1. INTERNAL AUDIT DIRECTOR’S ROLE IN INTEGRATING IT AUDITING IN OPERATIONAL AUDITS Dr. Roger Mayer, CPA, CIA, CRMA SUNY Old Westbury

2. Overview  The role of IA to identify IT risks and controls?  Differentiating Operation from IT auditing  Enhancing the audit product by expanding the role of operational auditors  Training issues for all non IT auditors.  Your role as a director

3. Where are the risks?  Operational level  Department level  General Control level  Application level

4. IT Risk Assessment Process  What is within the scope of an operational audit?  What is outside the scope of an operational audit?  Are these parameters moving targets?  Coordinating the activities of operational and IT auditing.

5. General control risks  What questions should all auditors ask related to general controls?  Why do some auditors avoid IT auditing?  Why does expanding the scope to include IT create value?

6. Application control Risks  How to identify department specific applications.  Developing a risk assessment questionnaire to address IT.  Common IT application risk issues that can be uncovered by the operations auditor.

7. IT audit test procedures  What tests should all auditors include in their required procedures?  Where to get the right data for testing?  Using ACL in IT audit testing procedures.  When to use the IT auditors.

8. Training issues for all audit staff  What you need to know.  What you need to do to continue to expand your knowledge.  Increasing the general knowledge of all staff.

9. The audit director’s role  Avoid territorial issues between operational and IT audit groups.  Outlining the scope to management.  Cross training.  Resolving personnel issues.

10. Conclusion  Value Creation  Expanding scope  Expanding coverage  Creating career opportunities for auditors