Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot.

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Development of internal control: methodology and responsibility
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Operational Auditing--Fall Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Quality evaluation and improvement for Internal Audit
Internal Control in a Financial Statement Audit
Internal Audits, Governmental Audits, and Fraud Examinations
The Information Systems Audit Process
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Presented By: Donna Denker, CPA Donna Denker & Associates.
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Information Systems Controls for System Reliability -Information Security-
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
Internal Auditing and Outsourcing
Project Human Resource Management
Service Organization Control (SOC) Reporting Options and Information
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.
Chapter 3 Internal Controls.
Session 3 & 4. Institute of Internal Auditors Inc (IIA) was created for internal auditors in 1941 Generally accepted criteria of a profession are: –Adopting.
Chapter Three IT Risks and Controls.
Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Internal Control in a Financial Statement Audit
Presented by Raaj Kurapati and Charlene Hart. Introduction  The Single Audit Act Amendments of 1996 was enacted to streamline and improve the effectiveness.
Roles and Responsibilities
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Richard F. Chambers, CIA, CGAP Vice President, IIA Learning Center The Institute of Internal Auditors.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
Webinar for FY 2011 i3 Grantees February 9, 2012 Fiscal Oversight of i3 Grants Erin McHughJames Evans, CPA, CGFM, CGMA Office of Innovation and Improvement.
Copyright © 2007 Pearson Education Canada 1 Chapter 24: Assurance Services: Internal Auditing and Government Auditing.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Chapter 9: Introduction to Internal Control Systems
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Risk Management Standards and Guidelines
Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Practical Use of International Standards in the Control and Auditing Activities of Federal Treasury Prague, March, 2016 Head of Internal Control (Audit)
Internal Control Process at Geneseo. Objectives Understand the objectives of effective internal controls Describe Geneseo’s internal control program Accurately.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
#127 – Risk Management Basics Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Jean-Pierre Garitte Budapest 29 March 2017
14th CAS meeting Performance reporting Presentation by SAI-SA
Internal control objectives
اطار الرقابة الداخلية و فقا للجنة دعم المنظمات COSO
Office of Internal Audits
A Framework for Control
Accountability and Internal Controls – Best Practices
Building the Foundation of Compliance
Building the Foundation of Compliance
COSO Internal Control s Framework
Unit 11 October 22, 2017.
Presentation transcript:

Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot

2 Session Outline Introduction Standards and Legal Considerations Objectives Policies Standards Audit Department Identifying the Audit Universe Risk Ranking the Universe Developing an Audit Plan The Audit Process Determining the Scope of Audits Continuous Monitoring Tracking Issues Quality Assurance and Monitoring the Audit Program Sources of Information

3 Introduction Your approach may differ and still be correct for your organization.

4 Standards and Legal Considerations This slide is just a reminder that there are laws, standards, and requirements that must be considered and dealt with. The requirements may be different for each organization. Auditing –?????? Accounting –?????? Taxation –?????? The Business –??????

5 References - Information Systems Audit and Control Associationhttp:// - American Institute of Certified Public Accountantshttp:// - The Institute of Internal Auditorshttp:// - International Federation of Accountantshttp:// ….

6 Objectives Assurance Services Internal vs Public Type of Audit The Public Interest Owner and Shareholder Interests Employee Interests

7 Objectives (continued) According to the COSO Enterprise Risk Management — Integrated Framework Executive Summary: This enterprise risk management framework is geared to achieving an entity’s objectives, set forth in four categories: –Strategic – high-level goals, aligned with and supporting its mission –Operations – effective and efficient use of its resources –Reporting – reliability of reporting –Compliance – compliance with applicable laws and regulations.

8 Audit Policies Standards and Procedures Formalized policies, standards and procedures Criteria for achieving objectives and measuring performance. Many organizations maintain policies, standards and procedures in a database

9 Audit Department Organization Politics –Selling services –Funding negotiations Skills –Financial –Operational –IT –Compliance

10 Identifying the Audit Universe Starting with a list of all organization units group units into auditable entities. Interview management to identify all auditable entities. Identify auditable entities from financial statements.

11 Organizing the Universe Using a database –Lotus Notes –MS Access –SQL –??????

12 Risk Ranking the Universe Ensure that audit resources are allocated to meet the objectives of the organization. Select audits based on risk and resources Risk factors: –Compliance and regulatory requirements –Results of prior audits –Staffing issues –Complexity –Financial impact –…

13 Developing an Audit Plan Legal Requirements and Regulators Required Audits Prioritization based on Risk Scheduling Hours Budget

14 Reporting the Audit Universe By risk By group by risk By audit manager by risk By hours By type of audit

15 The Audit Process Planning –Risk Assessment –Determine scope –Identify resources Fieldwork Issues Reporting –Rating –Distribution Follow-up

16 Determining the Scope of Audits Risk Assessment Developing an Audit Program Performing the Audit Reporting Audit Results

17 Continuous Monitoring Monitoring is a management responsibility and audit must be careful not to become a control.

18 Tracking Issues When are issues closed? –When the auditee says they are closed. –When the auditor validates they are closed. Implications: –Open issues may not be reported to management and the audit committee. –Fewer repeat issues when the issues are closed by auditors.

19 Reporting Open Issues Distribution List Frequency Issue reporting based on: –Risk –Days open –Days past due

20 Quality Assurance and Monitoring the Audit Process Work paper reviews Peer Reviews Client Surveys Personnel Reviews

21 Sources of Information Professional associations listed above Internet searches

22 For More Information: Rodney Kocot President Systems Control and Security Incorporated P.O.Box 0531 Tujunga, CA Using technology to audit technology