Pentana 6.0 is an enhancement release, available from May 2020. It is supplied as a free upgrade to existing supported customers and as the the standard to new Pentana customers. Pentana users with active Maintenance & Support can download Pentana materials and software free of charge.
So, what is new in Pentana 6.0?
This overview, summarizing the enhancements and new features, is intended for customers to help prepare for upgrade to Pentana 6.0. Please refer to the Pentana Help Guides if you need a more detailed description of general product features.
The main enhancements in Pentana v6.0 include …
Windows user interface (WPF UI)
Sarbanes-Oxley control certification
Controls and processes can now be certified within Pentana Audit to meet SOX requirements. This functionality is enabled by default but will only apply to audit types and controls with the certification flag enabled.
Once enabled and certification has occurred, then the information will be displayed within the properties box. The certification will also be pushed up to the entity level when an audit is completed.
Email notifications can be set up to alert users that they need to complete a certification. These email notifications occur via milestones. If a milestone is set up with the control and/or process certification flag enabled, then when the actual date of that milestone is recorded within the audit, the email notification is sent.
SOX PBC / Document requests
A Document Request can be made directly to a step/test in an audit or a test in an entity. The business owner will be notified via email notification and can add the requested attachment(s) to the request to satisfy it. The auditor can then act upon it. No additional configuration is required to enable this functionality.
Document requests have their own spine item within the audit to enable the user to easily see requests that are pending, submitted accepted, or rejected. All document requests need to be accepted before the parent step/test can be approved.
Document request templates can also be added to the library to be used again. These are then brought into the audit using the “Get from library” feature.
SOX accounts and assertions
Users are now able to include Accounts and Assertions to show coverage. Accounts can be set for processes, risks, and controls. Assertions can be set for Risks and Controls.
Financial accounts are set up in the library (under their own navigation spine item) and can be arranged into groups. Financial assertions are set up in admin – segmentations. Clients in a multi-client environment share one set of Accounts.
Accounts and assertions have also been added to the relevant analysis, risk exposure, and control coverage screens for further data analysis and reporting. Two new tracker screens have also been created – Entity risk tracker and Entity control tracker – to show counts for entity information, including counts of accounts/assertions covered. There is no configuration needed to view these tracker screens.
SOX work plan and audit report template
There is a new Sarbanes-Oxley work plan, available upon request. Also upon request, there is also a management certification report (in addition to the audit report) in the library. This is in the format expected for SOX reporting and works for both quarterly and annual SOX audits.
System settings – Email notifications
There have been new items added to admin – system settings. These allow users with appropriate permissions to make their own changes to email notification text without requiring access to the application server. This will allow for much more flexibility as all subject and textual changes can now be performed by the key users instead of ICT admins.
Reporting API
Pentana Audit provides customers limited access to their data via a REST-ful API (Application Programming Interface). You can think of this as a means of reading data from the application without using either its web or desktop user interfaces. Instead the API serves as the interface. The API does not provide direct database access, and it does not let you write data. The same rules of ownership and permission apply. You will only be able to access the same data you would via the web or desktop interfaces.
Provision of an API enables customers to use their data in third party systems such as a BI (business intelligence) reporting tool. Access to the API is provided as is. Customers will need to provide their own connector software to be able to successfully connect Pentana Audit to any third-party system.
While you are unable to submit new data or make changes to things such as system settings via the API, you are able to read data from almost every data or business object on the system, including any custom fields or objects that might have been added.
Some objects, such as users, are restricted in what data you can return to ensure compliance with privacy data standards. You can control what user data is returned via the API in the Desktop application. For more information consult the user manual.
The API is available to any Pentana Audit user though there is an additional charge for this API functionality.
Web User Interface (Web UI)
With v6.0, audit-focused tasks are introduced into the Web UI to allow a web-based user experience for our staff as well as contacts. This means that an additional 6 home tiles are now available within the web UI. Some of the below are staff-focused and some are contacts-focused:
New home tiles
- Action management
- Audit
- Document requests
- Document request management
- Incident management
- SOX certifications
Action Management
This tile is targeted to the audit team for viewing and managing actions, per permissions that they have been granted. This allows the audit team to easily see the status of actions and whether the business owner has addressed actions or whether the audit team needs to accept or reject actions that the business owner has submitted.
Audit work
Upon entering the audit tile, the user will be able to view and perform audit work, per their allowed permissions. This includes assessing risks and controls, making document requests, adding attachments, signing off work plans / steps, and objectives, risks, controls, and tests, adding and addressing review points, creating an audit report, etc.
Audits can be filtered by org structure or process area within the navigation pane. Filters and search boxes can also be added to the data grid itself and utilized for data selection. Columns can be added and re-ordered within the data grid according to the user’s preference, and views can be set up and saved for future use.
Data grids can be exported to Excel.
There is also the ability to “multi-select” within the Web UI if changes need to be made in bulk.
Upon entering the audit, the user is presented with an audit home screen, which can be configured with additional information according to preference. From there, the user can navigate to objects within audit steps and audit execution.
Some objects can also be added through the Web UI within audit steps and audit execution screens, subject to permissions. Each object also has its own notebook, which allows for additional information to be displayed and acted upon.
In addition, work plans / steps and processes, objectives, risks, controls and tests can also be brought in from the library or entity within the Web UI.
Document requests
This tile is targeted to business owners who need to provide documentation per document requests they have received from the audit team. The home tile will display their number of pending document requests, which can be drilled into. Business owners can then attach the relevant documentation requested.
Document request management
This tile is targeted to the audit team for managing the document requests received from the business owners. The document Rrequests can then be accepted or rejected.
Incident management
This tile is targeted to the audit team for viewing and managing incidents assigned to them.
SOX certifications
This tile is targeted to business owners who need to certify their assigned SOX controls / processes. The home tile will display their number of pending SOX certifications, which can be drilled into and then certified as requested.
The business owner can also see SOX certifications that they have previously made.
Technical
End User License Agreement (EULA)
A EULA is now made available to the user upon first login to either the WPF UI or Web UI for v6.0. Upon accepting the EULA in either the WPF UI or Web UI, the user will not be asked again within either UI.
Minor enhancements
- Remember Me
The “Remember Me” option has been removed from the Web UI login for security purposes. - Refresh Process
A “Refresh Process” button has been added to the ribbon bar within the Entity to allow an easy way to quickly refresh process(es), especially if Library information has changed, prior to downloading to the Audit level. - Views & tiles
There are now 115 views and 79 tiles (home screens). In addition, the Views Report Template in the Reports Library has been enhanced to show all columns. These are available upon request. - Terminology
There is guidance (hover text) on more fields, especially where it is difficult to remember the difference – for example Score and Value in a Result, Dates in Actions and Action Updates.
We are here to help!
Sepia Solutions focuses on these GRC tools, so we have all required expertise to assist.
- If the information above is a bit too much, or too detailed, just contact us for additional training or workshops to highlight the topics of your choice.
- We also offer technical assistance to perform the actual software upgrade itself.
