EUROPEAN COURT OF AUDITORS
EUROSAI conference
Application of software tools in Audit
Audit Support, Quality and Development
Assyst II project : a new audit system for the ECA
Christophe Grosnickel, project manager
18/09/2012
History of audit support tools
 1970-1994
only paper
 1995-1996
Excel spreadsheets
 1997-2003
custom dev)
WinDAS (Powerbuilder + Oracle,
 2004-2012
Assyst (Autoaudit on Lotus Notes,
package by Paisley – Thomson Reuters)
 2013
Assyst II on Sharepoint (custom dev)
2
WinDAS
Transactions database
3
WinDAS
 Audit programmes
4
WinDAS
 Observation forms
5
Assyst
 Audit tasks
6
Assyst
 Audit programme
7
Assyst
 Planning information
8
Assyst
 Observations
9
Assyst
Benefits
 One single application for all auditors (fin/perf)
 Covers the full process
 Introduced formal procedures and standard
documents for the first time in an IT system
10
Assyst II project
 Main drivers
 No Paisley support of Assyst after 2012 > the new version
is a fully new product
 Assyst not sufficiently tailored to ECA needs
 Poor knowledge management and searching capabilities
 Poor editing capabilities compared to MS Office tools
 Not used by 100% of auditors, and not consistently. Most
advanced features (management features) not used.
11
Why Sharepoint?
 Decision to go for a home made tool tailored to the
Court’s needs, rather than an off-the-shelf solution.
Sharepoint offers a full development platform.
 Build on top of existing software components
 Reduces dependence towards external companies
 Focus on Knowledge management and Collaboration
 Open architecture / Integration capabilities
 Storage of all audit documents in a single place from
the audit sites to the intranet/extranet
 Better integration with MS Office tools
 In line with DIT Strategy to migrate to a MS centric
platform, in order to reduce the number of
technologies
12
Project plan
 Pilot approach (fin then perf)
 Black belt network
 Agile development methodology
 Phase 1: audit planning and execution (APM to SPF) > first
global deployment between March and September 2013
 Phase 2: audit monitoring and reporting (final reports and
implementation reports)
13
Project governance
 Project team = Business PM + IT PM + BA + key
business users
 IT development team = IT PM + 3 dev + architect
 Black Belt network
 Steering committee = board of directors
 Project owner = CEAD director
14
Business analysis
 Business process analysis covering the full audit cycle > BPMN
models
 Increasing the knowledge of audit processes on IT side to
improve collaboration
15
Business analysis
16
IT DEVELOPMENT METHODOLOGY
SCRUM Methodology
• Involve the business actors as much as possible in the
development phase
• Develop in an interactive and iterative way:
show the results every 2 weeks (Sprint) and agree on the next work
items for the development team.
Requirements
Design
Instead of doing one activity
after the other
Implement
Test
Scrum teams perform a bit of
all activity at once
17
Functional coverage (phase 1)
Focus on audit planning and execution










Dedicated audit sites and audit templates sites
Import of transaction information from an external database
Assistance to the creation of Audit programmes templates
One page audit programme form dynamically created from AP
templates vs transactions
Audit site specific Document library optimized for the handling of
Evidence documents
Audit site specific Document library optimized for the handling of
Permanent documents
Database of historical observations (2007-2011)
Improved approval workflows
Step-by-step Observation (findings) management
Finding statement document generation
18
Functional coverage
19
Business logical model v1
20
Business logical model v2
21
Example:
OBJECTIVES
Evidence collection plan
Detailed questions / steps
Q1
Q2
Q3
Q1,1
Criterion 1
1
2
3
4
5
6
Criterion 2
1
2
3
Q1,2
Criterion 3
1
2
3
4
5
Q2,1
Q2,2
Q3,1
Q3,2
Q3,3
Criterion 4
Criterion 5
Criterion 6
Criterion 7
Criterion 10
Criterion 11
Criterion 12
typical values per audit
5 to 30 criteria
4 to 10 Member States
5 to 15 projects
Ministry-Paris
x
SUBJECTS
France
Region Project 1 Project 2 Project 3
Ministry-London
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
set of all
questions for
criterion 1 in UK
x
x
x
x
x
x
set of all
questions for
criterion 2 in UK
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
set of all
questions
for criterion
3 in France
x
x
x
x
x
x
x
Ministry
question
set
UK
Project 1 Project 2 Project 3
x
x
x
x
x
x
x
x
x
x
x
x
Region
x
x
x
Project
question
set
22
Assyst II sites Layout
Lists
ASSYST2 Top level site
Auditees
Pages
Units
Forums
Help pages
Audits
Unit/Dir. sites
Lists
Pages
Libraries
Audit sites
Library
APs
AP
Ad-hoc list
Forums
Ad-hoc
page
Ad-hoc
library
Tasks
Transaction 1
WP
ED
•Audit step 1
•Audit step 2
SPF
Others
Findings
Finding 1
•Fact 1
•Fact 2
•Audit step 1
•Audit step 2
Forums
Template
Activities
AP 1
•Audit step 1
•Audit step 2
Finding 2
Transaction 2
Templates
sites
•Fact 1
•Fact 2
Tasks
AP 2
•Audit step 1
•Audit step 2
Library
Template doc
1
23
Assyst II – Audit site Document libraries
24
Assyst II – Transactions list
25
Assyst II – Audit Programme forms
26
Lessons learned
 As in most IT system development or implementation
projects, many organisational/procedural issues come out
and take long discussions and approval to be solved
 Difficult/Costly to provide a nice-looking, responsive and
ergonomic user interface with Sharepoint, even with custom
coding
 Scrum methodology helps to identify system requirements
which are not clearly expressed or agreed, but it takes longer
as some design/developments are made and then dropped
27
Thank you!
http://eca.europa.eu
28