Audit
Automation of the full audit and recommendation lifecycle
Convenient planning
Simple management and control
Convenient planning
When planning an audit, you have knowledge about the workload of auditors with already planned activities and about audits performed and planned for business units. When defining a new audit, you have access to the current list of employees, organizational structure and units, the list of business processes in the organization, or the resources used.
Audit definition and planning
Audit card
When editing or previewing an audit, individual groups of information are divided into tabs corresponding to individual functions. A big advantage of this approach is the ability to set the level of access to individual tabs (editable, previewable, invisible) depending on the audit status and the role of the person logged in to the system.
For example, in the Planned status, the auditor sees the tabs needed to plan the audit in editable mode, while the owner of the audited entity does not see any tabs or sees the Audit Card tab in read-only mode. The Audit Card allows you to define and view basic information about the audit.
The way you complete the Card influences your subsequent course of action. The first of these fields is Type, a field fully configurable by the administrator and tailored to the needs of the organization. Type is used to define the number and type of tabs visible in the audit module, permissions or audit activity template. Other fields that affect audit authorizations and recipients of received notifications are: Lead auditor, auditors and Owner - understood as the person responsible for the audited entity, area, process or resource. At this stage, you can assign an Organizational Unit and a Business Process, as well as set a planned Start Date - allowing the application to automatically change the status to Started and send notifications to assigned participants.​
Planning audit activities
Before starting the audit, the auditor prepares a checklist in the system of the tasks he wants to perform during the audit. During it, you can change the status, mark the date of change and add a comment. Types of audit tasks and statuses are parameterized in the system to the needs of the organization. The auditor does not have to define tasks for each audit because he can use ready-made templates defined in the Audit Plan Library.​
Audit plan templates
Audit Action Templates provide two primary benefits.
The first benefit is time saving - when preparing audits of the same type, regarding many different units/processes/resources, instead of creating a new action plan each time, the planning person simply assigns tasks automatically with "one click".
The second benefit is the standardization of activities - regardless of whether the audit is performed by a new employee or an experienced expert, we are sure that all activities resulting from the adopted methodology and best practices will be planned.​
Audit questionnaire
The system allows you to define and assign from one to three surveys to each planned audit. The survey may be an element of the first contact with the audited entity - after completing it, the information is sent back to the auditor and can be used for further activities. It is also possible to cascade surveys.
For example: survey no. 1 contains basic screening questions. If the user answers N questions in a way that signals the need for additional research, a survey with more detailed questions is activated.
​
Surveys may consist of sub-questions that are developed, for example, depending on the answer selected in the parent question. The system allows you to include open (descriptive) and closed questions. A different value (weight) can be specified for each question and answer, e.g. used to perform a numerical assessment of the entire survey.​
Simple management and control
Information about all audits is contained in one register, access to individual records is controlled by means of permissions. The registry allows you to work and view audits at all stages of the life cycle: from planning, through commissioning and execution, to approval and archiving. Each of the audit records is divided into tabs, grouping functions such as: organizational information, plan and list of activities, finds and post-audit recommendations.
Audit implementation
Audit register
The central place of the module is the register, i.e. the main screen with a list of audits. The user sees the audits to which he is authorized based on the role assigned in the system. The screen allows you to add a new audit, change the status (within the workflow) and generate a report. The number of columns visible in the list is defined at the level of system parameters. The user can sort and filter the data by all columns. Description of subsequent columns:
-
Permissions – graphical presentation of the permission level
-
Action icons – audit editing, audit preview, opinion and approval history within Workflow
-
Name, Description – audit name and basic description
-
The person who created the audit
-
Type – audit type selected from the dictionary
-
Company – field used for installations serving multiple organizations
-
Start and end dates
-
The organizational unit to which the audit is assigned
Life cycle - working with audit
An audit, like any other business and supporting process, consists of many steps and states defining the life cycle, starting from creation, through implementation, acceptance, to completion/archiving. Depending on the state, different steps are possible and permissions to change or view certain information may vary. BCMLogic platform offers a fully parameterizable workflow. Each audit has its own workflow, but it is possible to define multiple workflows and use them depending on the audit type or other audit features. An example data flow in workflow is described below. The number, type of steps and names can be freely adapted to the organization.
​
From the practical side - the first step is to change the audit status from Scheduled to Running/During the survey. The launch can be performed in the application by an authorized person or automatically, after reaching the date set at the audit card level. Users involved in this step receive notifications about the start, along with a link leading directly to the application and screens with the given audit.
After completing their work - in this case, completing the initial survey - the user presses the button visible on the screen, which allows them to change the audit status to the next one, in accordance with workflow. The person to whom the work result is to be sent receives a notification, etc.
At the step of agreeing and accepting the audit results, it is recommended to add the so-called acceptance scheme. It allows you to define a single or multi-level acceptance mechanism.
Findings and observations
The next screen in the audit register is the Audit Findings tab. By default, auditors have access to the tab (editable during the audit, readable after its completion) and the owner of the audited unit/process/resource - for reading.
When adding an finding, the name of the finding and its description are specified, a category is assigned (according to a definable dictionary), an owner and an observer (allows additional people to have access to the information). Entering your findings allows you to later generate documents and reports.​
Recommendations and corrective actions
The Recommendations tab allows you to register proposed (and, after acceptance, approved) recommendations. Permissions for the tab can be freely set, but by default they are defined in the same way as for the Insights tab.
An important element affecting data consistency is that each recommendation is assigned to one of the previously recorded audit observations. In addition, the person responsible for implementation and the proposed/agreed implementation date are indicated. Recommendations also have their own type, based on a dictionary defined in the application. Once entered, the data is easily loaded into dynamically generated documents and reports
The system has a lot of working activities - automation
Workflow mechanism along with notifications ensures automatic transfer of control over the process to appropriate people, sending a notification and granting permissions. The audit report, once defined in the template, is automatically filled with data and there is no need to write it from scratch each time.
Audit recommendations are assigned to individual persons at the audit level, along with a description of the task to be performed and the target date. The system sends notifications about the need to fulfill, approaching and exceeded completion dates. Of course, the system can also indicate the status of a recommendation on the report, depending on the stage of execution, audit, owner and many other attributes collected in the database.
Reporting and monitoring activities
Creating reports and documents based on ready templates
One of the most interesting ways to create a report is to use the Dynamic Documents mechanism. Using a standard Word document, we open/create any document and add it to the system as a template. This may be, for example, a template for a complete audit report. Instead of variable information, which was previously filled in and changed manually each time, we insert the so-called dynamic tags – simple tags that will be filled with appropriate data when the document is generated based on the template. Importantly, you can download all information collected in BCMLogic in this way.
Examples of frequently used information include:
-
Data of audit participants
-
Start date
-
end date
-
Date of acceptance of results – acceptance of the report
-
Description of actions taken
-
List of recorded observations
-
List of recommendations
Using ready-made templates is simple, convenient and safe. At the level of individual application screens there is an option to generate such a report. Depending on the page, only templates that match the context are visible. If this is an audit preview screen, you will see reports relating to individual objects, while at the register level you will see templates offering on a larger set of data. The user selects a template, confirms the desire to create a report and after a while downloads the ready document with data.​
Analytical views
Analytical Views are like "Excel" in BCMLogic. The user receives a table with data defined for the view, can sort and filter rows by all columns. If you need to export, you can save the data in Excel format with one button.
The View definition is very flexible because we can use any information collected in the database, even that which was imported from another data source. Permissions to views are controlled at the application role level, which allows you to control who can see and download what data.​
Automatic notifications
Automatic notifications – delivered via email, text message, help desk system used in the organization or any system issuing the appropriate API. Notifications are divided into two groups:
-
Resulting from the operation of the Workflow - e.g. notifications to the business owner that an audit relating to him has been sent for approval.
-
Resulting from defined conditions - e.g. "five days left until the scheduled date of completion of the corrective action".
​
Each of such notifications may contain a link leading to a specific audit (after clicking, the system authorizes the user based on domain login) or to a list of audits available to the user. Interestingly, notifications can be parameterized so that feedback about the user or another system returns to BCMLogic.​