Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to survive an audit. Gib – President MDLUG.org Audit tips. What to document. 1. Clarify goals 2. Review / Understand Policies 3. Write Documents Describing.

Published byRobyn Wood Modified over 8 years ago

Similar presentations

Presentation on theme: "How to survive an audit. Gib – President MDLUG.org Audit tips. What to document. 1. Clarify goals 2. Review / Understand Policies 3. Write Documents Describing."— Presentation transcript:

1 How to survive an audit. Gib – President MDLUG.org Audit tips. What to document. 1. Clarify goals 2. Review / Understand Policies 3. Write Documents Describing Gaps 4. Create Common Best Practices

2 1. Clarify Goals Accounting Analogy – centuries of practices resulted in firm understanding of procedures and techniques. Computer auditing only existed for a few decades. Is this an internal auditor or an external auditor? Don't let technical people talk to auditor. Ask for written instructions and questions – ahead of time. Define rules of engagement. Try to set a scope. Ask for an example of another audit. Look for any prior work for this scope.

3 2. Review / Understand Policies Read company policy manual. Don't have one? Then search on the internet or do research. Review policy manual with someone you trust. Discuss any issues in detail. Feel comfortable with how you respond to issues. Practice responses. Review policy manual items related to scope of the audit with peers. Ask how others handle issues. You may be able to justify common problems. Document concerns – better to come clean than look dirty.

4 3. Write Documents Describing Gaps Describe issues and concerns or gaps in writting in a non-technical way. List risk to the business. Describe any mitigation to the risk. Is risk real/likely? Describe why the gap exists – cost to repair? Advise business owners and stakeholders (written). Write a plan to address gaps. Provide planning dates. Schedule project to address issue – set priority. Seek funding for project – justify any delay. BUDGET- accounting has centuries of history to help with procedures to define effort.

5 4. Create Common Best Practices ITIL – Industry standard best practices - ”Information Technology Infrastructure Library”. Like procedures accounting for technical computer industry. Separation of duties; log changes; require approvals, role definitions, configuration change practices. Tools: source control, roll to production rule enforcement. Password management (PAR: password authentication repository). Manual log of actions taken if tools don't provide list. Who changed code, reviewed, approved, migrated. Verify enforcement of rules. Reverse audit procedure.

Download ppt "How to survive an audit. Gib – President MDLUG.org Audit tips. What to document. 1. Clarify goals 2. Review / Understand Policies 3. Write Documents Describing."

Similar presentations

Project Management For the last day and a half we’ve talked about the APD process – how to get the funding and approval for your project. There is one.

Project Management For the last day and a half we’ve talked about the APD process – how to get the funding and approval for your project. There is one.
Child Safeguarding Standards

Child Safeguarding Standards
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
More CMM Part Two : Details.

More CMM Part Two : Details.
1 Taking Control, Stabilizing Your Business and Preparing for Growth Presented by: Linda Hale and Jerry Armstrong Copy Right © All Rights reserved to Best.

1 Taking Control, Stabilizing Your Business and Preparing for Growth Presented by: Linda Hale and Jerry Armstrong Copy Right © All Rights reserved to Best.
How to Prepare for an Audit O PERATIONS M ANAGEMENT June, 1998.

How to Prepare for an Audit O PERATIONS M ANAGEMENT June, 1998.
08 JAN 09Clarity PLC Winter WebConference Copyright 2009 Jeffrey A. Bloom11 Tips and Techniques Upgrade vs. Migrate: Lessons Learned Using “Management.

08 JAN 09Clarity PLC Winter WebConference Copyright 2009 Jeffrey A. Bloom11 Tips and Techniques Upgrade vs. Migrate: Lessons Learned Using “Management.
Implementation Plans and Teams IACT424/924 Corporate Network Design and Implementation.

Implementation Plans and Teams IACT424/924 Corporate Network Design and Implementation.
Software Configuration Management

Software Configuration Management
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Photocopies Occasionally need uncontrolled copies

Photocopies Occasionally need uncontrolled copies
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, 2006 2:00pm EST, 11:00am PST George Spafford, President Spafford.

© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, :00pm EST, 11:00am PST George Spafford, President Spafford.
PAD190 PRINCIPLES OF PUBLIC ADMINISTRATION

PAD190 PRINCIPLES OF PUBLIC ADMINISTRATION
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.

7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
Auditing Information Systems (AIS)

Auditing Information Systems (AIS)
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting.

Agenda  Sarbanes Oxley Act  Where to Begin  Creating the Risk Library  Assessments / Audits  Signing Officer  Business Process Owners  Documenting.

Similar presentations

Ads by Google