Audit workbench – An Auditor’s Delight

The Audit Workbench module in Dynamics 365 Finance is a very useful tool to help create a powerful audit oversight program.

Internal audit team users can create audit policies which can be used to identify and select source documents for review. Customised criteria can be created to identify purchase orders, vendor invoices, and expense reports. System scans can be created with minimal set-ups, to run in batches.

Management can create policies.  If there is a violation of these policies, an alert can be generated to the management or internal audit team.

Here are a few examples of how the Audit Workbench can be used:

1. Conditional – Select source document attributes, then evaluate them against specified values. Like all Purchase order lines containing specified activity number.

2. Aggregate – Audit workbench can be used to evaluate multiple source documents or source document lines against a policy rule by aggregating numeric values.

3. Sampling – Internal audit team can randomly select a certain percentage of the source documents to evaluate. For example, we can choose 5% of purchase order to review, at random, using audit workbench for Dynamics 365 Finance.

4. Duplicate – Users can use the Audit policy rule form to specify the number of days to add to the start of the document selection date range when documents are evaluated for duplicate entries. Using audit workbench for Dynamics 365 Finance, we can Review posted vendor invoices with the exact same dollar amount to rule out duplicate postings.

5. List Search – The root document of the query defines the document that is being audited. The query must be a list query that includes a reference to the dirpartytable table. This option can be used only with the following AOT queries:

a. AuditPolicyExpenseList (Expense report monitored employees)

b. AuditPolicyPurchList (Purchase order monitored vendors)

c. AuditPolicyVendInvoiceList (Vendor invoice monitored vendors)

When you select this option, specify the monitored entities on the Audit policy rule page.

6. Keyword search – Search expense reports for any line item containing certain text that may indicate policy violations, such as “Government”, “entertainment” or “gift”. When you select this option, enter the words to look for in the Audit policy rule page. The Audit policy rule page also includes options that let you specify the tables and fields to evaluate for the words you entered.

How audit cases are generated in Dynamics 365 Finance audit workbench

Audit policies are used to identify expense reports, purchase orders, and vendor invoices that don’t comply with business rules that are defined by the internal audit team and configure as audit policy rules.

Audit policies are run in batch mode in the Dynamics 365 Finance audit workbench. When an audit policy is run, all the policy rules that are part of that policy are run simultaneously.

Each policy rule evaluates a set of documents. The policy rule selects documents that are in the document selection date range and that match the specified criteria. For example, one policy rule might select expense reports that have taxi expenses exceeding the value of $800. Another policy rule might select vendor invoices that are payable to a specific group of vendors. For each document that is selected in the set, a violation is generated. That violation is a record that a particular document, such as a particular invoice #, doesn’t comply with the policy rule.

System will go through all the expense reports, any violations can be grouped by an audit policy rule, and will group these as audit cases. Similarly, all vendor invoices that have the same vendor group will be grouped in the same case.

Audit workbench module in Dynamics 365 Finance, allows to drill down to documents attached with respect to any of the violations thrown in by the system, in a given audit case, if an auditor wants to view additional information about them. Internal Audit team could also have conversations with the employee entering the expense reports and can log all that information under the Case log so that they can document all the research and conversations they had with respect to this violation and bring it to resolution.

To be continued ……