The Internal Audit module is designed to help the Internal Auditors manage an engagement
all the way from planning to reporting and monitoring, while utilizing up to date
risk and control data throughout the process. The module is split into these functions:
Planning, Scheduling, Execution, Reporting and Monitoring. The following are among
the many features available in this module:
- The audit planning and scheduling process is completely automated.
- The Team Leader can assign tasks/tests to team members and follow-up on their execution.
- The Head of Internal Audit can also monitor progress using the same feature.
- A draft Internal Audit report can be generated electronically in an editable format,
after the audit findings are entered into the system.
This module is designed to provide the user with the ability to navigate through
the risk database, conduct inquiries, and obtain reports from the same screen.
The user can also drill down the database and reach the to relevant data fields
in order to amend the data. Considering the size and multiplicity of Enterprise/Operational
Risk data, this is an extremely useful feature.
Appetite For Risk
For risks that can impact on the organization's financial assets, CARE calculates
the estimated financial loss ranges for these risks should they occur (expected
minimum and maximum loss levels). These are compared against the approved Appetite for Risk limits, and all risks that have a potential to breach these limits are
highlighted by the system. The user has the ability to study the effect of implementing
alternative mitigating actions on the estimated financial losses.
Controls and Risks are matched using the many-to-many matrix solution. This approach
allows fast “what-if” calculations to be performed to determine the likely effect
of control enhancements, the reduction in exposure levels and different mixes of
One of the unique features of CAREWeb™ is its ability to quantify the strength of
a certain function’s control environment. This is referred to as the “Gap in the
Control Environment”. The bigger the Gap, the weaker the Control Environment.
CAREWeb™ also differentiates between weaknesses caused by lack of controls and those
caused by inadequacy and inefficiency of controls.
When the system is first opened, the user is presented with a Dashboard showing
a high level view of the key risk and control information for the business. This
configurable Dashboard screen enables the Business Unit Heads to continuously monitor
KRIs relating to major risks, status of compliance tests, outstanding remedial actions,
and entities that exceed the “Acceptable Gap”.
The data which the user is able to view in this Dashboard depends upon the user's
authority level within the system. For instance, a very senior manager such as the
Head of Internal Audit or the Head of Risk would have summarized data taken from
the whole database; a user who was responsible for only one area of the business
would have summarized data taken only from that area of the business.