So You Want to Break Into the Industry… SAS No. 94 Requirements and Issues Related to IT Audits for Not-for-Profit Organizations.

Slides:



Advertisements
Similar presentations
Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.
Advertisements

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
Presented by YOUR NAME THE DATE
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
Chapter 10 Accounting Information Systems and Internal Controls
Security and Personnel
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Security Controls – What Works
Audit Planning and Analytical Procedures Chapter 8.
By Collin Smith COBIT Introduction By Collin Smith
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Advanced Accounting Information Systems
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Vendor Risk: Effective Management is Essential
Information Technology Audit
Internal Auditing and Outsourcing
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Compliance & Internal Auditing By David N. Ricchiute
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
DAS: State Controller's Division1January 2010 Department of Administrative Services State Controller’s Division Updated January, 2010.
Introduction to Internal Control Systems
Chapter 5 Internal Control over Financial Reporting
1 Application of SAS 112 in a Single Audit GAQC Member Conference Call January 15, 2008 Presented by Mandy Nelson, CPA George Rippey, CPA.
Internal Control in a Financial Statement Audit
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
Chapter 11 Management Control of Information Technology.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Copyright: Internal Auditing: Assurance and Advisory Services, by The Institute of Internal Auditors Research Foundation, 247 Maitland Avenue, Altamonte.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Statement of Auditing Standard No. 94 The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement.
IT auditing in practice Marc Verdonk Eindhoven, November 27 th 2008.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
ISO Certification For Laboratory Accreditation ISO Certification For Laboratory Accreditation.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Dr. Yeffry Handoko Putra, M.T
Dinesh Mirchandani University of Missouri – St. Louis
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
The Impact of Information Technology on the Audit Process
Value of internal auditing: Assurance, Insight, objectivity
The Impact of Information Technology on the Audit Process
VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY
Value of internal auditing: Assurance, Insight, objectivity
Value of internal auditing: Assurance, Insight, objectivity
Value of internal auditing: Assurance, Insight, objectivity
Presentation transcript:

So You Want to Break Into the Industry… SAS No. 94 Requirements and Issues Related to IT Audits for Not-for-Profit Organizations

2 BACKGROUND What is SAS No. 94? – Standard requiring “…the auditor considers how an entity’s use of information technology (IT) and manual procedures may affect controls relevant to the audit.” – AU Section – Effect of Information Technology on Internal Control – Became effective on June 1, 2001

3 BACKGROUND Why is SAS No. 94 important? – An entity’s use of IT may affect any of the five components of internal control relevant to the achievement of the entity’s financial reporting, operations, or compliance objectives, and its operating units or business functions. – The use of IT also affects the fundamental manner in which transactions are initiated, recorded, processed, and reported.

4 REQUIREMENTS What professional skills are required to assess the effect of IT on internal control? – Determined by the NPO’s use of IT and the scope of the audit – Minimally, the auditor should have the knowledge of the IT audit process and be able to assess the following: Protection of Information Assets IT Governance Systems and Infrastructure Lifecycle Management – Certified Information Systems Auditors are qualified to assess all three (see

5 TYPICAL NPO ISSUES Issue #1:Poor Protection of Information Assets – Poor access controls, security architectures, encryption and/or virus prevention and detection Examples From Our Case Study – Blank administrative password to the database provided access to sensitive data including names, addresses, preferences, online donation history, and credit card numbers – Objectionable material, contrary to the NPO’s mission, could be added into the body of the web site by a malicious user

6 TYPICAL NPO ISSUES Issue #2:Lack of IT Governance – Poor strategic alignment, – Value delivery, – Resource management, – Risk management, and/or – Performance measurement of IT Example(s) From Our Case Study – Senior management failed to define security objectives – Corporate politics impaired the Technology Oversight Committee’s performance

7 TYPICAL NPO ISSUES Issue #3:Weaknesses in Systems and Infrastructure Lifecycle Management – Specifically, weaknesses in benefits management, project management, risk management, change management, system architectures, requirements analysis, acquisition and contract management, system development methodologies, quality assurance, data conversion and/or system migration Examples From Our Case Study – Failure to adhere to system development methodology – Formal requirements were not developed – The security of the 3rd party organization hosting the site was not reviewed prior to executing a contract – Security was not tested prior to implementation

8 SCHOOL-SPECIFIC ISSUES Poor Protection of Information Assets – Poor data classification can lead to exposure of sensitive information without proper segregation of shared infrastructure Lack of IT Governance – Fiefdoms – Schools’ IT staffs place each other at risk by developing their own disparate control environments using shared infrastructure

9 BENEFITS Win-Win for Auditors and Clients – Provides clients and their stakeholders a higher level of assurance – Provides value-added services to clients in an area where guidance is likely needed – Protects client relationship from firms that offer financial and IT audit services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.