What is your process to send audit documentation or PBC requests to your clients? Do you have a process to manage and track all requests that were issued or are outstanding?
I reached out to people from my network who operate within internal and external audit function across many different industries to find the answers to these questions. As a result of the discussions, the most common process for managing PBC requests is as described below:
- Initial PBC Request List is consolidated into a spreadsheet or Word document with attributes that include: request ID, request description, assigned auditor, assigned custodian, and the due date.
- PBC Request List is attached to an email that is sent to all custodians along with instructions to provide documents to the assigned auditor either via email or uploading to a shared drive.
- The audit team is then responsible for managing the requests to keep track of what has been provided and what’s past due.
- As the audit progresses and walkthroughs and testing is performed by the audit team, ad-hoc requests are communicated through various mediums (e.g., verbally during meetings, via email communication to the custodian, added to the next version of the PBC Request List, etc.).
If the aforementioned process sounds familiar, then you’re likely to be familiar with the following common issues and pitfalls of the decentralized and un-standardized process:
- Failing to identify incomplete and past due audit documentation requests in a timely manner.
- Sending the same request multiple times in varying formats.
- Misplacing the received documents and wasting time to recover them, or asking the client to re-send.
- Incomplete PBC Request List as a result of failing to include the ad-hoc requests made by individuals from the audit team.
- Received documents are unavailable because they were sent to an individual from the audit team who is inaccessible.
- Spending hours to update the PBC Request List because documents were received in a batch and must be mapped to the correct Request ID.
How to Improve the PBC Request Process
It can be difficult and time-consuming to re-design a process, and even more difficult to effectively train a team on the new process and break their bad habits. It’s situations like this that present the perfect opportunity to integrate technology that does the administrative tasks for you and eliminates the common issues and pitfalls noted above. Integrating a tool such as Audit Suite is the ideal solution for an audit team to improve the PBC request process. Improvements to the process as a result of using Audit Suite includes:
- Save time and money with automation – Automated and standardized email notifications (e.g., new requests, due date reminders, and past due alerts, etc.) will reduce time spent sending countless emails to make new requests or follow-up on old and past due requests.
- Reduced audit risk – The centralized portal allows management to access real-time snapshots of the status of requests for each audit and proactively address audits with incomplete or past due requests.
- Increased team collaboration – Enable the audit entire team to work off the same request list in real-time, quickly transfer or delegate assignments, and have visibility into all request items and audit artifacts.
- Improved client relations – One location for the client to easily drag-and-drop files to close each request item or add comments/questions specific to a request item. They will no longer receive the same request from multiple auditors or have to provide the same document several times.
To learn about how easy it is to get Audit Suite integrated into your process, we encourage you to visit the Audit Suite website to begin the painless process of transforming your audit processes.
Craig Solowski is the Founder and President of Audit Suite. A graduate from The University of Maryland, Craig is passionate about audit and leveraging technology that enhances audit processes and helps organizations manage their risks. With almost 10 years in the industry, Craig has experience ranging from working on the Financial Statement Audit for the U.S. Federal Government to supporting the Internal Audit department at a Fortune 100 company. In 2018, Craig developed Audit Suite to automate the PBC request process and reduce audit cycle time for his clients using the cloud.
Craig is a resident of Chicago, Illinois, is a member of the Institute of Internal Auditors (IIA) and ISACA, and is credentialed with the following certifications: Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Controls (CRISC).