the experience of internal auditors of leading companies, financial institutions, banks of Russia and the CIS countries (the System already contains methods and specifics of more than 160 technical assignments for the automation of internal audit and internal control services). Offers a conceptually new approach to internal audit.


Why did the task of automation arise? Increasing information flows. Requirements for the speed of information processing and decision-making are increasing every day. The lack of trained and competent specialists poses the task of typing and preserving previous experiences. The requirements of regulators and management companies require a large volume of reporting documentation and a quick response to requests.


In the context of international integration, there is a need to follow the strict requirements of international internal audit standards. Compliance with them is impossible without the use of specialized automated systems. Why is automation necessary?




Selection of automation system parameters Correct setting of automation goals and selection of automated functionality Platform / programming language Possibility and depth of integration with external applications and databases Implementation of automation on your own or use of a ready-made product Cost of purchasing or creating a system




A specialized system - unlike Excel or Access: This is a life-supporting system for a company, which stores a complete history of customer relationships and is capable of simultaneously managing the quality and results of employee work. Online and off-line reports at any time in any sections. Concurrent users. Friendly interface. Possibility to raise information at any time. Automation of activities through business processes. Integration with other company systems. A single information repository with high levels of information security. The most powerful data protection analytics. Application Automation Tools


Automation of internal audit and internal control systems as a component of company automation: The tasks of internal audit include: Checking and assessing the effectiveness of the internal control system (i.e. “control over control”). The principles of internal audit independence make it impossible to audit within the system. In order to search and find violations, errors and distortions for a valid assessment of the actual effectiveness of the internal control system, the auditor must be “outside the system”, with his own tools not related to the system.


Over the 9 years of experience of our company, we have been contacted more than once after unsuccessful experiences in creating their own programs by companies that are not specialized software developers (large audit companies tried to create a program to automate their activities based on their own experience, internal audit firms of large holdings created a program for their service) . Companies have spent significant resources, but no ready-made solutions have emerged that can satisfy all users, even within the same company. The development of the AuditModern system took more than three years, taking into account the allocation of resources of auditors, methodologists and programmers. In order to create the System, a large amount of experience from various companies and different approaches has been reworked. Further work is being carried out to improve and improve the System, which is being released in new versions as part of user updates. Own development within the company


In Russia and the CIS countries, AuditModern is currently the only program for automating VA and VC services, adapted to our national specifics. Specialized software In the West, the number of users of systems of this level is more than 120 thousand.




The cost of owning AuditModern is several times cheaper (purchase, updates, implementation, support). The initial cost of purchasing AuditModern is 3 times cheaper than similar Western models. User support (a large number of partners in Russia and the CIS countries). The specifics and realities of the conditions of the post-Soviet space are taken into account. Contains methods and practical developments of more than 160 technical topics. assignments of NEA Russia and CIS countries. Western systems that automate internal audit activities






Activity planning Business surveys - identifying risks: In the System, by software, or Web form
















Basic principles Risk-based approach to internal audit Audit scheduling, resource allocation Use of audit engagement templates, briefs and working papers Shared knowledge base, archiving Management reports and schedules




Development Using numerous past experiences and knowledge to conduct an audit Introducing changes to the System of new regulations and instructions regulating the activities of the Internal Audit Service Easy and convenient customization of any reports, graphs and diagrams Rigid assignment of roles, rights and powers


The system ranks the risk as high/medium/low depending on its significance. Risks that exceed the risk appetite are flagged for inclusion in the annual/quarterly audit plan. Next, the head of the Internal Audit Service edits the annual/quarterly audit plan, indicating the objectives of the audit, timing, volume, employment of specialists and other necessary parameters. Risk map and annual plan The risk manager (risk management department), and in the absence of such positions - the internal auditor himself (Internal Audit Service) in accordance with past experiences (reports on past audits) - identifies the main risks present in the Organization (Holding) . Next, it classifies them and assesses the likelihood of occurrence and the consequences/impact of these risks, sending questionnaires to the owners of these risks.


Planning an audit assignment The audit manager creates audit assignments using templates for audit assignments (from the Methodology section). Next, he assigns performers to work and details the execution of the work in accordance with the skill level of the performer (or removes unnecessary details added automatically from the audit template).


The auditor carries out the audit procedures assigned to him and records the results (saves audit evidence in any format in the appropriate folder: Word document, Excel, audio, video recording, scanned document, photo, link to a file posted in publicly available resources). Audit






Necessary correspondence with officials and employees of the organization, as well as with external organizations (except personal) are automatically saved in a common database for use and further work by a specialist whose access level allows the use of this information. Sync data with Outlook


Among other auditor tools in the System, it is possible to formalize questions and answers in a questionnaire, which can be filled out both by the auditor himself, interviewing employees of the Enterprise, and by the employees to whom the questions are intended, using the System independently. Questionnaires, risk assessment In this case, the result of filling out the questionnaire will be a risk assessment: high/medium/low, or another gradation depending on your internal standards. In addition, when surveying more than one person, it is possible to combine responses into majority response graphs.


If it is necessary to convey relevant homogeneous information to the right people, the System provides templates for letters that are automatically generated and filled with information on the situation, as well as a mass mailing module: Alerts and mass mailings And the most important tasks will be highlighted in reminder mode at the appropriate time to the appropriate executor - user of the System .


Recording violations, deviations, shortcomings and comments The auditor records shortcomings identified in the process of performing audit procedures. Defects are classified in a certain way and, if necessary, added to the database of defect templates for further use. When fixing a deficiency, a potential (existing) risk is determined. The auditor identifies the risk associated with the identified violation, thereby supplementing (correcting) the risk map. Upon completion of the project, the audit manager assesses the impact and consequences of the occurrence of the risk(s).


Next, the auditor writes recommendations for correcting violations, addressing the recommendation to the official responsible for this business process. Following the recommendation, the official notes the result of its implementation in the System. Monitoring the implementation of recommendations allows you to receive feedback from the Enterprise in order to revise the risk map and the annual audit plan for the following periods. Auditor's recommendations







The auditor enters all agreed upon questions on various types of risks and business processes into a common knowledge base, ready-made phrases from which are then used when writing recommendations, comments, and for the audit report. Consensus questions, knowledge base


All norms and rules, in order to streamline the work and quickly enter the position of a new employee, are entered into the audit library, excerpts and quotes from which auditors use during their work. The quick search and filtering system allows you to quickly find the desired typical phrase from a huge knowledge base. In-house teaching materials




The auditor's report is generated upon completion of the audit in the form in which managers are accustomed to seeing the report, while its generation by the auditor takes no more than a minute: after all, all the text has already been written when performing the procedures. The system only automatically reduces record to record sequentially. If necessary, you can generate reports: Separately on completed / not implemented recommendations; Significant / non-significant shortcomings; In terms of the company's business processes; With the total amount of financial consequences for the Enterprise (subject to entering this information at the time of verification); Another filter that is necessary to perceive the text. Auditor's report


Services Consulting and methodological services for audit companies. Sales, implementation and support of software products for auditing activities. Setting up software to in-house standards, updating products. Organizing and conducting seminars and round tables to familiarize staff with software for auditors. Training of personnel to work with programs in the client’s office, support in the form of on-line consultations. Conducting various seminars and trainings on current topics in auditing.

The AVACOR platform solution is a Russian development that meets international standards. It allows you to automate the full cycle of internal audit and control processes (including their planning, implementation and analysis of results) in accordance with the International Professional Standards of Internal Auditing. The product is suitable for solving problems of both small and medium-sized businesses and large distributed companies with a complex organizational and territorial structure.

The solution provides centralized storage, processing and access to operational information on the processes of conducting internal audits and analyzing completed checks. It allows you to generate both reporting documents using standardized templates, as well as operational and analytical reports for different periods of time and in different sections.

AVACOR is a solution for companies that have their own internal audit service. The platform will provide automated information support for all processes in the internal audit life cycle.

System scalability allows you to choose an effective configuration that takes into account the characteristics of communication channels, the architecture of servers and workstations: three-level configuration, operation via the Internet or terminal access.

The AVACOR solution is included in the Unified Register of Russian Programs for Electronic Computers and Databases.

Functionality:

  • Activity planning and resource management.
  • Planning audits.
  • Performing internal audits.
  • Planning the implementation of audit recommendations.
  • Registration and analysis of internal audit risks.
  • Data analysis and generation of analytical reports on inspections.
  • Administration.
  • Supporting the process of reconciliation and approval of reporting.
  • Support for user work in the System.

Advantages:

  • Unification and standardization of documentation for clear regulation of planning, conducting and recording the results of inspections (audits).
  • Monitoring the implementation of audit procedures.
  • Systematization of information on inspections (audits) performed.
  • Improving information analysis tools for making management decisions.
  • Identification of dynamics of specific types of violations and shortcomings of the internal control system.
  • Promptly obtaining information on identified violations and deficiencies in the context of: objects of audit and control (business processes, divisions and subsidiaries), employees who carried out a specific inspection (audit), etc.
  • Increasing the efficiency of decision-making and information transfer.
  • Ensuring the security and confidentiality of information.

2018: Cooperation with RusRisk

As you know, in 2016, the Digital Design company released to the market a solution for automating internal audit, control and risk assessment, called AVACOR. Internal audit experts took part in the work on the solution. “One of the modules of the AVACOR system is “Risk Management”, designed to automate processes from risk assessment to monitoring the implementation of measures to reduce them. For the further development of the functionality of the module and the system as a whole, it is important to take into account modern trends and the needs of the professional society, therefore we see huge potential in cooperation with RusRisk in this direction,” says Ruslan Abdrakhmanov, head of the AVACOR Digital Design business line.

Other aspects of this cooperation are the examination and development of standards and GOSTs within the framework of technical committee 010 “Risk Management” of Rosstandart, as well as the opportunity for IT company specialists to undergo national and European certification and improve their competencies in the field of risk management.



We recommend reading



Related Posts