Execution

Execution is where the actual audit work happens. For each project in the plan, a review is created, its workflow is defined, working papers are documented, and findings are detected. This module is the most-used one day to day by auditors.

Create a review

1. Execution → Audit reports → New.
2. First section — select:
   • Period (one of those created in Planning).
   • Project (from the plan in the period).
   • Identification: code for the review.
   • Description: works as the title when the report is printed.
   • Survey: description of the scope.
   • Annexes (optional): attachments.
3. Second section — assign users. At minimum three profiles are required:
   • Supervisor: oversees and approves.
   • Auditor: documents and records issues.
   • Auditee: responsible from the auditee side. You can add as many additional users as you need, including read-only ones. Optionally, mark who will appear on the report's signature page and who is responsible.
4. Third section — build the workflow by picking:
   • Specific control objectives,
   • Whole processes, or
   • Whole best practices. All come from Administration → Best practices.

Workflow

Once the review is created, the work-program panel displays the control objectives in three colors:

• Black: not finished.
• Strikethrough: finished.
• With red label: has one or more issues associated.

Pending findings from previous reviews

Before starting, you can import open or recently resolved findings from the same unit. Four options:

• Add pending finding: search by text across the whole database.
• Add recently resolved finding: issues closed in the last three years (only from final audit reports).
• Suggest pending finding: Mawidabp proposes pending ones from the unit.
• Suggest recently resolved finding: Mawidabp proposes recent solved ones from the unit.

Working papers

As the work moves forward, auditors upload electronic evidence for each control objective. Mawidabp accepts any format: MS Office, PDF, image, audio, video, email, Google Docs/Sheets/Slides.

Add a working paper

1. Edit a control objective of the review.
2. Go to Working papers → Add working paper.
3. Attach the file and indicate page count and notes.

Native Google working papers can be edited in line. Office formats must be downloaded, modified, and re-uploaded.

Working paper statuses

• Pending: just created.
• Subject to review: marked by the auditor.
• Reviewed: marked by the supervisor.

Review notes

The supervisor can leave notes directly on a working paper to request expansion or corrections from the auditor. Everything stays in the system log.

Auditor conclusions and closing the objective

When you finish working on a control objective:

1. Go to the Auditor conclusions section.
2. Describe what was done and the conclusions.
3. If there are no issues, click Done to close the objective.

Scoring

Each test (design, compliance, substantive) is scored on a 0-to-10 scale:

Null (0), Very low (1), Low (2), Moderately low (3), Medium-low (4), Medium (5), Moderately high (6), Medium-high (7), High (8), Very high (9), Optimal (10).

You can also tick Do not score when scoring does not apply. Control effectiveness is recalculated automatically from the scores.

Review marks

• Auditor signed off: marked by the auditor on completion.
• Supervisor reviewed: marked by the supervisor on review.

Findings

When during the analysis you detect something that warrants recording, you load it as a finding. There are two kinds:

• Issue: deviation from an expected control.
• Improvement opportunity: suggestion that does not imply non-compliance.

Both are managed the same way.

Create an issue

From the control objective:

1. Add issue section.
2. If you have issue templates loaded (Administration → Issue templates), they appear as suggestions — you can use them as a starting point.
3. Fill in the fields:
   • Code (automatic, unique).
   • Title.
   • Description.
   • Criteria and condition.
   • Effect: associated risk.
   • Audit recommendations.
   • Origin date.
   • Risk and priority.
   • Tags (classifiers).
   • Corrective actions (proposed by the auditee, completed later).
   • Estimated implementation date (provided by the auditee).
4. Assign responsible auditors and auditees.
5. Create issue.

The issue is born in Incomplete state (draft). The auditee does not see it yet. When it is ready, move it to Notify so the system alerts the auditee and the issue enters the Follow-up module.

Improvement opportunities

They are created the same way as an issue, either from the control objective or from the Execution menu. They share the same lifecycle and statuses.

Interviews (optional)

Mawidabp lets you document opening and closing interviews for the review.

Execution → Interviews → Opening interviews (or closing) → New.

Load date, participants, topics, and notes. Useful to leave a formal record of verbal agreements.

External reports (memos)

If you need to record deliverables external to the main report (memos, letters, communications), use Execution → Memos. Same handling as standard reviews but without the workflow.

Time summary (optional)

If your organization tracks hours per auditor, the time summary lives in Execution → Time summary. After loading activities in Administration, each user enters hours against projects/activities and the system aggregates reports.

Automatic coding

Mawidabp assigns unique sequential codes to each element:

• Working papers of control objectives: PTOC 001, PTOC 002, …
• Issues: O 001, O 002, …
• Working papers of issues: PTO 001, PTO 002, …

If any of them is cancelled or deleted, Actions → Recode reorders the codes to keep them contiguous.

Next step

Once work is documented and findings are recorded, the cycle continues in Conclusion with the issuance of the draft audit report and then the final audit report.