Keeping up with the growing demand of audits is causing significant stress for many compliance officers across the globe. Brought about by new regulations covering virtually every business activity, stress levels are only going to increase unless software and processes help compliance officers keep on top of their game and optimise their time to produce meaningful reports to management.
This article focuses on the importance of workflows in helping compliance officers deliver the results that are needed, whilst optimising the process and time involved.
Workflows: Getting Started
Audit workflow is important because in many organisations a number of stakeholders have an interest in audit planning, conduct, reporting, review and analysis. However, stakeholders only need to become aware of or involved in the audit at stages relevant to them.
Firstly, consider the various types of audit you do, the detailed lifecycle stages that each may need. Consider each stage and why it is important or significant. It’s common to have three lifecycle stages for an audit:
- In Progress
However, there is often a need for additional stages to clearly define the audit lifecycle. For example, the planning stage may need confirmation of the proposed audit dates and times from several stakeholders. And while “in progress”, the audit may go through several stages, eg: desktop review, onsite review, report preparation and report QA.
Here are 3 ways an effective workflow can benefit your audit management process
1. Improve Efficiency
When you define each audit lifecycle it improves efficiency. For example, a reviewer only needs to direct his or her attention to an audit once the auditor has completed all relevant tasks, and not before. A planner can move on to other tasks once a planned audit has been confirmed by the auditor and auditee.
2. Automate Communication
Once you define the audit lifecycle you can automate communications. This is perhaps the greatest benefit: keeping track of audit stages and sending emails manually is time consuming, inefficient, and prone to errors and lapses. Automating communications will significantly reduce administrative overhead. Think of audit status changes as triggers for emails to be sent to various parties to keep them informed. Emails will typically include the following:
- due date of an audit
- who will be conducting the audit
- location of where the audit will take place
- when the audit is completed
- the outcome of the audit
- next steps or actions arising from the audit
3. Improve Security
In addition to improving communications, defining workflow can improve security. At different stages of an audit, different people need to have access to it. A defined workflow can be used to limit both audit visibility as well as access rights to modify audit content or outcomes. For example, you might enable an external stakeholder such as a third party vendor, to conduct a self-assessment and upload documents and other evidence of compliance, but once the task has been completed and the self-assessment enters a “Submitted” status, the external stakeholder should not be permitted to modify the details provided. On the other hand, the internal reviewer would be granted access to the information at this stage of the process, for the purpose of evaluating the submitted self-assessment.
An additional requirement may be for the audit to be signed off by a Supervisor prior to the audit report being issued. You might want to only grant access to supervisory users to enable them to perform this function. Once the audit has been completed and finalised, it would be appropriate to deny access to all users except administrators.
This example also illustrates the need to set up a workflow for each type of audit or assessment, as each is likely to have different considerations and access needs.