Presentation is loading. Please wait.

Presentation is loading. Please wait.

NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit.

Similar presentations


Presentation on theme: "NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit."— Presentation transcript:

1 NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit Director Strategic Risk Management Auditor of Public Accounts

2 Planning the Scope of your IT Audit What we are going to discuss Case studies (Michigan) Frame of reference for IT audits at the APA Where we want to be (Auditor Planning Utopia) How do we get there - Our keys to Success Page 2http://www.apa.virginia.gov

3 Planning the Scope of your IT Audit Quick reminder of who we are... The APA Serves as the external auditor for the executive and legislative branches of the Commonwealth Performs financial statement and performance audits Manages the Commonwealth’s transparency website, Data Point Page 3http://www.apa.virginia.gov

4 Planning the Scope of your IT Audit Quick reminder of who we are... The APA Works with local, agency and institutional internal audit shops investigating fraud Reviews the entire court system from the Supreme Court to each local court Examines the state accounts and records of every locality handling state funds Page 4http://www.apa.virginia.gov

5 Planning the Scope of your IT Audit Quick reminder of who we are... The APA Maintains oversight responsibility for local government audits performed by public accounting firms. Provides systems development and public private partnership project monitoring where risk dictates. Performs technology-related vulnerability and penetration testing when requested. Page 5http://www.apa.virginia.gov

6 Planning the Scope of your IT Audit Our teams work together to support our Projects Acquisition & Contract Mgmt Budgeting & Performance Management Capital Asset Management Compliance Assurance Data Analysis Higher Education Programs IT Project Management Systems Security Local Government and Judicial Systems Strategic Risk Management Reporting & Standards Quick reminder of who we are... Divided into areas of expertise to support our mission and audit projects Page 6http://www.apa.virginia.gov Human Resources & Business Operations

7 Planning the Scope of your IT Audit Auditor IT Planning Utopia You know which systems are the key systems... You know the delineation of responsibility if part of the system is outsourced... You easily identify the controls within your system... You can easily determine what has been audited by other groups Its easy to define the scope of your audit... You know the data elements you need to do your work... You have the various types of resources you need to do the audit... Every auditor is an “integrated” auditor... Page 7http://www.apa.virginia.gov

8 Planning the Scope of your IT Audit Auditor IT Planning Utopia Reality can bring things to a crashing halt But it doesn’t have to.... Page 8http://www.apa.virginia.gov

9 Planning the Scope of your IT Audit Quick reminder of who we are... Most of our “trained” IT knowledge lies within three of our specialty teams Page 9http://www.apa.virginia.gov Our teams work together to support our Projects Acquisition & Contract Mgmt Budgeting & Performance Management Capital Asset Management Compliance Assurance Data Analysis Higher Education Programs IT Project Mgmt Systems Security Local Government and Judicial Systems Strategic Risk Management Reporting & Standards

10 Planning the Scope of your IT Audit To achieve Auditor Planning Utopia... All of our teams need to have an IT mindset because all of our audit clients use Information Technology to support what they do. Page 10http://www.apa.virginia.gov Our teams work together to support our Projects Acquisition & Contract Mgmt Budgeting & Performance Management Capital Asset Management Compliance Assurance Data Analysis Higher Education Programs IT Project Management Systems Security Local Government and Judicial Systems Strategic Risk Management Reporting & Standards

11 Planning the Scope of your IT Audit Perspective... The APA performs financial statement and performance audits of executive branch entities The majority of our performance audits still have a financial related slant Our IT audit work generally supports broader financially driven objectives. Page 11http://www.apa.virginia.gov

12 Planning the Scope of your IT Audit Keys to Success Setting the “Tone at the Top” Challenging our staff to think innovatively Making the connections Page 12http://www.apa.virginia.gov

13 Planning the Scope of your IT Audit Setting the “Tone at the Top” Refocused Strategic Planning Initiatives Page 13http://www.apa.virginia.gov Communication

14 Planning the Scope of your IT Audit Setting the “Tone at the Top” Page 14http://www.apa.virginia.gov Shift in planning mindset

15 Planning the Scope of your IT Audit Setting the “Tone at the Top” Page 15http://www.apa.virginia.gov Shift in planning mindset

16 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 16http://www.apa.virginia.gov

17 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 17http://www.apa.virginia.gov

18 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Application Controls (What are they?) Validity, Completeness, and Accuracy: Management Assertions? Page 18http://www.apa.virginia.gov Green Book: Application controls, sometimes referred to as business process controls, are those controls that are incorporated directly into computer applications to achieve validity, completeness, accuracy, and confidentiality of transactions and data during application processing.

19 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Management’s Use of Application Controls 1.Does management have applications to process business transactions? 2.How should management use application controls to achieve validity, completeness, and accuracy of their business transactions? Page 19http://www.apa.virginia.gov

20 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Management’s Use of Application Controls 3.How is management using its applications to enforce the business rules? 4.What information will I need to validate that business rules were working? Page 20http://www.apa.virginia.gov

21 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Example – Time and Effort Applications –Business Rule: Employees should NOT approve their own time sheet. –Application Control: Employee cannot view or select their timesheet within the approval screen. –Auditors Test: Does the employee id equal the approval id on any timesheets? (Caveat: Assumes that Application is operating in an environment with sound general controls.) Page 21http://www.apa.virginia.gov

22 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 22http://www.apa.virginia.gov

23 Planning the Scope of your IT Audit Challenging our staff to think Innovatively We host Brown Bag lunches, to informally discuss issues around implementing innovative approaches and share new ideas Page 23http://www.apa.virginia.gov

24 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 24http://www.apa.virginia.gov Systems Security Data Analysis IT Project Management Acquisition & Contract Mgmt Budgeting & Performance Mgmt Capital Asset Management Compliance Assurance Higher Education Programs Local Government & Judicial Systems Strategic Risk Management Reporting & Standards

25 Planning the Scope of your IT Audit Making the Connections Building contact points into our audit programs Page 25http://www.apa.virginia.gov

26 Planning the Scope of your IT Audit Making the Connections Creating audit tools that help our IT staff think like our other staff and vice versa Page 26http://www.apa.virginia.gov Executive Dashboard Internal Control Worksheet Fraud Assessment ISS Financial Statement Integration Tool

27 Planning the Scope of your IT Audit Making the Connections – IS Planning Tools Supports a Risk-based approach Provides a clearer view of technical testwork (infrastructure, software, etc.) Encourages an iterative planning process involving both IS and Financial auditors Addresses all major areas of data security (integrity, confidentiality, reliability Page 27http://www.apa.virginia.gov

28 Planning the Scope of your IT Audit Making the Connections Highlighting success Page 28http://www.apa.virginia.gov

29 Planning the Scope of your IT Audit Auditor Planning Utopia Page 29http://www.apa.virginia.gov


Download ppt "NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit."

Similar presentations


Ads by Google