Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP."— Presentation transcript:

1 Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP

2 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 2 KPMG Information Risk Management (IRM) Audit Team – Overview of IT Controls IT General Controls –Controls that support the foundation of the system. –Includes 4 components Program Development Program Change Computer Operations Access to Programs and Data Application Controls – are automated controls –Steps, requirements, that a computer system executes to achieve a specific objective—the objective of the automated control to prevent, detect and/or correct the risk of a financial misstatement

3 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 3 KPMG Information Risk Management (IRM) Audit Team – Scope of Work IT General Controls Review –Please note that the IT Audit scope for 2009 is reduced due to significant deficiencies noted in 2008 –Current year procedures include: PeopleSoft application password configuration settings User access provisioning and de-provisioning of PeopleSoft application access Program change procedures System development lifecycle procedures –Current year procedures do not include: PeopleSoft security controls testing (due to prior year deficiencies)

4 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 4 KPMG Information Risk Management (IRM) Audit Team – Scope of Work Current year procedures are in the process of being conducted at the following campuses: –East Bay –Los Angeles –Maritime Academy –Monterey Bay –San Bernardino –San Jose –San Luis Obispo –San Marcos

5 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 5 KPMG Information Risk Management (IRM) Audit Team – Scope of Work Testing is also being conducted at CMS focusing on the following areas: –Program changes –PeopleSoft access rights in production

6 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 6 KPMG Information Risk Management (IRM) Audit Team – Scope of Work (continued) Application control testing –This testing is not being conducted in 2009 due to the significant deficiencies from the prior year. –In prior years, we have tested the following controls: Department of Education upload to campus Student Information System (PeopleSoft or Legacy) Grade system – user access Interface from grade system to financial aid system (if applicable) Access controls Configuration controls Automated Derivation Control

7 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 7 Background Information of Prior Year Significant Deficiency Refer to the CSU 2008 report on internal control over financial reporting and on compliance and other matters based on an audit performed in accordance with Government Auditing Standards –Item 08-01 Segregation of Duties Conflicts and System Access ISSUE #1 (CMS Central) –CMS Support Team had: Systems Administrator access to PeopleSoft (i.e. SOSSTECH – user administration) and access to Application Designer in PeopleTools (Developers with access) ISSUE #2 (Campus Level) –Various campus level personnel have access to multiple roles resulting in a segregation of duties conflict: System Administrator; Database Administrator; and Programmer/Development Access Management is currently working to remediate and evaluate status

8 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 8 IRM Test Work – Key Dates March 12 – 16, 2009 – Campus IT PBC list was sent to campuses March – April, 2009 – Campus PBC were due to KPMG March – July, 2009 – Campus IT general controls test work and specific business process controls test work –To gain efficiencies by working from one location, the IRM team will conduct testing remotely from our Orange County office. Please be prepared to accommodate conference calls during the week our teams are focusing on your campus as the testwork will be conducted via phone interviews and review of requested documents. Project wrap up / Campus close out meetings (June ~ July)

9 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 9 IRM Deficiency and Communication Impact on Financial Audit Team –As IRM lead in their testwork timing, IRM will report all deficiencies to the financial audit team. –The financial audit team will analyze these deficiencies as they relate to the year-end financial statement audit and modify the audit approach as may be necessary. This may include performing additional substantive procedures, making additional sample selections, etc.

10 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A. KPMG and the KPMG logo are registered trademarks of KPMG International. 14055ORA May 2009 GAAP Reporting Workshop 10 Questions

Download ppt "Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP."

Similar presentations

Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,

Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,
Systemwide Audit Scope and PBCs Liezl Sangalang KPMG LLP Year-End GAAP Training April 18, 2014.

Systemwide Audit Scope and PBCs Liezl Sangalang KPMG LLP Year-End GAAP Training April 18, 2014.
Trending Topics in Contract Auditing Presenters: Allen Devine, Senior Manager Dan Smith, Manager Government Contracts.

Trending Topics in Contract Auditing Presenters: Allen Devine, Senior Manager Dan Smith, Manager Government Contracts.
0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.

0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.
The Islamic University of Gaza

The Islamic University of Gaza
May 2008 GAAP Reporting Workshop © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A.

May 2008 GAAP Reporting Workshop © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in U.S.A.
SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.

SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.
The California State University (CSU) GAAP Reporting Manual 2008 12887 ORA 1 © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative.

The California State University (CSU) GAAP Reporting Manual ORA 1 © 2008 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative.
The California State University (CSU) GAAP Reporting Manual 2009 1 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.

The California State University (CSU) GAAP Reporting Manual © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.
Highlights of Changes to the Reporting Package Chapter 9 Presented by Lily Wang Chancellor’s Office KPMG LLP.

Highlights of Changes to the Reporting Package Chapter 9 Presented by Lily Wang Chancellor’s Office KPMG LLP.
Cash Flows Update Chapter 6 Presented by KPMG LLP and CSU.

Cash Flows Update Chapter 6 Presented by KPMG LLP and CSU.
The Audit Process Chapter 9 Presented by Jessica C Smith, Manager KPMG LLP KPMG LLP.

The Audit Process Chapter 9 Presented by Jessica C Smith, Manager KPMG LLP KPMG LLP.
© 2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG.

© 2010 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG.
Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.

Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.
Reporting Package Update Chapter 9 Presented by Lily Wang CSU, Chancellor’s Office KPMG LLP.

Reporting Package Update Chapter 9 Presented by Lily Wang CSU, Chancellor’s Office KPMG LLP.
1 CSU San Bernardino CMS/PeopleSoft Project Updates Open Forum February 7, 2007 9:00am to 10:00am or 2:30pm to 3:30pm Lower Commons, Panorama Room.

1 CSU San Bernardino CMS/PeopleSoft Project Updates Open Forum February 7, :00am to 10:00am or 2:30pm to 3:30pm Lower Commons, Panorama Room.
The California State University (CSU) GAAP Reporting Manual 2009 1 © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.

The California State University (CSU) GAAP Reporting Manual © 2009 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All.

Similar presentations

Ads by Google