Download - Slide Heading Enhanced Professional Development Skills Norm Kelson, CPA, CISA, CGEIT The Kelson Group November 18, 2009 © The Kelson Group, 2009

Slide Heading Enhanced Professional Development Skills

Norm Kelson, CPA, CISA, CGEITThe Kelson Group

November 18, 2009

© The Kelson Group, 2009

Agenda

Slide Heading

Identifying our skill set needs

Fulfilling the skill set

Enhancing our staff

Providing value to the organization


How Has the Audit Landscape Changed?

General Controls, 20%

Existing Applications, 25%

New Applications, 25%

Technical Audits, 30%

Historical Focus


How Has the Audit Landscape Changed? (2)

AS5, 60%IT General

Controls, 10%

All Applications, 30%

SOx Era


How Has the Audit Landscape Changed (3)

SOx Testing, 10%

GRC, 10%

IT Gen Ctrl, 25%Bus Process, 40%


Today


How Has the Audit Landscape Changed (3)

SOx Testing, 5%

GRC, 25%

IT Gen Ctrl, 20%

Bus Process, 40%


Within 5 Years


What Do I Need to Know About My Organization?

• Internal Audit– Mission– Audit Charter

• Business– Long term strategy– Industry– Best practices within industry– Regulations

• Technology– Current architecture– Architecture of the future

• Application Portfolio– Applications topography– Applications functionality


What Do I Need to Know About My Organization? (2)

• IT Service & Delivery Architecture & Practices– In House– Out Sourced

• Governance Framework– COSO?– IT Governance Framework – CobiT/ITIL

• Compliance Approaches & Requirements– AS5– GLBA– PCI-DSS– HIPAA– Federal/State/Local data privacy requirements

• Enterprise Risk Management Approach


Senior Management Drivers


Chief Audit Executive

CIO

C-Suite

Board of

Directors

Regulators

Exte

rnal

Au

dito

rs

Business U

nit

Managem

ent

Drivers for Audit Services

ValueControls

Security

Com

plia

nce

Governance

IT Audit Universe

• Which Audit Landscape?– Historical– SOx Era– Today– Next 5 years


Skills Required

• Communications & Interpersonal Skills– Ability to relate to audit customer– Understand their needs– Argumentation skills– Communicate to technical and non-technical constituencies – written and oral

• Business skills– Industry expertise– Finance/accounting subject-matter competency

• Business process – Understanding of business process– Specific processes to enterprise

• Controls management– Controls framework– Control objectives


Skills Required (2)

• Risk management– Risk assessment methodologies– Enterprise-adopted risk management process

• Value management– Ability to relate control requirements and risk management into a

value to the organization• Project management

– Ability to manage internal audit projects– Ability evaluate effectiveness of enterprise and business projects

• IT Technical– Core technical functions– General IT functions


Take Inventory

• Results of Enterprise Risk Assessment– Essential Audits – Rated “A”– Needed Audits – Rated “B”– Nice to Have Audits – Rated “C”

• What resources needed for “A” and “B” audits?– FTE’s– Skills

• What resources available?• Result is your delta

13© The Kelson Group, 2009

Auditor Skill Sets


Financial

Operational

Business Process /

Applications / Projects

Gen

eral

IT C

ontr

ols

Tech

nica

l IT

Con

trols

Financial Auditor

Business Auditor

IT Audit Generalist

IT Audit Technical Specialist

Subject Matter Experts

• Sources– Financial / Operational / Business / IT Auditors– Internal rotation from technical department– External

• Non-core audit requirements• Internal SME deficiency


Essential Training

• Internal Audit Concepts• Business / Industry Concepts• Finance/Accounting – scope for IT

auditors more limited• Business psychology – as needed• Communications, Argumentation, Written

& Oral Presentation• IT Technical – core functions


How Do I Receive Value from Internal Audit

• Invest in good personnel– Talented staff– Competent and focused training– Reasonable compensation– Reasonable working conditions and tools

• Allocate resources to your staff’s strengths• Identify and select audits that fit the risk

assessment• Keep audit rotations to a minimum of 24 months


How Do I Receive Value from Internal Audit (2)

• Use staff for recurring audits, assign consultants to specialty and non-recurring audits

• Consider building audit teams by line of business– Cohesive team– Lessens learning curve– Include IT audit in Line of Business team

• Keep turnover to a minimum (cost of replacement extremely high)

• Budget reasonable time to an audit – don’t squeeze staff


How Can I Build a High Performance Team

• Resolve Personnel Issues• Provide Opportunity• Empower• Provide training• Support team


Personnel Issues

• Understand the drivers of each generation• Economics push staff

– Recognize burnout– Build for tomorrow – don’t deplete the staff– Mirror staff with management expectations

• Employee Mentoring– Understand employee career goals

• Seek opportunities within company• Keep employee for reasonable period of time• Outplace employees not fitting in

– Provide an open door policy to assist employee in performing duties• Manage but don’t micro-manage• Run interference where appropriate

– Support employee within and outside department– Respect


Training

• Meaningful training to fit Audit Plan• Design training plan for each staff member

– Technical training• Specific expertise• Industry expertise

– Management skills• Leadership• GRC management• Project management

– Business skills• Presentation skills (oral and written)• Finance/Accounting• Industry concentration

• Quality programs• Training program tailored to the needs of each employee• Consider distant learning, where possible

– Give staff time to utilize distant learning


Certification

• Encourage obtaining and maintaining certifications for job function:– Audit related:

• CPA, CISA, CIA, CFE– Security related:

• CISM, CISSP– GRC

• CGEIT, IT Risk – (soon to be announced)• Certification preparation

– Reimburse for certification test fees, reasonable refresher or study courses

– Time off to sit for test– Time off for preparation (reasonable)

• Certification maintenance– Reimburse for yearly fees– Provide training opportunities and reimbursement to maintain

certification in good standing


Management

• Build a team of complimentary skills• Foster open dialogue• Provide feedback• Meet with customers – foster relationships

and represent department


Key Areas for Professional Skill Enhancement

• Governance and related practices• Understanding for financial processes• Understanding business processes• Maintaining core IT technical skills• Improving soft skills


Questions?


Contact Information

Norm Kelson

Telephone: (781) 784-4390

Email: [email protected]


Download - Slide Heading Enhanced Professional Development Skills Norm Kelson, CPA, CISA, CGEIT The Kelson Group November 18, 2009 © The Kelson Group, 2009

Top Related