CERTRACK introduces a unique framework which allows a firm to complete their internal control audit through a top-down risk based approach that involves different members (process owners, management, external auditors, etc.) from different areas (accounting, operation, human resource, IT) within a single online platform.
Period Set-up and Control Documentation: Through the creation of audit periods, firms define the frequency and time frame for their internal control certification. For each period, control documentation is carried out through a review and update on control properties, and the attachment of physical evidences.
Control Testing: Testing information is provided by control owners/ process leaders/ compliance department, including test procedure and method, sample size, and sampling source. Test responsibilities are passed down to internal testers or external auditors, who will conduct tests independently through a separate log-on and upload evidences for management review.
Progress Charting, Monitoring, and Statistics: During the audit period, tester performances are constantly monitored. At any time, users can see statistics for tests that are outstanding, completed or behind schedule with a single click. Additionally, the system also maintains an audit trail on a daily basis to keep users updated on the changes made.
Control Conclusion: Control conclusions are done at the end of the testing process, where the reviewer of each control retrieves the information provided by the testers and sign off on each control. During that process, reviewers will be presented with the statistics on test results by business units/ accounting processes, testing evidences collected, and any additional comments/ remediation/ suggestion provided by testers. Reviewers then make a final assertion on the control and any recommendations should the control fail. The control conclusion is an authorization process and complete audit trails are maintained so that changes made are traceable and accountable.
Reporting and Closure: Once all records are updated, the end results are generated in Excel/Word/PDF files and ready to be presented to top management/auditor/ Compliance Department. Upon approval, audit period is locked so that no records are altered thereafter.