1

EUROSAI vom 18 - 20. September 2012

Olivier Battaglia, dipl. Wirtschaftsinformatiker, CISA, CIA, CGAP

Purchase, implementation and operation

of the audit management system (AMS)

for managing and evaluating the audits

finding the right tool

my existing toolset

functions vs. processes

my requirements tool features

Aims

11/09/2012 Introduction i-world 2

finding the right tool

Process

Tools:

• Word

• Excel

• Auditmex

• Milestones

• Teammate

• Kendox

• …

risk analysis Planning Implementation

administration

functional coverage

11/09/2012 introduction i-world 3

Functions vs. Processes

topics / business processes

risk analysis Planning

Functions

• Text editing

• Calculation

• Document management

• Reporting

• Statistics

• Workflow

• Change detection

• Quality control

• User profiles

11/09/2012 introduction i-world 4

Process

Implementation

my requirements

Requirements for a process: – No process adjustments because of the introduction of a

new tool

– Free to design new processes

– Freedom to be able to change process

Requirements of process terminology (Wording): – Application uses our language

– Application supports multiple languages

11/09/2012 5 introduction i-world

process design

multilingual terminology

Features of i-world

As with the process and wording, i-world is also flexibile and dynamic as a whole:

– Data model extended indefinitely

– User Profiles processes adaptable

– User Interface and processing logic adapted functionally

– dynamic Analysis and reporting functions (ad hoc) and Quick

Links (Menu)

– Availability

– Integrated, methodical versioning

11/09/2012 8 introduction i-world

User profiles / access rights

The user profiles can be optimally adapted to the process.

A user can be activated from the user profiles, select for him and then work with the defined rights.

Menus: defined process-oriented or thematic Addition / change (legitimate) users Start of functions, ad hoc reports and pre-defined reports (Quick Links)

Export und Online-Reporting

ISO-Certified: i-world

based on the MDX-Method 2

Certified by The Swiss Association for Quality and Management Systems (SQS)

Certification for:

- ISO 9001:2000

- ISO 90003

- ISO 15498-2:2001 (Records Management)

- BS 7799-2:2002

- Federal Law on Data Protection

- Ordinance on the Federal Law on Data Protection

- Federal Law on Copyright

Validated: September, 2010

Registration No. 30232

Benefit of the certification:

– Reliability (reliability)

– Authenticity (authenticity)

– Integrity (integrity)

– Comprehensibility and usability (usability)

11/09/2012 11 introduction i-world

Change tracking

It goes without saying that all

creates, updates, deletes,

moves, archives etc are

protocoled.

Who changes what, when, with

which role and for what reason ?

i-world Technologie

Network devices

Web-Server (MS IIS) SQL-Server

ODBC/JDBC Server Windows Security

(LDAP, Smartcard, etc.)

Internet

Intranet

Extranet

Web-Browsers: MS IE,

Firefox, Opera, Safari,

Mozilla, etc.

Mobile Devices

(incl. PDA) Web- / Windows-

Applications

Integration in Homepage

(of Internet or Intranet)

Office Integration

(DOC, XLS, CSV,

TXT, HTML, VCF,

VCS, ICal, …)

Index Server

(Search in documents)

Report Generation

(e.g. MS Office

Docs)

on client or server

Send E-Mail Notifications

(manual, automated or

out-of-a-process)

Via HTTP,

WAP

Authentification with

plugin Auth4Win

Replication feature

for MS XLS as

enhancement with

plugin Gateway

Plugin Report

Access (read/write)

to 3rd party data

sources with plugin

i-bridge

Client-Client-Dialog (CCD) for data exchange to

3rd party applications across the networks.

Data Interface

(Bidirectional;

e.g. for ERP,

BI-Tools, etc.)

ODBC / OLE-DB

Plugin i-bridge

aims of the

i-world Auditmanager

remove media breaks

automate Integrity

transparent informationmodel

Function

Process

11/09/2012 14 introduction i-world

i-world Auditmanger

Auditingprocess

Risk analysis Planning Fieldwork

Administration

Follow-Up

11/09/2012 15 introduction i-world

Risk analysis

11/09/2012 i-world Auditmanager 16

Planning

11/09/2012 i-world Auditmanager 17

Field work

11.09.2012 i-world Auditmanager 18

Follow up

11.09.2012 i-world Auditmanager 19

Administration

Implementing i-world

Implementing i-world Auditmanager

Kick-off Workshops Pilot-Application Go Live Integration

project documentation / schooling

11/09/2012 i-world Auditmanager 21

Workshops

Decision Membership in the Auditworld Association / Software licensing

Installation Installation of the i-world Auditmanager Environment

1. Workshop Introduction Auditmanager: System overview (which elements and options are available), Adapting the Terminology.

Data migration You decide which Data you want to migrate : SConsult offers special conditions to migrate data, reports and catalogs starting after the first workshop.

2. Workshop Defining the detailed concept, Definition of the processes (Workflow), Authorisations, Quality assurance

3. Workshop Assessment of the functional implementation of Workshop 2 (Confidence Test)

4. Workshop preparation of the Pilot: - defining the user interfaces (Corporate Identity, Menu structures, special data functions, ..) - defining the reports (Reporting)

Pilot test Current (if already completed) audits are entered into the system and as form of a "live test". The users and managers can thus gain some experience in a step to recognize the potential for improvements and develop the basis for user training. On another focus of the pilot test is designed differently.

5. Workshop Consolidation of findings during the pilot test and planning of the deployment

11/09/2012 i-world Auditmanager 22

Pilot

11.09.2012 i-world Auditmanager 23

Integration Examples

Authentication (Single Sign-On):

• Active Directory (Swisscom, Finanzkontrolle Kanton ZH)

Authentication, Authorisation, User Management:

• GINA (Finanzkontrolle Kanton GE)

Interfaces:

• Finance systems, eg. SAP, Honoris

• Administrative systems, eg. IBM-Host-basierend

• Technical Systems, eg. CISCO

Office-Reporting:

• Word

• Excel

11/09/2012 i-world Auditmanager 24

Scalability

960 Benutzer:

– Swisscom (Schweiz AG)

– Wachstum ca. 50 Benutzer / Monat

– Hoher Grad an Prozess- und Systemanpassungen (umfangreiche Service-Struktur)

– 1 i-world Instanz (= 1 DB + 1 Web), 15 GB SQL

– 450% interne Stellen auf 7 Personen

– 50% Stelle bei SConsult AG

95 Benutzer:

– Eidgenössische Finanzkontrolle

– Eingeführte Prozesse mit wenigen Adaptionen

– 1 i-world Instanz (= 1 DB + 1 Web), 4 GB SQL

– 10% interne Stelle

11/09/2012 i-world Auditmanager 25

Résumé

To achieve an integer environment you need the neccesary

technical infrastructure.

i-world is the only certified tool which offers such an

infrastructure.

Your benefit is based on the know how of many auditors and

the possibilities offered by the i-world auditmanager

11/09/2012 i-world Auditmanager 26

Thank you for your attention