Developing a Successful Integrated Audit Approach September 14, 2010.

Slides:



Advertisements
Similar presentations
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Advertisements

1
Distributed Systems Architectures
Chapter 7 System Models.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Myra Shields Training Manager Introduction to OvidSP.
Federal Information System Controls Audit Manual (FISCAM)
Audit Standards Update with Focus on Risk Suite and Impact on IT Audit
1 AICPA Statement on Auditing Standards No. 112, Communicating Internal Control Matters Identified in an Audit NASACT Audio Conference October 19, 2006.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
The Managing Authority –Keystone of the Control System
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Performance Management Chapter 10. Performance Management 10-2 Objectives How to View Goals View State Goals View Your LWA Goals Search Goals (including.
Local Customization Chapter 2. Local Customization 2-2 Objectives Customization Considerations Types of Data Elements Location for Locally Defined Data.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
Around the World AdditionSubtraction MultiplicationDivision AdditionSubtraction MultiplicationDivision.
Supported by 1 1 kids learn from people who care welcome! velkomin!
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
Chapter 8 Copyright © 2014 Pearson Education, Inc.Chapter Writing Negative Messages.
Break Time Remaining 10:00.
Presenter: Beresford Riley, Government of
EMS Checklist (ISO model)
Turing Machines.
Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.
PP Test Review Sections 6-1 to 6-6
Strategic Meetings Management 101
Bright Futures Guidelines Priorities and Screening Tables
Microsoft Confidential. We look at the world... with our own eyes...
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
AUDIT IN PUBLIC ADMINISTRATION Assoc. Prof. Dr. Recai AKYEL President of the TCA 04 JUNE 2013 TIRANA/ALBANIA.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Demand for Audit and Assurance Services Chapter.
Bellwork Do the following problem on a ½ sheet of paper and turn in.
CS 6143 COMPUTER ARCHITECTURE II SPRING 2014 ACM Principles and Practice of Parallel Programming, PPoPP, 2006 Panel Presentations Parallel Processing is.
New IA IA Clinic March 30, Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.
Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 Presenter: Josh Stuckey, Manager Harris County Permits Northwest Freeway Suite 120 Houston, Texas
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Adding Up In Chunks.
SLP – Endless Possibilities What can SLP do for your school? Everything you need to know about SLP – past, present and future.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.
By CA. Pankaj Deshpande B.Com, FCA, D.I.S.A. (ICA) 1.
The UNIVERSITY of GREENWICH 1 September 2009 L9b Audit and assurance J. E. Spencer-Wood Lecture 9b The audit risk approach & internal control ISA 315 Auditing.
1 K. C. Lo / L. M. Chow Power Systems Business Group CLP Power Knowledge Management in CLP Power Oct 2004.
AU 350 SAS 111 Audit Sampling C Delano Gray June 14, 2008.
Section 404 Audits of Internal Control and Control Risk
Internal Control and Control Risk
Prof.ir. Klaas H.J. Robers, 14 July Graduation: a process organised by YOU.
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
Essential Cell Biology
Audit of the Sales and Collection Cycle
1 Phase III: Planning Action Developing Improvement Plans.
05/19/04 1 A Lessons Learned Process Celebrate the Successes Learn From the Woes Natalie Scott, PMP Sr. Project Manager.
Immunobiology: The Immune System in Health & Disease Sixth Edition
Overall Audit Plan and Audit Program
Physics for Scientists & Engineers, 3rd Edition
Energy Generation in Mitochondria and Chlorplasts
Auditing, Assurance and Governance in Local Government
Chapter 14 Fraud Risk Assessment.
Internal Auditing and Outsourcing
ITIL & COBIT O6PLM Kevin Lisay – Rendy Winarta –
Internal Control in a Financial Statement Audit
ISO 9001:2008 to ISO 9001:2015 Summary of Changes
Continuous Monitoring and Gaining External Audit Reliance.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
Presentation transcript:

Developing a Successful Integrated Audit Approach September 14, 2010

Introduction and Perspectives An Integrated Audit Methodology Topics

INTRODUCTION AND PERSPECTIVES Developing a Successful Integrated Audit Approach

An audit approach that takes into consideration key areas of risk regardless of type, such as: – Operations – Finance and accounting, including fraud – Information technology and security – Regulatory/compliance – Other, tailored to the business Defining Integrated Auditing

Audit efficiencies Comprehensive view of an auditable entity Consolidated report covering key areas – fewer audits per entity Enhanced stakeholder perceptions of audit coverage Improved auditor morale Accelerated auditor talent Focused leverage of business knowledge and collaboration across the audit team Benefits

People – Expanding auditor skill sets to cover all areas while retaining benefits of subject matter expertise – Helping auditors with different skills communicate and find better ways to work together Ensuring coverage is “just right” – Broad enough to cover the key risk areas – Deep enough where necessary – Organized sufficiently to avoid “spin-off” audits Challenges

Perspective – Management: operational understanding – Auditor: process, risk and controls Core audit skills – the raw materials translate easily! – Understand/document any process – Recognize risk where it exists – Translate across multiple disciplines IIA body of knowledge – CIA’s are well positioned to help drive an integrated approach Prerequisites to an Integrated Approach

Solid enterprise-level and engagement-level risk assessment processes Scope – Top-down, bottom-up, aligned with the business – Includes Material financial exposure Possible reputational harm Emerging risks and changes Management’s operational concerns – Helps us say “yes, we looked at that” Critical Success Factors

AN INTEGRATED AUDIT METHODOLOGY Developing a Successful Integrated Audit Approach

There are diverse schools of thought, methodologies, and approaches to integrated auditing – why so many? – Diversity in business – a desire for a tailored approach and a search for the “one best way” – Variability in what one believes should be integrated – people, process, technology or parts thereof – Differences in viewpoint taken: auditor or management – Inherent need for subject matter expertise – Timing and logistics for getting audits done Integrated Audit Methodology(ies!)

Integrated Auditing People Diverse team has an operational center surrounded by relevant subject matter experts Auditors with different skills are on the same team AND are actively engaged in evaluating and testing business processes together Process Process view of the operations – key Understanding of the business operations – key Use risk assessment to drive top-down approach Technology Build a reliable process first, then look to technology to make it more efficient (always)

Ensure the integrated audit team is working together – not just sitting in the same room Offer tools to help – Formally documented methodology – A layered, multi-disciplined perspective with a common language Recognize auditor common ground – Risk, control, and process orientation – Control assertions Integrating People

Integrating Process Process Input Authorization Database Reconciliation Custody System Occurrence Authorization Occurrence Authorization Occurrence Completeness Accuracy Occurrence Completeness Accuracy Output All Other Areas to Overlay: Operational efficiencies, including technology aspects Regulatory/compliance considerations Fraud risk considerations Recording Confidentiality Availability Integrity Confidentiality Availability Integrity

Aligning Control Assertions IT Auditors: Information security components – Confidentiality – Availability – Integrity Financial Auditors: Financial statement assertions on transactions – Occurrence – Completeness – Accuracy – Authorization – Cutoff – Classification

Training for everyone Get everyone talking and involved in planning/risk assessment Drive efficiencies – Map in-scope risks to key controls in common across all areas – Drive efficiencies with audit coverage (SOX, SAS 70) During fieldwork – Assign testing based on expertise – Establish periodic checkpoints within the team and an end- to-end quality review process Integrating People and Process

Question: When is the right time to get subject matter experts involved? a)During fieldwork when the team gets in a bind b)During the report writing phase when a question leads to an area that should have been looked at more closely c)Engagement-level planning and risk assessment Subject Matter Experts

INTEGRATING THE AUDIT APPROACH AND RISK ASSESSMENT Developing a Successful Integrated Audit Approach

Risk Assessment Identify Enterprise Level Risks Identify the Audit Universe Assess Risk Top-Down Asses Risk Bottom-Up Prioritize the Quarterly Audit Plan Enterprise-Level Risk Assessment Process to determine the audit plan Engagement-Level Risk Assessment Process to determine the scope of a specific audit Understand the Auditable Entity Identify Key Risk Areas Map Key Risks to Other Audit Coverage Finalize Audit Scope Integrated Audit Considerations

Best Practice: Align coverage with corporate strategy Enterprise-Level Risk Assessment Identify Enterprise Level Risks Identify the Audit Universe Assess Risk Top-Down Asses Risk Bottom-Up Prioritize Audit Plan Enterprise-Level Risk Assessment Corporate Strategy Objectives Enterprise Risk Best Practice

Identify the Audit Universe Auditable Entity: – A discrete unit or process – Horizontal coverage is more efficient – Level of aggregation is key Entity Segment Sub-Segment Lines of Business Process Layers Where Controls Reside:

Assess Risk Top-Down CorporateOperating Segment 1Operating Segment 2Operating Segment 3Operating Segment 4Shared Service Segment Tier 1 ($x+) Auditable entity 1 Auditable entity 2 Auditable entity 3 Auditable entity 13 Auditable entity 14 Auditable entity 15 Auditable entity 28 Auditable entity 35 Auditable entity 42 Auditable entity 43 Tier 2 ($x-$x) Auditable entity 4 Auditable entity 5 Auditable entity 6 Auditable entity 16 Auditable entity 17 Auditable entity 18 Auditable entity 36 Auditable entity 37 Auditable entity 38 Auditable entity 44 Auditable entity 45 Tier 3 ($x-$x) Auditable entity 7 Auditable entity 8 Auditable entity 9 Auditable entity 19 Auditable entity 20 Auditable entity 21 Auditable entity 22 Auditable entity 23 Auditable entity 24 Auditable entity 39 Auditable entity 40 Auditable entity 41 Auditable entity 46 Tier 4 (<$x) Auditable entity 10 Auditable entity 11 Auditable entity 12 Auditable entity 25 Auditable entity 26 Auditable entity 27 Auditable entity 29 Auditable entity 30 Auditable entity 31 Auditable entity 32 Auditable entity 33 Auditable entity 34 Auditable entity 47

Assess Risk – Bottom Up Segment Auditable Entity$ Financial Risk Compliance and Regulations Changes in Audit Universe IT Risk Average Availa- bilityIntegrity Confiden- tiality Inherent Risk Residual Risk Inherent Risk Residual Risk Inherent Risk Residual Risk Inherent Risk Residual Risk Inherent Risk Residual Risk Inherent Risk Residual Risk Inherent Risk Residual Risk Operating Segment1 Auditable entity 1 $ Traditional Quantitative Approach

Assess Risk – Bottom Up Qualitative Map to ERM SegmentAuditable Entity Year Last Audited Top ERM Risk #1 Top ERM Risk #2 Top ERM Risk #3 Top ERM Risk #4 Top ERM Risk #5 Top ERM Risk #6 Top ERM Risk #7 Top ERM Risk #8 Top ERM Risk #9 Top ERM Risk #10 Operating Segment1 Auditable Entity Operating Segment1 Auditable Entity 22010

Prioritize Audit Plan Tier 1 Auditable Entity Prior Coverage Q1 2011Q2 2011Q3 2011Q Corporate Auditable entity 1 Auditable entity 2 Auditable entity Audit 1 Audit 3 Audit 7 Operating Segment 1 Auditable entity 13 Auditable entity 14 Auditable entity Audit 2 Audit 4 Audit 10 Operating Segment 3 Auditable entity Audit 5 Operating Segment 4 Auditable entity Audit 6 Shared Service Segment Auditable entity 42 Auditable entity Audit 8 Audit 9

Aggregation of cumulative knowledge about the entity Integrated view Links to ERM Don’t forget consideration of fraud risk Engagement Level Risk Assessment Risk Relevance/ Significance at this Line of Business Areas to Test Covered via other audits? Test?Budget- Testing Time Top 10 ERM High-Level Risk Category Specific Risk Areas IR 1 2 I=Inherent Risk: Risk before consideration of controls. R=Residual Risk: Risk after consideration of controls, e.g. prior audit results and remediation or other issues identified.

26 Source: The ACFE’s 2010 Report on Fraud to the Nations

Ground integrated auditing in solid risk assessment from the beginning Resolve the auditor SME communication barrier once and for all Expect efficiencies Leverage existing core auditor skills as place to start Align with operations to drive the most value Takeaways

QUESTIONS? Developing a Successful Integrated Audit Approach

– Kim Furlin – – Contact Information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.