The Internal Audit module is designed to help the Internal Auditors manage an engagement all the way from planning to reporting and monitoring, while utilizing up to date risk and control data throughout the process. The module is split into these functions: Planning, Scheduling, Execution, Reporting and Monitoring. The following are among the many features available in this module:
- The audit planning and scheduling process is completely automated.
- The Team Leader can assign tasks/tests to team members and follow-up on their execution.
- The Head of Internal Audit can also monitor progress using the same feature.
- A draft Internal Audit report can be generated electronically in an editable format, after the audit findings are entered into the system.
This module is designed to provide the user with the ability to navigate through the risk database, conduct inquiries, and obtain reports from the same screen.
The user can also drill down the database and reach the to relevant data fields in order to amend the data. Considering the size and multiplicity of Enterprise/Operational Risk data, this is an extremely useful feature.
Appetite For Risk
For risks that can impact on the organization's financial assets, CARE calculates the estimated financial loss ranges for these risks should they occur (expected minimum and maximum loss levels). These are compared against the approved Appetite for Risk limits, and all risks that have a potential to breach these limits are highlighted by the system. The user has the ability to study the effect of implementing alternative mitigating actions on the estimated financial losses.
Controls and Risks are matched using the many-to-many matrix solution. This approach allows fast “what-if” calculations to be performed to determine the likely effect of control enhancements, the reduction in exposure levels and different mixes of asset types.
One of the unique features of CAREWeb™ is its ability to quantify the strength of a certain function’s control environment. This is referred to as the “Gap in the Control Environment”. The bigger the Gap, the weaker the Control Environment.
CAREWeb™ also differentiates between weaknesses caused by lack of controls and those caused by inadequacy and inefficiency of controls.
When the system is first opened, the user is presented with a Dashboard showing a high level view of the key risk and control information for the business. This configurable Dashboard screen enables the Business Unit Heads to continuously monitor KRIs relating to major risks, status of compliance tests, outstanding remedial actions, and entities that exceed the “Acceptable Gap”.
The data which the user is able to view in this Dashboard depends upon the user's authority level within the system. For instance, a very senior manager such as the Head of Internal Audit or the Head of Risk would have summarized data taken from the whole database; a user who was responsible for only one area of the business would have summarized data taken only from that area of the business.