Who is this article for?

Users who need to understand planning Risk exposure.

No special access or permissions are required.

The Audit Scheduling screen within a Planning Period enables you to create Candidate Audits individually or in bulk, using intelligent suggestions based on configurable scheduling models called Scheduling Factors.

1. Understanding the audit scheduling matrix

The Audit Scheduling screen displays a matrix that uses colour coding to highlight planning status across Entity-Process combinations.

Matrix colours

The matrix uses five colours to indicate planning status:

• Green – a Candidate Audit is required and one already exists
• Yellow – a Candidate Audit is not required but one already exists
• Red – a Candidate Audit is required but one does not exist
• Light Grey – a Candidate Audit is not required and one does not exist
• Dark Grey – the cell is inactive (unmapped in the current Planning Period)

2. Understanding audit scheduling calculations

The Audit Scheduling calculation produces a suggested next Audit date for each Entity-Process cell. If this suggested date falls between the Planning Period start date and end date, Pentana will recommend an audit be planned for that Entity-Process.

There are three different calculation options depending upon available data.

2.1 Calculation Option 1

If the Entity-Process cell has a Current Audit Date:

Current Audit Date + Audit Frequency (months) = Suggested Planned Audit Date

2.2 Calculation Option 2

If the Entity-Process cell has a Last Audit Date:

Last Audit Date + Audit Frequency (months) = Suggested Planned Audit Date

2.3 Calculation Option 3

If the Entity-Process does not have a Current Audit Date or a Last Audit Date, the system uses the Scheduling Reference Date (configured in system settings):

Scheduling Reference Date + Audit Frequency (months) = Suggested Planned Audit Date

Note: The Audit Type segmentation Exclude setting determines whether to include an Audit of that Type when calculating when an Entity was last audited. Changing an Audit Type segmentation between Include and Exclude will not change existing (historic) Current/Last Audit Dates. You will need to change these Audit Types to another value, save the change, then change back to affect the recalculation of historic Current/Last Audit Dates.

Note: Where a planning user is not authorised to view an audit (for example, confidential), the Current/Last Audit Date will be blank for that user.

Tip: Current Audit and Last Audit can be shown on the grid as Entity columns in Org Structure or Analysis.

3. Using scheduling factors

There are four Scheduling Factors that can be individually toggled on or off from the Ribbon. The Scheduling Factors can be used one at a time or in any combination together.

The scheduling factors provide the Audit Frequency for the Audit Scheduling calculation. If more than one scheduling factor is selected, the lowest Audit Frequency will be used for the calculation.

3.1 Fixed Frequency

This Scheduling Factor looks at the Audit Frequency of each Entity-Process (Client Universe). With this factor toggled on, Pentana will check if the Entity-Process is due to be audited within the Planning Period start and end dates.

3.2 Last Audit Rating

When an Audit is completed it will be given a Rating.

These Ratings have a frequency (months) associated with them, viewed within:

1. Admin
2. Segmentations
3. Audit Rating

This factor will only be included in audit scheduling calculations if the last audit is present for an Entity-Process (completed audits).

3.3 Planning Risk Rating

The Entity-Process Planning Risk Rating values each have an associated frequency. These frequencies are recorded in months and are entered within:

1. Admin
2. Segmentations
3. Planning Risk Ratings

3.4 Specific Risk Rating

Specific Risks are Entity Risks associated with each Entity-Process. This scheduling factor looks at the same risk scores as the Universe Risk Exposure Screen.

Only Entity Risks with parent Objectives that have an included Objective Category will be considered.

Each Risk Rating is associated with an Audit Frequency. These frequencies are recorded in months and are configured within:

1. Admin
2. Segmentations
3. Risk Ratings

4. Adding candidate audits in bulk

With the specific scheduling factor(s) selected, Pentana will suggest candidate audits by making Entity-Process cells Red. You can then create Candidate Audits on every Red cell displayed on the Universe Matrix in bulk.

1. Select the relevant command from the Ribbon.

Drilling down, collapsing and hiding areas of the Universe Matrix will affect which Candidate Audits are created, just the same as a user selecting a Red cell and manually creating a Candidate Audit from it.

Note: The universe matrix at the highest level (All Org Units versus All Process Areas) will create one candidate audit with a scope that covers every Entity-Process (if the rolled up scores had an audit frequency in range).

The universe matrix at the lowest level (all Entities versus all Processes) will create a candidate audit for every Entity-Process cell that is red.

5. Configuring display options

The display options on the Audit Scheduling screen can be selected from the Ribbon.

5.1 Colour Display modes

There are three different Colour Display modes:

• Factors – shows colours according to Scheduling Factors
• Planning Risks – shows colours per the Planning Risk Exposure
• Specific Risks – shows colours per the Entity Specific Risk Registers

When the colour is set to Factors, the colour of the cells is determined by Audit Frequency as opposed to Risk Ratings (Specific or Planning).

5.2 Value Display modes

The three Value display modes are:

• Count – shows the number of Candidate Audits in each cell
• Coverage – shows the percentage of Entity/Process cells covered by a Candidate Audit
• None – no numbers are displayed