Defining the Scope for an Internal Audit Project

Overview

Users in the Internal Audit Leads/Managers user group must scope an Internal Audit Project to define which processes, risks, controls, and tests should be used in the Audit.


User Account Requirements

The user account used to log into Resolver must be added to either the Internal Audit Leads or Internal Audit Managers user group.


Required Information/Setup

Before creating an Internal Audit Project, you must first assess what elements you want to Audit, create an Audit Plan, and manage the plan by advancing the plan through the different statuses until the plan is Active.

You must first create an Internal Audit Project before. Please follow the link below for instructions on how to Create an Internal Audit Project:

You can manually add additional Risks, Controls, or Tests to an Internal Audit Plan.


Navigation

Note: 
Your username or user group must also be in the Internal Audit Lead or Internal Audit Staff fields on the Audit Team section within the Internal Audit for the Audit to appear on your user's My Tasks section.

Audit Team Section

  1. From the Resolver Home screen My Tasks section, click on an Internal Audit Project in the Planning stage.

My Tasks Section - Internal Audit Project

Tip:
If multiple tasks exist, use the Sort or Search functions to narrow the task list.

My Tasks - Navigation Options

  1. From the Internal Audit Project screen, scroll to the Define and Review Audit Scope section and select the Define Audit Scope button.

Define and Review Audit Scope Section

Alternate Navigation

  1. From the Resolver Home screen, click the Home drop-down and select the Internal Audit Management link.

Home Drop-Down

  1. From the Risk Assessment screen, click on the Audit Plan tab.

Audit Plan Link

  1. From the Audit Plan screen, click on an Internal Audit Plan with a Not Started state from the Pending Audits section.

Pending Audits Section

  1. From the Internal Audit Project screen, scroll to the Define and Review Audit Scope section and select the Define Audit Scope button.

Define and Review Audit Scope Section

Defining the Scope for an Internal Audit Project

  1. From the Define Audit Scope screen, use the following Filters options to narrow down the process list:
  • Filters:
    • By Name: Filter the process list by process name.
    • By Assessment Type: Filter the process list by assessment or object type.
    • By Dimension: Filter the process list by assessment element (e.g., Quarter, Object Type, etc.). After you select a Dimension from the dropdown list, an additional dropdown field will appear under the By Dimensions field that corresponds to the selection you made in the By Dimension field (e.g., if you select annual, a By Annual drop-down field will appear). You must also select an option from the additional field to apply the filter to the process list.
    • By Description: Filter the process list by process description.
    • By Unique ID: Filter the process list by unique object IDs connected to a process.
    • By State: Filter the process list by workflow state (Active, Archived, etc.).
  • Location Filters: Allow you to filter the process list using location parameters (e.g., Address, City, etc.).
  • Attachment Filters: Allow you to filter the process list using attachments.
  • By Narrative (Plain Text): Filter the process list by plain text narratives.
  • More Filters: Filter the process list with additional filters based on the focus object type (e.g., plain text fields, select lists, and multi-select lists) 

Filters

  1.  Press the Enter key on your keyboard to apply the filter to the process list.
  2. Click the beside the filter in the Filter Selection field to remove the filter from the search criteria. 

Removing a Filter field

  1. Add a Process (or processes) to the Internal Audit Project by clicking the Add link next to the process.
  • A Process is a set of interdependent actions or operations that make up the overarching area/activity that is reviewed during the Audit (e.g., Procure to Pay, Accounts Receivable/Revenue, Inventory or Fixed Asset, etc.).

Note:
Using large data sets (e.g., compliance frameworks, over 2000 scoped objects, etc.) within an assessment may create timeouts and cause errors.

Define Audit Scope Screen

  1. Remove a process by clicking the Remove link on the Process View. The Remove link will appear in place of the + Add link.

Remove Link

  1. An Assessment link will appear under a Process View if process results from a previous audit assessment are available to pull into the current audit. Please see Assessment Link - Using Previous Process Results (Optional) the section for further information.
  2. Click the Object Review banner at the bottom of the screen to open the Assessment Navigation screen.

Note: 
From the Assessment Navigation screen, to go back to the Define Audit Scope screen, click on the Object Review banner that will appear at the top of the Assessment Navigation screen.

Object Review Banner
  1.  From the Assessment Navigation screen, click the Expand icon on the Filter section to expand the Filter drop-down.

Expand Icon

  1. From the Filter drop-down, select an Object Type from the Select object type to filter tree with dropdown menu.

Filter Dropdown

  1. A Confirmation screen will appear. Click the OK button. The Filter Option fields (e.g., plain text, select list, and property filters) will change according to the Object Type selected.

Note:
If you do not change the Object Type, the Confirmation screen will not appear, and you will need to enter information in the Filter Option fields of your choice.

  1.  Click the Less icon to close the Filter dropdown.
  2. Click the Expand icon on the Navigation Tree to expand the nodes and display sub-category relationships, risks, or controls added to the scope. For further information on adding additional Risks, Controls, or Tests to the Internal Audit Project, see the Adding a Risk, Control, or Test to an Internal Audit Plan article.

Tip:
Each object on the Navigation Tree has a unique monogram at the beginning of the Object's Name that identifies the Object Type, P - Process, R - Risk, C - Control, and T - Test.

Object Monogram

Expand Icon

  1. Click an Object Name on the Navigation Tree. The Overview pop-up will appear, allowing you to review, edit, or add any of the following requirements depending on the object selected:

Click an Object Name

  • Process: A Process is a set of interdependent actions or operations that make up the overarching area/activity that is reviewed during the audit.
    • On the Process Review pop-up, you can view, edit, or add Process Details, Attachments, Sub Processes, Risks, Controls, etc.
  • Risk: A Risk represents the potential that an unexpected event may impact the organization.
    • On the Risk Overview pop-up, you can view, edit, or add Risk Details, Controls, Key Risk Indicators, Contributing Factors, Incident Type, etc. For further information on the Risk Overview pop-up.
  • Control: A Control is a tool or policy that manages risk.  
    • On the Control Overview pop-up, you can view, edit, or add Control Details, Attachments, Sub Processes, Risks, Controls, etc. For further information on the Control Overview pop-up.
  • Test: A Test ensures existing controls are working or determines if a new control is required.
    • On the Test Overview pop-up, you can view, edit, or add Test Details, Attachments, Sub Processes, Risks, Controls, etc. For further information on the Test Overview pop-up.
  1. Uncheck the Checkbox beside an object you want to remove from the scope. By default, all objects are selected. Unchecking an object (e.g. process) in an upper node will automatically uncheck the objects (e.g., risk, controls, test) in the nodes below it.
  1. Click the Confirm Scope button.

Confirm Scope

  1. A Confirmation screen will appear. Click the Yes button to confirm and return to the Audit Details form. 

Confirmation Screen

  1. The Audit Plan screen will appear. Depending on the number of objects selected, you may receive a system notification banner, indicating the request is still processing. 

System Notification Banner

  1. Users can navigate away from the screen and will receive a system notification when the process is complete.

An Assessment link will appear under a Process View if process results from a previous audit assessment are available to pull into the current audit. By pulling in previous process results, you can compare the previous and new process results to determine if a remediation audit is required to address any issues in the last audit. You can also compare previous process results in future audits to the new process results to determine if the issues were addressed.

Note:
An Assessment link will only appear if the process was included in a previous audit assessment.

  1. From a Process View, click the Assessments link.

Assessment Link

  1. Click the + Add link to add the previous process results to the audit.

+ Add Link

Tip:
For more information about the previous process results, hover your cursor over the More Information icon beside the Audit Project Name.

More Information Icon