IT Enabled System : Opportunities & Challenges for Assurance Professionals
|
|
- Jonah Hodges
- 8 years ago
- Views:
Transcription
1 IT Enabled System : Opportunities & Challenges for Assurance Professionals Acknowledgements: - ISACA - ITGI - Wikipedia - The Economist - ICMAB - SCB March 31, 2011; ICAB (Chartered Accountant Bhaban) Aniruddha Neogi, FCA, CISA, CGEIT,CRISC1
2 Presentation Layout Understanding Key Terms Information System used in Business Concepts of IT Enabled System Auditing IT Enabled System Auditing Techniques Auditing in ERP Environment How Audit Tools help Auditor Knowledge & Skills Question and Answer 2
3 Definition: Assurance or Audit Auditing can be defined as a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an economic entity or event for the purpose of forming an opinion about and reporting on the degree to which the assertion conforms to an identified set of standards Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. (Audit criteria is set of policies, procedures or requirements) 3
4 Definition: IT Enabled System An information Technology (IT) enabled system can be any organized combination of people, hardware, software, communications networks, and data resources that collect, transforms, and disseminate information in an organization. 4
5 IT Enabled System 5
6 IT Mandate 6
7 Trends in IT Enabled System 7
8 Data, data everywhere Information has gone from scarce to superabundant That brings huge new benefits, but also big challenges Data are widely available What is crucial is to identify relevant data for analysis based on which opinion can be provided 8
9 Changing Face of Finance Functions More Partnering Fill In Tax Planning - Outsourced Outsourcing Embed in the whole orgn. FSS: Financial Shared Services Centralization 9
10 Changing Face of Finance Functions 10
11 Key Sectors in Bangladesh BANK TELECOM MNC RMG CEMENT HEALTHCARE PHARMECUTICALS NGO DEVELOPMENT INFRASTRUCTURE 13
12 Paperless Trade Importer Bank Original Documents Importer Details of export documentation Payment LC issued subject to eucp Electronic Export Documents VAN/EDI Bangladesh Exporter s Bank Electronic Documents Created Singapore Exporter Feeds to assist Document creation 3rd Party Docs e.g. B/L 14
13 Straight 2 Bank Product Suite Cash Management (Payments) Payments TI Available Instructions Telegraphic Transfer Local and International Bank Cheque Book Transfer Direct Credit Payroll Corporate Cheque Bank to Bank transfer Advice of Cheque MT101 (Request for Transfer) Trade Trade Reporting Adhoc query reports Trade Banking LC issuance and amendment Cash Reporting Adhoc balance and transaction reports Ad hoc balance & Transaction reports Drill Down Link Acct balance & Acct Stmt reports. SWIFT Reports for MT940, MT942, MT950, MT900, MT910, Africa, UK and China cash reports Cash Management (Collection) Collection Reporting ih2h Payment, Collection 15
14 IT Enabled System: Concepts of Auditing Structure of the Financial Statement Audit Auditing Around the Computer Auditing Through the Computer 16
15 Structure of the Financial Statement Audit Audit B. Structure of the Financial Interim Audit Compliance Testing Financial Statement Audit Substantive Testing 17
16 Compliance Testing Auditors perform tests of controls to determine that the control policies, practices, and procedures established by management are functioning as planned. This is known as compliance testing. 18
17 Substantive Testing Substantive testing is the direct verification of financial statement figures. Examples would include reconciling a bank account and confirming accounts receivable. Audit Confirmation To ABC Co. Customer: Please confirm that the balance of your account on Dec. 31 is. Audit Confirmation To ABC Co. Cuss. 19
18 Auditing Around the Computer The auditor ignores computer processing. Instead, the auditor selects source documents that have been input into the system and summarizes them manually to see if they match the output of computer processing 20
19 Auditing Through the Computer The process of evaluating client s software and hardware to determine the reliability of operations that is hard for human eye to view and reviewing of the internal controls in an electronic data processing system. 21
20 IT Enabled System: Auditing Techniques/CAATS Review of Systems Documentation Test Data Integrated-Test-Facility (ITF) Approach Parallel Simulation GAS Embedded Audit Routines Mapping Extended Records and Snapshots 22
21 Review of Systems Documentation The auditor reviews documentation such as narrative descriptions, flowcharts, and program listings In desk checking the auditor processes test or real data through the program logic 23
22 Test Data Audit B. Structure of the Financial The auditor prepares input containing both valid and invalid data. Prior to processing the test data, the input is manually processed to determine what the output should look like. The auditor then compares the computer-processed output with the manually processed results. 24
23 Parallel Simulation The test data and ITF methods both process test data through real programs. With parallel simulation, the auditor processes real client data on an audit program similar to some aspect of the client s program. The auditor compares the results of this processing with the results of the processing done by the client s program. 25
24 Generalized Audit Software (GAS) GAS refers to standard software that has the capability to directly read and access data from various database platforms, flat-file systems and ASCII formats. The following functions are supported in GAS: File access-enables the reading of different record formats and file structures File reorganization-enables indexing, sorting, merging & linking with another file Data selection-enables global filtration conditions and selection criteria Statistical functions-enables sampling, stratification and frequency analysis Arithmetical functions-enables arithmetic operators and functions 26
25 Embedded Audit Routines In-line Code Application program perform audit data collection while it processes data for normal production purposes System Control Audit Review File (SCARF) Edit tests for audit transaction analysis are included in program Exceptions are written to a file for audit review 27
26 Mapping Special software counts the number of times each program statement in a program executes Helps identify code that is bypassed when the bypass is not readily apparent in the program code and/or documentation 28
27 Extended Records and Snapshots Extended Records Specific transactions are tagged, and the intervening processing steps that normally would not be saved are added to the extended record, permitting the audit trail to be reconstructed for these transactions. Snapshot A snapshot is similar to an extended record except that the snapshot is a printed audit trail. 29
28 Auditing in ERP Environment 30
29 What is ERP? An ERP or Enterprise Resource Planning system integrates information and business processes to enable information entered once to be shared throughout the organization. ERP had its origins in manufacturing and production planning. ERP automates the tasks involved in performing a business process. If installed correctly, it can have a tremendous payback Phased Implementation Training Needs Assessment ERP Project Conference Room Pilot Common examples include SAP, PeopleSoft, JD Edwards and Oracle. Software Selection Process Reengineering 31
30 ERP Structure & Controls ERP Authorizations and Security Technical Infrastructure/ General Controls Database server Application server Presentation server Business Process/ Application Controls 32
31 Control Environment Business Performance Reviews APPLICATION CONTROLS IT GENERAL CONTROLS Access to Programs & Data Computer Operations Program Change Program Development 33
32 Control Options Master Data Authorizations Detective Configurable Reporting Preventive Inherent User Procedures Corrective 34
33 Impact of ERP on the Audit An ERP environment creates many issues an auditor must address..... Can All Accounts be Audited Substantively Monitoring Controls on ERP Controls Built into ERP (Inherent & Configured) The Control Environment Has Changed General IT Controls May Not Be Enough Business Processes Have Changed 35
34 Why Auditing ERP is different ERP has great flexibility and breadth of functionality Total business solution Financial and non-financial business processes Highly configurable - validations, overrides and calculations (switches) Spans industries - chemical, manufacturing, financial, public sector, automotive 36
35 Why Auditing ERP is different An ERP allows more comprehensive validation and improves balancing controls BUT: Access security further complicated Configuration consistency required Segregation of duties harder to achieve Cut-off risks increases 37
36 ERP Audit Risks and Issues ERP is process based integrity of transaction based on process as a whole cannot be seen as individual transactions Preventative controls paramount Programmed procedures based on contents of various system tables changes to ERP elements impact control of business processes Loss of physical audit trail - ERP aims to be paperless 38
37 ERP Audit Risks and Issues Multiple processing platform dependent security on all is crucial Direct dependence on IT environment security operating system database application Initial system setup best fit with organization structure 39
38 ERP Audit Risks and Issues Implementation risk standard product but "vanilla" implementations are rare long implementation cycle piecemeal - necessitating interfaces with legacy systems interfaces - reliant on controls in "feeder" system same on line validation rules applicable SAP and Oracle already have built-in audit tool 40
39 Purchase & Payables: Process (SAP) 41
40 The Three-way Match in SAP 42
41 How to audit the SAP Three-way Match Purchase Customizing Audit Approach PO Matching Enforced Automated Controls PO Matching Changeable Manual Controls Substantive 43
42 3 way match configuration at PO 44
43 Process Risk and Financial Statement Impact 45
44 What determines whether SAP ensures matching? 46
45 How Auditing tools help auditor at different stages of audit 47
46 Audit Approach 48
47 Planning Few benefits of using IT tools at Planning Stage Can define all activities within audit scope Easily assign resource against each activities Track the progress 49
48 Profile Data Quick look at millions of transactions and view data in a comprehensive and summarized representation 50
49 Sampling IT tool can generate different type of Sample for analysis: Systematic Random Attribute Momentary Classical Variable 51
50 Analysis 52
51 Working Paper 53
52 Working Paper Review 54
53 Sample Report 55
54 Benefits of using Audit Tools CAATs offer the following advantages: Reduced level of audit risk Greater independence from the audited Broader and more consistent audit coverage Faster availability of information Improved exception identification Greater flexibility of run times Greater opportunity to quantify internal control weaknesses Enhanced sampling Cost savings over time 56
55 Business Opportunities 57
56 IT Enabled System: Knowledge and Skills When auditing in a computer environment, the auditor should obtain a basic understanding of the fundamentals of data processing and a level of technical computer knowledge and skills which depending on the circumstances may need to be extensive. 58
57 IT Enable System : Skill & ISACA Resources Skill IS Auditing ISACA Resources ISACA Auditing Standard, ISACA Auditing Guideline, IT Assurance Framework (ITAF), CISA certification. Risk Assessment IT Governance & Control Compliance Value Delivery Information Security Risk IT, CRISC certification IT Governance Framework (ITGF) & CGEIT Certification Control Objective on Information & Related Technology (COBIT) Value IT (Val IT) Business Model for Information Security (BMIS) 59
58 Questions & Answer Thank you 60
The Information Systems Audit
November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated
More informationauditing in a computer-based
auditing in a computer-based RELEVANT TO cat paper 8 and ACCA QUALIFICATION PAPERs f8 The accounting systems of many companies, large and small, are computer-based; questions in all ACCA audit papers reflect
More informationThe Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process Chapter 12 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12-1 Learning Objective 1 Describe how IT improves internal
More informationApplication controls testing in an integrated audit
Application controls testing in Application controls testing in an integrated audit Learning objectives Describe types of controls Describe application controls and classifications Discuss the nature,
More informationControl Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)
Computer Auditing Control Matters (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising) The introduction of a computerized or electronic data processing (EDP) accounting system has
More informationLearning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.
Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter 12 12-1 12-2 How Information Technologies Enhance Internal Control Learning
More informationENTERPRISE RESOURCE PLANNING SYSTEMS
CHAPTER ENTERPRISE RESOURCE PLANNING SYSTEMS This chapter introduces an approach to information system development that represents the next step on a continuum that began with stand-alone applications,
More informationModule 6. Business Application Software Audit
Module 6 Business Application Software Audit MODULE 6: BUSINESS APPLICATION SOFTWARE AUDIT Table of Contents MODULE 6: BUSINESS APPLICATION SOFTWARE AUDIT... 1 SECTION 1: OVERVIEW... 9 MODULE 6: BUSINESS
More informationInternal Control Deliverables. For. System Development Projects
DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...
More informationAuditing Applications. ISACA Seminar: February 10, 2012
Auditing Applications ISACA Seminar: February 10, 2012 Planning Objectives Mapping Controls Functionality Tests Complications Financial Assertions Tools Reporting AGENDA 2 PLANNING Consideration / understanding
More informationWHITE PAPER. Best Practices for the Use of Data Analysis in Audit. John Verver, CA, CISA, CMC
WHITE PAPER Best Practices for the Use of Data Analysis in Audit John Verver, CA, CISA, CMC CONTENTS Executive Summary...1 The Evolving Role of Audit Analytics...3 Applications of Audit Analytics...3 Approaches
More informationACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances
ACL WHITEPAPER Automating Fraud Detection: The Essential Guide John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances Contents EXECUTIVE SUMMARY..................................................................3
More informationApplication Testing: Not Just for IT Auditors. Insert Logo Here
Application Testing: Not Just for IT Auditors Huntington Ingalls Industries Who We Are Over a century designing, building, overhauling and repairing ships for the U.S. Navy, the U.S. Coast Guard and world
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationSan Francisco Chapter. Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young
Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young Learning Objectives Understand how data analysis can impact/improve business Understand typical data analysis challenges Understand the various
More informationRisks in ERP implementation
Risks in ERP implementation ERP A high-end solution featuring integration of information technology and business application. Seeks to streamline and integrate operational processes and information flows
More information3. Current Auditing Computerized Tools
- 17-3. Current Auditing Computerized Tools 3.1. Objective and Structure The objective of this chapter is to provide information about technological tools and techniques currently used by auditors. Section
More informationPerforming Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
Performing Audit Procedures in Response to Assessed Risks 1781 AU Section 318 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Supersedes SAS No. 55.)
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More informationINTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS
INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph
More informationGENERALIZED AUDIT SOFTWARE
EVIDENCE COLLECTION The auditors problem is not a shortage of evidence collection techniques to use, but it is knowing what technique or set of techniques is best to use for a given system or program.
More informationIn recent years, information technology (IT) used by firms,
Copyright 2003 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. Impact of SAS No. 94 on Computer Audit Techniques By M. Virginia Cerullo, CPA, CIA, CFE, and Michael
More informationReporting on Control Procedures at Outsourcing Entities
Auditing Guidance Statement AGS 1042 (July 2002) Reporting on Control Procedures at Outsourcing Entities Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation
More informationOffice Hours: By Appointment COURSE DESCRIPTION AND LEARNING GOALS
NYU Stern School of Business Summer 2012 ACCT- GB.6215 - IT Auditing Professor: Joel Lanz Tel: 516-933-3662 Office Hours: By Appointment email: TBD Course Website: Blackboard COURSE DESCRIPTION AND LEARNING
More informationRisk and Controls 101
Risk and Controls 101 Agenda What is a Risk and Control? Controls 101 What is Risk and Control? Control Types Control Execution Control Categories A-123 Process here at LBNL Wrap-up Process Risk Map Control
More informationEffectively Assessing IT General Controls
Effectively Assessing IT General Controls Tommie Singleton UAB AGENDA Introduction Five Categories of ITGC Control Environment/ELC Change Management Logical Access Controls Backup/Recovery Third-Party
More informationContinuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010
Continuous Controls Monitoring Virginia ISACA January Meeting 19 January 2010 Today s Agenda What We Are Hearing About Risk Internal Controls Continuous Control Monitoring What is CCM? Framework EY Point
More informationInformation Technology Auditing for Non-IT Specialist
Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating
More informationCycle Counts of Inventory, A Practical Guide
Cycle Counts of Inventory, A Practical Guide Background The most successful are continually looking for ways to improve the efficiency and effectiveness of their operations. Following the widespread adoption
More informationCRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical
More informationAuditing Standard ASA 330 The Auditor's Responses to Assessed Risks
ASA 330 (October 2009) Auditing Standard ASA 330 The Auditor's Responses to Assessed Risks Issued by the Auditing and Assurance Standards Board Obtaining a Copy of this Auditing Standard This Auditing
More informationTable of Contents. Data Analysis Then & Now 1. Changing of the Guard 2. New Generation 4. Core Data Analysis Tasks 6
Table of Contents Data Analysis Then & Now 1 Changing of the Guard 2 New Generation 4 Core Data Analysis Tasks 6 Data Analysis Then & Now Spreadsheets remain one of the most popular applications for auditing
More informationInternal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls
Course Name: Internal Auditing & Controls Module: 5 Module Title: Examination phase of the internal audit Lecture and handouts prepared by Chuck Campbell Examination phase of the internal audit Module
More informationFSN White Paper. Document Management in the Finance Function. Choosing a document management system
FSN White Paper Document Management in the Finance Function Choosing a document management system CONTENTS INTRODUCTION WHAT IS DOCUMENT MANAGEMENT? WHAT BENEFITS SHOULD YOU EXPECT? WHAT ARE THE ESSENTIALS
More informationAuditing Application User Account Security and Identity Management with Data Analytics
Auditing Application User Account Security and Identity Management with Data Analytics James Kidwell, JD, CISA Senior Information Systems Auditor Audit Services Session Agenda and Learning Objectives Brief
More informationElectronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014
Electronic Audit Evidence (EAE) and Application Controls Tulsa ISACA Chapter December 11, 2014 Agenda Recent IT-related PCAOB inspection themes: Internal control over financial reporting Multi-location
More informationOFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia, CISA, CRISC Senior
More informationA Glimpse Under the Hood of Property Management Systems
Updated: 26 th Jan 2009 A Glimpse Under the Hood of Property Management Systems Synopsis A search of the Internet for property management systems returns hundreds, if not thousands of possibilities. Why
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationAutomated Invoice/P2P Processing
Automated Invoice/P2P Processing Business Solutions Reduce processing costs Eliminate bottlenecks and delays Automate invoice capture Automate requisition processes Improve management reporting Improve
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More informationAutomated Invoice/P2P Processing
Automated Invoice/P2P Processing Business Solutions Reduce processing costs Eliminate bottlenecks and delays Automate invoice capture Automate requisition processes Improve management reporting Improve
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationImplementation of PeopleSoft 8.9
Implementation of PeopleSoft 8.9 Implementation of any ERP product is a huge effort considering the generic nature of the product and specific customer requirements. In addition the industry specific and
More informationHow To Help Your Business Succeed
Rapidly Growing Mid-Stream Energy Refinery and Transportation firm Monitors Master Data for Controls FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise
More informationFACT SHEET: EMPOWERING YOUR OPERATIONS WITH AN INTEGRATED PLATFORM TO DRIVE DOWN SETTLEMENT COSTS AND BETTER MANAGE RISK
Wallstreet BackOffice Global, cross asset solutions for high performance STP workflow www.wallstreetsystems.com FACT SHEET: EMPOWERING YOUR OPERATIONS WITH AN INTEGRATED PLATFORM TO DRIVE DOWN SETTLEMENT
More information4 Testing General and Automated Controls
4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial
More informationAudit Phases. Phase 1: Planning and Risk Identification
Audit Phases Phase 1: Planning and Risk Identification Remember the Audit Risk Model of the client, Susceptibility to fraud Control risk Errors likely to occur In client s financial statements Detection
More informationA CONFIGURABLE SOLUTION TO EFFICIENTLY MANAGE TREASURY OPERATIONS
Wallstreet City Financials The integrated treasury workstation for mid-sized corporations Wall Street Systems Empowering Treasury, Trading and Settlement FACT SHEET: Wallstreet City Financials A CONFIGURABLE
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationTHE AUDITOR S RESPONSES TO ASSESSED RISKS
SINGAPORE STANDARD ON AUDITING SSA 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS This revised Singapore Standard on Auditing (SSA) 330 supersedes SSA 330 The Auditor s Procedures in Response to Assessed
More informationContents. Ensure Accuracy in Data Transformation with Data Testing Framework (DTF)
Contents A U T H O R : S o u r a v D a s G u p t a Ensure Accuracy in Data Transformation with Data Testing Framework (DTF) Abstract... 2 Need for a Data Testing Framework... 3 DTF Overview... 3 What is
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationORACLE FUSION ACCOUNTING HUB
ORACLE FUSION ACCOUNTING HUB THE NEW STANDARD FOR FINANCIAL REPORTING AND INTEGRATION KEY FEATURES Reporting platform with embedded Essbase Centralized reporting center to deliver and access reports Proactive
More informationINFORMATION SYSTEM AUDITING AND ASSURANCE
CHAPTER INFORMATION SYSTEM AUDITING AND ASSURANCE As more and more accounting and business systems were automated, it became more and more evident that the field of auditing had to change. As the systems
More informationPLM Center of Excellence PLM for Embedded Product Development - Challenges, Experiences and Solution. M a y 2 0 0 9
PLM Center of Excellence PLM for Embedded Product Development - Challenges, Experiences and Solution M a y 2 0 0 9 Table of Contents Abstract 3 Introduction 4 Embedded product development life cycle 4
More informationIPPF Practice Guide. Auditing Application Controls
IPPF Practice Guide Auditing Application Controls Global Technology Audit Guide (GTAG) 8: Auditing Application Controls Authors Christine Bellino, Jefferson Wells Steve Hunt, Crowe Horwath LLP Original
More informationDBS IDEAL 3.0 FAQ. July 2013 Page 1
DBS IDEAL 3.0 FAQ MANAGING YOUR ACCOUNTS Are my account balances available on a real-time basis? Yes, your latest account information is available real-time via DBS IDEAL, through which you can also retrieve
More informationG13 USE OF RISK ASSESSMENT IN AUDIT PLANNING
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationFor more information about UC4 products please visit www.uc4.com. Automation Within, Around, and Beyond Oracle E-Business Suite
For more information about UC4 products please visit www.uc4.com Automation Within, Around, and Beyond Oracle E-Business Suite Content Executive Summary...3 Opportunities for Enhancement: Automation Within,
More informationThe Auditor s Consideration of the Internal Audit Function in an Audit of Financial Statements
Auditor s Consideration of Internal Audit Function 1805 AU Section 322 The Auditor s Consideration of the Internal Audit Function in an Audit of Financial Statements (Supersedes SAS No. 9.) Source: SAS
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS
SUPERVISORY AND REGULATORY GUIDELINES Guidelines Issued: 22 December 2015 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS 1. INTRODUCTION 1.1 The Central Bank of The Bahamas ( the Central
More informationUganda s IFMS project has been SUMMARY CHARACTERISTICS OF THE IFMS AND ITS ROLE IN SUPPORTING THE BUDGET PROCESS
COUNTRY LEARNING NOTES Uganda: implementing an Integrated Financial Management System and the automation of the budget process Lawrence Semakula & Robert Muwanga * July 2012 SUMMARY The Implementation
More informationORACLE FINANCIALS ACCOUNTING HUB
ORACLE FINANCIALS ACCOUNTING HUB KEY FEATURES: A FINANCE TRANSFORMATION SOLUTION Integrated accounting rules repository Create accounting rules for every GAAP Accounting engine Multiple accounting representations
More information1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition
1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...
More informationFINANCIAL ADMINISTRATION MANUAL
Issue Date: September 2009 Effective Date: Immediate Chapter: Accounting for Expenditures Responsible Agency: Office of the Comptroller General Directive No: 706-3 Directive Title: ACCOUNTING CONTROLS
More informationCHAPTER 8 SPECIALIZED AUDIT TOOLS: SAMPLING AND GENERALIZED AUDIT SOFTWARE
A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 8 SPECIALIZED AUDIT TOOLS: SAMPLING AND GENERALIZED AUDIT
More informationORACLE CLINICAL. Globalization. Flexibility. Efficiency. Competition ORACLE DATA SHEET OVERVIEW ROBUST CLINICAL DATA MANAGEMENT SOLUTION
ORACLE CLINICAL OVERVIEW ROBUST CLINICAL DATA MANAGEMENT SOLUTION Smoothly transition from paper to EDC trials Annotated CRFs provides an intuitive means of creating submission-ready annotations Improved
More informationTable of Contents. Transmittal Letter... 1. Executive Summary... 2-3. Background... 4-5. Objectives and Approach... 6. Issues Matrix...
Internal Audit Committee of Brevard County, Florida Internal Audit Review of Accounts Payable Prepared By: Internal Auditors of Brevard County September 22, 2010 Table of Contents Transmittal Letter...
More informationLeverage Your Financial System to Enable Sarbanes-Oxley Compliance: An Evaluator s Guide
Leverage Your Financial System to Enable Sarbanes-Oxley Compliance: An Evaluator s Guide W H I T E P A P E R Summary This document provides an overview on how financial systems can provide companies with
More informationAudit Sampling. AU Section 350 AU 350.05
Audit Sampling 2067 AU Section 350 Audit Sampling (Supersedes SAS No. 1, sections 320A and 320B.) Source: SAS No. 39; SAS No. 43; SAS No. 45; SAS No. 111. See section 9350 for interpretations of this section.
More informationINTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction
More informationThose who do not remember the past are condemned to repeat it. - George Santayana - Philosopher
Those who do not remember the past are condemned to repeat it. - George Santayana - Philosopher ERP Implementation Update Implementation Overview High Level Project Plan Monthly Milestones July Activities
More informationPartial Listing of SAP Engagements
Partial Listing of SAP Engagements Data Management Initiatives... 2 Order to Cash Initiatives... 3 Payment Card / Data Protection Initiatives... 4 Post Implementation Services/SAP Application Maintenance
More informationSTAFF QUESTIONS AND ANSWERS
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF QUESTIONS AND ANSWERS AUDITING THE FAIR VALUE OF SHARE OPTIONS GRANTED TO EMPLOYEES Summary:
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationA GUIDE TO IMPLEMENTING SAP BUSINESS ONE
A GUIDE TO IMPLEMENTING SAP BUSINESS ONE THE ULTIMATE GUIDE If you are considering SAP Business One as your business management solution or have already selected SAP Business One and you are about to embark
More informationIT Service Continuity Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationU S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S
U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S A C a s e W a r e I D E A R e s e a r c h R e p o r t CaseWare IDEA Inc.
More informationISACA is responding to the PCAOB questions principally from an information technology (IT) perspective.
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 17 December 2007 Office of the Secretary Public
More informationConnecting the dots: IT to Business
Connecting the dots: IT to Business Jason Wood, CPA, CISA, CIA, CITP, CFF April 2015 1 Speaker Bio Jason Wood Over 18 years of international business experience in planning, conducting, and quality reviewing
More informationHow To Audit A Financial Statement
INTERNATIONAL STANDARD ON 400 RISK ASSESSMENTS AND INTERNAL CONTROL (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph Introduction... 1-10 Inherent
More informationPlease feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.
17 May 2012 International Internal Audit Standards Board Via e-mail: Lily.Bi@theiia.org Re: Definition of Internal Auditing Ms. Lily Bi, CIA, CISA, CGEIT Director, Standards and Guidance The Institute
More information2011 NASCIO Nomination Business Improvement and Paperless Architecture Initiative. Improving State Operations: Kentucky
2011 NASCIO Nomination Business Improvement and Paperless Architecture Initiative Improving State Operations: Kentucky Kevin Moore 6/1/2011 Executive Summary: Accounts Payable was a time consuming, inefficient
More informationHarness Enterprise Risks With Oracle Governance, Risk and Compliance
Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming
More informationInternal Controls, Fraud Detection and ERP
Internal Controls, Fraud Detection and ERP Recently the SEC adopted Section 404 of the Sarbanes Oxley Act. This law requires each annual report of a company to contain 1. A statement of management's responsibility
More informationEmployer Health Tax MINISTRY OF FINANCE
MINISTRY OF FINANCE Employer Health Tax The Employer Health Tax Act requires all employers who have a permanent establishment in Ontario to remit employer health tax (EHT) on total Ontario remuneration
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationData Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution
Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution December 10, 2014 Parm Lalli, CISA, ACDA Sunera Snapshot Professional consultancy with core competency in:
More informationOracle Role Manager. An Oracle White Paper Updated June 2009
Oracle Role Manager An Oracle White Paper Updated June 2009 Oracle Role Manager Introduction... 3 Key Benefits... 3 Features... 5 Enterprise Role Lifecycle Management... 5 Organization and Relationship
More informationIS Audit and Assurance Guideline 2202 Risk Assessment in Planning
IS Audit and Assurance Guideline 2202 Risk Assessment in Planning The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationProperty & Casualty Insurance Newgen Case Management Framework
Property & Casualty Insurance Newgen Case Management Framework Introduction Today organizations face the challenge of addressing the increased expectations from citizens, businesses, elected officials,
More informationOVERVIEW OF THE ISSUE
Feature Automated Audit Testing for Sap Data Benefit or Just Another Black Box? Stefan Wenig is chief executive officer (CEO) of the dab:group, a company that specializes in data extraction, analysis of
More informationKey Requirements for a Job Scheduling and Workload Automation Solution
Key Requirements for a Job Scheduling and Workload Automation Solution Traditional batch job scheduling isn t enough. Short Guide Overcoming Today s Job Scheduling Challenges While traditional batch job
More informationResource Management Tool (RMT) Summary of Capabilities
Resource Management Tool (RMT) Summary of Capabilities Resource Management Tool is designed to provide a highly efficient and effective portal to accomplish PPBES work. It is your one-stop shop for improving
More informationKnowledge Management Series. Internal Audit in ERP Environment
Knowledge Management Series Internal Audit in ERP Environment G BALU ASSOCIATES Knowledge Management Series ISSUE-5 ; VOL 1 Internal Audit in ERP Environment APRIL/2012 Editorial Greetings..!!! Raja Gopalan.B
More informationSolihull Metropolitan Borough Council. IT Audit Findings Report September 2015
Solihull Metropolitan Borough Council IT Audit Findings Report September 2015 Version: Responses v6.0 SMBC Management Response July 2015 Financial Year: 2014/2015 Key to assessment of internal control
More information