Database Reference
In-Depth Information
Once the audit engagement is approved by the CAE, any modifications, as
appropriate, during the engagement require a formal approval by the CAE.
Next, the Audit Director communicates the audit engagement information to the
managers that are responsible for risks, processes, and controls within the scope
of the engagement. The managers need to know about the engagement targeting
their area of responsibility so that they can prepare the necessary documentation
and participate in the scheduled audit meetings. The management is informed of
the engagement objectives, scope of work, resource requirements, and timelines.
Management is notified of any key factors impacting conditions and operations
of the business area within the audit scope, including any changes in internal and
external environment.
The level and frequency of communications during the audit engagement is based
on the audit communication and reporting policies established by the CAE.
Managing audit plan using Oracle GRC
Manager
The InFission Chief Audit Executive (CAE) and Audit Directors use Oracle GRC
Manager to manage audit plans. GRC Manager supports key audit management
activities, such as documenting the objectives of the engagement, selecting the
controls, mitigating risks within each business process in scope, and so on. Audit
Directors create detail audit work plans in GRC Manager to document the audit
task details for collecting, reviewing, and documenting test samples. The test
evaluation framework is also maintained in the application to manage the test
results and categorize the findings. All audit plans are approved by the CAE
using the workflows in GRC Manager.
Managing audit plans in GRC Manager consists of the following steps:
Create
Template
Create Plan
Select
Scope
Select
Perspective
Add
Criteria
Submit for
Approval
Search WWH ::
Custom Search