Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot.

Published bySheila Andrews Modified over 7 years ago

Similar presentations

Presentation on theme: "Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot."— Presentation transcript:

1 Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot

2 2 Session Outline Introduction Standards and Legal Considerations Objectives Policies Standards Audit Department Identifying the Audit Universe Risk Ranking the Universe Developing an Audit Plan The Audit Process Determining the Scope of Audits Continuous Monitoring Tracking Issues Quality Assurance and Monitoring the Audit Program Sources of Information

3 3 Introduction Your approach may differ and still be correct for your organization.

4 4 Standards and Legal Considerations This slide is just a reminder that there are laws, standards, and requirements that must be considered and dealt with. The requirements may be different for each organization. Auditing –?????? Accounting –?????? Taxation –?????? The Business –??????

5 5 References http://www.isaca.org/ - Information Systems Audit and Control Associationhttp://www.isaca.org/ http://www.aicpa.org/ - American Institute of Certified Public Accountantshttp://www.aicpa.org/ http://www.theiia.org/ - The Institute of Internal Auditorshttp://www.theiia.org/ http://www.ifac.org/ - International Federation of Accountantshttp://www.ifac.org/ ….

6 6 Objectives Assurance Services Internal vs Public Type of Audit The Public Interest Owner and Shareholder Interests Employee Interests

7 7 Objectives (continued) According to the COSO Enterprise Risk Management — Integrated Framework Executive Summary: This enterprise risk management framework is geared to achieving an entity’s objectives, set forth in four categories: –Strategic – high-level goals, aligned with and supporting its mission –Operations – effective and efficient use of its resources –Reporting – reliability of reporting –Compliance – compliance with applicable laws and regulations.

8 8 Audit Policies Standards and Procedures Formalized policies, standards and procedures Criteria for achieving objectives and measuring performance. Many organizations maintain policies, standards and procedures in a database

9 9 Audit Department Organization Politics –Selling services –Funding negotiations Skills –Financial –Operational –IT –Compliance

10 10 Identifying the Audit Universe Starting with a list of all organization units group units into auditable entities. Interview management to identify all auditable entities. Identify auditable entities from financial statements.

11 11 Organizing the Universe Using a database –Lotus Notes –MS Access –SQL –??????

12 12 Risk Ranking the Universe Ensure that audit resources are allocated to meet the objectives of the organization. Select audits based on risk and resources Risk factors: –Compliance and regulatory requirements –Results of prior audits –Staffing issues –Complexity –Financial impact –…

13 13 Developing an Audit Plan Legal Requirements and Regulators Required Audits Prioritization based on Risk Scheduling Hours Budget

14 14 Reporting the Audit Universe By risk By group by risk By audit manager by risk By hours By type of audit

15 15 The Audit Process Planning –Risk Assessment –Determine scope –Identify resources Fieldwork Issues Reporting –Rating –Distribution Follow-up

16 16 Determining the Scope of Audits Risk Assessment Developing an Audit Program Performing the Audit Reporting Audit Results

17 17 Continuous Monitoring Monitoring is a management responsibility and audit must be careful not to become a control.

18 18 Tracking Issues When are issues closed? –When the auditee says they are closed. –When the auditor validates they are closed. Implications: –Open issues may not be reported to management and the audit committee. –Fewer repeat issues when the issues are closed by auditors.

19 19 Reporting Open Issues Distribution List Frequency Issue reporting based on: –Risk –Days open –Days past due

20 20 Quality Assurance and Monitoring the Audit Process Work paper reviews Peer Reviews Client Surveys Personnel Reviews

21 21 Sources of Information Professional associations listed above Internet searches

22 22 For More Information: Rodney Kocot President Systems Control and Security Incorporated Rodney.Kocot@SystemsControlAndSecurity.com 818-370-0442 P.O.Box 0531 Tujunga, CA 91043 Using technology to audit technology

Download ppt "Developing an Audit Program By Rodney Kocot President Systems Control and Security Incorporated Copyright © 2005 Rodney Kocot."

Similar presentations

Organizational Governance

Organizational Governance
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Operational Auditing--Fall 20095-1 Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing.

Operational Auditing--Fall Today’s Session n BPO selection n Engagement planning n Emphasis on risk related testing.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Audits, Governmental Audits, and Fraud Examinations

Internal Audits, Governmental Audits, and Fraud Examinations
The Information Systems Audit Process

The Information Systems Audit Process
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.

Learning Objectives LO1 Explain the importance of auditing. LO2 Distinguish auditing from accounting. LO3 Explain the role of auditing in information risk.
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.

Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-

Similar presentations

Ads by Google