Problems with PAWS

In addition to my unfortunate predicament of being trapped in audit, my fate is worsened by being trapped with PAWS (Pentana Audit Work System, by Pentana). How do these people live with themselves writing and selling such crap software?

Some of the problems I have encountered to date:

• No text search of the database field in PAWS
• No text search of attachments
• Lack of many-to-many relationship functionality (controls frequently address more than one risk, as do audit steps)
• No rich text
• No upload from a PAWS file to the Library
• No sectioning in the Library
• No upload to PAWS from text/Excel format
• No sign-off of attachments

Make being audited part of people's job descriptions

It's not uncommon to encounter hostility when auditing. People feel like it's a "extra" on top of the work they have to do; something which wastes their time that they might otherwise be using contructively. It's probably not possible to completely counter this viewpoint, but it may be possible to do it to some extent by making compliance with audit (both internal and external) a part of every employee's job description. This would make it clear to them that it is their responsibility to comply with audit.

Questions to ask yourself when designing tests

• What will the walkthrough look like? (for controls tests)
• What will the audit documentation look like?
• What is the control objective? (for controls tests)
• What is the risk?

And the most important:

• Under what circumstances is the outcome of this test going to result in an exception/issue/concern being noted and a recommendation being raised?