integrated auditing isaca geek week 2014€¦ · integrated auditing isaca geek week 2014 mike van...
TRANSCRIPT
Integrated Auditing ISACA Geek Week 2014
Mike Van Stone Sekou Kamara August 2014
7/22/2014 2
To provide an introduction to integrated auditing.
To share integrated auditing considerations throughout the audit process:
Resource Management
Training
Risk Assessment and Audit Scoping
Audit Project Management
Communication and Reporting
To increase awareness of IT situations that have a financial impact.
Objectives
7/22/2014 3
Integrated Auditing Introduction
7/22/2014 4
Effectively assessing two or more interdependent functional areas.
Integrated Auditing Definition
7/22/2014 5
Joint IT and business functions and projects
Enterprise risk management-mid 1990’s
Audit committee and business expectations
Implementation of laws, regulations, and standards:
Dodd Frank Act of 2010,
EU Directive on Privacy and Electronic Communications,
American Recovery and Reinvestment Act of 2009
New Accounting standards-Revenue recognition
Drivers for Integrated Audits
7/22/2014 6
What does integrated auditing mean to you?
Integrated Auditing Maturity Index
Awareness of controls outside of core discipline
Limited ability to audit outside of core discipline
Limited # of integrated SMEs
Complete department of integrated SME’s
7/22/2014 7
Why Integration Matters?
Audit Success
Communication
Recognition
Awareness
7/22/2014 8
Benefits of Integration
Partnership
Reduced Cost
Business Acumen
Value added recommend
ations
Transparency
7/22/2014 9
Integrated Auditing Lifecycle
7/22/2014 10
Hiring strategy
Alignment with the audit strategy and plan
Candidate selection
Co-sourcing
Specialists vs. Generalists
Performance management
Rotation plan
Resource Management
7/22/2014 11
Comprehensive training program vision
Multi-tiered training program
Diversity of training
Certification incentives
Alignment with audit plan
Skill self-assessments
Focus training on areas of overlap to raise awareness (see example on slide 19)
Scheduling and on-the-job training
Training
7/22/2014 12
Training
7/22/2014 13
Training
7/22/2014 14
Risk assessment
Risk assessor or team with integrated skill sets
Coordination of risk assessment
Cross functional interview list
Consistent company-wide approach from all risk assessing entities (Enterprise risk council)
Playback communication to stakeholders
Audit scoping
Comprehensive scoping reduces risk blind spots
Minimizes scope creep
Effective staffing plan
Risk Assessment and Audit Scoping
7/22/2014 15
Integrated, not parallel execution
Clear roles
Early and ongoing integrated issue socialization
In-charge with integrated skill set
Complimentary skill sets of preparer and reviewer
Planning for and prioritizing integrated areas
Joint participation in walkthroughs
Audit Project Management
7/22/2014 16
Auditee status meetings with an integrated audience
Cross functional peer reviews
Increased focus on interdependencies.
Integrated report with integrated issues
Less technical, business focused issues
Target the broader report audience
Communication and Reporting
7/22/2014 17
Building Awareness
7/22/2014 18
Project (close) plan? Progress towards timelines?
Documented & enforced policy?
Cross functional handoffs?
Quality review process?
Metrics?
Sufficient resources? Turnover?
Risk and issue mgmt process?
Training? Cross training?
Adequate communication?
Transferrable Skills
7/22/2014 19
Revenue recognition-price concessions, future functionality, general availability
Capitalization-Impairment, sun-setting of products, development methodology
Legal-patent infringement, inadequate software licenses, data breaches and policy failures, misuse of open source software
Accruals-SLA penalties for outages, accrual for third party staffing
Financial management-monitoring vs. the business case
RED ALERT-IT Impacts on Accounting
Questions?
7/22/2014 20