Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
IMPLEMENTATION OF EAUDIT
This document contains information that is proprietary and confidential to Mazars or its technical alliance partners, which shall not be disclosed outside
or duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate Mazars. Any use or disclosure in whole or in part of this
information without the express written permission of Mazars is prohibited.
Contact Information
For any information or query related to this technical proposal, please contact:
Duncan Rahman
Partner
Email: duncan.rahman@mazars.pk
Page | 2
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Table of Contents
Page | 3
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
The PMO’s phasing structure is separate from the life cycle work streams and defined as
follows:
Mobilize - addresses the detailed planning and set up activities typically performed at
the beginning of an engagement. This phase will be initiated as soon as the contract has
been finalized and signed and concludes with detailed plans to run the engagement.
Plan - includes the activities necessary to review, update and finalize prior to full
engagement execution.
Page | 4
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Execute & Control - spans most of the engagement and involves the engagement
management tracking and updating that takes place while the majority of the life cycle
phases are being performed.
Project Manager
Functional
Technical Support Support Team
Team
QA Team
Training Team
Technical Team – responsible for configuring and customizing the eAudit system for
FMFB-P. The team will also liaise with the IT department of FMFB-P to propose
recommended IT infrastructure for the deployment of eAudit system.
Page | 5
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
• Establish common
Understand • Conduct
Implement • 3 Months Warranty
understanding Walkthrough • Annual Support
• Provide data • Conduct UAT and
• Finalize Projectplans Templates to FMFB • Perform Mandatory users Training
Customization and
• Gather Static Data Configuration • Deploy eAudit
fom FMFB
Major Deliverables:
Mazars will be responsible for providing following deliverables under the contract:
Page | 6
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
1Customization timeline depends on the extent of customization, exact timeline will be agreed with FMFB when customization list is finalized and upon
walkthrough & UAT.
Page | 7
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
2 Mazars recommended training after UAT. However, it is moved before UAT on FMFB request.
3 Mazars will conduct UAT with FMFB team in one week whereas FMFB can continue UAT for 3 more weeks, if required, with support from Mazars
Page | 8
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Each tier is developed and integrated using open-source tools and technologies, selected
for their widespread use, ease-of-maintenance, readily available support, and robust
performance at all bandwidths. The following diagram depicts a high-level view of the
technical architecture of the solution. Each component and technology is described
further in the sections below:
User Database
Application Server
Interface
HTML5
CSS3
Javascript
AJAX
jQuery 2.1.x
Permissions Manager
Page | 9
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 10
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
23 What would be the sampling template? Assignment Yes Excel based template is available
planning to provide population for
conducting sampling
24 Does application provide facility & template to share Assignment No
the initial requirement list with the Auditee, and planning
during assignment as required?
25 Generation of pop-ups and sending follow-up letters Assignment Yes
and reminders (as per defined timeline in follow-up planning
procedures) to management / senior management
26 Commencement Memo: Assignment Partial Defined format of commencement
- Issuance of memos to management planning memo can be issued. Standard
format provided by FMFB will be
- different formats for different assignments developed in quotation.
- Pick (on command) units from Annual Audit Plan Customization required for
and audit period to be audited multiple formats.
27 Method of issuance of initial requisition (or during Assignment No
audit) to be issued to auditee? planning /
execution
Page | 11
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
29 Whether option is available is system to mark the Dashboard Partial The required data is available and
observations for elevation/review of the Board Audit can be extracted for
Committee? What type of view reports (or evaluation/review.
dashboards) will be available for AC? Will AC have
a separate dashboard?
30 Does system have a provisioning to generate MIS Dashboard Yes The required data is available and
related to commencement Memo issued during the can be extracted.
year.
31 Targets versus Actual; Audit assignments planned Dashboard Yes The required data is available and
versus actually conducted on monthly/quarterly can be extracted.
basis.
32 Timeframe sheet for all audit assignments? Yes The required data is available and
can be extracted. Team lead
enters actual time spent in
Does eAudit allows calculation of TATs (and working days and man days for
Deviations) as per our own formula and allows us to audit team.
change as and when required? Dashboard
33 Yes The required data is available and
Executive Summaries (or any other information) for can be extracted.
AC, through Dashboard Dashboard
34 Risk category wise observations categorizing Yes
numbers into H/M/L? Dashboard
35 What would be the workflow for preparation of Execution Yes Initially team member prepares
working papers, Audit Observation Sheet and its the working paper/audit
review? observation. Later team lead and
back office team reviews and
approve the working paper and
observations.
36 How application will monitor the status of corrective Execution Yes This can be done by uploading
actions including management responses against Management comments after
each observation? getting feedback from Auditee.
The access is also available for
auditee to provide his feedback.
37 Whether system has provisioning to mark single Execution Yes
type of observation i.e. regulatory compliance,
internal policy or both etc.
38 Is the concluded risk available as optional which can Execution Yes
be modifiable?
39 Whether the application contains options for multiple Execution Yes
audit programs, i.e audit scope, audit objectives,
test, audit reports and total population of all items.
40 Whether audit trail and record of work performed Execution Yes
and completed section is available.
Page | 12
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 13
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 14
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 15
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
93 Does application have a library to store, audit IT functional Yes System stores audit reports and
reports, working paper templates, audit programs, req. working papers in database which
etc. can be accessed by authorized
users.
94 Do reports can be presented with graphs, charts and IT functional Yes
other visual presentations? req.
95 Does application allow hyperlinking, to provide IT functional Yes Unclear what is required. eAudit
reference between the source documents, audit req. allows uploading and referencing
plans, and other files? of attachments, supporting
documents and evidence files
where applicable.
96 Does application provide standard adhoc reporting IT functional No
template req.
97 Whether Mazars specify capacity planning in term of IT functional Yes Details already provided
hardware and data backup for the period specify by req. previously, storage requirements
FMFB to maintain data. provided for initial, 1 year data
and 3 year recommended data.
98 Does application offer Audit trail (i.e. user IT functional Yes Every activity is being captured in
authentication, events, system level changes or data req. database audit tables
changes)
99 Does application offer role based access control IT functional Yes If user have access on the MIS
over reports, inquiries, data etc). req. report, he can view the
information available. Role
based access is available on the
MIS.
100 Whether multiple users are allowed to made IT functional No In case of any change, a new
changes in a single document without enabling req. version need to be uploaded
version controlling feature. separately.
Page | 16
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 17
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 18
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
136 Whether each work paper’s section includes audit Reporting Yes
observation, cause, risks, recommendation,
management responses, IAD comments etc. which
is transformed into an audit report.
137 Can any risk be aggregated bank wide with Reporting Yes
applicable linkages link to the respective
departments, processes, audit type?
138 Can any particular risk category be aggregated, and Reporting Partial Risk can be aggregated on
MIS be generated? Functional area-wise. This
aggregation can be used to
assign audit rating
139 Whether a risk scoring model will be available in Reporting Partial Default risk is available for
system to be able to calculate risk scoring, via risk respective test. Auditor can
likelihood, risk impact and over exposure, and override on judgmental basis.
whether the system calculated risk can be modified
using provision of auditor’s professional judgement?
140 Does application contain graphical representation Reporting Yes Data is available, hence MIS can
review by risk groups, risk category etc. be generated on the provided
format
141 Does application has a provisioning to highlight Reporting Yes
controls/observation against risk i.e. one to many or
many to one.
142 There should be criteria and calculation of audit Reporting Yes FMFB existing rating mechanism
rating as per internal audit policy/procedures. will be discussed and provided.
143 Does audit observations (in AOS) have link with Reporting Yes
audit reports for automatic preparation of reports
i.e. draft & final reports with applicable watermarks.
144 Does auditee have an access to give response Reporting Yes
against each observation for corrective action plan
along with respective timelines?
145 Will system has capacity to highlight Repeated Reporting Yes
observations?
146 Closed observation being raised again – can system Reporting Yes Authorized user can open closed
highlight that? observation during follow-up.
System will highlight it as repeat
Observation
147 How observations will be drafted if audit step is not Reporting Yes General steps will be provided
defined in the checklist/ audit program? along with checklist. Later these
test can be made part of standard
checklist.
148 Right to change the template of Audit Observation Reporting No
Sheet and Audit Report?
149 Can multiple user access the same audit Reporting Yes All authorized users of audit team
observation sheet for review and comments? will have access on respective
audit observation for review and
Page | 19
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
155 User-configurable interface to read data either Integration Yes Available post go-live by July
directly from the core-banking and other with other 2018
management information system database or from a MISs
connected data-warehouse in real or near-real time,
based on pre-defined rules.
156 Data Analytics capability from the perspective of Data Yes Available post go-live by July
auditing the data. e.g. trend analysis, low/high Analytics 2018
transaction amount and volume analysis, and other
types.
157 Capability of capturing relevant information such as Data Available post go-live by July
trial balance, historic & economic trends to calculate Analytics 2018
planning materiality based on data provided from the
database. Capability of providing historic view of lost
revenue, fraud & forgery losses, other losses
recorded as part of internal/external audits,
compliance or other inspections.
158 Capability to perform automated test of controls on Test of Yes Available post go-live by July
sample or entire population. Capability to flag controls 2018
exceptions for further investigation based on
predefined parameters.
159 Capability of flagging suspicious activity, unusual Reporting Yes Available post go-live by July
trends & alteration of controls with real time 2018
reporting based on predefined rules.
160 Automated substantive testing such as checking Substantive Yes Currently eAudit is not integrated
NADRA verisys confirmation, client geo tagging tests with NADRA, but this can be
exceptions, land records etc.; discussed during requirement
analysis.
As long as geo tags and any
Page | 20
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
162 Real time reporting of exceptions to the auditors Reporting Yes Available post go-live by July
based on pre-defined rules for discussion and 2018
closure with management
Summary of Reports.
Yes
4 Follow up for Circulars / Memos/SOPs
Data base for circular with key requirements, responsible function,
timeline given for resolution/implementation Yes
Time line for completion Yes
Page | 21
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 22
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
3 PROJECT FINANCIALS
Note:
Price quoted above are in Pakistan Rupees and inclusive of all taxes.
Customization, if required by FMFB-P will be charged at PKR 10,000 per Man-day.
Invoices will be sent to FMFB-P according to the following billing plan, and payments
are due within 14 working days of receipt of such invoices.
Page | 23
Implementation of Audit Management System
SOW for FMFB-P Bank Limited
Page | 24