Presentation is loading. Please wait.

Presentation is loading. Please wait.

NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit.

Published byNatalie Gibbs Modified over 9 years ago

Similar presentations

Presentation on theme: "NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit."— Presentation transcript:

1 NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit Director Strategic Risk Management Auditor of Public Accounts

2 Planning the Scope of your IT Audit What we are going to discuss Case studies (Michigan) Frame of reference for IT audits at the APA Where we want to be (Auditor Planning Utopia) How do we get there - Our keys to Success Page 2http://www.apa.virginia.gov

3 Planning the Scope of your IT Audit Quick reminder of who we are... The APA Serves as the external auditor for the executive and legislative branches of the Commonwealth Performs financial statement and performance audits Manages the Commonwealth’s transparency website, Data Point Page 3http://www.apa.virginia.gov

4 Planning the Scope of your IT Audit Quick reminder of who we are... The APA Works with local, agency and institutional internal audit shops investigating fraud Reviews the entire court system from the Supreme Court to each local court Examines the state accounts and records of every locality handling state funds Page 4http://www.apa.virginia.gov

5 Planning the Scope of your IT Audit Quick reminder of who we are... The APA Maintains oversight responsibility for local government audits performed by public accounting firms. Provides systems development and public private partnership project monitoring where risk dictates. Performs technology-related vulnerability and penetration testing when requested. Page 5http://www.apa.virginia.gov

6 Planning the Scope of your IT Audit Our teams work together to support our Projects Acquisition & Contract Mgmt Budgeting & Performance Management Capital Asset Management Compliance Assurance Data Analysis Higher Education Programs IT Project Management Systems Security Local Government and Judicial Systems Strategic Risk Management Reporting & Standards Quick reminder of who we are... Divided into areas of expertise to support our mission and audit projects Page 6http://www.apa.virginia.gov Human Resources & Business Operations

7 Planning the Scope of your IT Audit Auditor IT Planning Utopia You know which systems are the key systems... You know the delineation of responsibility if part of the system is outsourced... You easily identify the controls within your system... You can easily determine what has been audited by other groups Its easy to define the scope of your audit... You know the data elements you need to do your work... You have the various types of resources you need to do the audit... Every auditor is an “integrated” auditor... Page 7http://www.apa.virginia.gov

8 Planning the Scope of your IT Audit Auditor IT Planning Utopia Reality can bring things to a crashing halt But it doesn’t have to.... Page 8http://www.apa.virginia.gov

9 Planning the Scope of your IT Audit Quick reminder of who we are... Most of our “trained” IT knowledge lies within three of our specialty teams Page 9http://www.apa.virginia.gov Our teams work together to support our Projects Acquisition & Contract Mgmt Budgeting & Performance Management Capital Asset Management Compliance Assurance Data Analysis Higher Education Programs IT Project Mgmt Systems Security Local Government and Judicial Systems Strategic Risk Management Reporting & Standards

10 Planning the Scope of your IT Audit To achieve Auditor Planning Utopia... All of our teams need to have an IT mindset because all of our audit clients use Information Technology to support what they do. Page 10http://www.apa.virginia.gov Our teams work together to support our Projects Acquisition & Contract Mgmt Budgeting & Performance Management Capital Asset Management Compliance Assurance Data Analysis Higher Education Programs IT Project Management Systems Security Local Government and Judicial Systems Strategic Risk Management Reporting & Standards

11 Planning the Scope of your IT Audit Perspective... The APA performs financial statement and performance audits of executive branch entities The majority of our performance audits still have a financial related slant Our IT audit work generally supports broader financially driven objectives. Page 11http://www.apa.virginia.gov

12 Planning the Scope of your IT Audit Keys to Success Setting the “Tone at the Top” Challenging our staff to think innovatively Making the connections Page 12http://www.apa.virginia.gov

13 Planning the Scope of your IT Audit Setting the “Tone at the Top” Refocused Strategic Planning Initiatives Page 13http://www.apa.virginia.gov Communication

14 Planning the Scope of your IT Audit Setting the “Tone at the Top” Page 14http://www.apa.virginia.gov Shift in planning mindset

15 Planning the Scope of your IT Audit Setting the “Tone at the Top” Page 15http://www.apa.virginia.gov Shift in planning mindset

16 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 16http://www.apa.virginia.gov

17 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 17http://www.apa.virginia.gov

18 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Application Controls (What are they?) Validity, Completeness, and Accuracy: Management Assertions? Page 18http://www.apa.virginia.gov Green Book: 11.08 Application controls, sometimes referred to as business process controls, are those controls that are incorporated directly into computer applications to achieve validity, completeness, accuracy, and confidentiality of transactions and data during application processing.

19 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Management’s Use of Application Controls 1.Does management have applications to process business transactions? 2.How should management use application controls to achieve validity, completeness, and accuracy of their business transactions? Page 19http://www.apa.virginia.gov

20 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Management’s Use of Application Controls 3.How is management using its applications to enforce the business rules? 4.What information will I need to validate that business rules were working? Page 20http://www.apa.virginia.gov

21 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Example – Time and Effort Applications –Business Rule: Employees should NOT approve their own time sheet. –Application Control: Employee cannot view or select their timesheet within the approval screen. –Auditors Test: Does the employee id equal the approval id on any timesheets? (Caveat: Assumes that Application is operating in an environment with sound general controls.) Page 21http://www.apa.virginia.gov

22 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 22http://www.apa.virginia.gov

23 Planning the Scope of your IT Audit Challenging our staff to think Innovatively We host Brown Bag lunches, to informally discuss issues around implementing innovative approaches and share new ideas Page 23http://www.apa.virginia.gov

24 Planning the Scope of your IT Audit Challenging our staff to think Innovatively Page 24http://www.apa.virginia.gov Systems Security Data Analysis IT Project Management Acquisition & Contract Mgmt Budgeting & Performance Mgmt Capital Asset Management Compliance Assurance Higher Education Programs Local Government & Judicial Systems Strategic Risk Management Reporting & Standards

25 Planning the Scope of your IT Audit Making the Connections Building contact points into our audit programs Page 25http://www.apa.virginia.gov

26 Planning the Scope of your IT Audit Making the Connections Creating audit tools that help our IT staff think like our other staff and vice versa Page 26http://www.apa.virginia.gov Executive Dashboard Internal Control Worksheet Fraud Assessment ISS Financial Statement Integration Tool

27 Planning the Scope of your IT Audit Making the Connections – IS Planning Tools Supports a Risk-based approach Provides a clearer view of technical testwork (infrastructure, software, etc.) Encourages an iterative planning process involving both IS and Financial auditors Addresses all major areas of data security (integrity, confidentiality, reliability Page 27http://www.apa.virginia.gov

28 Planning the Scope of your IT Audit Making the Connections Highlighting success Page 28http://www.apa.virginia.gov

29 Planning the Scope of your IT Audit Auditor Planning Utopia Page 29http://www.apa.virginia.gov

Download ppt "NSAA Information Technology Conference Planning the Scope of Your IT Audit _____________________________________ October 1, 2014 Jennifer Schreck, Audit."

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
New IA IA Clinic March 30, 2013. Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.

New IA IA Clinic March 30, Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.
Using New Technologies and Approaches Pamela Bigart World Bank.

Using New Technologies and Approaches Pamela Bigart World Bank.
PRESENTED BY: TANESHA STOKES, VCO OF THE AUDITOR OF PUBLIC ACCOUNTS Procurement and the Auditor.

PRESENTED BY: TANESHA STOKES, VCO OF THE AUDITOR OF PUBLIC ACCOUNTS Procurement and the Auditor.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Nov. 30, 2004 Compliance Issues and Audits. TOPICS TO BE DISCUSSED Audits – definition, types of auditors, types of audits Role of WSU Internal Auditor.

Nov. 30, 2004 Compliance Issues and Audits. TOPICS TO BE DISCUSSED Audits – definition, types of auditors, types of audits Role of WSU Internal Auditor.
ADB Support of Public Procurement Reform Presented By: Amr J. Qari, Procurement Specialist Seventh Regional Public Procurement Forum, May 16 - 19, 2011.

ADB Support of Public Procurement Reform Presented By: Amr J. Qari, Procurement Specialist Seventh Regional Public Procurement Forum, May , 2011.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.

Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Similar presentations

Ads by Google