Internal Audit

Information

You can quickly reach the relevant topic with the help of navigation on the right side.

Internal Audit Module(v.5.24) User Help Document

Module Version: 5.24

1.INTRODUCTION: "QDMS Internal Audit Module" is a module where management systems audits are planned, published and finalized.

2.PURPOSE: The purpose of this help guide is; To explain the working process of the QDMS "Internal Audit Module". Along with the definitions in the system infrastructure definitions, the planning of the audit in the system and the assignments are explained through examples.

3.RESPONSIBILITIES: QDMS Internal Audit Module Managers, Audit Unit, Auditors, Audited Unit Responsibles, Informed Persons

4.ABBREVIATIONS: QDMS: Quality Documents Management System

5.INTERNAL AUDIT MODULE

It is a module that evaluates the risk management, control and corporate governance processes of an institution in order to help it achieve its objectives and provides audit and consultancy activities to improve and develop these processes.

5.1.System Infrastructure Definitions/Internal Audit

Within the scope of the Internal Audit Module, it is the part where the Control Question Pool, Auditor Identification, Finding Type Identification, Risk relationship, E-Mail Settings menus are located and the definitions that will form the infrastructure are made with the help of these menus. According to the definitions made, data appears on the login screen.

5.1.1.Control Question Pool

Menu Name: System Infrastructure Definitions/Internal Audit/Control Question Pool

It is the menu where the identification process of the questions to be asked in the Internal Audit takes place. Each defined question is added to the Control Question Pool. While the question is defined in the Control Question Pool, the question also has an active / passive feature and the question can be withdrawn passively in cases where the question will not be asked again. Thus, the question will not disappear in the internal audit records where the question was asked in the past, and in the new internal audits, the active control will not be included in the question pool.

With the help of the buttons on the screen;

:A new check question is defined.

:Any corrections, changes, or updates are made to the control question information selected in the list.

:The control question information selected in the list can be deleted.

: The control question information selected in the list can be copied.

:Recordings can be searched by filtering.

:Data can be exported to Excel.

Check Question pool in the top right corner of the screen to add a new check question to the screen! Clicking the (new) button displays the Control Question Pool/New Registration screen.

The corresponding fields are defined in the screen that opens:

Question No: Given automatically by the system.

Question:** A description of the problem is written.

Expected Answer: When the expected answer is entered, the auditor can be made to evaluate the answer to the question when conducting an internal audit.

Status: The active and passive state of the issue is determined. The question whose status is made inactive is deprecated.

Score Selection: If the Internal Audit is a scored audit; It is the area where the calculation of the score is determined whether it will be through the question or the options, or through the control points associated with the options.

Score: In the case of an internal audit with a score, if the audit score is calculated on the question; The max and min score of the question are determined. The scores written here will be seen when answering the relevant question in the answers tab on the Internal audit performance page. The examiner sees the max and min score and enters the score from the question based on the answer to the question.

Option: In the Options area, change the option values to is the field where it is entered by clicking the (Add) button.

If the default is checked, the option defined for that question is selected by default during the Internal audit performance phase. When defining the option, the check box on the right is checked and the points are given according to the selection of the option.

Only One Can Be Selected: If the option is enabled, one can be selected from the option defined for the question.

Can Be Selected Than Once: If the option is enabled, more than one of the options defined for the question can be selected.

Calculation Method: It is the area where the method by which the control score of the options defined in the question is calculated is determined. After specifying the type of selection, if the scored Internal audit is to be performed, the calculation method to be used is also selected. These calculation methods are calculation methods such as Addition, Averaging, Highest Value, Lowest Value, Sum of Unselected, etc. Score calculation; It is necessary to determine whether it will be calculated based on the question and option.

Controls: The area in the internal audit that the problem is associated with from the system-defined Select Control list. The Controls defined in the system are defined from the SAT/BSAT/Definitions/Controls/Control Identification menu.

After filling in the required fields on the Check Question Pool/New Registration screen, click ! Registration is performed by clicking the (record) button.

5.1.2.Auditor Identification

Menu Name: System Infrastructure Definitions/Internal Audit/Auditor Identification

It is the menu where the identification of the people who will do internal control in QDMS takes place.

With the help of the buttons on the screen;

:A new auditor is defined.

: Any corrections, changes or updates are made to the selected checkuser information in the list.

: The checkuser information selected in the list can be deleted.

: Data can be exported to Excel.

: Records can be searched by filtering.

To add a new auditor to the auditor identification screen, click ! Clicking the (new) button displays the Auditor Identification/New Registration screen. Auditor identification is made in two ways. Internal and External Auditor identification. The Internal Auditor is selected from the Personnel List defined in the system. External Auditor An auditor is selected from outside for internal auditing. According to the Internal and External selection, the relevant areas vary.

To Identify an Insider Auditor:

The corresponding fields are defined in the screen that opens:

Internal/External: This is the area on the Auditor Identification screen where the Internal Auditor option can be selected in the Internal and External Auditor options.

Auditor: It is the area where the internal auditor is selected from the list of personnel defined in the system on the Auditor Identification screen.

Capacity: This is the area on the Auditor Identification screen where the capacity of the Internal Auditor is determined.

Status: This is the area on the Auditor Identification screen where the Internal Auditor can be selected in the active and passive options of the status.

After filling in the required fields on the auditor identification screen, click ! By clicking the (save) button, the Internal Auditor identification registration process is performed.

To identify an external Auditor;

! Clicking the (new) button displays the Auditor Identification/New Registration screen. An external auditor is defined by selecting the External Option from the Internal/External field.

The corresponding fields are defined in the screen that opens:

Internal/External: This is the area on the Auditor Identification screen where the External Auditor option can be selected in the Internal and External options.

Auditor Code: This is the field on the Auditor Identification screen where the information for the External Auditor's code is entered.

Auditor's First and Last Name: This is the field on the Auditor Identification screen where the External Auditor's Name and Last Name information is entered.

Capacity: This is the area on the Auditor Identification screen where the capacity of the External Auditor is determined.

Responsible: This is the area on the Auditor Identification screen where the External Auditor's Responsible can be selected from the Personnel List defined in the system.

Status: This is the area on the Auditor Identification screen where the External Auditor can be selected in the active and passive options of the status.

After filling in the required fields on the auditor identification screen, click ! By clicking the (save) button, the External Auditor identification registration process is performed.

5.1.3.Identifying Finding Types

Menu Name: System Infrastructure Definitions/Internal Audit/Finding Types Identification

It is the menu where the types of findings detected in the internal audit are defined. Major, minor, observation, etc. definitions can be made.

With the help of the buttons on the screen;

:A new type of evidence is defined.

:Any corrections, changes, or updates are made to the information of the type of finding selected in the list.

: The detection type information selected in the list can be deleted.

:The data can be exported to Excel.

To add a new find type to the Finding Type identification screen, click ! Clicking the (new) button displays the Finding Type Identification/New Registration screen.

The corresponding fields are defined in the screen that opens:

Finding No: This is the field on the Finding Type Identification screen where the No. is automatically given by the sprompt.

Finding Type: This is the area on the Finding Type Identification screen where the definition information of the Find Type is entered.

Status: This is the area on the Finding Type Identification screen where the Finding Type can be selected in the active and passive options of the status.

After filling in the required fields on the Find Type Identification screen, click ! By clicking the (save) button, the Finding Type identification registration process is performed.

5.1.4.Risk Relations

Menu Name: System Infrastructure Definitions/Internal Audit/Risk Relations

Risk Relationships is the menu from which the identification process takes place. Risk – This is the screen where we match how the risk scoring for the audit relationship will be calculated. The Internal Audit Module has to be a risk module, and the calculations are evaluated every day by an agent according to the rule specified here.

With the help of the buttons on the screen;

: A new Risk relationship is defined.

:Any corrections, changes, or updates are made to the Risk associations information selected in the list.

: The risk associations information selected in the list can be deleted.

:The data can be exported to Excel.

: Records can be searched by filtering.

To add a new Risk relationships to the Risk Associations definition screen, click the ! The (new) button is clicked. The list of Modules containing the Risk Modules defined in the system for which the Internal Audit Module is associated with is displayed.

The relevant Risk Module is selected. The information of the fields related to the selected Risk Module is entered.

After the required fields are filled in the risk relations screen, click ! By clicking the (save) button, the Risk relations definition registration process is performed.

5.1.5.Email Settings

Menu Name: System Infrastructure Definitions/Internal Audit/E-Mail Settings

In the Internal Audit Module, it is a menu that determines to whom the E-Mails / Sms sent by the system should go and at what stage.

! With the (Changed) button, the content of each record is updated and the E-mail / Sms subject and message body to be sent are determined.

For the relevant roles, click Send Email? Check Box is checked. The e-mail content written in the outgoing e-mail will be used from the message body field (Select) button, to delete an incorrectly inserted message body! The (Delete) button is used. Once the changes have been made, click the ! The (save) button is used. Back button to exit without making any changes (back) is used

5.2.Integrated Management System/Internal Audit

It is the part where it is located in the Audit Universe menu and where we define the audit plans.

5.2.1.Control Universe

Menu Name: Integrated Management System /Internal Audit / Audit Universe

It is the part where the identification of audit plans is carried out. In this part, an agent works every day. The average risk level by department or process is displayed. Thus, the internal control unit prioritizes the audit.

With the help of the buttons on the screen;

:Audit is generated.

:Audit Plan is generated.

:The data can be exported to Excel.

: Records can be searched by filtering.

The corresponding fields are defined in the screen that opens:

Code: This is the area of the Control Plan definition screen where the code information is provided by the system.

Plan Description: This is the area on the Inspection Plan description screen where the Plan Description information is entered.

Plan Start Date: This is the area on the Control Plan definition screen where the Plan Start Date is set.

Audit Shutdown Time: This is the area on the Audit Plan definition screen where the Audit Shutdown Time is set.

Supervisory Officer: This is the area on the Audit Plan definition screen where the Audit Officer can be selected in the Personnel List defined in the system.

Period: This is the area on the Audit Plan definition screen where the Audit Period information is determined.

Auditors: This is the area on the Audit Plan definition screen where the Auditors to perform the audit can be selected from the list of auditors defined in the system.

After filling in the required fields on the Inspection Plan definition screen, click the ! By clicking the (save) button, the Audit Plan definition registration process is performed.

After the Audit Plan is created! The Audit Plan generated by clicking the (Create Audit) button is sent to the Auditor to distribute the audit questions.

5.2.1.1.Auditor Question Distribution

The person in charge of the audit is the status in which the audit person distributes questions for the persons who will conduct the audit. The Auditor's pending jobs are assigned as "Auditor Question Distribution". Clicking on the Code of the relevant Audit Plan opens the Auditor Question Sharing page.

With the help of the buttons on the screen;

:The Question sharing is confirmed with the Confirm button.

:Questions are shared with the questions button.

By clicking the Confirm button, the Audit Log is confirmed and turned on.

5.2.1.2.Performing an Audit

The auditor distributes questions to the people who will perform the audit. It makes a plan in which auditor will ask which questions. After the audit record is approved and made open, the pending work of the Auditor falls as "Internal Audits to be Performed".

Clicking the Audit Plan Code opens the Perform Audit screen.

With the help of the buttons on the screen;

: A question is added to the control.

:D Saves the Performing Auditing as a draft.

: Records the operation of performing the check.

! Clicking the (Add question) button adds a question to the control in the Control Question Pool.

Questions selected by clicking the (Add to control) button are added to the control.

On the Perform Check screen, click the Findings tab.

With the help of the buttons on the screen;

:A new finding is defined.

: Any corrections, changes or updates are made to the selected finding information in the list.

: The finding information selected in the list can be deleted.

:The data can be exported to Excel.

In the Findings tab (new) button is clicked.

The corresponding fields are defined in the screen that opens:

Finding Summary: This is the area where the Findings Summary information is entered on the Findings tab.

Finding Detail: This is the area where the Finding detail information is entered on the Findings tab.

Finding Type: On the Findings tab, this is the area where the Finding type information can be selected from the evidence types defined in the system. For example, Major, Minor

Related Question: This is the area where the Question to which the finding relates can be selected on the Findings tab.

Action Detail: This is the area where the Action detail information is entered in the Findings tab.

Responsible: This is the area on the Findings tab where the Action Officer can be selected from the Personnel List defined in the system.

To To : On the Results tab, this is the area where the person who will perform the action can be selected from the Personnel List defined in the system.

End Date: On the Findings tab, this is the area where the Action end date is set.

Pen Type: On the Results tab, Actionu is the area where the pen type can be selected from the item types defined in the system.

After the required fields are filled, click the ! By clicking the (save) button, the Finding identification registration process is performed.

The auditors send the answers to their questions and the findings they find to the responsible person and the closing approver (audit officer) makes the final decision. By clicking on the Audit Tab and giving the answers to the questions added to the audit(save) button is sent to the Control for shutdown confirmation.