About Our Governance, Risk & Compliance
Performance Assurance Tool – GRC PAT

Our GRC PAT has been developed to provide auditors and audit program executives with a software tool that is compatible with Microsoft, Mac and Android platforms.

The tool guides your assurance activity through the requirements of ISO 19011 (Guidelines for auditing management systems), ISO 9001 (Quality management systems - Requirements) and ISO 31000 (Risk management - Guidelines).

The products of our GRC PAT vary depending on whether you are:
a user of the tool to audit or risk assure critical systems, processes, deliverables etc, while wanting to deliver services with a 30% saving on time and resources for the delivery of that service, or
an organisation that relies on outsourced assurance and compliance audits, but you want all your audit data from your audit panel participants to inform your compliance overview at the press of a button, and you are
an organisation committed to improvement and demonstrable enhancements to your bottom line.

Types of assurance activities conducted with the GRC PAT

The types of assurance activities our GRC PAT can be tailored to conduct are:
any other assurance process e.g. contract deliverables, project or program milestones, important internal policy etc, where assurance of the effectiveness of the process or performance is required.
Click on the headings to read more

Tailoring the GRC PAT to your requirements

Our GRC PAT is designed to help you tailor and configure your audit / assurance activities which you would be expected to complete or initiate before beginning your first audit or an assurance activity. After initially configuring your GRC PAT the process of confirming configuration for each audit takes seconds. Tailoring and configuration steps include:
Tailoring your GRC PAT to the organisational structure of the audit client and auditee
Tailoring the audit scoring and risk assessment terminology to that required by the Client
Confirming the auditors who have access to the GRC PAT and identifying as required the Auditee and Client representatives that may or will be identified during the audit
Determining if the Audit or assurance activity is a full or simplified audit
Determining if the audit or assurance activity is a ‘Follow-up’ activity whereby relevant previous observation, findings, risk related issues, consequence and corrective actions are auto populated and defines as In-scope


Our GRC PAT is designed to help you undertake the following core activities which you would be expected to complete or initiate before beginning the conduct phase of an audit or an assurance activity. These are:
Describe the audit introduction, methodology, objective, and scope of the audit or assurance activity
Define specific questions to ask when conducting the audit, in addition to those that may be already in the Process Definition Workbook (PDW)
Decide which criteria (or outcomes or risk controls depending on the activity) are in and out of scope
Enter the relevant Personnel of the organisation being audited for ease of task allocation and report production
Maintain a digital audit log
Enter all relevant Desk-top review evidence into the GRC PAT

Conduct Audit / Assurance Activity

Our GRC PAT is designed to help you conduct assurance activities, such as carrying out audits and inspections. Out GRC PAT is designed to replicate the processes outlined in ISO 19011. It:
Provides criterion specific guidance to inform a standardised start point for each auditor working within an audit program
Prompts responses to questions identified or confirmed in the Planning Phase
Provides the ability to record specific observations for each criterion
Provides the ability to record specific findings for each criterion
Provides the ability to apply compliance / conformance scores or ratings to each criterion
Provides the ability to input and relate digital evidence to individual criterion or related criteria (e.g., documents, photographs, interviews, emails, videos, recordings etc)
Provides the ability to identify and record strengths and areas for improvement
Provides the ability to identify, record, link and relate:
issues / risk events
Risks / potential consequences in relevant domains – personnel, finance, reputation, security, equipment, operations etc, and
Corrective actions (i.e., corrective or preventive actions) by priority or urgency

Efficiency enhancing functions of our GRC PAT

Our GRC PAT provides many features that make auditing easier for the auditors. These functions include but are not limited to:
Jump to related criteria in the audit and link previous related observations, findings issues, consequences and recommendations / corrective actions
Jump back to your original criteria to continue your audit / assurance activity
Confirm progress through the audit at the click of a button to generate progress charts
Use multiple auditors concurrently logged into the same audit
Attach electronic evidence to any criterion,
Attach audit process evidence to the audit log
Page specific help functions
Employ either Normal or Expert view mode
Generate tailored Word reports with automated embedded evidence (pictures)

And many more efficiencies to make best use of the auditor’s time while creating data for proof of management diligence.


Our GRC PAT provides the ability to record close-out, export all supporting evidence (if required) as well as the printing of templated reports like entry briefs, daily briefs, exit briefs, executive summaries, draft and final reports and action plans by individual, priority or date required.

The GRC PAT produces assurance activity reports with two clicks of the mouse. Different Report templates are available, and reports may be generated at any time during the audit or assurance activity.

For the Auditor the GRC PAT produces

Entry briefing material
Daily briefing material
Exit briefing material
Audit progress overview and
Audit process evidence

For the Audit Client / Auditee the GRC PAT produces

Executive summaries
Performance overview charts
Corrective Action Analysis Charts to help identify best Bang-for-Buck opportunities
A 3 Table style landscape or A 4 portrait reports
Colour enhanced reports
Embedded evidence / picture enhanced reports
Dashboard overview of an audit or assurance program for performance comparison

Close, Lock and Archive Audits

GRC PAT provides the ability for lead auditors to close, lock-down and archive an audit.


At present

The dashboard functions at present allow you to select a group of related assurance performance activities and see and compare graphically the compliance or conformance performance of each against their peers. It allows common areas of improvement to be identified to inform business case development and return on investment considerations.
© 2021 X 14 Systems Pty. Ltd.