Guidance

Creating and managing audit users in the Compliance Audit System

Updated 18 October 2021

Applies to England

1. Accessing the Compliance Audit System and managing audit users

Provider users who already have an Investment Management System (IMS) account will be able to log in as long as they have been given the appropriate authority by their security administrator. Independent Auditors will need a user account specific to each provider they are auditing.

1.1 If you’ve forgotten your password or User ID

You can reset passwords from the sign in screen by clicking on the ‘I’ve forgotten my User ID’ or the password link. An email will be sent enabling the user to reset their password. This email is valid for 24 hours.

For more support, you can read the Investment Management System guidance

1.2 Compliance Audit system training video: creating and changing IMS users

creating and changing IMS users – IMS training video

2. Create a Provider Compliance Audit user

In order to create a Provider Compliance Audit user, the provider’s IMS Security Administrator must assign the “RP Compliance Audit Provider” authority to the user’s IMS account in the IMS Security Module.

The Compliance Audit Provider Authority enables a user to view and amend provider contact details in the Compliance Audit module, and perform Compliance Audit tasks such as creating, certifying and deleting Independent Auditors and submitting provider responses to the Independent Auditor’s findings. Please ensure that only “Authorities” are given to the user not “Roles”. Assigning “Roles” will prevent them from accessing the system.

It is also possible to set up users with view-only access (to view findings, responses, etc. but not make any changes or perform tasks). This access is granted by assigning the “RP Compliance Audit Provider View-only” authority. Please consider providing view-only access for any users who do not need to perform system actions. Again, no “Roles” should be assigned to a user with the Compliance Audit Provider authority

Please be aware that logging into the Compliance Audit System as the Security Administrator will bring up a message stating “you do not have any IMS services”.

3. View and modify provider contact details

The main contacts details for the provider are managed from the “Provider Contact Details” screen. This can be accessed through the dashboard screen.

It is important that all of the contact details in the screen are kept up to date. In particular, if the Compliance Audit Lead contact leaves their post or is temporarily unavailable, it is important that an alternative contact is entered in their place. Please note there is an optional field for Secondary Compliance Audit lead. Completing both Primary Compliance Audit Lead and Secondary Compliance Audit Lead will reduce the risk of the provider missing important communications regarding the Compliance Audit programme.

It is recommended that all the Compliance Audit Leads have an IMS user account with the “RP Compliance Audit Provider” authority. Where the lead contact is unavailable and there is no replacement member of staff with a Compliance Audit user ID, the provider Security Administrator should create a new user.

3.1 Compliance Audit System training video: update provider contact details

Update provider contact details – IMS training video

4. Creating Independent Auditor users

Independent Auditor appointments need to be of an organisation which is regulated by one of the four agreed bodies – ICAEW (Institute of Chartered Accountants in England and Wales), ACCA (Association of Chartered Certified Accountants), RICS (Royal Institution of Chartered Surveyors) or CIPFA (Chartered Institute of Public Finance and Accountancy).

For more information, read the Programme Management chapter in the Capital Funding Guide.

The Provider Compliance Audit lead logs into the Compliance Audit system, and is presented with the dashboard screen below. The Compliance Audit lead must complete the screens relating to the first two links on the dashboard – Provider Contact Details and Audit setup. These screens must be completed before the Provider Compliance Audit Lead can set-up an Independent Auditor.

The Independent Auditor set up screen is accessed through the ‘Independent Auditor List’ link on the dashboard.

4.1 Compliance Audit system training video: setting up and removing independent auditors

Setting up and removing independent auditors – IMS training video

5. Adding a new Independent Auditor

To add an Independent Auditor, click on the “Add Independent Auditor” button and follow these steps:

  1. Complete screen, filling the first name, surname and email address for the Independent Auditor. Then, read and accept conditions. By accepting the conditions and saving an IMS Account is created. A message will be displayed on screen to say that this has been completed and a system generated email is sent to the new Independent Auditor user giving details of how they access the system and enabling them to create a password for their new account.

  2. Navigate back to the “Independent Auditor List”, by clicking on the “Independent Audit set-up” link at the top right of the screen . The new account is displayed in the Independent Auditor list along with the Independent Auditor User ID (that the Independent Auditor will need to log in to the Compliance Audit System).

Please note, the user account created by this process can also be managed in the IMS security module and can be deleted by the provider’s IMS Security Administrator.

6. Certifying existing Independent Auditor users

In some cases, there may be Independent Auditors already present on the Independent Auditor setup page from the previous year’s audit, they will not have a Provider Certification date.

  1. Existing Independent Auditor users can be certified by selecting the relevant name from the list. This then takes the user to the same certification screen above – “Create new Independent Auditor” - which they should complete
  2. To confirm Provider Certification is complete for the “Independent Auditor”, navigate back to the “Independent Auditor List”, by clicking on the Independent Audit set-up link at the top right of the screen.

Only Independent Auditor individuals certified by a provider will be able to access the Compliance Audit system for that provider. Independent Auditor individuals whose accounts are subsequently deleted from Compliance Audit System or from the IMS Security Module will cease to appear in the Independent Auditor List, and there will be no record of their certification in the system.

7. Deleting an Independent Auditor user

In the Independent Auditor list screen press the “Delete” button and this will remove the Independent Auditor user.