AIGC General Questions
What are the main services provided by the company?
AIGC provides the following services:
- Helping organizations implement Risk-Based Audit Methodologies and Internal Audit Software.
- Conducting Quality Reviews on Audit Functions.
- Conducting Risk Assessment Assignments.
- Implementing ERM (Enterprise Risk Management)/ORM (Operational Risk Management) systems.
- Providing assistance in Assessing Compliance Risks and implementing Compliance Risk Management tools.
- Documenting Policies and Standard Operating Procedures (SOPs).
- Conducting Fraud Audits.
- Conducting Fraud investigations.
- Loss quantification assignments.
- Conducting Due Diligence Assignments.
- Company valuations.
What are the regions covered by the company?
Middle east and North Africa. (MENA Region)
Which sectors does the company specialize in?
- Banking (Islamic and Commercial)
- Micro Finance
- Asset Management
Where are the company’s offices located?
Amman: Building #49, Kulliyat Al-Sharee’ah Street
P.O. Box 910799
Amman 11191 – Jordan
Jeddah: Prince Sultan St, Al Murjanah Tower,
Level 2, office No. 207
P.O. Box 20255 Jeddah, 21455 Saudi Arabia
Riyadh: Riyadh World Trade Centre
Bahrain Tower, 2nd Floor, King Fahad Road,
P.O. Box 8953, Postal Code 12214
Can the company support us in other regional or international markets?
We are ready to support our clients in regional and international markets through Al-Yafi Group and Allinial Global Network of member firms.
What are the Quality Assurance controls being practiced by the company?
- We follow international standards, e.g. our Risk Assessment & Control Evaluation and Internal Audit assignments are based on ISO 31000, COSO Framework, and IIA Standards.
- We heavily rely on software tools in providing Risk, Compliance, and IA services.
- Quality Assurance reviews are conducted by Senior Management before submitting any deliverables.
CAREweb Technical Questions
Is the system web based?
CAREweb is a web-based system.
What are the minimum system requirements for installation?
The below table will show the minimum system requirements for installation:
Server Specification Hardware
Intel Xeon 2.0 GHz or Above
8 GB (minimum)
Hard Disk Space
Windows Server 2003 or above
Server Specification Software
Internet Information Services
Version 7 or above
2008 R2 (Express Edition or above)
Microsoft .Net Framework
Windows Operating System
IE 9.0 browser or above, GC, or FF
Office 2010 (Minimum)
Does the system have a limit for the number of users?
CAREweb gives the ability to define unlimited users, but the system will only allow a certain number of users (i.e. the number of purchased concurrent licenses) access the system at any given time.
Is the system available only in English? What are the available languages?
CAREweb system is available in both Arabic and English languages and can easily be made available in other languages.
Is there a user manual available?
CAREweb Manual is Available upon request and imbedded in the system (in help screens) in both Arabic and English languages.
What type of database does the system use?
CAREweb system database is SQL.
CAREweb General Questions
Is the system compatible with the international standards (Basel, Cyber security, COSO…etc.)?
CAREweb system is compatible with all relevant international standards.
Does the system have the ability to Customize reports?
In addition to the numerous standard reports available on CAREWeb, using the Risk Explorer Module, the user can navigate through the risk database, conduct inquiries and generate reports that can easily be exported to Excel (or other Microsoft products).
Can the user purchase certain modules only? Or is it only sold as a package?
The system comes with a number of optional modules and you can decide which ones to purchase.
Does the system cover the requirements of risk management, compliance and internal audit functions?
CAREweb is a complete Governance, Risk and Compliance (GRC) system. CARE Central Risk data register can be accessed by Risk Management, Compliance and IA functions through modules designed to meet each of these functions specific requirements. The system supports the IIAs recommended 3 lines of defense methodology and ensures collaboration among all control functions (including Risk, Compliance and Internal Audit).
Does the system have an archiving feature?
CAREweb has an archiving feature that allows the user to manually or automatically archive tests and test results for a selected period of time.
Does the system provide notifications or alerts?
CAREweb Email Alert Module allows for sending automated email alerts to notify the users of identified exceptions (i.e. the occurrence of certain scenarios predefined by the user) and escalate them to officers at various levels in the organization. These exceptions are defined by the user and may include: compliance tests overdue, controls that are “sometimes” or “never” working, remedial Actions outstanding for more than a month, KRIs above threshold ranges etc.
CAREweb CRSA Module Questions
Does the module come already packed with a library of common risks?
The Risk Registers of certain functions are available in CAREweb upon request.
Does the module facilitate reporting to senior management?
CAREweb generates a suite of summary reports and charts on the status of Corporate Risks the organization’s Control Environment to senior management and the Board.
Does the module have a feature that allows for tracking events?
CAREweb has “Event Tracking Module” that allows for Full “event capture” functionality along with loss prediction capability; this latter point not only allows banks to comply with Basle II, but it also allows any organization to set up a process of Internal Capital Adequacy monitoring.
Can we use CAREWeb to track remedial actions?
CAREWeb Remedial Actions module allows for recording and monitoring the status of remedial actions. Email alerts are sent to follow-up on delinquent remedial actions. In addition, a dashboard is also available to monitor remedial actions.
Does the system allow for linking risks to multiple controls?
CAREweb system has a Risk and control Matrix that allows for capturing the many-to-many relationship between risks and controls. It also allows for “what-if” scenarios to be performed to determine the likely effect of control enhancements in reducing exposure levels.
CAREweb Compliance Risk Monitoring Module Questions
Can the system cater for regulations from several regulatory bodies?
The system allows for defining an unlimited number of Regulatory Bodies and uploading the regulations issued by each regulatory.
Does the system allow for updating current regulations in light with new circulars/revisions?
The dedicated circulars and revisions screens allow the user to update existing regulations and upload the relevant revisions/circulars. The user can also specify the date these revisions/ circulars are to be implemented.
Does the system come with a library of regulatory compliance risks?
With regards to the Saudi market, the module has a library of Risks and Mandated controls for the regulations issued by: SAMA (Saudi Arabian Monetary Authority), CMA (Saudi Capital Market Authority), and Tadawul. Other Arab countries regulations are also available and additional regulations are constantly being added to the library of Risks and Mandated controls. In addition, AIGC Consultants are ready to analyze any additional regulations requested by clients.
How frequently is the library of regulations updated?
The stores will be updated as soon as new regulations, or revisions / circulars are issued by the regulator. Updates are shared with clients Semi Annually.
Does the system allow for assigning risks and mandated controls to each BU in accordance with the applicable regulations?
The system allows for assigning risks and mandated controls to the relevant business units. The assigned risks and mandated controls are automatically included in the selected business unit’s risk profile for the BU managers to keep monitoring these risks and mandated controls.
Does the system provide the ability to customize compliance programs?
CARE facilitates preparing compliance programs to verify compliance with each article/regulation. The Compliance Risk Monitoring Module allows for assigning these programs to Compliance Officers for them to conduct these tests and document any exceptions / breaches identified during the compliance reviews.
CAREweb Internal Audit Module Questions
Does the module offer the ability to prepare risk-based Annual Audit Plans?
Annual Internal Audit Plans can easily be prepared using CAREWeb Internal Audit Module. The module allows for determining which entities are to be covered in the current audit cycle by prioritizing these entities in accordance with selected risk-assessment factors.
Does the module take into consideration the available Internal Audit resources?
CAREweb takes into consideration the duration of the audit cycle and the available man-days in order to compare the expected man-days with the available Internal Audit resources.
Does the module allow the auditor to attach supporting documents?
The Working Papers feature allows for uploading any type of documents or working papers related to each test. The auditor can decide whether to share the attached working papers with others (e.g. other auditors) or to keep it private.
Does the system allow for tracking the progress of each audit assignment?
CAREWeb allows for tracking the progress of each audit assignment; the number of assigned tests, test results, tests that require the Team Leader approval, completed tests and other indicators, can easily be tracked through the Internal Audit module.
Does the system allow for generating customized reports?
CAREweb can be used to generate several reports related to Internal Audit, and can also customize specific reports upon request.
Does the system allow for tracking the progress of each audit assignment?
CAREweb gives the ability to track progress of each audit assignment as number of assigned tests, results of testing, tests that need approval from the Audit team leader and the completed tests.
Is the Internal Audit report generated by the system? If yes, in what format?
CAREWeb can generate complete Internal Audit reports “with a click of a button”. The system generates the reports in Microsoft Word format. The user can adjust the report and upload the revised version to maintain a copy of the latest version on the system.
Does the system allow for tracking the status of IA recommendations?
Using the “remedial actions” module, auditors can easily track the status of recommendations. They can also send automated email alerts to remind the Internal Audit team and line management of outstanding recommendations.
IDEA Technical Questions
What are the minimum requirements for installation?
The following table outlines the minimum hardware requirements:
|Processor||Dual core 2 GHz||Dual core 3 GHz or higher|
|RAM||4 GB||16 GB|
|Disk Space||5 GB||500 GB|
What is the recommended Operating System?
- For IDEA Desktop Licenses – Windows (x86, x64) – Windows 8.1 and Windows 10 (Recommended)
- For IDEA Server, SafeNet License Manager (SLM) and Corporate License Manager (CLM) – Windows Server (x86, x64) – Windows 2012 and Windows 2016(X64 Only) (Recommended)
Does IDEA have the ability to import data from different types of formats?
In order to interrogate data using IDEA, the data must first be imported. The Import Assistant is provided to guide you through the process of importing the data.
The file types that can be read in IDEA using the Import Assistant are:
- Advanced Record Definition Editor
- CaseWare Working Papers
- Print Report and Adobe PDF files
- Microsoft Excel
- Microsoft Access
- SAP SmartExporter
IDEA connects to a wide variety of databases, such as Oracle, SQL or Sybase, with Microsoft’s ODBC (Open Database Connectivity) for data import.
What are the types of the licenses that can be purchased?
- Single User: Single User licenses are intended for use on one computer only.
- Corporate User: Corporate licenses are intended to serve multiple users from a network server and can only be run by users who log into their computer and have their user accounts added to the appropriate Active Directory group.
- Concurrent User: IDEA can be installed on as many computers on the network as desired, but simultaneous usage is limited to the number of purchased licenses.
- IDEA Server: is a collaborative analytics platform that is accelerated by powerful server-based processing. Now you can access all the tools, features and capabilities of IDEA desktop while also benefitting from the collaborative functions available only with IDEA Server.
What is the difference between IDEA Server and IDEA?
IDEA Server saves you time by bridging the gap between your desktop and data center. With IDEA Server, analytics are accelerated by powerful server-based processing, allowing users to simultaneously perform their audit tasks. The right data and results are readily available so you can respond quickly to errors, anomalies and fraudulent activity.
IDEA General Questions
Is IDEA user friendly?
IDEA is extremely user friendly. It allows the user to:
- Easy access, save and share files.
- Views a graphical or tabular history of all actions performed in a project.
- Effortlessly import your records – from virtually any source.
Are there limits to the size of data or number of records that IDEA can process?
There is no Limit, but the speed of processing relies on the type of computer processor being used.
What types of Support are provided?
- Middle East and Gulf Region Support (AIGC Support Team)
- International Support (CaseWare Support Team)
- Online support (Access CaseWare Support Portal)