Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers

Slides:



Advertisements
Similar presentations
Organizational Governance
Advertisements

Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Seminário O controle interno governamental no Brasil Velhos Desafios, Novas Perspectivas 14 a 16 de Maio Iguassu Resort – Foz do Iguaçu - Paraná International.
IS Audit Function Knowledge
Auditing A Risk-Based Approach To Conducting A Quality Audit
Quality evaluation and improvement for Internal Audit
Purpose of the Standards
Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Conducting the IT Audit
REVIEW AND QUALITY CONTROL
Internal Auditing and Outsourcing
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Building Quality Assurance into Clinical Trials. Objectives for Today: Define Quality in Research Describe How to Initiate Corrective and Preventative.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,
Fundamental Auditing Concepts. Materiality Evidence Independence Audit risk IS and general audit responsibilities for fraud Assurance.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,
1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.
IT Controls Global Technology Auditing Guide 1.
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.
Continual Service Improvement Methods & Techniques.
F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:
MODULE 7: CONDUCT OF GOVERNANCE AUDIT GOVERNANCE AUDITOR ACCREDITATION COURSE.
Internal Audit Quality Assessment Guide
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Compliance with Technical Standards
Hans Nieuwlands CIA CGAP CCSA CEO IIA Netherlands
Getting to Know Internal Auditing
CPA Gilberto Rivera, VP Compliance and Operational Risk
IS4550 Security Policies and Implementation
Providing assurance on risk management and controls
Compliance with Framework of Quality Control - General & Specific Controls CA Vimal Chopra, Ex Chairman of CIRC of ICAI.
How to Survive an External Quality Assessment
Getting to Know Internal Auditing
Getting to Know Internal Auditing
Self Identified Issues
Organizational Governance
PLANNING THE INTERNAL AUDIT (8 - 10%)
Week Thirteen – Continuous Auditing/CAATs and QA/QC
Following Up on Internal Audit Reports Workshop on IIA Standard 2500
Week Thirteen – CAATs & Continuous Auditing
COSO Internal Control s Framework
Planning the Audit Engagement: key ingredients
Presentation to sell assurance maps to senior management
Monitoring and Evaluation using the
Alignment of COBIT to Botswana IT Audit Methodology
Quality Department
Independent Internal Audit Quality Reviews
Getting to Know Internal Auditing
2017 Administration and Finance Conference
Trading Supervision Obligations
Week Ten – IT Audit Reporting
Support for strengthening Quality Assurance
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Quality Management in Business and Manufacturing Sectors
Mr Mirco Barbero European Commission, IAS.C1
Taking the STANDARDS Seriously
Capacitate Internal Audit
Internal Audit Who? What? When? How? Why? In brief . . .
What Is the Self-Study Instructional Audit?
AUDIT QUALITY REGULATORY FOCUS AREAS
Presentation transcript:

Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers IT Audit Process Prof. Liang Yao Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers IT Audit Process Prof. Liang Yao

Audit Quality Assurance and Quality Control Why audit function needs QA and QC? IPPF Standard Associated with QA QA and QC in action IT Audit Process Prof. Liang Yao

Audit Quality Assurance and Quality Control The needs for internal audit QA and QC function Ensure the quality of audit workpaper Sufficient audit planning Adequate of testing Relevant of evidences Supporting of conclusion Proper of overall opinion Assessment of auditors’ proficiency level Identifying skill gaps and developing areas IT Audit Process Prof. Liang Yao

Audit Quality Assurance and Quality Control IPPF Standard Associated with QA 1300 – Quality Assurance and Improvement Program 1310 – Requirements of the Quality Assurance and Improvement Program 1311 – Internal Assessments (annual basis) 1312 – External Assessments (5 years cycle) 1320 – Reporting on the Quality Assurance and Improvement Program 1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing” 1322 – Disclosure of Nonconformance IT Audit Process Prof. Liang Yao

Audit Quality Assurance and Quality Control QA/QC in Action Multi-layer of workpaper review AIC review/manager review/sr. manager(direct) review Develop and define QA and QC methodology in the Audit Methodology Manual (e.g. frequency, sampling, coverage, follow-up, etc.) Build a QA/QC function within the audit division Assign the right QA/QC staff Define training requirements External Review (IPPF 1312) Consideration IT Audit Process Prof. Liang Yao

Control Self-Assessment Concept of Three Lines of Defense First Line of Defense – Line of Business 1A – Day to day operations 1B - Risk management specialists embedder in the LoB Second Line Defense – Risk Management function Risk identification Challenge Independent testing Third Line of Defense - Internal Audit IT Audit Process Prof. Liang Yao

Control Self-Assessment Line of Business Performing leveraging Risk Management Leveraging Internal Audit IT Audit Process Prof. Liang Yao

Control Self-Assessment CSA objectives CSA Pros and Cons Auditors’ role CSA tools (GRC) CSA Approaches IT Audit Process Prof. Liang Yao

CSA Objectives Changing the organizing culture Shifting control monitoring function to IT management Empowerment of Line of Business Define a CSA framework (e.g. COBIT) IT Audit Process Prof. Liang Yao

CSA Pros. And Cons. CSA Benefits: Earlier risk identification/detection Effectively improve internal controls Self-identifying control gaps/deficiencies Sense of Ownership/motivation Effective communication Reduce audit control testing Provide the Board and sr. management level of comfort of internal control environment IT Audit Process Prof. Liang Yao

CSA Pros. And Cons. CSA disadvantages CSA maturity level Replacing audit function? Why NOT? Additional workload (resource constrain...) What if no action take based on CSA result by management IT Audit Process Prof. Liang Yao

Auditors’ Role in CSA process Understanding the business process Mapping laws and regulatory requirements to the key risks and controls identified by the business Acting as facilitators NOT in the position to design and implement controls IT Audit Process Prof. Liang Yao

CSA Summary Empowerment and establish accountabilities Kaizen process (continuous improvement) Build a culture of control awareness Broader Board and shareholder focus Involving all three lines of defense Impact on Audit Staged approach (assessing the maturity level of CSA) Leverage CSA results More risk focused plan and testing IT Audit Process Prof. Liang Yao

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.