Capable All-In-One Audit Management/GRC System
September 30, 2021

Capable All-In-One Audit Management/GRC System

Courtney Sheff | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Modules Used

  • RiskOversight
  • SOXHUB
  • OpsAudit

Overall Satisfaction with AuditBoard

AuditBoard is currently being used by the Internal Audit Department, which uses it to create & house risk assessments, to hold audit work documentation, to create issues and report them via Internal Audit Reports, to document SOX control walkthroughs & testing, for time reporting, as Internal Audit's Standard file repository (procedures, etc.), to survey audit clients for feedback, and to ask control owners to certify their SOX control performance. The Risk Department has also reviewed AuditBoard's system but has not yet chosen to implement it for ERM risk assessments. The Internal Audit Department has allowed examiners and external auditors access to the system in limited form as well.
  • Allows line of business managers to review and report SOX control status/changes which automatically update the controls in the related narratives.
  • Shows status of work.
  • Exports system data to Excel to create many helpful reporting possibilities.
  • Organizes audit tasks and information.
  • We used to perform our Risk Control Analysis (RCA) for each audit's planning in an Excel spreadsheet. Once we purchased the Risk Oversight module, AuditBoard helped us convert the RCA to a system function rather than a spreadsheet. At first, we lost some of the functionality the spreadsheet provided, but AuditBoard did continue to help us build and work towards a solution more similar to what we previously had. Though happy with it, it's still not perfect. As one example, I'd like to be able to link actual Ops Audit work steps that cover the risk and controls being outlined in the RCA, rather than just adding a comment to state which steps cover them. More of a preference, I suppose.
  • I also had demoed their beta Resources and Scheduling module, but it didn't have enough functionality at the time to work for how we put the quarterly Internal Audit schedule together (using Excel). One thing I recall was that you couldn't pull in SOX controls or non-chargeable work (such as education or administration) to auditor's schedules; it was meant to schedule the Ops Audits only. It is possible they have already fixed or improved this; I just haven't seen the updated version.
  • We love using workstream for management surveys and certifications. Soon we hope to expand and use it for audit requests and issue corrective action plans and updates.
  • The Audit log and previous document versions is very helpful when trying to determine who made edits or restoring a previous version.
  • Being able to export audit work and supporting files with one click of the download button is such a time saver.
  • When we first purchased AuditBoard, it was cheaper than the previous Audit GRC system we'd been on, annually. This made it an easy sell to the Audit Committee.
  • We saved some time during audits at adoption as well because our old system was very slow to open files, save, download, etc. All of that improved with AuditBoard.
When evaluating possible audit system vendors, we allowed audit staff to have a say. Most loved the organized, user-friendly, easy to learn AuditBoard system over all others reviewed. Pricing was also fair and the customer service team is very responsive and helpful.

Do you think AuditBoard delivers good value for the price?

Yes

Are you happy with AuditBoard's feature set?

Yes

Did AuditBoard live up to sales and marketing promises?

Yes

Did implementation of AuditBoard go as expected?

Yes

Would you buy AuditBoard again?

Yes

I believe AuditBoard is specifically designed for Ops Audit and SOX control testing and is especially beneficial for audit shops with 5+ people. I also think that it could be well suited for ERM by the Risk Department, as it allows input from multiple parties if desired. The system could allow the entire company to work from a shared risk and control library. I've not demoed or used the Compliance module enough to know if it would benefit an audit department, or a compliance monitoring function of Risk Management.

AuditBoard Feature Ratings

Common repository of GRC items
6
Risk management
7