Presenters Ryan McMeekin Nancy Bong Scott Murphy University of Colorado SAP & ISACA University of Colorado SAP & ISACA.

Slides:



Advertisements
Similar presentations
AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.
Advertisements

Chapter 10 Accounting Information Systems and Internal Controls
Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.
Information System Assurance Practices in China Key players doing IS Assurance In China Regulatory Regime and Professional Organizations -Regulatory AuthoritiesRegulatory.
Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
The Islamic University of Gaza
Chapter 1: Auditing, Assurance, and Internal Control
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Purchases & Cash Disbursements Transactions By David N. Ricchiute
Chapter 10: Auditing the Expenditure Cycle
Sarbanes-Oxley Compliance Process Automation
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works
9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Introduction to SAP R/3.
BIT-224 Audit Muhammad Khurshid Khan THE DEMAND FOR AUDITING Why do organizations request an audit? –Agency relationship Evidence supporting a demand.
1 - 1 The Demand for Audit and Other Assurance Services Chapter 1 Highlights.
Chapter 5 Internal Control Evaluation. Chapter 2 Professional Standards.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
SAP An Introduction October 2012.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Chapter 4 Internal Controls McGraw-Hill/Irwin
Overview of Systems Audit
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
Evidence and Documentation
OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Chapter 8: Client Risk Profile and Documentation
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
AUDITING THE REVENUE CYCLE AND RELATED ACCOUNTS
Internal Control and Accounting for Cash Chapter Six McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Ensuring the Integrity of Financial Information Ensuring the Integrity of Financial Information C H A P T E R 5.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Chapter 10 THE ACQUISITION CYCLE— PURCHASE INVOICES AND PAYMENTS.
Chapter 4 Audit Evidence and Audit Documentation McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing the Financing/Investing Process: Long-Term Liabilities, Stockholders’ Equity and Income Statement.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
12/06/20161 ObjectiveProcess Risk Inherent Risk – risk of not achieving objectives Inherent risk Inherent risk – before the assessment of any controls.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.
MS in IT Auditing, Cyber Security, and Risk Assessment
The Demand for Audit and Other Assurance Services
Introduction What is IS Audit
BASIC AUDITING CONCEPTS: MATERIALITY, RISK ASSESSMENT, AND EVIDENCE
LATIHAN MID SEMINAR AUDIT hiday.
Defining Internal Control
Other Assurance Services
Design Secure & Compliant Roles for Oracle ERP & HCM Cloud
Presentation transcript:

Presenters Ryan McMeekin Nancy Bong Scott Murphy University of Colorado SAP & ISACA University of Colorado SAP & ISACA

What is Risk Assurance? What is a Control Information Technology General Controls Reporting Exercise Modules of SAP ISACA/CISA Recruitment Questions Agenda/Contents Table of Contents

Risk Assurance at PwC Business Process / IT Controls Internal Audit Services Third Party Assurance IT Project Assurance Enterprise Risk Management, etc. Our Clients: Financial Audit and External Clients What is Risk Assurance?

Why are systems and controls important? In accounting and auditing internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems designed to help the organization accomplish specific goals or objectives. “COSO” - Committee of Sponsoring Organizations of the Treadway Commission: Internal Control - Integrated Framework (1992)Committee of Sponsoring Organizations of the Treadway Commission: Internal Control - Integrated Framework (1992) Key information system control objectives: Safeguarding assets Maintaining data integrity Operating effectively and efficiently Examples of IT Audits: Financial Statement Audits, public (SOX) and private Third-Party Assurance PCI (Payment Card Industry) Internal Audit What is Risk Assurance? What is a Control?

What is Risk Assurance? Information Technology Risk and Controls Diagram

Perimeter Network Operating System Application Data What is Risk Assurance? Information Technology Risk Layers

PwC Please get in groups of 3 or 4 1) What are examples of IT risk? 2) How does IT risk impact a business? 3) How can IT risk impact Financial Statements? Exercise

PwC 1)What are examples of IT risk and security? Restricted Access and Segregation of Duties Change Management / SDLC Batch Processing, System Interfaces 2) How does IT risk impact a business? Safeguarding of assets, data integrity, efficiency of operations Compliance requirements (SOX, HIPAA, PCI) Investor Confidence 3) How can IT risk impact Financial Statements? Indirectly impacting financial statement assertions Pervasiveness of impact. Exercise Debrief

Reporting -Key Reports -Information used in performance of a key control - Configurable to Client Environment -SAP (Customized or Canned) -Changes -Access - How do we use SQL Statements? Reporting Integrity of Data

What are Risks with these Accounting Areas? -Journal Entries -Period End Closing - Foreign Exchange -New GL - FI/CO Integration SAP - Financial General Ledger

Period End Closing Control The standard SAP reports indicating general ledger account metrics are investigated and resolved during period end on a timely basis. -Create a Test Plan - What are the Key Conditions of this Controls (italicized) - How could we test/verify that the control is operating? Exercise - Financial General Ledger

How to Test & Interpretation a)Inquire of management to determine whether: i)SAP reports are relied upon during the period end close process ii) Report review is performed by a person independent from the transaction processing activities iii) Exceptions are investigated and resolved on a timely basis a) Evaluate if there is sufficient and appropriate evidence to test the control b) Inspect / examine a sample of reports to determine whether evidence exists c) for the timely resolution of exceptions Exercise – Debrief

-Integrates purchasing department with Account Payables department. - Business Processes - 3-way Match - Agree Purchase order - Invoice - Receiving -Automated Process of SAP -Circumnavigate Business Processes? - Basis and IT Controls SAP – Procure to Pay & Accounts Payable

Information Systems Audit & Control Association (ISACA) Goal: To expand the knowledge and value of the IT governance and control field Members work in: Financial and banking, public accounting, government, the public sector, and the private sector Chapter Meetings Accounting and Information Security focus CISA Relationships and Personal Experiences What is ISACA?

The Certified Information Systems Auditor (CISA) is ISACA’s cornerstone certification Devoted exclusively to IT audit, controls, and security Importance Good certification for individuals who have audit, control and/or security responsibilities CISA Description

CISACPA IT orientedFinancial oriented with IT One – 4 Hour Test IT Audit System Life Cycle Development Infrastructure IT Governance IT Service Delivery & Support Protection of Info Assets Business Continuity & Disaster Recovery 4 Parts (3-4 hrs each) Audit Financial Business Regulation Cost less than CPACost more than CISA Prerequisite for Promotion Compare and Contrast CISA vs. CPA

Thursday September 8th - Accounting Firm "Roadshow" - 7pm to 9pm - Koelbel Building Monday September 12th - BAP Kick-Ball Tournament - 4pm - 6pm - field by Koelbel Building Wednesday September 14th - MBSA Meeting Accounting Night - 5:30 p.m. to 7:30 p.m. - Koelbel Building Thursday September 15th - Meet the Firms - 6:30 p.m. - 9:00 p.m. - UMC, on campus Monday September 19th - Resume deadline Recruitment Information

Contact Information Ryan Nancy Scott Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.