EUROPEAN COURT OF AUDITORS

EUROPEAN COURT OF AUDITORS EUROSAI conference Application of software tools in Audit Audit Support, Quality and Development Assyst II project : a new audit system for the ECA Christophe Grosnickel, project manager 18/09/2012

History of audit support tools 1970-1994 only paper 1995-1996 Excel spreadsheets 1997-2003 WinDAS (Powerbuilder + Oracle, custom dev) 2004-2012 Assyst (Autoaudit on Lotus Notes, package by Paisley Thomson Reuters) 2013 Assyst II on Sharepoint (custom dev) 2

WinDAS Transactions database 3

WinDAS Audit programmes 4

WinDAS Observation forms 5

Assyst Audit tasks 6

Assyst Audit programme 7

Assyst Planning information 8

Assyst Observations 9

Assyst Benefits One single application for all auditors (fin/perf) Covers the full process Introduced formal procedures and standard documents for the first time in an IT system 10

Assyst II project Main drivers No Paisley support of Assyst after 2012 > the new version is a fully new product Assyst not sufficiently tailored to ECA needs Poor knowledge management and searching capabilities Poor editing capabilities compared to MS Office tools Not used by 100% of auditors, and not consistently. Most advanced features (management features) not used. 11

Why Sharepoint? Decision to go for a home made tool tailored to the Court s needs, rather than an off-the-shelf solution. Sharepoint offers a full development platform. Build on top of existing software components Reduces dependence towards external companies Focus on Knowledge management and Collaboration Open architecture / Integration capabilities Storage of all audit documents in a single place from the audit sites to the intranet/extranet Better integration with MS Office tools In line with DIT Strategy to migrate to a MS centric platform, in order to reduce the number of technologies 12

Project plan Pilot approach (fin then perf) Black belt network Agile development methodology Phase 1: audit planning and execution (APM to SPF) > first global deployment between March and September 2013 Phase 2: audit monitoring and reporting (final reports and implementation reports) 13

Project governance Project team = Business PM + IT PM + BA + key business users IT development team = IT PM + 3 dev + architect Black Belt network Steering committee = board of directors Project owner = CEAD director 14

Business analysis Business process analysis covering the full audit cycle > BPMN models Increasing the knowledge of audit processes on IT side to improve collaboration 15

Business analysis 16

IT DEVELOPMENT METHODOLOGY SCRUM Methodology Involve the business actors as much as possible in the development phase Develop in an interactive and iterative way: show the results every 2 weeks (Sprint) and agree on the next work items for the development team. Requirements Design Implement Test Instead of doing one activity after the other Scrum teams perform a bit of all activity at once 17

Functional coverage (phase 1) Focus on audit planning and execution Dedicated audit sites and audit templates sites Import of transaction information from an external database Assistance to the creation of Audit programmes templates One page audit programme form dynamically created from AP templates vs transactions Audit site specific Document library optimized for the handling of Evidence documents Audit site specific Document library optimized for the handling of Permanent documents Database of historical observations (2007-2011) Improved approval workflows Step-by-step Observation (findings) management Finding statement document generation 18

Functional coverage 19

Business logical model v1 20

Business logical model v2 21

Example: OBJECTIVES SUBJECTS Evidence collection plan Detailed questions / steps France UK Ministry-Paris Region Project 1 Project 2 Project 3 Ministry-London Region Project 1 Project 2 Project 3 Q1 Q1,1 Criterion 1 1 x x 2 x x 3 x x x x x x 4 x x x x x x 5 x x x x x x 6 x x Criterion 2 1 x x 2 x x 3 x x set of all questions for criterion 1 in UK set of all questions for criterion 2 in UK Q1,2 Criterion 3 1 x x x x x x 2 x x x x x x 3 x x x x x x 4 x x x x x x 5 x x x x x x Criterion 4 x x Criterion 5 x x Q2 Q2,1 Criterion 6 x x Q2,2 Criterion 7 x x Q3 Q3,1 Criterion 10 x x Q3,2 Criterion 11 x x Q3,3 Criterion 12 x x set of all questions for criterion 3 in France typical values per audit 5 to 30 criteria 4 to 10 Member States 5 to 15 projects Ministry question set Project question set 22

Assyst II sites Layout Lists Auditees Units ASSYST2 Top level site Pages Help pages Forums Audits Unit/Dir. sites Audit sites Templates Lists Ad-hoc list Forums Pages Ad-hoc page Tasks Libraries Ad-hoc library Library AP WP ED SPF Others Forums APs Transaction 1 Audit step 1 Audit step 2 Transaction 2 Audit step 1 Audit step 2 Findings Finding 1 Fact 1 Fact 2 Finding 2 Fact 1 Fact 2 Tasks sites Template Activities AP 1 Audit step 1 Audit step 2 AP 2 Audit step 1 Audit step 2 Library Template doc 1 23

Assyst II Audit site Document libraries 24

Assyst II Transactions list 25

Assyst II Audit Programme forms 26

Lessons learned As in most IT system development or implementation projects, many organisational/procedural issues come out and take long discussions and approval to be solved Difficult/Costly to provide a nice-looking, responsive and ergonomic user interface with Sharepoint, even with custom coding Scrum methodology helps to identify system requirements which are not clearly expressed or agreed, but it takes longer as some design/developments are made and then dropped 27

Thank you! http://eca.europa.eu 28