Review an Internal Audit's Controls

Overview

When an Internal Audit Project moves from the Planning stage to the Fieldwork stage, members of the Internal Audit Leads/Managers and Internal Audit Staff user groups will receive an email notification from noreply@resolver.com, indicating that the Internal Audit Project is available for Controls review. If the email does not appear in your Inbox, please search another email folder (e.g. Junk, etc.).

Planning Stage System Email Notification

Click the Click the link below to access link to access the Audit Project. If you are not logged into Resolver, you will be redirected to the Resolver Login screen before the Audit Project.

Internal Audit Staff can review the controls attached to the project. Resolver recommends that a control is reviewed after all attached tests have been reviewed.

All internal audit projects that require action will also appear on the user's My Tasks section on the Home screen.


User Account Requirements

The user account used to log into Resolver must be added to the Internal Audit Staff user group.


Related Information/Setup

Please refer to the Adding an Existing Test, Document Request, Policy, or Issue to a Control article for more information on adding an existing element to a control.

Please refer to the Adding a New Policy to a Control article for more information on adding a new policy to a control.

Please refer to the Adding a New Document Request to a Control article for more information on adding a new document request to a control.

Please refer to the Creating a New Related Data Entry article for more information on adding related data to a control.

Please refer to the Submitting a Policy for Review article for more information on submitting a policy for review.


Navigation

All Internal Audit Projects that require action will also appear on the user's My Tasks section on the Home screen. However, Resolver recommends you access Controls through Internal Audit Management for ease of navigation.

Alternate Navigation

  1. From the Home screen, click the Home dropdown and select the Internal Audit Management link.

Home Dropdown

  1. From the Risk Assessment screen, click on the Fieldwork tab.

Fieldwork Tab

  1. From the Fieldwork screen, click on the Internal Audit report name that contains the Control Test you want to perform from the Audits in Progress section.

Internal Audit Report

  1. From the Audit Project Overview screen, click on the Expand icon on the Navigation Tree to expand the nodes until you find the desired control.
  2. Click the control to open the Control Details tab. Controls are indicated with a C icon next to the control name on the node.

Control Node

  1. Click the Collapse Icon to collapse the Navigation Tree.

Collapse Icon


Review an Internal Audits Controls

  1. (Optional) Edit the control Description outlining further details or instructions.

Description Field

  1. Enter a username or user group name in the Control Owner field and select a user or user group from the Control Owner dropdown menu. The Control Owner field indicates the user or user group responsible for the Control. Multiple owners can be assigned to a single control if desired.

Control Owner Dropdown Menu

  1. Select the team that will be responsible for preforming tests on the control from the Tested By dropdown menu.

Tested By Dropdown Menu

  1. From the Control Attributes section view/edit the following attributes:
  • Key Control: Select a Key Control type from the dropdown menu:
    • Key:  A Key Control refers to a high-risk Control which can cause a process to fail.
    • Not Key:Not Key (Non-Key) Control refers to a low-risk Control which does not have the potential to cause a process to fail.
    • N/A: Not Applicable

Key Control Dropdown Menu

  • Frequency: Select how often the control should be performed.

Frequency Dropdown Menu

  • Assertions: Select an Assertion type from the dropdown menu.
    • Rights and Obligations: An account balance Assertion type that tests if the entity being audited has ownership rights or benefits from assets listed on the financial statement at the date of reporting (e.g., examination of the title deed).
    • Existence or Occurrence: The balances of assets, liabilities, and equity exist at the date of reporting and states that all transactions are business related.
    • Completeness: An account balance Assertion type that concerts the completeness of transactions at the date of reporting.
    • Valuation or Allocation: An account balance Assertion type that tests if the financial statements are correctly valued based on the application accounting standards or accounting policies that are used by the entity.
    • Presentation and Disclosure: An Assertion type that presentation and disclosure of financial statement information at the reporting date.

Assertions Dropdown Menu

  • Prevent or Detect: Select an Audit type from the dropdown menu:
    • Prevent: A Preventive Audit type attempts to identify the risks before they occur.
    • Detect: A Detective Audit type identifies the risks after they occur.


Prevent or Detect Dropdown Menu

  • Automated Control: Select an Automated Control from the dropdown menu:
    • Manual: A Control that is performed by an individual (e.g., Supervisor) without using an automated system (e.g., Supervisor Review).
    • System Dependent: A Control that is performed by an individual with the aid of an automated system (e.g., a system-generated report that requires human intervention for review).
    • Automated: A Control performed by a system or software designed to prevent or detect risks (e.g., two-factor authentication).

Automated Controls Dropdown Menu

  • Information System: Enter an Information System Name (e.g., ERP, HRIS, etc.) in the Information System field and select an Information System from the dropdown menu mapping the Information System to the Control.

Information System Dropdown Menu

Testing Summary Tab

  1. The Testing Summary tab allows users to view a test summary, add existing test, or create a new test to add to the control.
    • Test Unique ID: The test's unique ID which is used to identity the test throughout the system.
    • Name: The tests name.
    • # of Samples Tested: This field displays the number of Control samples tested.
    • # of Samples Failed: This field displays the number of Control samples that failed.
    • Working Papers: The Working Papers field displays connected supporting document files. Click the Working Paper link to download a copy of the attached working paper.
    • Test Results: The Testing Results field displays the overall results of the audit test.
      • Not Tested
      • Not Effective
      • Partially Effective
      • Effective
    • Click the X next to a test to remove it.
    • Add Existing Test: Click the Add Existing Test link to add an existing test to the control.
    • + Create New: Click the + Create New link to create a new test to add to the control.

Test Summary Test Links

  1. Enter the number of samples you plan to test with this control in the Total Samples Planned field.

Total Samples Planned

  1. Explain why you picked that number of samples in the Sampling Justification field.

Sampling Justification Field

  1. The Test Charts, % of Samples Tested and % of Samples Failed, display a summary of samples tested and percentage of samples failed for this particular control.

Test Charts

  1. Enter a test results summary in the Testing Summary field.

Testing Summary Field

  1. Select a Design Effectiveness test result from the Design Effectiveness dropdown menu to indicate the effectiveness of the test's design.

Design Effectiveness Menu

  1. Select an Operating Effectiveness test result from the Operating Effectiveness dropdown menu to indicate the effectiveness of the test's operation.

Operating Effectiveness Menu

  1. Add supporting document files (up to 100 MB per file) to the Audit by dragging and dropping the files in the designated area or selecting a file from the connected PC, the following file types .bat, .exe, .gif, .sh, .dll, and .com cannot be uploaded. You can also add web links to supporting documents by clicking on the Click to add a web link to a file. Enter a Display Name and URL Link on the Web Link pop-up and click the + Add Link button to add a web link.

Support Attachments Field

  1. (Optional) Click the More icon on the uploaded file card to upload new version, rename, delete, or check version history.

More Icon


Document Requests Tab 

  1. From the Testing Summary tab, click the Document Requests tab.

Document Requests Tab

  1. From the Document Requests tab, users can view a document request summary, add existing document request, or create a new document request to add to the control.
    • Document Unique ID: The document request unique ID which is used to identity the document request throughout the system.
    • Name: The document request name.
    • Due Date: The date the document request is due.
    • Documentation Attachments/URL: The document request or document request URL. Click the Documentation Attachments/URL link to download a copy of the attached working paper.
    • Workflow State: The current workflow state of the document request.
    •  Add Existing Test: Click the Add Existing Document Request link to add an existing document request to the control. 
    • + Create New: Click the + Create New link to create a new document request to add to the control.

Document Request Tab

Related Data Tab

  1. From the Testing Summary tab, click the Related Data tab.

Related Data Tab

  1. From the Related Data tab, users can view a related data summary including risk, policy, citation, and requirement data.
    • Risk Table:
      • Risk Unique ID: The risk's unique ID which represents the risk throughout the system.
      • Name: The risk name. Click the Risk Name to open the Risk pop-up for further details.
      • Inherent Risk Score: The Inherent Risk Score is a baseline indicating the severity of the Risk. The Inherent Risk Score is calculated using Likelihood x Impact = Inherent Risk Score.
      • Control Effectiveness: The risk's control effectiveness score which is how effective the control is at preventing the risk.
      • Residual Risk Score: The event's residual risk score which is the amount of risk left after a control is in place.
    • Policy Table:
      • Policy Unique ID: The policy's unique ID which represents the policy throughout the system.
      • Name: The policy name. Click the Policy Name to open the Policy pop-up for further details.
      • Last Review Date: The last time the policy was reviewed.
      • Workflow State: The policy's current workflow state.
      • Add Existing Policy: Click the Add Existing Policy link to add an existing policy to the control. 
      • + Create New: Click the + Create New link to create a new policy to add to the control.
    • Citation Table:
      • Citation Unique ID: The citation's unique ID which represents the citation throughout the system.
      • Name: The citation name. Click the Citation Name to open the Citation pop-up for further details.
    • Requirements Table:
      • Requirements Unique ID: The requirement's unique ID which represents the requirement throughout the system.
      • Name: The requirement name. Click the Requirement Name to open the Requirements pop-up for further details.

Related Data Tab

Sampling Guidance Tab

  1. From the Testing Summary tab, click the Sampling Guidance tab.

Sampling Guidance Tab

  1. The Sampling Guidance tab provides users with the sample size required to provide reasonable assurance.

Sampling Guidance Table

Aduit Findings 

  1. From the Testing Summary tab, scroll to the Audit Finding section.
  2. The Audit Findings table allows a user to record any issues that were discovered during testing. 
    • Issues Unique ID: The issue's unique ID which represents the issue throughout the system.
    • Name: The risk name. Click the Risk Name to open the Risk pop-up for further details.
    • Date Identified: The date the issue was identified.
    • Due Date: The issue's due date.
    • Priority: The issue's priority indicating the severity of the Issue (e.g., Low, Medium, High, or Urgent).
    • Workflow State: The issue's current workflow state.
    • Add Existing Policy: Click the Add Existing Issues link to add an existing issue to the control. 
    • + Create New: Click the + Create New link to create a new issue to add to the control.

Aduit Findings Table