Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers

Published byFarida Fanny Budiaman Modified over 6 years ago

Similar presentations

Presentation on theme: "Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers"— Presentation transcript:

1 Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers
IT Audit Process Prof. Liang Yao Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers IT Audit Process Prof. Liang Yao

2 Audit Quality Assurance and Quality Control
Why audit function needs QA and QC? IPPF Standard Associated with QA QA and QC in action IT Audit Process Prof. Liang Yao

3 Audit Quality Assurance and Quality Control
The needs for internal audit QA and QC function Ensure the quality of audit workpaper Sufficient audit planning Adequate of testing Relevant of evidences Supporting of conclusion Proper of overall opinion Assessment of auditors’ proficiency level Identifying skill gaps and developing areas IT Audit Process Prof. Liang Yao

4 Audit Quality Assurance and Quality Control
IPPF Standard Associated with QA 1300 – Quality Assurance and Improvement Program 1310 – Requirements of the Quality Assurance and Improvement Program 1311 – Internal Assessments (annual basis) 1312 – External Assessments (5 years cycle) 1320 – Reporting on the Quality Assurance and Improvement Program 1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing” 1322 – Disclosure of Nonconformance IT Audit Process Prof. Liang Yao

5 Audit Quality Assurance and Quality Control
QA/QC in Action Multi-layer of workpaper review AIC review/manager review/sr. manager(direct) review Develop and define QA and QC methodology in the Audit Methodology Manual (e.g. frequency, sampling, coverage, follow-up, etc.) Build a QA/QC function within the audit division Assign the right QA/QC staff Define training requirements External Review (IPPF 1312) Consideration IT Audit Process Prof. Liang Yao

6 Control Self-Assessment
Concept of Three Lines of Defense First Line of Defense – Line of Business 1A – Day to day operations 1B - Risk management specialists embedder in the LoB Second Line Defense – Risk Management function Risk identification Challenge Independent testing Third Line of Defense - Internal Audit IT Audit Process Prof. Liang Yao

7 Control Self-Assessment
Line of Business Performing leveraging Risk Management Leveraging Internal Audit IT Audit Process Prof. Liang Yao

8 Control Self-Assessment
CSA objectives CSA Pros and Cons Auditors’ role CSA tools (GRC) CSA Approaches IT Audit Process Prof. Liang Yao

9 CSA Objectives Changing the organizing culture
Shifting control monitoring function to IT management Empowerment of Line of Business Define a CSA framework (e.g. COBIT) IT Audit Process Prof. Liang Yao

10 CSA Pros. And Cons. CSA Benefits:
Earlier risk identification/detection Effectively improve internal controls Self-identifying control gaps/deficiencies Sense of Ownership/motivation Effective communication Reduce audit control testing Provide the Board and sr. management level of comfort of internal control environment IT Audit Process Prof. Liang Yao

11 CSA Pros. And Cons. CSA disadvantages CSA maturity level
Replacing audit function? Why NOT? Additional workload (resource constrain...) What if no action take based on CSA result by management IT Audit Process Prof. Liang Yao

12 Auditors’ Role in CSA process
Understanding the business process Mapping laws and regulatory requirements to the key risks and controls identified by the business Acting as facilitators NOT in the position to design and implement controls IT Audit Process Prof. Liang Yao

13 CSA Summary Empowerment and establish accountabilities
Kaizen process (continuous improvement) Build a culture of control awareness Broader Board and shareholder focus Involving all three lines of defense Impact on Audit Staged approach (assessing the maturity level of CSA) Leverage CSA results More risk focused plan and testing IT Audit Process Prof. Liang Yao

Download ppt "Week Twelve – QA/QC, Self-assessment and Audit IT Service Providers"

Similar presentations

Organizational Governance

Organizational Governance
Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012.

Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012.
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
Seminário O controle interno governamental no Brasil Velhos Desafios, Novas Perspectivas 14 a 16 de Maio Iguassu Resort – Foz do Iguaçu - Paraná International.

Seminário O controle interno governamental no Brasil Velhos Desafios, Novas Perspectivas 14 a 16 de Maio Iguassu Resort – Foz do Iguaçu - Paraná International.
IS Audit Function Knowledge

IS Audit Function Knowledge
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Purpose of the Standards

Purpose of the Standards
Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.

Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Conducting the IT Audit

Conducting the IT Audit
REVIEW AND QUALITY CONTROL

REVIEW AND QUALITY CONTROL
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.

Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Building Quality Assurance into Clinical Trials. Objectives for Today: Define Quality in Research Describe How to Initiate Corrective and Preventative.

Building Quality Assurance into Clinical Trials. Objectives for Today: Define Quality in Research Describe How to Initiate Corrective and Preventative.
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.

Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,

How does the ECA assess Member States’ internal control systems? Workshop on Audit/Evaluation of Public Internal Financial Control Systems (PIFC) Ankara,

Similar presentations

Ads by Google