Kilclare VISUAL Assurance Internal Control Governance Basel CoBit COSO FDICIA HIPAA SOA Sarbanes

History of Changes

VA  4.5 - Oct 2008

Enhancements

1. The user interface has been made much more visually appealing and powerful. This gives the user the following:
a. Modern look and feel to the Entity, Assessment and Knowledgebase Navigators and the Assessment Overview.
b. Ability to directly answer level responses (e.g. Consideration, Risk and Test) on screen.
c. Ability to include, exclude and arrange columns to suit and to save their arrangement.
d. Ability to print the navigator screens and overview screen.
e. Ability to export the navigator screens and overview screen to an Excel spreadsheet.
f. Ability to filter the navigator and overview screen data in various ways; click a column heading to order its data in ascending or descending order; custom filter a column using Boolean logic; drag one or more column headings to group by them.

2. Integrate the "Status Board" reports into the navigator screens and overview screen.

3. Added Region and Country attributes to an Entity, giving you the ability to filter on these columns.

4. Only supports the NexusDB database engine, which is included for both the stand alone and network VA installations.

AS5 enhancements:

1. The Compliance, Risk and Exposure rollups have been replaced by Inherent Internal Control over Financial Reporting (ICFR) Risk and Residual ICFR Risk rollups.

2. On the Assessment Overview, the user must set two new values, CF (Risk of Control Failure) and MM (Material Misstatement Risk) which are at the Consideration and Risk level respectively.

3. Each Key Control is then automatically added as a hit on the Inherent ICFR Risk matrix. The hit is the result of the CF and MM values. The rollup displays the worst hit.

4. Each Control may only have one Test level. If the Control test passes then the hit is automatically moved to the left; the Residual ICFR Risk matrix shows the change in the hit position. If the test fails then the hit stays were it is.

5. New ICFR reports have been added. The system wide report shows an ICFR matrix of hits for the whole organisation followed by ICFR matrices of hits for each Entity. The current report shows the hits on the ICFR matrix for the current Assessment.

6. The Control response is a measure of its design state.

7. Conversion application that takes account of changes to the database (e.g. new tables and fields)

VA  3.0.0.165/110 to VA 3.1.0.31/28 - May 2005

Enhancements

1. Planner/Assessor may change the consideration importance weighting.

2. A System level check-box to activate the deficiency matrix. When activated the Assessment Overview Response column will display NE, D, SD and/or MW, together with a No or range response.

3. Deficiency Matrix added to the Consideration level for No responses, together with a Deficiency Factors and Criteria list.

4. Deficiency Matrix reports added to the Global, Knowledgebase, Entity and Assessment levels.

5. A KB Assertion report.

6. Incorporated the SQLrunner utility into VA.

Fixes

1. Changes to a report template are now saved.

2. Create tables is disabled for NexusDB.

3. Import Problem when Importing Multiple Files with Password.

4. Kb Navigator->Publish: Changes summary is Incorrect

5. Risk/Exposure, Compliance Report Preview: Missing colors and incorrect title.

6. Reports: Filters Involving Dates Do Not Work (Interbase and NexusDB).

7. Assessment->Test Level: "Actual Time" information is not Saved to DB.

VA  2.5.0.33 to VA 3.0.0.165/110 - December 2004

Enhancements

1. Client/Server version.

2. Drill down is via two new reports that may be customised and printed.

3. VA is now shipped with a Database Server (for all configurations), thus eliminating Database costs.

4. Simpler registration process, a single license file for each Company.

5. Simpler system setup dialogs.

6. VaTool has been integrated into VA.

7. SImpler install process with zero administration capability. The VA Client install makes no system DLL or registry changes.

8. The ability to use inbuilt encryption and/or compression between the Client and Server.

VA  2.5.0.32 to VA 2.5.0.33 - October 2004

Fixes

1. For a Compliance Assessment the Compliance level response has been changed from "High, WIP, Low" to "High, Medium, Low".

VA  2.5.0.31 to VA 2.5.0.32 - June 2004

Enhancements

1. The "Sign Off" form at the Assessment level of an Assessment has new text information.

2. The words "Reportable condition" have been changed to "Significant deficiency" in the following locations:
a. the Implementation tab of the Risk level form
b. the Report Configure form when you set the Form Details and then click the Compliance Details Set button
c. as in (b) above for the Compliance Filters Set button (Minimum Compliance, Maximum Compliance).
d. the report printout.

3. For a Compliance Assessment the Compliance level response has been changed from "High, Medium, Low" to "High, WIP, Low". The Report forms and printouts have been changed to reflect this as have the Compliance roll-ups at the Assessment Overview, Assessment Navigator and Entity Navigator screens.

4. In KB Authoring, the Undo has been removed from the menu bar, toolbar and menu pop-ups (context sensitive menu).

Fixes

1. "File Ref" on the Test level form of an Assessment is now correctly saved/retrieved from the database.

VA  2.5.0.30  to  VA 2.5.0.31  -  October 2003

Fixes

1. Removed code that caused lock time-out when connected to Microsoft SQL Server.

2. Removed ability for multiple users to edit the same KB.

VA  2.5.0.29  to  VA 2.5.0.30  -  September 2003

Enhancements

1. Included new version of PC Guard, which allows easier "Activation Code" management for Kilclare and end users (Channel Partners).

Fixes

1. Removed Printer button from "Report Settings" dialog, which did not work, and renamed Preview button to Printer.

VA  2.5.0.28  to  VA 2.5.0.29  -  August 2003

Fixes

1. Material weakness and Reportable condition (see Risk level form) did not work correctly for a Compliance type Assessment.

2. Clicking on the “…” button in the “Estimated Time” or “Actual Time” fields in the Test level item dialog gave an error.

3. Editing Assessor checklist items could cause them to be displayed out of sequence.

VA  2.5.0.27  to  VA 2.5.0.28  -  June 2003

Fixes

1. If a new user was added and the form left open then other users would be denied access to VA (i.e. a lock time-out would occur). This problem only occurs with Microsoft SQL and not Oracle, Sybase or InterBase.

VA  2.5.0.26  to  VA 2.5.0.27  -  May 2003

Fixes

1. Access Rights that were applied to a later KB revision were ignored.

VA  2.5.0.22  to  VA 2.5.0.26  -  April 2003

Enhancements

1. Changed the way in which Import/Export works so as to overcome timing issues that may occur with the Microsoft SQL Server Database.

Fixes

1. Export and Import of a Compliance Assessment now correctly restores the Compliance level responses. Before you import a Compliance Assessment make sure that it was exported with this Version and Build of VA, otherwise the Compliance level responses will be incorrect and will need to be reviewed.

2. When viewing an Archive, the correct responses are now displayed. Previously, the responses of the “current period” Assessment were displayed.

VA  2.5.0.19  to  VA 2.5.0.22  -  February 2003

Enhancements

1. Text Field Headings print in bold.

2. A set of default Report Templates is included with the stand alone installation.

Fixes

1. The "?" and "N/A" filter responses are now saved in report templates.

2. Filters that are enabled but do not have a selected item no longer produce a sequel error.

3. If no Areas are checked, VA now reports this instead of producing a sequel error.

4. Saving a template that was marked with "Restrict modification" now keeps the "Restricted modification" status.

VA 2.3.0.3  to  VA 2.5.0.19  -  November 2001

Enhancements

1. Level 3 allows for either a Risk/Exposure or Compliance assessment method. Each method rolls-up into its own column on the Entity Navigator, Assessment Navigator and Assessment Overview screens. The new Compliance method uses High/Medium/Low as its level 3 response range. High compliance maps to Green, Medium compliance maps to Yellow and Low compliance maps to Red.

2. When Authoring a KB the "preferred" method, Risk/Exposure or Compliance, is set. New Assessments inherit this "preferred" method, however, it may be changed to the alternative method at any stage. If it is changed, the level 3 responses are not mapped from one method to the other - they are separate and the only occasion under which they change is when a consideration response belonging to the level 3 item is changed, in which case the level 3 response of both methods is set to "incomplete".

3. Any VA "text field" may contain links to external documents. Clicking on these links will launch the associated application, if it exists, and display the document. Any document type may be added (e.g. MS Word, Excel, PDF, .hlp, HTML etc.). You may also add links to web sites.

4. As links are easily broken, VA has the following in-built capability. By setting the "document folder" this allows VA to use the following rule to find the document: a. use the pathname as given by the link. b. append the link to the "document folder" value. c. append the links filename to the "document folder" value.

5. The Assessment Overview retains its user specified view irrespective of other operations.

6. Ability to switch on the numbering of Assessment Overview items.

7. Ability to retain the user specified view after performing other operations (e.g. show Risk/Exposure) on the Assessment Overview screen.

8. Ability to split the Auto-display Response Form mechanism into its discreet forms thus permitting the user to only display a response form based on the response value.

9. The inclusive Report configuration has been replaced with a level selection methodology. For example, you may elect to only report on Considerations.

10. Ability to change the numbering method used for reports.

11. A new registration method has been included to allow for a "restricted" version of VA. The restricted version does not allow KB's to be exported or new KB's to be Authored. The restricted version also only allows for selected KB's to be installed and for these selected KB's to be modified.

Fixes

1. Fixed inability to delete text in Response forms when the property "Form text requires input" is not checked.

2. Fixed - it was possible to have none of the VA groups with Security Setup checked, which meant that users cannot be added to VA.

VA 2.3.0.2  to VA 2.3.0.3

Fixes

1. Fixed - incorrect risk type 2 response set.

VA 2.3.0.1  to VA 2.3.0.2

Fixes

1. Fixed - consideration response not included in report printouts.

VA 2.2.0.32  to VA 2.3.0.1

Enhancements

1. Allow multiple KB's to be attached to an entity or a KB to be attached to an Entity and all its children.

2. Add the following information to the report templates a. Selected Text fields. b. Response filter at Consideration level.

3. N/A response form at Consideration and Test level.

4. Audit number included in reports.

5. Added "Form" icon to item details dialog.

6. Create archives from multiple assessments, without having to repeatedly respond to "Assessment not yet complete" dialog.

7. Global setting to allow presetting the risk value for an assessment during creation.

8. Allow the setting of the "Control Activity/Procedure" and
"Control Comment" text fields for a KB to be blank.

9. Allow a Risk to be of type 1 (default) or type 2. Type 1 risks follow the Risk Methodology set on the Preferences tab of the System Properties Dialog. Type 2 Risks automatically set the Risk value and allow the Assessor to do not depend on the Risk Methodology.

10. New Form report for each of the Risk, Consideration and Test levels.

11. Additional filters (Due Date, Implemented On and Minimum Loss) added to the Risk level.

Fixes

1. In Authoring, Spell Checker did not check text fields.

2. The Risk level form was not always included in a report and sometimes had the incorrect heading.

3. Fixed problem when opening two Assessments.

4. Fixed logical error regarding Reviewer and Auditor response form access rights at the Consideration and Test levels.

5. The report filters for Risks and Exposures did not always work correctly.

6. Publishing a KB did not work for Oracle