Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.

Slides:



Advertisements
Similar presentations
Presented by YOUR NAME THE DATE
Advertisements

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
CIP Cyber Security – Security Management Controls
Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,
Systemwide Audit Scope and PBCs Liezl Sangalang KPMG LLP Year-End GAAP Training April 18, 2014.
Trending Topics in Contract Auditing Presenters: Allen Devine, Senior Manager Dan Smith, Manager Government Contracts.
0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.
The Islamic University of Gaza
May 2008 GAAP Reporting Workshop © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A.
SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.
The California State University (CSU) GAAP Reporting Manual ORA 1 © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative.
The California State University (CSU) GAAP Reporting Manual © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.
Highlights of Changes to the Reporting Package Chapter 9 Presented by Lily Wang Chancellor’s Office KPMG LLP.
Cash Flows Update Chapter 6 Presented by KPMG LLP and CSU.
The Audit Process Chapter 9 Presented by Jessica C Smith, Manager KPMG LLP KPMG LLP.
© 2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG.
Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.
Reporting Package Update Chapter 9 Presented by Lily Wang CSU, Chancellor’s Office KPMG LLP.
1 CSU San Bernardino CMS/PeopleSoft Project Updates Open Forum February 7, :00am to 10:00am or 2:30pm to 3:30pm Lower Commons, Panorama Room.
The California State University (CSU) GAAP Reporting Manual © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.
The California State University (CSU) GAAP Reporting Manual © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.
Information Risk Management in the Audit Chapter 9 Presented by Julie Flaiz-Windham, Senior Manager KPMG LLP KPMG LLP.
© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered.
Reporting Requirements Chapter 12 Presented by Kathy V. Lai, Manager KPMG LLP KPMG LLP.
PBC List – General Update
SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.
PREPARING FOR AN AUDIT Presented by Chris Ray Partner - KPMG LLP Presented by Chris Ray Partner - KPMG LLP.
11920 ORA The California State University (CSU) GAAP Reporting Manual 2007 Engagement Team Phone List 3.
1 Cal Poly CMS SA Project Common Management Systems (CMS) SA Modification Governance Overview January 4, 2005.
Auxiliary Organizations Update Chapter 8 Presented by Lily Wang Chancellor’s Office KPMG LLP.
The California State University (CSU) GAAP Reporting Manual © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.
ORA © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG.
Preparing for the Audit Presented by Patty McClendon Senior Manager – KPMG LLP KPMG LLP.
Reporting Requirements Presented by Steve DeVetter Partner – KPMG LLP KPMG LLP.
Information from the Chancellor’s Office Chapter 5 Presented by CSU and KPMG, LLP.
Responses to 2008 GAAP Feedback Presented by Sherry Pickering CSU KPMG LLP.
A/B/C Campus Scope Presented by: Kathy Lai, KPMG LLP AUDIT.
Preparing for the Audit – A-133 (Single Audit) Presented by Elisa Stilwell Senior Manager – KPMG LLP KPMG LLP.
Single Audit (A-133) Chapter 9 Presented by Elisa Stilwell, Senior Manager KPMG LLP KPMG LLP.
Preparing for the Audit Presented by Elisa Stilwell Senior Manager - KPMG LLP KPMG LLP.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Chapter 5 Internal Control Evaluation. Chapter 2 Professional Standards.
UCSD Office of the Controller1 SAS112 Implementation UCSD Status Update.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.
Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.
Auditing & Assurance Services, 6e
Patch Management Strategy
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
IT Internal Audit Survey Overview of survey findings May 2009 IT ADVISORY ADVISORY.
OMB Circular A-123 Lessons Learned OMB Circular A-123 Lessons Learned FEDERAL ADVISORY Sean Hoffman Partner KPMG LLP.
Considering Internal Control
Internal Control in a Financial Statement Audit
Portfolio Committee Presentation Government printing Works Audit and Compliance 07 May 2013 Presented by: Chief Executive Officer.
Natives of Kodiak, Inc. September 20,2014 Beth Stuart kpmg.com.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
Accounting for Income Taxes Introduction to Accounting for Taxes
Auditing Information Systems (AIS)
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Systemwide Audit Scope Liezl Sangalang, Senior Manager KPMG LLP April 24, 2015.
© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG.
Who is the typical fraudster? Michael Peer Partner 16 June 2011.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Project Reviews Providing Value to Stakeholders PMI Sacramento Valley Chapter PMO Forum – June 2007 Bob Cutler, PMP Hubbert Systems Consulting, Inc.
May 19 th, 2016 OTHER REMINDERS Su Chen, Financial Reporting Analyst, SFSR Chancellor’s Office.
Review of Compliance with the NCAA Financial Data Reporting Requirements Sedong John, SFSR Chancellor’s Office Year-End GAAP Training April 18, 2014.
Internal and external control in an automated environment
Presentation transcript:

Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 2 KPMG Information Risk Management (IRM) Audit Team – Overview of IT Controls IT General Controls –Controls that support the foundation of the system. –Includes 4 components Program Development Program Change Computer Operations Access to Programs and Data Application Controls – are automated controls –Steps, requirements, that a computer system executes to achieve a specific objective—the objective of the automated control to prevent, detect and/or correct the risk of a financial misstatement

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 3 KPMG Information Risk Management (IRM) Audit Team – Scope of Work IT General Controls Review –Please note that the IT Audit scope for 2009 is reduced due to significant deficiencies noted in 2008 –Current year procedures include: PeopleSoft application password configuration settings User access provisioning and de-provisioning of PeopleSoft application access Program change procedures System development lifecycle procedures –Current year procedures do not include: PeopleSoft security controls testing (due to prior year deficiencies)

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 4 KPMG Information Risk Management (IRM) Audit Team – Scope of Work Current year procedures are in the process of being conducted at the following campuses: –East Bay –Los Angeles –Maritime Academy –Monterey Bay –San Bernardino –San Jose –San Luis Obispo –San Marcos

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 5 KPMG Information Risk Management (IRM) Audit Team – Scope of Work Testing is also being conducted at CMS focusing on the following areas: –Program changes –PeopleSoft access rights in production

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 6 KPMG Information Risk Management (IRM) Audit Team – Scope of Work (continued) Application control testing –This testing is not being conducted in 2009 due to the significant deficiencies from the prior year. –In prior years, we have tested the following controls: Department of Education upload to campus Student Information System (PeopleSoft or Legacy) Grade system – user access Interface from grade system to financial aid system (if applicable) Access controls Configuration controls Automated Derivation Control

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 7 Background Information of Prior Year Significant Deficiency Refer to the CSU 2008 report on internal control over financial reporting and on compliance and other matters based on an audit performed in accordance with Government Auditing Standards –Item Segregation of Duties Conflicts and System Access ISSUE #1 (CMS Central) –CMS Support Team had: Systems Administrator access to PeopleSoft (i.e. SOSSTECH – user administration) and access to Application Designer in PeopleTools (Developers with access) ISSUE #2 (Campus Level) –Various campus level personnel have access to multiple roles resulting in a segregation of duties conflict: System Administrator; Database Administrator; and Programmer/Development Access Management is currently working to remediate and evaluate status

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 8 IRM Test Work – Key Dates March 12 – 16, 2009 – Campus IT PBC list was sent to campuses March – April, 2009 – Campus PBC were due to KPMG March – July, 2009 – Campus IT general controls test work and specific business process controls test work –To gain efficiencies by working from one location, the IRM team will conduct testing remotely from our Orange County office. Please be prepared to accommodate conference calls during the week our teams are focusing on your campus as the testwork will be conducted via phone interviews and review of requested documents. Project wrap up / Campus close out meetings (June ~ July)

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 9 IRM Deficiency and Communication Impact on Financial Audit Team –As IRM lead in their testwork timing, IRM will report all deficiencies to the financial audit team. –The financial audit team will analyze these deficiencies as they relate to the year-end financial statement audit and modify the audit approach as may be necessary. This may include performing additional substantive procedures, making additional sample selections, etc.

© 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International ORA May 2009 GAAP Reporting Workshop 10 Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.