Professional Documents
Culture Documents
Scope:
This presentation explains the method of Scalable & Integrated
Program Audit and its benefits in performing audits in large & complex
programs with multiple reference/expectations.
Applicability:
Scalable & Integrated Program Audit is an effective Auditing framework for handling large complex
programs/ practices in organization, which works on Value Generation, Compliance, capability and
Risk evaluation principles. This differs from traditional audits interms of ability to handle larger
teams, matrix communications, mammoth information, multiple norms in a systematic manner and
yielding results.
SIPA Framework Value Layers
Objective & Value Generation
Sponsor/mgmt, Practice /Program Lead
Auditor
Key Focus Areas
Strategizing Audit Program
Strategizing & Scaling
Up Layer
Shared Objectives
Initial information processing
Interface &Interactive Points
Governance & resources
Conduct & Reporting Norms
Integrated Program Layer
Tactical planning
Consolidation and Realignment
Information and evidence processing
Report development & Agreement
Audit Execution Layer
SIPA - Framework
Top Management/
Sponsor Audit
Strategy
Scope Value
& Value Objective Budget
Generati
Generation
Practice LA/Program LA
on
Practice Level for Multiple Programs
Governance
Program Audit Plan
Objective Mapping
Schedule
Tactical
Practice Mgmt Objective Activity 1 Activity 2 Activity 3
s
Prepare Mgmt Audit Execute Report
Program LA Audit
Program
Level
3C (Capability, Competency & Communication)
Schedule
Tactical
Functional LAs Objective Activity 1 Activity 2 Activity 3
s
Prepare Stream Audit Execute Report
Stream 1 Stream 3
Schedule
Schedule
Tactical
Tactical
Auditor by Fn & Stream Stream Activity 1 Activity 2 Activity 3 Activity 1 Activity 2 Activity 3
Objective
Query Notes
Thread Log
s
Prepare Stream Audit Execute Report Prepare Stream Audit Execute Report
Auditor by Fn & Stream Daily
Standup Stream 2 Stream N
Schedule
Tactical
Schedule
Tactical
Engagement with 900 members and is looking forward to submit to client the report on
compliance to contractual requirements, risks and value addition performed in engagements
and has reference to data security, healthcare and Business continuity aspects. The
Engagement services 4 major type of work (development, maintenance, data center
management, migration of code) and working across multiple domains with virtual
environment and many automation activities are in progress. In addition there is high
dependency with external service provider in maintaining service levels. Also 50 of testers
are working as sub contractor in the engagement. Around 12 certified project managers
handling various activities in engagement.
Third party audits are not covered in this method , as they have pre-
defined guidance in most cases.
Steps Involved in Planning
Strategize
Plan stream level Collect Information Plan Stream Level Collaborate with
Finalize Planning
Objectives on Streams Schedule Auditors
Process
Quality
Regulatory
Cyber security
Security
Business continuity
Other
Additions
Thread Log
Query Notes
Query Notes
Thread Log
Day 1
Stream Level Audit Day N-a
Stream Level Audit
Daily Report
Consolidate
Thread Log: Helps auditors to share threads with other auditors in a stream or Query Notes: To be verified items which they want to take it with auditors.
governance level. Across programs as required Typically connects the next day standup meeting.
Typical Areas to Check
Stream Level Planning
Client/Management Expectations Resource Competency Management Cost Savings
Resource management
Contract/scope Commitment Mapping Training and Development Quality Improvements
Risk management
in planning Motivation and People Performance On-time performance
Deliverable Management
Budget provision for Execution Dynamic Resource need handling Compliance
Traceability of decisions
Management Structure Assets and Roles alignment with management
Capacity and availability
Roles and Responsibilities Commitment Operational
management
Delivery Methodology Identification Develop/maintain Systems and Efficiency
Back up and Security
Risk Identification and Management Tools Improvement &
Lifecycle and Validation points
RACI/Stakeholder Identification Develop process flows/Processes Innovations
Budget Consumption and Key
Deliverables and Acceptance criteria Capability measurement Career path of
Performance measures
Standards/Regulatory Requirements Client Expectation Tracing resources
Client expectations met
Resource Needs Scope/Change Management & Client Satisfaction
monitoring and control
Resource& Service Procurement Communication Improvement
Service provider tracking
Internal/External Service Provider Reporting and Sharing Additional Value
Regulatory/Standard
Security Decision Sharing offerings
application/compliance
Business Continuity Internal Team Communication Technology
Resource Onboard/off-board
Performance Management External Communication adherence/utilization
Trainings
Compliance Checks Facilities and Infrastructure ROI on Key Decisions
Reporting
Manage Teams Control of data/Records Succession Plan
Tools/licenses/assets and
Infrastructure
Report
Top Management/
Practice Evidence Sponsor
Deviations
Focus Area 1 Deviation
Program Evidence (Ex: Regulatory/Process) Practice LA/Program LA
Audit Objective
Weakness
Shared Vision
Stream Evidence
Engagement (or)
Practice Mgmt
Practice Evidence Strengths
Focus Area N
Deviation Opportunities for Functional LAs
Program Evidence (Ex: Security) Improvement