Our Vision of Audits
Build an Audit trail on processes and control
Complete the Plan Do Check Act (PDCA) in our audit software and work risk based. This allows recommendations to be followed up immediately. In this way, your organisation moves from process control to process improvement in the field of risk management.
With Audit software you monitor the PDCA
Plan
The audit planning should be in line with the risk profile and controls surrounding your organisation's strategy and processes.
Do
Data collection: Carefully go through the steps of the implementation process for each audit programme. This includes analysis, risk assessment and analysis controls. This process helps to identify problems, gather evidence and report findings and recommendations.
Check
Evaluate the results and the process of implementing the audit and improve where possible. By linking risk and control, processes can be improved, and more synergy can be achieved.
Act
Prevent a barrage of recommendations and ensure overview and good monitoring so that findings and recommendations can actually be followed up.
Every Employee Becomes an Internal Auditor with a Self-Assessment Tool
Many organizations still rely too much on the internal audit department. As a result, people are busy collecting documents and evidence and there is too little time to actually follow up on recommendations and complete the PDCA. Of course, this must and can be done differently. A risk-driven approach sets priorities and enables accountability. This also promotes the independence of the internal audit department. With self-made control risk self-assessments (CRSA), which are important tools for the auditor, the organisation is really involved, and risk awareness is increased.
Three Lines Model
1st line
2nd line
3rd line
The Three Lines of Defense model from The Global Institute of Internal Auditors was updated in July 2020.
The functions are not only intended to protect the value of the organization, but also to increase it. As a result, we no longer talk about ‘lines of defense’ or ‘lines of defence’.
The goals of the organization are central to all functions. The functions are not silos, but coordinate and work together; each from his own role. The design of the model must be geared to the risks and specific situation of the organization.
The 3LM establishes a stronger link with the objectives of the organization.
1st line
This group is ultimately responsible for the choices made and the risks taken in daily practice .
You want to optimally support the people who are responsible for the most important activities and processes in an organization. GRC information is relevant, but often only if you have to. How do you make it easier for them? How is risk management going to live for them? Do they know within which frameworks they have to operate? And how do you effectively conduct a Privacy Impact Assessment without immediately bombarding all teams with a questionnaire of more than 100 questions?
Key words are: Accountability and reporting.
< p>
2nd line
This group develops the systems for a good process of risk management and control , always supporting the ‘business’.
The risk manager, controller, auditor, compliance or security officer (CISO) wants a clear register of risks, controls, compliance sets and, for example, related incidents. NARIS GRC helps the GRC Professional with insight, completeness. Whether you work on the basis of a Risk Control Framework or only do control testing, want to do internal and external audits, or want to comply with a standard. With our knowledge and the flexibility of NARIS GRC you can steer with guts.
Keywords are: Delegation, direction, resources, supervision
3rd line
This group provides assurance to top leadership (assurance) on the quality of direction and control in certain areas within the organization.
Supervisors, Boards of Directors/Supervision/Commissioners, external auditors or accountants, as an internal auditor you want to report in an effective and relevant way. NARIS GRC can help you with those reports; whether it concerns assurance of audits or controls, risks at chain partners or objectives of the organization itself. From detail to dashboard, internally or externally; look back to steer forward. Fueled by useful GRC information so that the right assurance can be given.
Keywords are: Alignment, communication, coordination, cooperation
Strategic Risk Analysis as Basic Audit Planning
By linking goals, processes, risks, controls and audits, audits become an integral part of management and therefore also relevant for the organization. With NARIS Next you facilitate, administer and monitor the entire audit process – from targeting, setting up, data collection, analysis to findings, recommendations and reporting.
Self-Assessment Facilitates the First and Second Line
Through self-assessment, you find out whether your core processes are in control and whether the measures (processes) have been designed effectively. In order to collect evidence, you can easily use NARIS Next to periodically send out questionnaires or checklists within your organisation. This leaves more time for data analysis and puts the focus more on those organisational units that are less in control.
Build or Import a Control Framework
Save time on the set-up and design of your audit by using standard templates in NARIS Next based on standards (e.g. ISO31000, 27001/27002/90001, NEST), frameworks (NOREA) and laws and regulations (GDPR, BIO). With NARIS Next, you link up with what other organisations have already worked out and you can focus on making controls specific.
Inspiration around auditing.
Nederland
Plantageweg 1C
3833 AZ Leusden
Colosseum 19
7521 PV Enschede
Duitsland
Hohenzollernring 57
50672 Köln
Over NARIS
Partners
GRC tooling
Support
