Audit

Building communication

Audit organizations have traditionally managed information in highly separate, closed silos. The procedures they perform, the results they document and the implications and ramifications of audits are often not communicated to the rest of the organization. Business units are also hesitant about sharing information with auditors, leading to a lack of transparency and disclosure, which diminishes the overall value of audit activities.

This can change. What if line-of-business managers contacted you before the audit to notify you of changes to their control environment? What if they could notify you of updated process-level documentation? With CA GRC Manager, auditors can begin to establish new dialog with the rest of the business based on transparency and full disclosure.

Tackling workloads

As an internal auditor, you are responsible for managing and coordinating audit activities and ensuring that compliance has been achieved. The focus on corporate governance, risk and compliance is increasing, driving up pressure and workloads for oversight and assurance. Paper-based processes can require countless hours manually preparing work papers, audit reports and other documentation. Fragmented information makes it difficult to validate the efficacy of financial and IT controls.

From defining your audit and risk universe, managing the assets, applications and projects that support it, to identifying and managing the requirements, risks and budgets that constrain it, CA's new governance, risk and compliance (GRC) solution can help reduce the time and cost of internal audit processes. With CA GRC Manager, you can ensure that the risk of failure is appropriately analyzed and the current state of compliance is known and accurate.

Align business and audit expectations

Organizations implement controls for a number of reasons, including risk mitigation, performance improvement and compliance. As an auditor, your job is to understand the business activities being audited and how they contribute to overall corporate strategy and objectives. Information from business units throughout the organization (legal, risk management, etc.) can contribute to a central authoritative source for all the organization's business requirements. With CA GRC Manager, these business requirements and policies can be mapped to controls and other activities established throughout the organization.

Solutions for audit organizations

CA GRC Manager provides a non-intrusive mechanism for audit organizations to monitor ongoing issues and remediation activities resulting from test failures or operational issues. When combined with the integrated project and portfolio management tools, CA GRC Manager becomes an even more powerful tool to assist audit organizations.

Controls Testing Dashboards Enable More Effective Internal Audits

Controls Testing Dashboards Enable More Effective Internal Audits

CA provides the industry's most complete GRC solution, combining comprehensive automated IT controls and a risk and controls management solution. CA GRC Manager delivers a unified, enterprise-wide view of risks and compliance to ensure that management can make informed decisions about costs, risks, benefits and action plans.

With CA GRC Manager, you can:

  • Rationalize controls across regulatory mandates
  • Find the control information and the evidence for these controls
  • Map controls more easily to compliance requirements
  • Determine the current effectiveness of all controls
  • Reduce the time and cost associated with internal audit processes
  • Manage a centralized repository of control status and risks

Copyright © 2008 CA