Download the 10 most frequently viewed audit tools and publications on KnowledgeLeader in February.

1. Process Classification Scheme (PCS)

The Process Classification Scheme (PCS) document, powered by Protiviti's KnowledgeLeader platform, provides a framework for businesses looking to categorize and understand their core functions and processes. This scheme delineates business activities into two primary categories: operating processes and managing and supporting processes, thereby providing a structured approach to analyze and optimize organizational performance. It is instrumental in identifying strategic, operational and tactical levels of business functions, promoting a common language for better communication and alignment within the company.

2. Internal Audit Plan Status – Report to the Audit Committee

Document updates on the internal audit plan status and its implications for the audit committee's decision-making process. This document is primarily used to communicate with the audit committee about the status of various audits and projects scheduled throughout the fiscal year. It details the execution stages of ongoing audits, including scope, fieldwork progress and reporting phases, as well as outlines the results and recommendations from audits completed within the quarter.

3. Risk Management Policy

Our sample Risk Management Policy outlines a structured framework for managing risks across an organization aiming to enhance risk awareness, manage risks effectively, and maintain transparent risk profiles within business units. It details the processes and methodologies for identifying, assessing, responding to, and monitoring risks, ensuring that they align with the company's strategic objectives and regulatory requirements. This policy is applicable at all levels of the organization, including group, divisional, and business unit levels, and covers various risk categories such as strategic, reputation, credit and compliance risks.

4. Accounts Payable RCM

A successful risk management strategy requires a strong internal control environment. The RCM format emphasizes that strong and risk-oriented internal control environments are often optimized with automated/manual controls, depending on the situation. An RCM provides an overview of different control objectives that organizations should take into consideration and the corresponding controls to safeguard the company against risks that may arise if not checked timely. Once customized to an organization, this document can help the user in assessing each control. The control assessment can then also be summarized to develop an action plan. This document outlines risks and controls common to the 5.2.1 Process Accounts Payable process in a risk control matrix (RCM) format.

5. Internal Audit Department Key Performance Indicators (KPIs)

This benchmarking tool provides a comprehensive framework for evaluating the performance of an internal audit department using different metrics and indicators. Key concepts discussed include developing effective communication strategies to drive management and employees to action. Metrics include monitoring the percentage of implemented recommendations within agreed-upon timelines, the frequency of surprises at exit meetings, report cycle times, and more. The concept of positioning internal audit as a change agent is also introduced with metrics like issues identified using facilitated sessions compared to traditional audit approaches. 

6. Sample Risk and Control Matrices Available on KnowledgeLeader

Risk and control matrices (RCMs) contain a compilation of risks by business process and each risk's possible controls. Once published, each KnowledgeLeader RCM sample is periodically refreshed with new content, making it its own expanding resource. Note: This content type is exclusive to paid subscribers. We offer over 60 RCMs that offer a wide range of support. Some of KnowledgeLeader's most popular RCMs are listed below. For a full list of available items, visit our Risk and Control Matrices content area.

7. Entity-Level Controls: The Importance of Setting the Tone

An effective organization of consequence, whether public or private, attempts to strike a balance between its mission (usually but not always profit) and its responsibilities to employees, the community, the government (laws and regulations), and society at large. This is accomplished through “corporate governance,” or what was once known as “business ethics.” This blog post explains the importance of entity-level controls and explores the COSO Framework.

8. Process Documentation Narrative and Flow Chart Guide

Documenting the understanding of a process, related controls, and key roles and responsibilities can be achieved through process narratives and flow charts. Both of these documentation techniques assist internal audit teams and those responsible for the processes with establishing a common understanding of a process. Once these documents are confirmed as accurate, they provide a baseline for performing risk analysis, testing internal controls and implementing process improvements as necessary. Discover the essential elements of process documentation narratives and flow charts with our comprehensive guide, including a process flow example.

9. Internal Audit Feedback Questionnaire

This tool includes 10 sample questionnaires that can be used by internal audit functions to gather client feedback and measure client satisfaction. Sample questions include: What is your overall evaluation of internal audit’s performance for this project? How much value do you believe the audit provided to your group/department? How likely are you to use internal audit for future projects? How much would you be willing to recommend internal audit to other members of management? Would you ask internal audit for help in a situation warranting their attention? Does internal audit perform work efficiently and effectively in an acceptable amount of time? 

10. Post-Implementation Controls Audit Report

Evaluate the effectiveness of your newly implemented enterprise resource planning (ERP) systems, such as the company's business management applications. This report provides a comprehensive assessment of the control activities in place during and after the system implementation, identifying control gaps, design deficiencies and areas for improvement. It serves as a valuable resource for internal audit teams to verify the implementation of corrective actions from previous audits and ensure that fixed assets, accounts payable, materials management and cash application processes are appropriately managed.