Exybion, a leading provider of integrated governance, risk and compliance software solutions presents "Best Practices for Mastering Audit Management.

1. Best Practices For Audit Management Valarie King-Bailey, M.B.A. Executive Webinar Series

2. 21st Century Audit Management: Challenges & Opportunities Integrating Enterprise Risk & Audit Management Audit Management Best Practices Summary Today’s Topics

3. What Is Your Primary Audit Management Challenge? Audit Planning Managing and Closing Audit Observations Time Organizational Support of The Audit Process Risk Management All of The Above POLLING QUESTION

4. COMPANY OVERVIEW ABOUT XYBION CORPORATION

5. Xybion Corporation Fast Facts Founded in 1977 Preclinical Lab Management And Drug Safety Solutions Corporate Headquarters – Bensalem, PA Corporate Preclinical R&D Solutions GRC/ECM Solutions Enterprise Asset Management Services & Solutions New Markets Satellite Locations Quebec City, Canada Germany India Center of Excellence Innovative Development & Testing COE In India Delivers Quality Testing & Development Services Internal Product Development & Support Value Proposition Proven GRC and Quality Platform YOUR PARTNER OF CHOICE FOR INTEGRATED GRC

6. 21st Century Audit Management:Challenges & Opportunities

7. An Audit Is A Formal Review Of Some Of The Controls, With Full Testing And A Formal Report An Audit Can Be Of All Of An Entity (Typical), Or Some Processes In An Entity, Or Even One Or More Processes Across Entities Auditing: A Practical Definition

8. Audits Are Process-Oriented c t A n a D l P o Check Enterprise Audit Management Quality Management System Processes

9. Types of Audits

10. Internal Auditing Internal Auditing Is Designed To: Provide The Most Effective And Efficient Deployment Of Internal Audit Resources In A Manner That Addresses: Areas Of Highest Relative Risk Core Business Activities Broad Coverage Across The Spectrum Of Business Operations.

12. Adopted Voluntarily To Identify And Correct Compliance Problems Before Inspectors Arrive

16. Injuries, Deaths and Property Damage

18. Benefits of Integration Better Resource Management Improve Resource Utilization People, Equipment, Facilities, Materials, Energy Reduce Time Required Minimal Duplication Of Efforts Commonize Documentation Integration & Simplification Of Procedures And Instructions Cost Avoidance/Savings Identification Of Cost Reduction Opportunities Employee Empowerment Easier To Understand, Follow And Use

19. Benefits of Integration Better Risk Management Reduction, Prevention and Control of: Quality Failures Accidents, Injuries, Illness, Deaths Property & Equipment Damage Or Loss Environmental Incidents And Accidents Potential Prosecution And Fines Damage To Public Image Loss Of Employee Morale

20. Benefits of Integration Competitive Edge International Markets Level Playing Field Customer & Industry And Governmental Standards Financial Performance Insurance Opportunities Due Diligence Reduced Costs and Improved Profitability

21. Analyzing Your Compliance Processes & Controls Do You Know What Your Organization Is Doing To Comply With Both Mandated Legal And Regulatory Requirements? Are You Confident That Your Compliance Processes And Controls Are Effective? Are You Prepared In The Event Of Non-compliance?

22. Traditional Audit Management Process Conducting the Audit

23. Transform The Internal Audit Department From Its Traditional Role—performing Checklist Activities—to One That Focused On Corporate And Business Unit Goals, Strategies And Risk Management Processes. To Achieve This Restructuring, Ask These Fundamental Questions: How Do We Define Internal Control? What Best Practices Should We Incorporate Into Audit’s Evolving Role? How Can Internal Audit Become An Integral Part Of Risk Management Processes And Maintain Independence? What Should The Department’s Strategic Plan Be? How Should The Audit Group Deliver Its Services And Communicate Its Observations? Transformation To Progressive Audit Management

24. Audit Management Challenges & Opportunities Doing More with Less Creating the Integrated Auditor Adapting to New Organizational Environments "Tuning In" on an Organization's Strategic Relationships Auditing in a Highly Automated Environment Text Effectively Usage of Automation to Audit Addressing Management Concern with the Cost and Other Effects of Fraud Finding New Tools to Meet the Audit Challenge Meeting the Challenges Created by the New Economy Effective Usage of Both Internal and External Resources

25. Traditional vs. Progressive Auditing Progressive Best Practices Traditional Audit Focus Transaction-based Financial Account Focus Compliance Objective Policies And Procedures Focus Multiyear Audit Coverage Policy Adherence Budgeted Cost Center Career Auditors Methodology: Focus On Policies, Transactions And Compliance Business Focus Process Based Customer Focus Risk Identification, Process Improvement Objective Risk Management Focus Continual-risk-reassessment Coverage Change Facilitator Accountability For Performance Improvement Results Opportunities For Other Management Positions Methodology: Focus On Goals, Strategies And Risk Management Processes

26. Achieving Audit Excellence Auditor Skills Required to Succeed First Class Consulting Skills Marketing Skills Facilitation Skills Reassessing the New Economy Environment and Auditor Roles The Nature of Change See Clearly Building Risk-based Audit Plans Using Collaborative Risk assessment Recognizing the Relationship of Empowerment and Fraud Potential Reducing Cycle time Developing and Using Audit Metrics as a Way to Achieve Auditor Excellence Performance Measurement Productivity tools Defining Audit Scope for Excellence

27. Integrating Enterprise Risk & Audit Management A Practical Approach

28. What Is Risk? Risk May Be Defined As: “…the threat or possibility that an action or event will adversely or beneficially affect an organisation’s ability to achieve its objectives…”

29. What Is Risk Management? Risk Management May Be Defined As: “…the systematic application of management policies, practices and procedures to the task of analysing, assessing, treating, monitoring and reporting on risks…”

30. Benefits of Risk Management Supports Strategic Plan Enhanced Communication Minimizes Risk Effective Use of Resources Reassures Stakeholders Continuous Improvement Audit Focus

31. The Risk Assessment Process Gather Information Interviews With Management And Staff Data/Financial Analysis Group Interviews Questionnaires Consider “Contemporary Issues” Consider “Core Audit Topics” Assess The Universe

33. But Risks And Controls Might Be Continually Assessed Whether Or Not You Carry Out A Formal Audit

35. Central/Self Assessment And Comparisons

36. Overall Group Impact/Local Impact

37. Risk And Control Costing If Required

39. Audit Management Best Practices An Integrated Process Approach

40. 4 Key Elements of Effective Audit Management Program Integrated Performance Information (Financial And Non-financial, Historical, And Prospective); A Sound Approach To Risk Management; Appropriate Control Systems; And A Shared Set Of Ethical Practices And Organizational Values, Beyond Legal Compliance.

42. Motivated People

43. Values And Ethics

44. Develop And Use A Range Of Integrated Performance Information

45. Risk Management

46. Stewardship Of The Resources Entrusted To Them

49. Yet Even SEC’sAdditional Safeguards Have Been Proven Inadequate To Ensure Transparency And Auditor Independence

51. Audits Are Typically Confidential, Yet Goal Of Such Audits Is To Assure Sustained Compliance Confusion Rendered By This Choice Contrasts Sharply With Openness Of Financial Reporting Auditors Should Consider How Public Reporting Can Be More Explicitly Addressed Financial Audit Considerations: Improve Transparency

53. Coordinating With Other Risk Management Functions

54. Developing The Audit Plan Based On Risk Priorities

56. Best Practice 5:Monitor Business Activities And Key Performance Indicators Continuously Compliance Balanced Scorecard Approach Define compliance KPI’s Monitor Measure Control Assurance and Audit Operational Review

57. Actionable Compliance Intelligence

58. Audit Findings & Observations Findings Can Be Categorized, Prioritized, And Granularized In Order To Find The Problem Areas. Attachments and evidence can also be included with a finding

59. Best Practice #5: Integrated Security Across Key Processes

60. Best Practice 6: Coordinate With Other Risk Management Functions Leverage The Work Of Other Departments Where Possible By Reviewing The Scope Of Their Activity And Considering Their Results In Your Approach.

61. Frequency Of Audits On A Business Area’s Risk Factors: Previous Poor Audit Ratings Significant Changes In Personnel. Focus On The Highest Risk Priorities Devote Appropriate Resources To New And Changing Areas Train Managers To Update Their Own Risk Assessment Systems And Methodologies Implement Steps To Monitor Quality Control And Segregation Of Duties. Best Practice 7: Develop The Audit Plan Based On Risk Priorities.

62. Under an audit program you can create audits, schedule your resources and determine if any conflicts occur

63. The audit plan or audit preparation form is configurable so you can choose the fields are part of the plan, including attachments & documents

64. Best Practice #8: Define Comprehensive Audit Forms

65. Questionnaires or checklists are completely configurable by you, including the answer types and scoring: scores are automatically computed

66. Best Practice #9: Adopt Appropriate Technology - Integrated Compliance Process Control “Even as integrated approaches to compliance management have developed, new technologies have been introduced to facilitate such processes by automating and uniting common governance, risk and compliance activities… into one unified platform…” Adam Turteltaub – GRC 360° Fall, 2005

68. Create The Audit Plan By Identifying Audit Entities And Performing A Formal Risk Assessment.

69. Ensure Your Auditors Update Risk Assessments And Monitor The Risk Indicators On An Ongoing Basis.

71. Best Practice #11: Establish Alert System For Closed-Loop Process

72. Audit Program eQCM provides the capability to set up an Audit program

73. Best Practice #12: Automate Your Audit Processes Begin With A Clear Focus On Your Organization

74. Integrated Audit Management Auditors can input findings and answer questionnaires. NC and CAPA can be initiated and linked to a specific finding

75. Best Practice #13: Establish Good Audit Reporting System

76. Audit Reporting Made Easy eQCM makes creating the audit report easy. You can add more information into the fields/sections you choose and then auto-generate the report with the click of a button: it allows reformatting and a helpful preview screen.

77. On Demand Audit Information All the audit information is accessible for users with permissions via a search panel. Configurable reports are available from the search panel.

78. Close The Loop! Audit Notifications Audit participants can be notified and “accept” whether they will be available

79. Effective Management of Audit Workload With eQCM, the user only has to look in one place to see the tasks they must do—the workload

81. Provide Information For Decisions To Those Who Need It; And

83. Summary Automate! Risk Management Integrated Process Focus Best Practices Manage Expectations

84. Questions?