Brink's Modern Internal Auditing
|
|
- Elijah Moore
- 6 years ago
- Views:
Transcription
1 Brink's Modern Internal Auditing A Common Body of Knowledge Seventh Edition ROBERT R. MOELLER WILEY John Wiley & Sons, Inc.
2 Preface About the Author xix XXV PART ONE CHAPTER 1 FOUNDATIONS OF MODERN INTERNAL AUDITING Foundations of Internal Auditing 1.1 Internal Auditing History and Background 1.2 Organization of This Book Note CHAPTER 2 Internal Audit's Common Body of Knowledge What Is a CBOK?: Experiences from Other Professions Institute of Internal Auditor's Research Foundation CBOK What Does an Internal Auditor Need to Know? Modern Internal Auditing's CBOK Going Forward 19 Notes 19 PART TWO CHAPTER 3 IMPORTANCE OF INTERNAL CONTROLS Internal Control Framework: The COSO Standard 3.1 Importance of Effective Internal Controls 3.2 Internal Controls Standards: Background (a) Internal Control Definitions: Foreign Corrupt Practices Act of 1977 (b) FCPA Aftermath: What Happened? 3.3 Events Leading to the Treadway Commission (a) Earlier AICPA Standards: SAS No. 55 (b) Treadway Committee Report 3.4 COSO Internal Control Framework (a) Control Environment (b) Risk Assessment (c) Control Activities (d) Communications and Information (e) Monitoring
3 3-5 Other Dimensions of the COSO Internal Controls Framework 3.6 Internal Audit CBOK Needs Notes CHAPTER 4 Sarbanes-Oxley and Beyond Key Sarbanes-Oxley Act Elements 54 (a) Title I: Public Company Accounting Oversight Board 55 (b) Title II: Auditor Independence 60 (c) SOx Title III: Corporate Responsibility 62 (d) Title IV: Enhanced Financial Disclosures 68 (e) Title V: Analyst Conflicts of Interest 72 (f) Titles VI through X: Fraud Accountability and White-Collar Crime 72 (g) Title XI: Corporate Fraud Accountability Performing Section 404 Reviews under AS 5 75 (a) Section 404 Internal Controls Assessments Today 75 (b) Launching the Section 404 Compliance Review AS 5 Rules and Internal Audit Impact of the Sarbanes-Oxley Act 87 Notes 87 CHAPTER 5 CHAPTER 6 Another Internal Controls Framework: CobiT 5.1 Introduction to CobiT 5.2 CobiT Framework (a) CobiT Cube Components: IT Resources (b) CobiT Cube Components 5.3* Using CobiT to Assess Internal Controls (a) Planning and Enterprise (b) Acquisition and Implementation (c) Delivery and Support (d) Monitoring and Evaluation 5.4 Using CobiT in a SOx Environment 5.5 CobiT Assurance Framework Guidance 5.6 CobiT in Perspective Notes Risk Management: COSO ERM 6.1 Risk Management Fundamentals (a) Risk Identification (b) Key Risk Assessments (c) Quantitative Risk Analysis 6.2 COSO ERM: Enterprise Risk Management 6.3 COSO ERM Key Elements (a) Internal Environment Component (b) Objective Setting (c) Event Identification
4 Vll (d) Risk Assessment 134 (e) Risk Response 136 (f) Control Activities 138 (g) Information and Communication 140 (h) Monitoring Other Dimensions of COSO ERM: Enterprise Risk Objectives 142 (a) Operations Risk Management Objectives 142 (b) Reporting Risk Management Objectives 143 (c) Legal and Regulatory Compliance Risk Objectives Entity-Level Risks 145 (a) Risks Encompassing the Entire Organization 145 (b) Business Unit-Level Risks Putting It All Together Auditing Risk and COSO ERM Processes Risk Management and COSO ERM in Perspective 147 Notes 149 PART THREE PLANNING AND PERFORMING INTERNAL AUDITS 151 CHAPTER 7 Performing Effective Internal Audits Organizing and Planning Internal Audits Internal Audit Preparatory Activities 155 (a) Determine the Audit Objectives 157 (b) Audit Scheduling and Time Estimates 158 (c) Preliminary Surveys Starting/the Internal Audit 160 (a) Internal Audit Field Survey 163 (b) Documenting the Internal Audit Field Survey 164 (c) Field Survey Auditor Conclusions Developing and Preparing Audit Programs 166 (a) Audit Program Formats and Their Preparation 167 (b) Types of Audit Evidence Performing the Internal Audit 172 (a) Internal Audit Fieldwork Initial Procedures 173 (b) Audit Fieldwork Technical Assistance 175 (c) Audit Management Fieldwork Monitoring 175 (d) Potential Audit Findings 176 (e) Audit Program and Schedule Modifications 178 (f) Reporting Preliminary Audit Findings to Management Wrapping Up the Field Engagement Internal Audit Performing an Individual Internal Audit 180 CHAPTER 8 Standards for the Professional Practice of Internal Auditing Internal Auditing Professional Practice Standards 184 (a) Background of the IIA Standards 184
5 V1U Contents (b) IIA's Current Standards: What Has Changed (c) 2009 New Internal Audit Standards 8.2 Content of the IIA Standards (a) Internal Audit Attribute Standards (b) Internal Audit Performance Standards 8.3 Codes of Ethics: The IIA and ISACA Notes CHAPTER 9 Testing, Assessing, and Evaluating Audit Evidence Gathering Appropriate Audit Evidence Audit Assessment and Evaluation Techniques Internal Audit Judgmental Sampling Statistical Sampling: An Introduction 204 (a) Statistical Sampling Concepts 205 (b) Developing a Statistical Sampling Plan 210 (c) Audit Sampling Approaches Monetary Unit Sampling 225 (a) Selecting the Monetary Unit Sample: An Example 225 (b) Performing the Monetary Unit Sampling Test 227 (c) Evaluating Monetary Unit Sample Results 228 (d) Monetary Unit Sampling Advantages and Limitations Variables and Stratified Variables Sampling Other Audit Sampling Techniques 232 (a) Multistage Sampling 232 (b) Replicated Sampling 232 (c) Bayesian Sampling Making Efficient and Effective Use of Audit Sampling 233 Notes 236 CHAPTER 10 Audit Programs and Establishing the Audit Universe Denning the Scope and Objectives of the Internal Audit Universe Assessing Internal Audit Capabilities and Objectives Audit Universe Time and Resource Limitations "Selling" the Audit Universe to the Audit Committee and Management Assembling Audit Programs: Audit Universe Key Components 247 (a) Audit Program Formats and Their Preparation 248 (b) Types of Program Audit Evidence Audit Universe and Program Maintenance 252 CHAPTER 11 Control Self-Assessments and Benchmarking 11.1 Importance of Control Self-Assessments 11.2 CSA Model
6 IX 11.3 Launching the CSA Process 255 (a) Performing the Facilitated CSA Review 257 (b) Performing the Questionnaire-Based CSA Review 259 (c) Performing the Management-Produced Analysis CSA Review 26l 11.4 Evaluating CSA Results 26l 11.5 Benchmarking and Internal Audit 262 (a) Implementing Benchmarking to Improve Processes 263 (b) Benchmarking and the IIA's GAIN Initiative Better Understanding Internal Audit Activities 269 Notes 269 PART FOUR ORGANIZING AND MANAGING INTERNAL AUDITOR ACTIVITIES 271. CHAPTER 12 Internal Audit Charters and Building the Internal Audit Function Establishing an Internal Audit Function Audit Charter: Audit Committee and Management Authority Building the Internal Audit Staff 275 (a) Role of the CAE 277 (b) Internal Audit Management Responsibilities 278 (c) Internal Audit Staff Responsibilities 278 (d) / Information Systems Audit Specialists 281 (e) Other Internal Auditor Specialists Internal Audit Department Organization Approaches 283 (a) Centralized versus Decentralized Internal Audit Organization Structures 283 (b) Organizing the Internal Audit Function Internal Audit Policies and Procedures Professional Development: Building a Strong Internal Audit Function 292 Note 292 CHAPTER 13 Internal Audit Key Competencies 13.1 Importance of Internal Audit Key Competencies 13.2 Internal Auditor Interview Skills 13.3 Analytical Skills 13.4 Testing and Analysis Skills 13.5 Internal Auditor Documentation Skills 13.6 Recommending Results and Corrective Actions 13.7 Internal Auditor Communication Skills 13.8 Internal Auditor Negotiation Skills
7 13-9 Internal Auditor Commitment to Learning Importance of Internal Auditor Core Competencies 304 CHAPTER 14 Understanding Project Management Project Management Processes 305 (a) Project Management Book of Knowledge 306 (b) Developing a Project Management Plan PMBOK Program and Portfolio Management Organizational Process Maturity Model Using Project Management for Effective Internal Audit Plans Project Management Best Practices and Internal Audit 318 Notes 319 CHAPTER 15 Planning and Performing Internal Audits 321 ' 15.1 Understanding the Environment: Launching an Internal Audit Documenting and Understanding the Internal Controls Environment Performing Appropriate Internal Audit Procedures Wrapping Up the Internal Audit Performing Internal Audits 328 CHAPTER 16 Documenting Results through Process Modeling and Workpapers Internal Audit Documentation Requirements Process Modeling for Internal Auditors 331 (a) Understanding the Process Modeling Hierarchy 332 (b) Describing and Documenting Key Processes 332 (c) Process Modeling and the Internal Auditor Internal Audit Workpapers 335 (a) Workpaper Standards 338 (b) Workpaper Formats 339 (c) Workpaper Document Organization 340 (d) Workpaper Preparation Techniques 344 (e) Workpaper Review Processes Internal Audit Document Records Management Importance of Internal Audit Documentation 349 Note 350 CHAPTER 17 Reporting Internal Audit Results 17.1 Purposes and Types of Internal Audit Reports 17.2 Published Audit Reports (a) Approaches to Published Audit Reports (b) Elements of an Audit Report Finding
8 XI (c) Balanced Audit Report Presentation Guidelines 362 (d) Alternative Audit Report Formats Internal Audit Reporting Cycle 366 (a) Draft Audit Reports 368 (b) Audit Reports: Follow-Up and Summary 371 (c) Audit Report and Workpaper Retention Effective Internal Audit Communications Opportunities Audit Reports and Understanding the People in Internal Auditing 376 PART FIVE IMPACT OF INFORMATION TECHNOLOGY ON INTERNAL AUDITING 379 CHAPTER 18 IT General Controls and ITIL Best Practices Importance of IT General Controls Client-Server and Smaller Systems' General IT Controls 383 (a) General Controls for Small Business Systems 384 (b) Smaller Systems' IT Operations Internal Controls 388 (c) Auditing IT General Controls for Smaller IT Systems Components and Controls of Mainframe and Legacy Systems 394 (a) Characteristics of Larger IT Systems 394 (b) Classic Mainframe or Legacy Computer Systems 396 (c) Operating Systems Software Legacy System General Controls Reviews ITIL Service Support and Delivery Infrastructure Best Practices 405 (a) ITIL Service Support Incident Management 407 (b) Service Support Problem Management Service Delivery Best Practices 414 (a) Service Delivery Service-Level Management 415 (b) Service Delivery Financial Management for IT Services 418 (c) Service Delivery Capacity Management 419 (d) Service Delivery Availability Management 421 (e) Service Delivery Continuity Management Auditing IT Infrastructure Management Internal Auditor CBOK Needs for IT General Controls 423 Notes 424 CHAPTER 19 Reviewing and Assessing IT Application Controls 19.1 IT Application Control Components (a) Application Input Components (b) Application Programs (c) IT Application Output Components
9 xii Contents 19.2 Selecting Applications for Internal Audit Reviews Preliminary Steps to Performing Applications Controls Reviews 437 (a) Conducting an Application Walk-Through 439 (b) Developing Application Control Objectives Completing the IT Application's Controls Audit 443 (a) Clarifying and Testing Audit Internal Control Objectives 444 (b) Completing the Application Controls Review Application Review Example: Client-Server Budgeting System 448 (a) Reviewing Capital Budgeting System Documentation 449 (b) Identifying Capital Budgeting Application Key Controls 450 (c) Performing Application Tests of Compliance Auditing Applications under Development 451 (a) Objectives and Obstacles of Preimplementation Auditing 452 (b) Preimplementation Review Objectives 453 (c) Preimplementation Review Problems 454 (d) Preimplementation Review Procedures Importance of Reviewing IT Application Controls 459 Notes 459 CHAPTER 20 Cybersecurity and Privacy Controls IT Network Security Fundamentals 462 (a) Security of Data 463 (b) Importance of IT Passwords 464 (c) Viruses and Malicious Program Code 465 (d) Phishing and Other Identity Threats 467 (e) IT System Firewalls 468 (f) Other Computer Security Issues IT Systems Privacy Concerns 469 (a) Data Profiling Privacy Issues 469 (b) Online Privacy and E-Commerce Issues 470 (c) Radio Frequency Identification 470 (d) Absence of U.S. Federal Privacy Protection Laws Auditing IT Security and Privacy Security and Privacy in the Internal Audit Department 474 (a) Security and Control for Auditor Computers 474 (b) Workpaper Security 475 (c) Audit Reports and Privacy 477 (d) Internal Audit Security and Privacy Standards and Training PCI-DSS Fundamentals Internal Audit's Privacy and Cybersecurity Roles 479 Notes 479
10 xiu CHAPTER 21 Computer-Assisted Audit Tools and Techniques Understanding Computer-Assisted Audit Tools and Techniques Determining the Need for CAATTs CAATT Software Tools 487 (a) Types of CAATTs: Generalized Audit Software 488 (b) Report Generators Languages 489 (c) Desktop and Laptop CAATTs 491 (d) Test Data or Test Deck Approaches 492 (e) Specialized Audit Test and Analysis Software 496 (D Embedded Audit Procedures Selecting Appropriate CAATT Processes Steps to Building Effective CAATTs Using CAATTs for Audit Evidence Gathering 503 Notes 504 CHAPTER 22 Business Continuity Planning and IT Disaster Recovery IT Disaster and Business Continuity Planning Today Auditing Business Continuity Planning Processes (a) Internal Auditor Centralized Data Center BCP Reviews (b) Client-Server Continuity Planning Internal Audit Procedures (c) Continuity Planning for Desktop and Laptop Applications Building the IT Business Continuity Plan (a) Risks, Business Impact Analysis, and the Impact Potential Emergencies (b) Preparing for Possible Contingencies (c) Disaster Recovery: Handling the Emergency (d) Business Continuity Plan Enterprise Training Business Continuity Planning and Service-Level Agreements Newer Business Continuity Plan Technologies: Data Mirroring Techniques Auditing Business Continuity Plans Business Continuity Planning Going Forward Notes of PART SIX INTERNAL AUDIT AND ENTERPRISE GOVERNANCE 529 CHAPTER 23 Board Audit Committee Communications 23.1 Role of the Audit Committee 23.2 Audit Committee Organization and Charters 23.3 Audit Committee's Financial Expert and Internal Audit
11 XIV Contents 23.4 Audit Committee Responsibilities for Internal Audit 539 (a) Appointment of the Chief Audit Executive 541 (b) Approval of Internal Audit Charter 542 (c) Approval of Internal Audit Plans and Budgets 543 (d) Audit Committee Review and Action on Significant Audit Findings Audit Committee and Its External Auditors Whistleblower Programs and Codes of Conduct Other Audit Committee Roles 547 CHAPTER 24 Ethics and Whistleblower Programs Enterprise Ethics, Compliance, and Governance 550 (a) Ethics First Steps: Developing a Mission Statement 551 (b) Understanding the Ethics Risk Environment 553 (c) Summarizing Ethics Survey Results: Do We Have a Problem? Enterprise Codes of Conduct 556 (a) Code of Conduct Contents: What Should Be the (b) Code's Message? 557 Communications to Stakeholders and Assuring Compliance 559 (c) Code Violations and Corrective Actions 560 (d) Keeping the Code of Conduct Current 56l 24.3 Whistleblower and Hotline Functions 562 (a) Federal Whistleblower Rules 563 (b) SOx Whistleblower Rules and Internal Audit 564 (c) Launching an Enterprise Help or Hotline Function Auditing the Enterprise's Ethics Functions Improving Corporate Governance Practices 569 Notes 569 CHAPTER 25 Fraud Detection and Prevention Understanding and Recognizing Fraud Red Flags: Fraud Detection Signs for Internal Auditors Public Accounting's Role in Fraud Detection IIA Standards for Detecting and Investigating Fraud Fraud Investigations for Internal Auditors Information Technology Fraud Prevention Processes Fraud Detection and the Internal Auditor 585 Notes 585 CHAPTER 26 HIPAA, GLBA, and Other Compliance Requirements 26.1 HIPAA: Healthcare and Much More (a) HIPAA Patient Record Privacy Rules (b) Cryptography, PKI, and HIPAA Security Requirements
12 xv (c) HIPAA Security Administrative Procedures 593 (d) Technical Security Services and Mechanisms 594 (e) Going Forward: HIPAA and E-Commerce Gramm-Leach-Bliley Act Internal Audit Rules 595 (a) GLBA Financial Privacy Rules 596 (b) GLBA Safeguards Rule 598 (c) GLBA Pretexting Provisions Other Personal Privacy and Security Legislative Requirements 600 PART SEVEN CHAPTER 27 THE PROFESSIONAL INTERNAL AUDITOR Professional Certifications: CIA, CISA, and More , Certified Internal Auditor Responsibilities and Requirements (a) The CIA Examination (b) Maintaining Your CIA Certification Beyond the CIA: Other IIA Certifications (a) (b) CCSA Requirements CGAP Requirements (c) CFSA W Requirements (d) Importance of the CIA Specialty Certification Examinations Certified Information Systems Auditor (CISA) Requirements Certified Information Security Manager Certification Certified Fraud Examiner CISSP Information Systems Security Professional Certification ASQ Internal Audit Certifications Other Internal Auditor Certifications CHAPTER 28 Internal Auditors as Enterprise Consultants Standards for Internal Audit as an Enterprise Consultant Launching an Internal Audit Internal Consulting Capability Ensuring an Audit and Consulting Separation of Duties Consulting Best Practices 635 (a) First Steps: Launching a Consulting Assignment 636 (b) Consulting Engagement Letters 637 (c) Consulting Process: Denning "As Is" and "To Be" Objectives 638 (d) Implementing Consulting Recommendations 640 (e) Documenting and Completing the Consulting Engagement Expanded Internal Audit Services to Management 640 Note 641
13 XVI Contents CHAPTER 29 Continuous Assurance Auditing and XBRL Implementing Continuous Assurance Auditing 644 (a) What Is a CAA Monitoring Process? 645 (b) Resources for Implementing CAA Benefits of CAA XBRL: Internet-Based Extensible Business Reporting Language 651 (a) XBRL Defined 652 (b) Implementing XBRL Data Warehouses, Data Mining, and OLAP 655 (a) Importance of Storage Tools 655 (b) Data Warehouses and Data Mining 656 (c) Online Analytical Processing Newer Technologies, the Continuous Close, and Internal Audit 659 Notes 660 PART EIGHT INTERNAL AUDITING PROFESSIONAL CONVERGENCE CBOK REQUIREMENTS 661 CHAPTER 30 ISO 27001, ISO 9000, and Other International Standards Importance of ISO Standards in Today's Global World ISO Standards Overview 666 (a) ISO 9001 Quality Management Systems and Sarbanes-Oxley 667 (b) IT Security Standards: ISO and (c) IT Security Technique Requirements: ISO (d) Service Quality Management: ISO ISO Quality Management Systems Auditing ISO Standards and Internal Auditors 678 Notes 678 CHAPTER 31 Quality Assurance Auditing and ASQ Standards Duties and Responsibilities of Quality Auditors Role of the Quality Auditor Performing ASQ Quality Audits Quality Auditors and the IIA Internal Auditor Quality Assurance Reviews of the Internal Audit Function 688 (a) Benefits of an Internal Audit Quality-Assurance (b) Review 689 Elements of an Internal Audit Quality-Assurance Review 690 (c) Who Performs the Quality-Assurance Review? Launching the Internal Audit Quality-Assurance Review 694 (a) Quality-Assurance Review Approaches 695
14 xvii 31.7 (b) Example Quality-Assurance Review of an Internal Audit Function 696 (c) Reporting the Results of an Internal Audit Quality-Assurance Review 702 Future Directions for Quality-Assurance Auditing 704 Notes 705 CHAPTER 32 Six Sigma and Lean Techniques Six Sigma Background and Concepts Implementing Six Sigma 709 (a) Six Sigma Leadership Roles and Responsibilities 711 (b) Launching the Six Sigma Project Lean Six Sigma Auditing Six Sigma Processes Six Sigma in Internal Audit Operations 719 Note 721 CHAPTER 33 International Internal Auditing and Accounting Standards " International Accounting and Auditing Standards: How Did We Get Here? Financial Reporting Standards Convergence IFRS: What Internal Auditors Need to Know International Internal Auditing Standards Next Steps in Internal Audit Standards 729 CHAPTER 34 CBOK for the Modern Internal Auditor Part One: Foundations of Modern Internal Auditing Part Two: Importance of Internal Controls Part Three: Planning and Performing Internal Audits Part Four: Organizing and Managing Internal Audit Activities Part Five: Impact of Information Technology on Internal Auditing Part Six: Internal Audit and Enterprise Governance Part Seven: The Professional Internal Auditor Part Eight: Internal Auditing Professional Convergence CBOK Requirements A CBOK for Internal Auditors 736 Note 737 Index 739
Sarbanes-Oxley and the New Internal Auditing Rules
Sarbanes-Oxley and the New Internal Auditing Rules ROBERT R. MOELLER John Wiley & Sons, Inc. Sarbanes-Oxley and the New Internal Auditing Rules Sarbanes-Oxley and the New Internal Auditing Rules ROBERT
More informationDespite all of the cataclysmic predictions of computer systems and other
c01.tex (001-008) 12/12/03 2:55 PM Page 1 CHAPTER 1 Introduction ACCOUNTING AND AUDITING SCANDALS AND INTERNAL AUDIT Despite all of the cataclysmic predictions of computer systems and other process-related
More informationTools & Techniques II: Lead Auditor
About This Course Tools & Techniques II: Lead Auditor Course Description Learn the skills necessary to lead an audit team with confidence. This course provides an overview of the life cycle of an audit
More informationUnderstanding Changes to the Certified Internal Auditor Program for 2013
Understanding Changes to the Certified Internal Auditor Program for 2013 Certified Internal Auditor (CIA ) 2013 Content Change Overview: This document is provided by IIA Global Headquarters to explain
More informationBenchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date
Benchmarking Report Share, Compare, Validate Year: 2017 Your Organization Date Benchmarking Tier 1: Your Organization Benchmarking Tier 2: Services Benchmarking Tier 3: Services $1B to $5B Benchmarking
More informationLeading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger
Leading the Global Profession into the Next Decade Doing More with Less The Lean Internal Audit Model Larry Rieger 1 Agenda How chief audit executives and internal audit functions remain relevant Market
More informationAbout the Pulse of Internal Audit
About the Pulse of Internal Audit Number of Responses The IIA s Audit Executive Center (AEC ) has gathered insight from leaders in the CAEs 460 profession through the annual Pulse of Internal Audit survey
More informationThe Future of Internal Auditing:
Internal Audit The Future of Internal Auditing: Changing Internal Audit s Value Proposition October 12, 2010 Istanbul, Turkey Presented by: Naman Parekh Partner, Agenda Background of the 2012 Study Key
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationRisk Advisory Services (RAS)
Risk Advisory Services Internal Audit With increasing legal requirements and growing importance of effective corporate governance in businesses and organizations internal audit plays an increasingly greater
More informationFrom Dubai to Beijing
From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board What Happens After GC? Global Council plays a key role in the governance process of The IIA. Discussion results are
More informationEFFICIENT USE OF AUDIT COMMITTEES
AGENDA EFFICIENT USE OF AUDIT COMMITTEES BRENT YOUNG, CPA JERRY GAITHER, CPA Best practices related to: Audit Committee Process Internal Audit Risk Management 2 AUDIT COMMITTEE PROCESS AND PROCEDURES Audit
More informationPractice Advisory : Quality Assurance and Improvement Program
Practice Advisory 1300-1: Quality Assurance and Improvement Program Primary Related Standard 1300: Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationInternal Audit Technician Training program Modules & Outcomes
Internal Audit Technician Training program Modules & Outcomes Training modules supplementary to the Workplace Structured Training Training Module 1: Introduction Building the foundations Content Day 1
More informationCorporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14
Slide 14.1 Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14 Rick Stephan Hayes, Roger Dassen, Arnold Schilder, Philip Wallage Slide 14.2 Corporate
More informationMc Graw Hill Education
Accounting Information Systems Vernon J. Richardson University of Arkansas C. Janie Chang San Diego State University Rodney Smith California State University, Long Beach Mc Graw Hill Education Contents
More informationEmerging Technology and Security Update
Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy
More informationCOSO ENTERPRISE RISK MANAGEMENT
COSO ENTERPRISE RISK MANAGEMENT UNDERSTANDING THE NEW INTEGRATED ERM FRAMEWORK ROBERT R. MOELLER JOHN WILEY & SONS, INC. COSO ENTERPRISE RISK MANAGEMENT COSO ENTERPRISE RISK MANAGEMENT UNDERSTANDING
More informationJune 2016 Issue 05/2016
CBOK 2015: THE TOP 7 SKILLS CAEs WANT Building the right mix of talent for your organisation This report is part of the 2015 Global Internal Audit Common Body of Knowledge (CBOK) Practitioner Study series.
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationAugust 14, Dear Ms. Gula:
Department of Internal Audit North End Center, Suite 3200, Virginia Tech 300 Turner Street NW Blacksburg, Virginia 24061 Campus Mail Code: 0328 540-231-5883 Fax: 540-231-4681 www.ia.vt.edu August 14, 2013
More informationPractice Guide. Developing the Internal Audit Strategic Plan
Practice Guide Developing the Internal Audit Strategic Plan JUly 2012 Table of Contents Executive Summary... 1 Introduction... 2 Strategic Plan Definition and Development... 2 Review of Strategic Plan...
More informationUsing the COSO Map. Unpublished Article By Larry Hubbard
Unpublished Article By Larry Hubbard Internal Control Integrated Framework published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission How many times have we read articles
More informationCHAPTER 15: ENTERPRISE RISK MANAGEMENT - SUPPLEMENTAL MATERIAL
CHAPTER 15: ENTERPRISE RISK MANAGEMENT - SUPPLEMENTAL MATERIAL Robert N. Charette From the book The Next Wave of Technologies: Opportunities in Chaos by Phil Simon ERM Frameworks Competition for Hearts
More informationInternal Control & Sarbanes-Oxley Act. ERPANET Workshop. Antwerp, April 14, PwC
Internal Control & Sarbanes-Oley Act ERPANET Workshop Antwerp, April 14, 2004 PwC 2 Pw Agenda Background The Sarbanes-Oley Act - An Overview Approach to 404 readiness Background Reasons for New Legislation
More informationAdvanced External Auditing [AU2] Examination Blueprint
Purpose Advanced External Auditing [AU2] Examination Blueprint 2014-2015 The Advanced External Auditing [AU2] examination has been constructed using an examination blueprint. The blueprint, also referred
More informationBUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017
For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM
More informationFormat and organization of GAGAS Auditor preparation of financials is a significant threat to independence 3 party arrangements in government State
The Yellow Book = GAGAS GAGAS = Generally Accepted Government Auditing Standards Overlay of Generally Accepted Auditing Standards (GAAS) issued by the Auditing Standards Board GAGAS contains the framework
More informationCompetency Area: Business Continuity and Information Assurance
Competency Area: Business Continuity and Information Assurance Area Description: Business Continuity and Information Assurance competency area mainly concerns the continuity, auditing and assurance of
More informationIPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:
IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements
More informationChecklist for Higher Education
Checklist for Higher Education The following section contains a checklist addressing issues of particular relevance to higher education. The guidance is considered best practice for higher education. The
More informationFIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER
FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER For so long as shares of Fiat Chrysler Automobiles N.V. (the Company ) are listed on the New York Stock Exchange ( NYSE ), the rules of the NYSE and
More information2013 COSO Internal Control Framework Update. September 5, 2013
2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to
More informationA Discussion About Internal Controls February 2016
A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal
More informationThe World Bank Audit Firm Assessment Questionnaire
The World Bank Audit Firm Assessment Questionnaire Assessment of audit firms in the Africa Region Background The Bank s financial management Bank Procedures (BP) and Operations Policy (OP) (BP/OP 10.00)
More informationStrengthening Control and integrity: A Checklist for government Managers
Forum: Analytics and Risk Management Tools for Making Better Decisions Strengthening Control and integrity: A Checklist for government Managers By James A. Bailey The next contribution is based on a Center
More informationDeveloping the IT Audit Plan
Developing the IT Audit Plan Global Technology Audit Guide (GTAG) Written in straightforward business language to address a timely issue related to IT management, control, and security, the GTAG series
More informationAudit Committee Performance Evaluation
Audit Committee Performance Evaluation The following Deloitte & Touche LLP ( Deloitte & Touche ) questionnaire can be used to assist in the self-assessment of an audit committees performance. The questionnaire
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationInternational Finance Corporation
International Finance Corporation Corporate Governance and Internal Audit Overview Bob Lamm Independent Senior Advisor Center for Corporate Governance Deloitte LLP Neil White Global IA Analytics Leader
More informationAUDIT COMMITTEE CHARTER
- 1 - AUDIT COMMITTEE CHARTER I. ROLE AND OBJECTIVES The Audit Committee is a committee of the Board of Directors (the "Board") of Pembina Pipeline Corporation (the "Corporation") to which the Board has
More informationunderstanding business processes Brett CONSIDINE Alison PARKES Yvette BLOUNT
Accounting INFORMATION Systems understanding business processes 4t h edition Brett CONSIDINE Alison PARKES Karin OLESEN Yvette BLOUNT Derek SPEER WILEY John Wiley & Sons Australia, Ltd PREFACE x ACKNOWLEDGEMENTS
More informationSOX FOR NPO S Focus on Control. Stephen L. Kuptz, CPA
SOX FOR NPO S Focus on Control Stephen L. Kuptz, CPA Personal Background and Perspective SOX for NPO s Focus on Control 2 Introduction to SOX The Sarbanes Oxley Act of 2002 commonly called Sarbanes Oxley,
More informationSIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure
SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure SIAAB Interpretation Adopted July 9, 2013 Revised In Accordance
More informationGoldSRD Audit 101 Table of Contents & Resource Listing
Au GoldSRD Audit 101 Table of Contents & Resource Listing I. IIA Standards II. GTAG I (Example Copy of the Contents of the GTAG Series) III. Example Audit Workprogram IV. Audit Test Workpaper Example V.
More informationIT and Enterprise Governance By Michael J. A. Parkinson, CISA, CIA, and Nicholas J. Baker, CPA
Copyright 2005 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. IT and Enterprise Governance By Michael J. A. Parkinson, CISA, CIA, and Nicholas J. Baker, CPA Enterprise
More informationPractice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR
Practice Guide ASSESSING ORGANIZATIONAL GOVERNANCE IN THE PUBLIC SECTOR OCTOBER 2014 Table of Contents Executive Summary... 1 Introduction... 1 Public Sector Characteristics... 4 Public Sector Structure...
More informationENTERPRISE RISK SERVICES Managing Risk, Driving Results
ENTERPRISE RISK SERVICES Managing Risk, Driving Results Risk Management Solutions At MNP, our Enterprise Risk Services team assists organizations as they navigate through uncertainty by helping them effectively
More informationInternal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP
Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP March 28, 2012-1 - Speaker Introduction Laurie Shen is a Director at Grant Thornton's Northeast Internal Audit
More informationImplementation Guide 1312
Implementation Guide 1312 Standard 1312 External Assessments External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the
More informationAudit Committee Member Roles and Responsibilities
PURPOSE OF THIS TOOL: The following information illustrates how the audit committee might be structured and assigns roles and responsibilities between the audit committee and finance committee. Not-for-profits
More informationIndependent Validation of the Internal Auditing Self-Assessment
Minnesota State Colleges & Universities Office of Internal Auditing Independent Validation of the Internal Auditing Self-Assessment Final Report March 7, 2007 Reference Number: 2007-03-004 INDEPENDENT
More informationOffice of Internal Auditing
Office of Internal Auditing FY 2017 Annual Report Page Intentionally Blank CONTENTS Executive Summary... 4 Introduction... 5 Personnel/Proficiency/Professional Development... 6 Resources - Allocation...
More informationCORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE
CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE What is on the agenda Corporate Governance: In Theory Brief history The concept Principles Corporate Governance: In Practice Corporate governance elements
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More information2012 IIA Standards Update
2012 IIA Standards Update International Internal Audit Standards Board (IIASB) October 2012 1 Session Overview Why the Standards matter Standards-setting due process The key changes in 2012 Best practices
More informationi am pleased to transmit to you a summary of the Public Company Accounting
PCAOB Public Company Accounting Oversight Board May 27, 2005 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 ww.pcaobus.org By Hand Deliverv The Honorable Wiliam
More informationQuality Sign off for Internal Audit Engagement. Name of Audit
This is a sample of a quality sign off form for an internal audit engagement and is intended as a practical example. It should be reviewed and modified to suit the operations of your Internal Audit function.
More information2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org
2014 Global Council Dubai, UAE 6-9 March 2014 DAY 2 Opening Remarks Paul J. Sobel, Chairman of the Board Agenda - Tuesday Opening Remarks P. Sobel Expanding the Umbrella of the IIA D. Beran Tuesday Discussion
More information2. The name of a private person bringing a civil action in the name of the U.S. is. 3. Medicare Part A pays primarily for.
Intro & Basics of the Law to Antitrust Laws (Possible 12 Continuing Education Units with 75% correct) 1. Name two benefits of a Compliance Program? 2. The name of a private person bringing a civil action
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationDAVITA INC. AUDIT COMMITTEE CHARTER
DAVITA INC. AUDIT COMMITTEE CHARTER I. Audit Committee Purpose The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of (the Company ) to assist the Board in fulfilling
More information4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.
Commitment to Good Corporate Governance 1. Ownership structure. Please provide a chart setting out the important shareholdings, holding companies, affiliates and subsidiaries of the company. If the company
More informationReview of Duke Energy Florida, LLC Internal Audit Function
Review of Duke Energy Florida, LLC Internal Audit Function MAY 2017 B Y A U T H O R I T Y O F The Florida Public Service Commission Office of Auditing and Performance Analysis Review of Duke Energy Florida,
More informationB S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013
B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR
More informationEducation Quality Development for Excellence Performance with Higher Education by Using COBIT 5
Education Quality Development for Excellence Performance with Higher Education by Using COBIT 5 Kemkanit Sanyanunthana Abstract The purpose of this research is to study the management system of information
More informationWhat We Will Cover Today
Standards for the Professional Practice of Internal Auditing The IIA Red Book The Basics of Internal Auditing September 8, 2014 Sam McCall, PhD, CPA, CGFM, CIA, CGAP, CIG Chief Audit Officer Florida State
More informationCHARTER OF THE SONOMA COUNTY INTERNAL AUDIT FUNCTION JANUARY 15, 2013
I. Introduction CHARTER OF THE JANUARY 15, 2013 ATTACHMENT B Fiscal Policy IA-1 A. The Institute of Internal Auditors (IIA) defines internal auditing as "an independent objective assurance and consulting
More informationThe Internal Auditor s Duties Outside of Auditing
The Internal Auditor s Duties Outside of Auditing Dean Rohne, CPA, CIA dean.rohne@claconnect.com 1 1 Session Objectives Discuss the internal auditor s interaction with the supervisory committee and management
More information[RELEASE NOS ; ; FR-77; File No. S ]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationThe IPPF in How changes to The IIA s guidance framework can benefit internal auditors and SAIs
The IPPF in 2017 How changes to The IIA s guidance framework can benefit internal auditors and SAIs From the Previous IPPF To the New IPPF International Professional Practices Framework Launched July 2015
More informationSOX106. Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours. Objectives
SOX106 Accounts Payable and Sarbanes-Oxley; Strengthening your Internal Controls- 10 hours Objectives This course describes how Sarbanes Oxley requirements should be implemented as they pertain to accounts
More informationReport. Quality Assessment of Internal Audit at <Organisation> Draft Report / Final Report
Report Quality Assessment of Internal Audit at Draft Report / Final Report Quality Self-Assessment by Independent Validation by Table of Contents 1.
More informationFLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06
FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06 Self-Assessment with External Independent Validation May 9, 2017 Sam McCall, PhD, CPA, CGMA, CGFM, CIA, CGAP, CIG, Chief Audit
More informationNORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS NORFOLK SOUTHERN CORPORATION Committee s Role and Purpose The Audit Committee (Committee) is a standing committee, the chair and members of which
More informationThis charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.
CORPORATE AUDIT DEPARTMENT CHARTER PURPOSE This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department. The Institute of Internal Auditors
More informationInternal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)
Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Assessor 1: Assessor 2: Date: Date: Legend: Generally
More informationCOSO 2013: Updated internal control framework
COSO 2013: Updated internal control framework Athens, 10 October 2013 Background COSO's structure and mission COSO 1 is a joint initiative of five sponsoring organizations - American Accounting Association
More information1. Same Same. 3. Same. 4. Same. 1. Same. 2. Same.
Chief of Internal Audit: Role 1 and Responsibility Assessment Tool 2 Part of the IFC s Advanced Methodology for Financial Institutions I. Personal Qualification II. General Knowledge and Professional Skills
More informationGuidance for Smaller Public Companies Reporting on Internal Control Over Financial Reporting Exposure Draft
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 13 January 2006 COSO Board In care of Dr.
More informationThe Red (Book) Rocks The Latest and Greatest Audit Standards
The Red (Book) Rocks The Latest and Greatest Audit Standards Presenter Toni Stephens Chief Audit Executive The University of Texas at Dallas Insert Logo Here Course Objectives Explain the development of
More informationISACA S IT Audit, Information Security & Risk Insights Africa 2014 MAY, 2014
ISACA S IT Audit, Information Security & Risk Insights Africa 2014 MAY, 2014 MANAGING IT RISKS IN THE BANKING INDUSTRY Emmanuel Ofori Boateng, Dep. Head, IT, Ecobank Ghana OVERVIEW - HISTORY OF RISK MANAGEMENT
More informationInternal Audit Policy and Procedures Internal Audit Charter
Mission Statement Internal Audit Policy and Procedures Internal Audit Charter The mission of the Internal Audit Department is to provide independent and objective reviews and assessments of the business
More informationWhite Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC
THE ROBERTS COMPANY, LLC Compliance Services: IT and Business Processes 3394 Holly Oak Lane, Escondido, CA 92027 TEL: 760.550.2160 * FAX 760.839.2160 E-mail: robertputrus@therobertsglobal.com http://www.therobertsglobal.com/
More informationImplementation Guide 1200
Implementation Guide 1200 Standard 1200 Proficiency and Due Professional Care Engagements must be performed with proficiency and due professional care. Revised Standards Effective 1 January 2017 Getting
More informationRules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management
Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management MP_8231_0070 01 27/06/2016 1 / 12 Table of contents 1. OBJECTIVE... Erro! Indicador não definido. 2. DEFINITIONS... Erro!
More informationInternal Audit Department
O C B o a r d o f S u p e r v i s o r s 1 st District Janet Nguyen 2 nd District John M.W. Moorlach, Vice Chairman 3 rd District Bill Campbell, Chairman 4 th District Shawn Nelson 5 th District Patricia
More informationThe New Era of Transparent Internal Audit: What You Should Know
The New Era of Transparent Internal Audit: What You Should Know May 17, 2012 Presented by: Bryan Moser, CPA, CFF, ABV, CFE, Director, Grant Thornton LLP Bob Wagman, Counsel, Government Contracts Group,
More informationSouthern Oregon University Internal Audit Plan Fiscal Year 2017
Southern Oregon University Internal Audit Plan Fiscal Year 2017 Prepared By Ryan Schnobrich Internal Auditor Office of the President 1 P a g e TABLE OF CONTENTS Description Page Cover Page 1 Table of Contents
More informationrisk and compliance department business plan
risk and compliance department business plan 2012-2014 TABLE OF CONTENTS 1. Our Services 1.1 Our Mandate 1.2 Lines of Business 2. Accomplishments 3. Implementing Sustainability 3.1 Strategy 1 3.2 Strategy
More informationImplementation Guide 1300
Implementation Guide 1300 Standard 1300 Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationIIA 2015 Worldwide survey of 15,000 internal auditors
IIA 2015 Worldwide survey of 15,000 internal auditors Michael P. Cangemi CPA, retired CISA, CGMA retired Former CFO, CEO & Director; Audit Com Chair Senior Fellow Rutgers CA Lab Senior Advisor/Investor
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationGlobal Expectations for Addressing Fraud Risk and the Investigative Process
Global Expectations for Addressing Fraud Risk and the Investigative Process Waheed Alkahtani CFE, CISA, and CCEP-I Saudi Aramco Internal Auditing Special Audits Division Copyright 2014, Saudi Aramco. All
More informationCOSO Internal Control Integrated Framework Proposed Update
COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes
More information