CERTRACK introduces a unique framework and methodology that allows a firm to complete their internal control audit through a top-down risk based approach that involves different members (process owners, management, external auditors, etc.) from different operations (accounting, sales, human resource, IT, etc.) from various locations (head office, oversea locations, etc.) within a single online platform.
Risk Assessment: By looking at the financial statements of the recent period, based on the account balances, CERTRACK calculates the materiality of the accounts based on the COSO guidance from both quantitative and qualitative perspective.
Process Narrative and Walkthrough: Based on the user profile, CERTRACK provides a simple and easy template to fill in Walkthrough and/or Narrative information, which are date stamped. At a click of a mouse, user may generate a sophisticated Walkthrough and Narrative report or choose to do a comparison between the two. In addition, any walkthrough exhibits can be directly stored in CERTRACK.
Flow Chart: CERTRACK utilizes an online flowchart creation tool to allow users to draw and store their process activity flow, which can be connected to key controls and risks to give a visual representation of a well maintained process.
Control Documentation: In every new audit period, the control documentation is rolled forward, however should it change over time user may choose to change the control attributes and descriptions. CERTRACK provides a complete audit trail on any updates happened to a control at a click of a mouse. Moreover, because all the data is maintained in a single database on CERTRACK, any changes made to a control will be automatically applied to all instances where the control is used in.
Control Testing: Testing information is provided by control owners/ process leaders/ compliance department, including test procedure and method, sample size, and sampling source. Test responsibilities are passed to internal testers or external auditors, who will conduct tests independently through a separate log-on and upload evidences for management review. Similar to the walkthrough exhibits, all testing papers can be directly stored within CERTRACK.
Remediation: Should any deficiencies be discovered, CERTRACK keeps track of the remediation process by allowing the remediation delegates to log-on separately, and provide updates on the progress of the remediation plan implementation.
Progress Charting, Monitoring, and Statistics: During the testing periods, tester performances are constantly monitored. At any time, users can see statistics for tests that are outstanding, completed or behind schedule. Furthermore, users may choose to generate reminder letters or allow CERTRACK to generate automatic alerts to remind testers any uncompleted tasks.
Conclusion and Reporting: Control conclusions are done at the end of the testing process, where the reviewer of each process retrieves the information provided by the testers and sign off on each control. During that process, reviewers will be presented with the statistics on test results by business units/ accounting processes, testing evidences collected, and any additional comments/ remediation/ suggestion provided by testers. Reviewers then make a final assertion on the control effectiveness. At that point, CERTRACK can pull out summary and detailed reports to automate SOX404 reporting, which will save users a lot of time and effort to prepare and organize that information by themselves.
Ready to see an online presentation of CERTRACK? Click here to book it at your convenience.
