About Our Governance, Risk & Compliance Performance Assurance Tool – GRC PAT
Our GRC PAT has been developed to provide auditors and audit program executives with a software tool that is compatible with Microsoft, Mac and Android platforms.
The tool guides your assurance activity through the requirements of ISO 19011 (Guidelines for auditing management systems), ISO 9001 (Quality management systems - Requirements) and ISO 31000 (Risk management - Guidelines).
The products of our GRC PAT vary depending on whether you are:
⚪
a user of the tool to audit or risk assure critical systems, processes, deliverables etc, while wanting to deliver services with a 30% saving on time and resources for the delivery of that service, or
⚪
an organisation that relies on outsourced assurance and compliance audits, but you want all your audit data from your audit panel participants to inform your compliance overview at the press of a button, and you are
⚪
an organisation committed to improvement and demonstrable enhancements to your bottom line.
Types of assurance activities conducted with the GRC PAT
The types of assurance activities our GRC PAT can be tailored to conduct are:
⚪
audits
⚪
inspections
⚪
examinations
⚪
assessments
⚪
appraisals
⚪
reviews
⚪
investigations
⚪
any other assurance process e.g. contract deliverables, project or program milestones, important internal policy etc, where assurance of the effectiveness of the process or performance is required.
Click on the headings to read more
Tailoring the GRC PAT to your requirements
Our GRC PAT is designed to help you tailor and configure your audit / assurance activities which you would be expected to complete or initiate before beginning your first audit or an assurance activity. After initially configuring your GRC PAT the process of confirming configuration for each audit takes seconds. Tailoring and configuration steps include:
⚪
Tailoring your GRC PAT to the organisational structure of the audit client and auditee
⚪
Tailoring the audit scoring and risk assessment terminology to that required by the Client
⚪
Confirming the auditors who have access to the GRC PAT and identifying as required the Auditee and Client representatives that may or will be identified during the audit
⚪
Determining if the Audit or assurance activity is a full or simplified audit
⚪
Determining if the audit or assurance activity is a ‘Follow-up’ activity whereby relevant previous observation, findings, risk related issues, consequence and corrective actions are auto populated and defines as In-scope
Planning
Our GRC PAT is designed to help you undertake the following core activities which you would be expected to complete or initiate before beginning the conduct phase of an audit or an assurance activity. These are:
⚪
Describe the audit introduction, methodology, objective, and scope of the audit or assurance activity
⚪
Define specific questions to ask when conducting the audit, in addition to those that may be already in the Process Definition Workbook (PDW)
⚪
Decide which criteria (or outcomes or risk controls depending on the activity) are in and out of scope
⚪
Enter the relevant Personnel of the organisation being audited for ease of task allocation and report production
⚪
Maintain a digital audit log
⚪
Enter all relevant Desk-top review evidence into the GRC PAT
Conduct Audit / Assurance Activity
Our GRC PAT is designed to help you conduct assurance activities, such as carrying out audits and inspections. Out GRC PAT is designed to replicate the processes outlined in ISO 19011. It:
⚪
Provides criterion specific guidance to inform a standardised start point for each auditor working within an audit program
⚪
Prompts responses to questions identified or confirmed in the Planning Phase
⚪
Provides the ability to record specific observations for each criterion
⚪
Provides the ability to record specific findings for each criterion
⚪
Provides the ability to apply compliance / conformance scores or ratings to each criterion
⚪
Provides the ability to input and relate digital evidence to individual criterion or related criteria (e.g., documents, photographs, interviews, emails, videos, recordings etc)
⚪
Provides the ability to identify and record strengths and areas for improvement
⚪
Provides the ability to identify, record, link and relate:
⚫
issues / risk events
⚫
Risks / potential consequences in relevant domains – personnel, finance, reputation, security, equipment, operations etc, and
⚫
Corrective actions (i.e., corrective or preventive actions) by priority or urgency
Efficiency enhancing functions of our GRC PAT
Our GRC PAT provides many features that make auditing easier for the auditors. These functions include but are not limited to:
⚪
Jump to related criteria in the audit and link previous related observations, findings issues, consequences and recommendations / corrective actions
⚪
Jump back to your original criteria to continue your audit / assurance activity
⚪
Confirm progress through the audit at the click of a button to generate progress charts
⚪
Use multiple auditors concurrently logged into the same audit
⚪
Attach electronic evidence to any criterion,
⚪
Attach audit process evidence to the audit log
⚪
Page specific help functions
⚪
Employ either Normal or Expert view mode
⚪
Generate tailored Word reports with automated embedded evidence (pictures)
And many more efficiencies to make best use of the auditor’s time while creating data for proof of management diligence.
Reporting
Our GRC PAT provides the ability to record close-out, export all supporting evidence (if required) as well as the printing of templated reports like entry briefs, daily briefs, exit briefs, executive summaries, draft and final reports and action plans by individual, priority or date required.
The GRC PAT produces assurance activity reports with two clicks of the mouse. Different Report templates are available, and reports may be generated at any time during the audit or assurance activity.
For the Auditor the GRC PAT produces
⚪
Entry briefing material
⚪
Daily briefing material
⚪
Exit briefing material
⚪
Audit progress overview and
⚪
Audit process evidence
For the Audit Client / Auditee the GRC PAT produces
⚪
Executive summaries
⚪
Performance overview charts
⚪
Corrective Action Analysis Charts to help identify best Bang-for-Buck opportunities
⚪
A 3 Table style landscape or A 4 portrait reports
⚪
Colour enhanced reports
⚪
Embedded evidence / picture enhanced reports
⚪
Dashboard overview of an audit or assurance program for performance comparison
Close, Lock and Archive Audits
GRC PAT provides the ability for lead auditors to close, lock-down and archive an audit.
Dashboard
At present
The dashboard functions at present allow you to select a group of related assurance performance activities and see and compare graphically the compliance or conformance performance of each against their peers. It allows common areas of improvement to be identified to inform business case development and return on investment considerations.