Harnessing the power of Microsoft Office
Documentation is the one critical component of any internal audit, and for those who have worked with me, will cringe at the phrase "its not done if it's not documented". But its how we document our audits that varies between organisations, Internal Audit departments, and individuals. This can vary for a number of reasons. Some teams are bound by strict documentation and audit methodology guidelines, others are more lax, or certain individuals can be quite particular. Alternatively, teams can be bound or guided by their audit system tools and programs.
Large audit departments, or businesses who invest large amounts into their audit functions and can afford programs such as Pentana, TeamMate, AuditBoard and CaseWare Idea, will have the ability to build entire audit universes, risk matrix's and whole audit files into the systems. These can be invaluable, particularly where teams are either quite large or have frequent turnover and audit team members need to access and leverage off prior audits.
For smaller audit departments however, the luxury offered by various audit programs is not available. Too often, small audit teams move to Microsoft Office, creating multiple documents and saving these down into a common share folder. There is absolutely nothing wrong with this, and often suits many team members. Its familiar, and means new teams members do not need to be taught how to use various systems. However, the full potential of Microsoft Office is not always reached, and this is where we like to come in.
For the purpose of this post, we have only looked at a typical internal audit file. Programs, such as AuditBoard and Pentana, also allow for SOX, action tracking and management reporting, which we have not factored as part of this post.
Starting at the very top, we have OneDrive, Microsoft's cloud based storage solution. There are multiple other options out there, such as DropBox and Google Drive. Each of these storage solutions offer multiple benefits, such as:
Files can generally be accessed from anywhere, and on any device. This can be extremely advantageous where audits are required to work across multiple locations, from home, or are frequently traveling.
Users can be added to files as required. Depending on how your team operates, the Audit Lead or Audit Manager can add specific team members to the audit files. This works particularly well were audits may be dealing with sensitive information that should not be made privy to all audit team members.
Audit clients or business areas can save documentation requests directly into the audit file. For instance, a large HR or Accounts Payable audit may require a significant amount of documents. The business area or key client contact can then be given direct access to the Prepared by Client (PBC) / Document Request folder to allow them to save the information. This avoids the need for multiple emails, taking up valuable storage space. Additionally, it can also be used as a checklist, with both the audit team and the business area / client easily able to see what information has been provided and what is still outstanding.
Quick access to audit reports and action tracking. Again, depending how your audit files are structured, access can be granted to business areas / clients so that they can regular access any final reports or action tracking updates.
Of course, granting people access to files or folders, and the ability for people to access information from multiple devices does present a number of security risks. People being able to potentially download information on the personal devices, and the risk of these being hacked, does increase cyber risks, and therefore, these risks should be strongly considered. Corporate features do exist, such as inclusion of PIN's and restricting the ability to download documents on personal devices.
For those who want to be bold and try something new, Microsoft Teams can provide an alternative to OneDrive, however we should look long term, and whether audits saved on Teams can be easily moved to other platforms should a business decide to move away from Teams.
In my opinion, OneNote is an extremely powerful tool which is strongly under utilised. OneNote, combined with OneDrive, allows multiple people to work in real time across a variety of devices and not be restricted by shared folders and VPN.
OneNote allows teams to construct entire audits into single notebooks. This presents a range of benefits:
Files auto save. No need to fear about accidentally quitting out of a document and not saving.
Files can be accessed by anyone with access rights. Essentially, multiple team members can be working in various parts of the file at the same time. Care does need to be taken to not overwrite another person's work, although there will often be a flag in this situation.
All documentation is saved in the one file.
Review notes can be left and users tagged against the review notes.
To do tags can be applied, and a report generated which shows all the outstanding to do items.
Entire files can be archived by printing into a PDF.
Links directly to all other Microsoft Office programs.
As always, there are things to consider with using OneNote such as the ease of use for other team members and the ability to extract specific parts of the audit files (i.e. if sharing specific information with business areas or audit clients).
An example of an audit file created in OneNote is presented below:
For those who want to really harness the power of Microsoft Office, a Microsoft Access database can be built, providing a dashboard oversight of current audit status, risk areas, action tracking, and audit committee reporting. We are currently in the process of building one of these, but don't expect it any time soon (sorry). The current version of Microsoft Access also allows you to upload attachments... a perfect spot for you to place that OneNote audit file.
Simply CLICK HERE to download your free PDF extract of a OneNote file, or for a ZIP file of a shared folder template file.
To obtain a copy of our OneNote file, email us here.