Among the very biggest challenges we face trying to build all of you an incredible audit management system is bringing clarity to the intent of the features we build. Auditors all around the world refer to the same things many different ways depending on their team’s internal practices, the type of auditor they are, etc. So, believe it or not, we spend an enormous number of hours carefully considering the language we use, trying to bring clarity to the system. It really is an incredible challenge.

Today we are making relatively significant change to bring more clarity to something that has bothered us for a very long time, the “Project Files” tab. The intent of this tab is to give the audit team a place to store project-level documents that don’t fit within any particular fieldwork procedure. These are usually planning related files such as audit scoping activities, notification letters, etc. or documents related to the audit results, such as the final report. However, many auditors confuse this with being the place to simply store ALL of their documents in the audit.

In order to help with this, and make the flow of work in the audit more clear as well, we have split the “Project Files” tab into two new tabs called simply “Planning” and “Results”.

With this change, the audit team will be able to clearly separate out the planning phase of the audit from the results and wrap-up phase. It is much more intuitive and should make the intended use of those areas much more clear. We’re really happy with this change and hope you will be also.

All of the existing Project Files in the system have been automatically placed in the correct tab, planning or results. Additionally, any time you want to move a set of documents from the results tab to the planning tab, or vice-versa, simply click the link in the left bar of that document set.

As part of this shuffle, the Status tab was also shifted to the right so it lives over with the other project management related tabs. As always, if you have any questions about the changes to the tabs or just want to let us know what you think, do not hesitate to submit a help request or email us at help@workpapers.com, and thanks so much for all of your support.

Article and Comments »

A small, but very useful feature has been added to the Workpapers.com request list tracking. Auditors are now able to update all the open request list items at once. To do this, first visit the Requests tab and click “Update all open request items”.

Next, update any of the attributes that you wish to update for all open items. Note that those that have already been marked as received will not be affected by the change.

After submitting the change, all open items will be updated and show in the list accordingly. Hopefully this small feature will continue to make getting those PBC items timely even easier.

Article and Comments »

With the news released today that we have been acquired by ACL, I wanted to take a minute to say THANK YOU to our team and especially to our customers. Workpapers.com would be nowhere today without the ongoing support and feedback of our customers and the incredibly hard work of our team.

Last week was my first official week with ACL and it was fantastic, as I knew it would be. The ACL team is incredible and has all the tools we’ve been missing to transform Workpapers.com into the global leader in audit management software. Additionally, the plans we have to integrate a fantastic audit management system with the market leading audit analytic software to create the ultimate audit toolkit are extraordinarily exciting.

As I’m sure you’re wondering though, it is business as usual for our current customers. Nothing is changing with respect to your system, pricing plans, or customer support level. In fact, we have already more than doubled our underlying system resources in anticipation of rapid customer growth so your system is faster and more secure than ever before. We also expect to accelerate our product roadmap to bring you some great new features and improvements, much sooner than previously expected.

Again, my sincere thanks. I could not be more proud of what we have built to this point but none of that would have been possible without our fantastic customers. I will continue to lead the team behind Workpapers.com and look forward to growing together in the future. If you have any questions at all, please do get in touch anytime.

Happy Auditing, Dan

Article and Comments »

The acquisition of Workpapers.com will grow ACL’s solution portfolio and create the first integrated audit technology offering in the market

VANCOUVER, December 12, 2011 — ACL Services Ltd., the solution provider of choice for data analysis within audit, today announced its expansion into the electronic work papers (eWP) market with the acquisition of Workpapers.com.

ACL’s market-leading audit analytic solutions and the Workpapers.com audit management system will be integrated for a seamless audit experience that spans the complete audit process.

“The addition of Workpapers.com to our product portfolio is an exciting opportunity for ACL and our customers and partners around the world. For 24 years, ACL has worked with thousands of internal audit organizations, and we understand the challenges these departments face,” said Harald Will, CEO of ACL Services. “This acquisition puts us in the position to provide a complete audit technology offering that is integrated, efficient and meets the most pressing needs of audit departments today.”

A recent survey with over 8000 ACL customers indicated a 75% interest in an integrated analytics and eWP solution to improve efficiency and increase the use of technology in their audit departments.

“ACL is also significantly increasing its R&D investment in our core analytic solution to improve usability and reporting, and for expanded continuous auditing and monitoring capabilities,” said Laurie Schultz, President and COO of ACL Services. “Over the coming months, we plan to share with our customers and partners this new strategic roadmap and continue to engage them in our vision for ACL.”

“I am pleased that Workpapers.com is joining an organization with the brand and reputation of ACL. For years they have been at the forefront of the audit analytic technology market and now want to expand their mark in audit management systems,” said Dan Zitting, founder of Workpapers.com. Zitting will transition his role at Workpapers.com to become the new Vice President of Working Papers Software for ACL Services.

About ACL Services Ltd.

ACL Services Ltd. is the leading global provider of business assurance technology for audit and compliance professionals. Combining market-leading audit analytics software with centralized content management and exception reporting, ACL technology provides a complete end-to-end business assurance platform that is flexible and scalable to meet the needs of any organization.

Since 1987, ACL technology has helped organizations reduce risk, detect fraud, enhance profitability, and improve business performance. ACL delivers its solutions to 14,700 organizations in over 150 countries through a global network of ACL offices and channel partners. Our customers include 98 percent of Fortune 100 companies, 89 percent of the Fortune 500 and over two-thirds of the Global 500, as well as hundreds of national, state and local governments, and the Big Four public accounting firms. Visit us online at www.acl.com.

Visit the ACL Blog to read the latest issues and insights on business assurance, compliance & risk, fraud detection, and internal audit: www.acl.com/blog

For more information, contact:

Carri Toivanen, Corporate Marketing ACL Services Ltd. Phone: +1-604-974-1430 press@acl.com

© 2011 ACL Services Ltd. ACL and the ACL logo are trademarks or registered trademarks of ACL Services Ltd. All other trademarks are the property of their respective owners.

Article and Comments »

Keeping a sharp eye on the hours budgeted for a given audit project is the key to running a profitable audit firm. All of us in client service know that blown budgets lead to lower realization rates and, in turn, a less profitable firm. However, often times, the importance of project budgeting is overlooked in internal audit departments.

Within the internal audit department, just like in most corporate departments, people’s time is the most important resource at the disposal of the CAE (Chief Audit Executive). It only follows then that deploying your overall inventory of person-time effectively is critical to realizing the highest-value results. Yet all to often, after we move away from client service and into industry/internal audit, we stop carefully budgeting projects and holding ourselves accountable for budget overruns.

Workpapers.com recently added a set of simple tools around project budgeting and automatically tracking progress against the budget (e.g. budget to actual or WIP) based on the time entries made by the audit team. Now it is snap to see where you are in relation to the planned budget as well as where time was spent, both within a project and across all your current projects.

So, for Workpapers.com customers at least, the tracking problem is solved. It is just up to each of us to have the discipline to plan effectively and the courage to assign accountability for the results. Once that happens, each team will see more high-impact audit work coming out of the same inventory of person-time within just few months, every single time.

Article and Comments »

Over the past two years we have learned a lot about both how our customers use the Workpapers.com audit management system and what is necessary to ensure we are a business that can continue to grow and better serve the needs of those customers. We extremely thankful for every single auditor that trusts us to help manage their audits. We have the greatest customers in the world, love what we do, and are amazed to see what Workpapers.com has grown into.

To that end, today we are releasing two big changes to Workpapers.com: 1) a change to our pricing plans and what each plan includes, and 2) the first overhaul of our company and product branding.

Plans & Pricing Changes

I will discuss the changes to the pricing plans first, as I know that will be of the most interest. Until now, we have basically charged “per user”. This has worked fine, however we’ve observed one ongoing problem… when charging based on the number of users, audit teams tend to leave people like their executives, their clients, and the external auditors out of the system and process because those additional users would create additional cost. The real power of Workpapers.com is realized when everyone with an interest in the audit can collaborate in the system. It enables executives to track status, audit teams to add temporary team members, external audit to review internal audit’s work, and clients to track results and securely upload documents requested from them.

So, for this reason, all of our plans (even the free plan) will include UNLIMITED USERS going forward. We want to remove all barriers in the way of ultimate collaboration. Instead, each plan will be limited by the number of active projects allowed (archived projects don’t count against the limit) and/or the amount of storage used. The standard plans will actually drop slightly in price and range from FREE to $199/month. We have also added an Enterprise Plan that includes additional features and support.

Check out all of the details on the new plans here »

New Workpapers.com Branding

Workpapers.com was originally born out of a CPA firm and, needless to say, most CPAs aren’t the best managing brand. Well after a huge amount of work and bringing in new design experts, Workpapers.com has become more beautiful and our materials and website better illustrate the values on which the system itself is built. We are incredibly proud of this new look and feel and will be extending it further in the future.

As always, thank you so much for the ongoing support and please let us know anytime we can help. Happy auditing!

Article and Comments »

This is a guest post by Jamie Ontiveros, a Certified Internal Auditor who has been a part of several large internal audit departments. Originally from the Detroit area, Jamie is now based in Denver, CO.

It’s known that the Internal Audit profession is migrating away from a compliance focus. They argue that this change in philosophy is a necessity if we’re going to provide more value to the business. Chief Audit Executives are taking the queue, as evidenced by the less prominent role that Sarbanes Oxley plays in audit plans at many public companies.

It’s one thing to call for this change, or to even scope more operational audits, but how do we go about actually providing that value? (i.e. what do we have to do differently tactically in order to produce greater value?) The good news is, not much.

Before we get going too far, let’s start out with a quick auditing 101 session as we’re all playing with different experience levels. Start off with a strong planning session in order to gain a solid process level understanding. Sometimes we auditors tend to focus on the controls, but we must remember that it is the risk that we’re truly auditing against. The control environment is the added layer management has implemented in order to reduce the risk.

You’ll be able to accomplish your objectives if you formulate your interview questions ahead of time based on the risks. You want to understand the process backwards and forwards, but never lose sight of the high level inherent risks. Consider this approach your sniff test. You’ll know if something the client says doesn’t sound right. That said, be mindful of what the client says during your planning sessions. I argue that client disclosure in addition to awareness are the keys to providing exceptional value. It’s not just about materiality.

Enter the Client Awareness Disclosure Map. Every management consultant and graduate student has a two by two table to more easily explain a business concept. This is my first contribution to internal auditing.

As you can see from the table, Client Awareness is displayed along the X axis, and Client Disclosure is along the Y axis. I wanted to keep the table simple, as there are merely four areas in which to plot your audit findings. The areas are not meant to be mathematical quadrants, so there aren’t any point scales. Let’s discuss.

Area 1 - You’ve asked about a process or risk, and the client has fully disclosed an issue they are having in their area. The issue is known to the client, but perhaps not to executive leadership. They may have also identified the cause of problem they are facing. You’re going to add value by giving ‘visibility’ to an issue that the client has likely addressed previously, but wasn’t able to get the necessary support.

Strength: Findings in this area indicate that your rapport with the client is strong. They disclose the issues to you in good faith. You provide assistance with a formal remediation plan and the business can move forward. You’ll know exactly what to look for during testing for evidence.

Weakness: If all of your findings are in this area, then it may be an indicator that your audit team isn’t digging deep enough during testing. It’s fine to put these items in your audit report, but too much focus on these findings without providing viable recommendations will feel like ‘gotcha auditing’ and may hurt client relationships and internal audit’s reputation going forward.

Area 2 - You’ve asked about a process or risk, and the client gives you a response that sets off your ’Spidey Sense’. The process may be well documented, and the client could be being forthright. They may honestly be unaware that they’ve said or done anything wrong. Perhaps the client should be performing an accrual at month end, but they fail to realize this requirement because they’re not accountants. You’ll have to find the root cause because the client isn’t aware of the issue to begin with. Your recommendations need to be solid.

Strength: Findings in this area indicate that your audit team has a solid understanding of the inherent risks. You’ve asked questions that identify potential issues that the client isn’t even aware of. You’ll know how to design your tests in order to evidence your suspicions. Professional skepticism is a trait that will help you identify issues in this area. You may have been told something in one meeting, but something contrary or different in another.

Weakness: If all of your findings are in this area, then it may be an indicator that your audit team isn’t digging deep enough. That is, if most of your findings are based on Inquiry. You also may have issues persuading the client that the findings are really ‘issues’. The client may provide the classic ‘this is how we’ve always done it’ response. So you’ll want to make sure that you have plenty of evidence to support your position. It’s fine to put these items in your audit report. Too much focus on these findings without providing viable recommendations may feel like technicalities. “We put in this control because audit said we had to”.

Area 3 - You’ve asked about a process or risk, and the client has not disclosed, fully or partially, any issue they are having. It’s known to the client, but perhaps not to executive leadership. The client has not disclosed the issue to you during questioning for any number of reasons. Perhaps they have been burned by audit in the past. Perhaps the company culture is harsh on failure, or is one ruled by fear. The cause of the problem may also be known by the client, but perhaps they are powerless to do anything about it, i.e. it’s a sensitive issue, or it’s the result of an executive’s decree.

Strength: Findings in this area indicate that your audit team has a solid understanding of the risks. Your team also has the technical skills to identify the issues via independent testing. Obtaining sufficient evidence during testing is not a problem if the test is designed and sampled adequately. You’ve audited according to the risk and found your mark. Doing so has allowed you to find issues that the client has not disclosed.

Weakness: If too many of your findings are in this area, then it may be an indicator that your audit team doesn’t have the best rapport with the client. Sometimes clients can tell you what to look for ‘off the record’, but that didn’t happen in this case. You’ll want to tread lightly here, and use this opportunity to build up the relationship by carefully managing the issue. It’s appropriate to put these items in your audit report, but too much focus on these findings without providing viable recommendations will leave the client feeling ‘burned’. If not managed well, these issues may hurt client relationships and internal audit’s reputation going forward.

Area 4 - You’ve asked about a process or risk, and the client has told you all of the right things. The client is unaware of any issues, and nothing that they’ve said gives you pause. You’re on your own in this area. Consider it uncharted territory. You’ll have to find the root cause of any issues in this area, because the client isn’t aware of them to begin with. Oftentimes the remediation is clear once the issue is known.

Strength: Findings in this area indicate that your audit team has a solid understanding of the risks and has the technical skills to identify issues via independent testing. Auditing against the risks and relying heavily on testing, versus merely inquiry, has led your team to the issues. It’s a clear example of finding what you’re looking for. You’ve identified issues, i.e. risk, that the client isn’t even aware of. Bravo!!

Weakness: There aren’t too many weaknesses in this area. Issues in any of these areas can bring value to the business, but I argue that issues in area four should be considered high value findings. We’re trained to think about significant issues from a materiality perspective, but issues with high materiality can be found in all four areas. It’s definitely appropriate to put these items in your audit report, but be sure that you’re not making a mountain out of a molehill.

In closing: Giving visibility to issues is a great way for Internal Audit to provide value to the business. Finding dollars is always a good thing, it’s not the only way to add value. Shedding light on risks the business didn’t know it had can be just as meaningful. The beauty of this approach is that it won’t take much retooling.

Arming yourself with a solid understanding of the risks, and using a combination of inquiry and detailed testing can be your key to identifying high quality findings. Once identified, you’ll quickly add value to your organization if you manage the issues correctly. How can you tell if you’re successful?

Start plotting your findings in these four areas, and trend your findings by area over time. Create a dashboard with breakouts that make sense for your organization: by audit, audit manager, auditor, area of the business, etc. Roughly speaking, you’ll want a relatively even distribution between issues identified by Inquiry and those identified through Independent Discovery (areas I & II and III & IV respectively). Your department can use the results to identify departmental training opportunities. How does your team trend?

Naturally client responses to the findings can and will vary. There are many ways to add value to the business, and bringing awareness to previously unknown risks is one of them. What better way is there to ensure that IA has a seat at the risk assessment/assurance discussion?

There is a connection between awareness and disclosure, that is human at its most basic level. ’What’s hidden versus what’s transparent?’ We audit process, but deal with humans. Let’s treat them as such with understanding of where each issue lies on the map. Doing so can provide insight in how best to address each situation. If managed appropriately, Internal Audit will provide value on every engagement.

Article and Comments »

Recently, Norman Marks (the “pre-eminent” blogger on internal audit and risk management) asked for some internal audit quotes on Twitter so we quickly wrote a few. Maybe someone else can use them for something? Feel free to plagiarize at will if you like any!

“It’s ten o’clock, do you know where your organization’s risks are?”

“When internal audit works hard, legal doesn’t have to.”

“Change is accelerating, risk rises from change. Identify, measure, mitigate, rinse, and repeat.”

“With strong risk management and intelligent framework mapping, compliance is a byproduct rather than an initiative.”

“Well managed risk and fluid, proactive compliance are competitive advantage.”

“When internal audit is strong, its work will cause opportunity to float and risk to drown.”

Article and Comments »

There has been a problem for awhile with Workpapers.com for audit teams like ours that have completed a lot of audits. The archived audits section had such a long list of audits in it that it was impossible to quickly find what you needed. Kind of reminded us of the old days in fact at a “Big 4” firm when we had to go to the file room to dig out last year’s audit files.

In order to solve this quandary, we have added a filing system to the archives. Simply click the link that says “Audit has not been filed”, then add a new folder. Perhaps you want to have a folder for each client? No problem, name it after a client. Want to organize folders instead by audit type? No worries, you can name folders however you like. Once you’ve added a folder, you can file as many audits as you like in that folder.

Of course, just you use the Folder drop down at the top right to change the folder and view the audits you filed in each. Hope that helps keep your archives organized.

Article and Comments »

You have likely already noticed it, but we have significantly upgraded the appearance of the pop-up boxes that appear when adding a to-do, request list item, or a finding to an audit procedure. There is actually a bigger change at work here that will make doing a number of areas of browser interaction more powerful. However, for now, we hope the new pop-up boxes make things a little nicer.

Article and Comments »