Impact of Computer-Assisted Audit Techniques on Sarbanes-Oxley Act Sections 404 and 409. Scarlett Choi ACC 626
|
|
- Abigail Teresa Davidson
- 8 years ago
- Views:
Transcription
1 Impact of Computer-Assisted Audit Techniques on Sarbanes-Oxley Act Sections 404 and 409 Scarlett Choi ACC 626
2 INTRODUCTION In order to restore the declining investors confidence in the capital markets due to series of highly-publicized fraudulent activities of corporations and alleged audit failures, the Sarbanes-Oxley Act (the Act ) was passed as law in July The Act significantly expanded the rules for corporate governance, disclosure, and reporting by highlighting the responsibilities of corporate executives and directors, lawyers, and accountants. Moreover, it created a broad oversight regime for auditors of public companies along with the emphasis on the critical role of internal control over financial reporting (ICFR), which is a process designed and maintained by management to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the financial statements for external purposes with GAAP. The purpose of implementing such controls is to support the integrity and reliability of the company s external financial reporting processes. 1 With an increasing employment of sophisticated and complex information technology (IT) in all levels of corporations, auditors encounter many firms with its financial reporting processes wholly dependent on the IT systems. Hence, auditors must determine how the firm uses its IT systems to initiate, record, process, and report transactions or other financial data. This understanding is necessary to plan the audit and to determine the nature, timing and extent of tests to be performed to gain a sufficient understanding of internal controls. 2 In light of the implementation of the Act and the increasing demand on auditors to make the audit more effective and efficient, major initiatives have been put in place toward development and proliferation of computer-assisted audit tools and techniques (CAAT). 3 This report focuses on the two key provisions of the Act that are associated with IT, Section 404 Enhanced Financial Disclosures, Management Assessment of Internal Control and Section 409 Real Time Issuer Disclosures. It delves into the specifics of the CAAT and explores the background of the two key provisions. The report serves to determine the role and the implications of CAAT with the implementation of the Act, and to outline the most prominent type of CAAT that is available to comply with the provisions. COMPUTER-ASSISTED AUDIT TECHNIQUES While CAAT are any technology that is used to assist in the completion of an audit, it can be 1 Deloitte & Touche, Ernst & Young, KPMG, PricewaterhouseCoopers. Perspectives on Internal Control Reporting A Resource of Financial Market Participants. AICPA. December Cerullo, Michael J. and Cerullo, M. Virginia. Impact of SAS No. 94 on Computer Audit Techniques. Information Systems Control Journal. 1 (2003). ISACA - Information Systems Control Journal. 10 June Braun, Robert L. and Davis, Harold E. Computer-assisted audit tools and techniques: analysis and perspectives. Managerial Auditing Journal (2003): ProQuest. University of Waterloo Lib. 14 June Page 1 of 13
3 more specifically defined as tools and techniques used to directly examine the internal logic of an application as well as to draw indirect inferences upon an application's logic by examining the data processed by the application 4. CAAT can be used in achieving the goals of audit 5 by performing various audit procedures including test of details of transactions and balances, analytical review procedures, compliance tests of IS general and application controls, and penetration testing 6. CAAT play a significant role in enhancing the effectiveness and efficiency of riskassessment procedures. Through the use of software, auditors can improve the quality of audit evidence. By automating procedures, CAAT removes subjectivity and bias in performing financial analysis and auditors save time. As well, CAAT provide comprehensive analysis (i.e. identification of both inherent and control risks; supplementation on trend analysis with data from multiple sources) in order to assist in performing preliminary analytical reviews in risk-assessment process where its result drives overall audit approach. 7 Moreover, CAAT can be successfully employed in enhancing the effectiveness and efficiency of the audit procedures. With the use of CAAT, complete verification covering all doubtful cases with inadequate validations is possible with minimal effort and time and with guaranteed accuracy. As well, the use of CAAT increases credibility for substantive testing to provide total assurance or clear pinpointing of errors and frauds. 8 There are six different types of CAAT that are available in achieving the objectives of financial statement audits: 1) Test Data: Uses auditor-prepared input data to test the current version of a client-supplied copy of application within the client's system. Once auditor s data is processed, the systemgenerated results are compared to auditor expectations. Any departure from the expected results would indicate logic or control problem. 9 2) Integrated test facility: Requires auditor to be involved in the system design. Creates audit modules within the system that allow "dummy" test data to be segregated from actual "live" data in the system. Once established, test data can be placed in the normal transaction stream 4 Ibid. 5 ISACA. Use of Computer-Assisted Audit Techniques. IS Auditing Guideline. (1998): June 2008.< ContentGroups/Journal1/20033/Using_CAAT_to_Support_IS_Audit.htm> 6 Coderre, David. Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment. Global Technology Audit Guide. Institute of Internal Auditors. 25 July < 7 Vuchnich, Alex. Using CAATTs in Preliminary Analytical Review to Enhance the Auditor's Risk Assessment. The CPA Journal (2008): ProQuest. University of Waterloo Lib. 12 June ISACA. Use of Computer-Assisted Audit Techniques. IS Auditing Guideline. (1998): June < Content/ContentGroups/Journal1/20033/Using_CAAT_to_Support_IS_Audit.htm> 9 Braun, Robert L. and Davis, Harold E. Computer-assisted audit tools and techniques: analysis and perspectives. Managerial Auditing Journal (2003): ProQuest. University of Waterloo Lib. 14 June Page 2 of 13
4 and auditor can evaluate application controls during normal operations using the results. 10 3) Parallel simulation: Auditor develops application designed to replicate the results of the client's application using client-supplied data. Comparison of the results allows auditor to evaluate quality of the process performed by the client's application. 11 4) Embedded audit module (EAM): Auditor inserts audit module in the client's application that will identify transactions that meet some pre-specified criteria as they are being processed, reviewed in real-time or in batch. Particularly effective in identifying large transactions for substantive testing or controls testing by identifying transactions processed in a manner inconsistent with policies and procedures. 12 5) Generalized audit software (GAS): Software allows data extraction and analysis. Relative simplicity of use requiring little specialized IS knowledge and its adaptability to a variety of environments and users. Facilitates greater coverage compared to other types of procedures achieved through queries that allow the auditor to analyze data and extract information from the client's database. Several audit operations supported by GAS. 13 6) Continuous auditing: Method used to perform control and risk assessments automatically 14 and allows an on-going review and analysis of business information on a real time basis 15. More specifically, enables independent auditors to provide written assurance on a subject matter using a series of auditors' reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter. 16 GAS is most frequently used at present due to minimal disruption and reliance on client as well as relative simplicity of use 17. However, there are two major drawbacks to the use of GAS due to the complex IT environment established in firms and the implementation of the key provisions of the Act: 1) incompatibility of such software with the complex file structures of database systems; and 2) inability to constantly monitor the information system and provide timely warning when unusual transactions or patterns occur in the system. In order to address these issues of GAS, audit and assurance services are leaning toward a continuous model, which incorporates EAM, Extensible Business Reporting Language 10 Ibid. 11 Ibid. 12 Ibid. 13 Ibid. 14 Coderre, David. Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment. Global Technology Audit Guide. Institute of Internal Auditors. 25 July < 15 AICPA. Continuous Audit. AICPA Information Technology Centre. 25 July < +Audit+and+Internal+Control/IT+Systems+Audit/Continuous+Audit> 16 Huang, Shi-Ming et al. Developing A Continuous Auditing Assistance System Based On Information Process Models. The Journal of Computer Information Systems (2007): ProQuest. University of Waterloo Lib. 25 July Singleton, Tommie. Generalized Audit Software: Effective and Efficient Tool for Today s IT Audits. ISACA JournalOnline. 2 (2006). 10 June < for_todays_it_audits.htm> Page 3 of 13
5 (XBRL), database technology, data warehouse, and internet technology to help achieve the dynamic, real-time auditing. 18 SARBANES-OXLEY ACT SECTION 404 AND ITS IMPLICATIONS One of the key provisions of the Act is Section 404 Enhanced Financial Disclosures, Management Assessment of Internal Control. In conjunction with the Auditing Standard No. 5 (AS5), which superseded Auditing Standard No. 2 (AS2) in 2007, the Section 404 of the Act requires: 1) the management s assessment on the effectiveness of ICFR as at the company s year-end; 2) external auditors opinion on the management s assessment; and 3) external auditors own assessment. The AS5 replaced AS2 in order to increase the accuracy of financial reports while reducing unnecessary costs, especially for smaller public companies. It was intended to make Section 404 audits and management evaluations more risk-based and scalable to company size and complexity, allowing the audit to be more effective and efficient. In turn, AS5 was put in place to strengthen investor protection by refocusing resources on what truly matters to the integrity of financial statements. 19 The key elements of AS5 is consistent with AS2 in that it serves to achieve the objective of improving the quality of F/S as it is a single standard based on providing reasonable assurance on both the design and operating effectiveness of ICFR. The new Standard is less prescriptive and more principles-based, and provides for greater use of professional judgment by auditors by requiring the auditors to 1) take a top-down, risk-based approach, focusing on the areas with the greatest risk of material misstatements; and 2) include only the requirements necessary for an effective audit. 20 AS5 also promotes flexibility by making audits scalable by allowing changes to fit the size and complexity of any company. 21 Moreover, AS5 adopted a definition of significant deficiency as a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for 18 Huang, Shi-Ming et al. Developing A Continuous Auditing Assistance System Based On Information Process Models. The Journal of Computer Information Systems (2007): ProQuest. University of Waterloo Lib. 25 July U.S. Securities and Exchange Commission. SEC Approves PCAOB Auditing Standard No. 5 Regarding Audits of Internal Control Over Financial Reporting; Adopts Definition of "Significant Deficiency. 25 July U.S. Securities and Exchange Commission. 12 June < 20 Brownlee, Elaine and O Shea, Niall. SOx s404: The New Guidance: What It Really Means. Accountancy Ireland (2007): ProQuest. University of Waterloo Lib. 13 June U.S. Securities and Exchange Commission. SEC Approves PCAOB Auditing Standard No. 5 Regarding Audits of Internal Control Over Financial Reporting; Adopts Definition of "Significant Deficiency. 25 July U.S. Securities and Exchange Commission. 12 June < Page 4 of 13
6 oversight of the registrant's financial reporting. This definition is used in the context of evaluating the required communications under the Section 404 of the Act. 22 In properly assessing the effectiveness of a firm s ICFR which is embedded in complex IT systems, Statement on Auditing Standards No. 94 (SAS 94) The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit provides specific guidance to auditors by stating that CAAT are needed when a significant amount of financial information supporting one or more financial statement assertions is automated by complex electronic IT. In these situations, the auditor must assess control risk by performing tests of controls, regardless of firm size. 23 There are three broad categories of CAAT in which the types of CAAT described above can be classified under: 1) Auditing around computer: Test reliability of computer generated info by calculating expected results and compare to output. Adequate when automated systems are simple and straightforward. Major weakness is that it doesn t determine correctness of program logic. 24 2) Auditing with computer: Draw indirect inferences upon an application's logic by examining the data processed by the application 25. GAS is frequently employed to audit with the computer by performing substantive tests and limited test of controls For example, GAS can be used to test the functioning of complex algorithms in computer programs, but it requires extensive experience in using the software. 26 3) Auditing through computer: Test automated processing steps, programming logic, edit routines and programmed controls. Assumed that if programs are functioning as designed, errors and irregularities would be detected and outputs can reasonably be accepted as reliable. Appropriate for testing controls in complex IT systems. Techniques include test data technique, parallel simulation, integrated test facility, and embedded audit module. 27 SAS 94 and firms dependence on complex IT systems with regards to its financial reporting signal the diminished likelihood that "audit around the computer" and the audit with the computer approaches will be appropriate. As a result, auditors must begin to incorporate state-of-the-art auditing software applications in the audit process. This will 22 Ibid. 23 Cerullo, Michael J. and Cerullo, M. Virginia. Impact of SAS No. 94 on Computer Audit Techniques. Information Systems Control Journal. 1 (2003). ISACA - Information Systems Control Journal. 10 June < /20033/Impact_of_SAS_No_94_on_Computer_Audit_Techniques.htm> 24 Ibid. 25 Braun, Robert L. and Davis, Harold E. Computer-assisted audit tools and techniques: analysis and perspectives. Managerial Auditing Journal (2003): ProQuest. University of Waterloo Lib. 14 June Cerullo, Michael J. and Cerullo, M. Virginia. Impact of SAS No. 94 on Computer Audit Techniques. Information Systems Control Journal. 1 (2003). ISACA - Information Systems Control Journal. 10 June < /20033/Impact_of_SAS_No_94_on_Computer_Audit_Techniques.htm> 27 Ibid. Page 5 of 13
7 enable the audit process to be more effective because the scope of the transactions being analyzed can be increased at a minimal marginal cost. In addition, economic forces at work in capital markets appear to be signaling the demand for more timely assurance on financial information reported annually, quarterly, and throughout the year. 28 However, for real-time financial information to have value, the decision makers (i.e. investors) need real-time assurances from an independent third party (i.e. auditors) that the information is secure, accurate and reliable. 29 SARBANES-OXLEY ACT SECTION 409 AND ITS IMPLICATIONS The Section 409 Real Time Issuer Disclosures of the Act requires all SEC-registered companies to report any event that may cause a material effect on their financial or operational results within 48 hours in a form that can be understood by the public stakeholders and potential new investors of the organization 30. Hence, the responsibilities of C-suite executives, particularly CFOs, of publicly held companies that trade on US exchanges have extended beyond the scope of historic expectations. In essence, this Section has also expanded the responsibilities of the auditors to the extent that they are required by law to look for material events such as fraud. Section 409 created new challenges for organizations in regards to data integration. Organizations need to know whether their key financial systems are capable of providing data in real time, or if the organization will need to add such capabilities or use specialty software to access the data. Moreover, the firms need to account for changes that occur externally changes by customers or business partners that could materially impact its own financial positioning (e.g. key customer/supplier bankruptcy and default). 31 In order to comply with Section 409, organizations face increasing need to support market predictability with robust competitive intelligence tools and techniques for early warning and analysis of potential scenarios that could impact the business 32 in the financial and operational aspects. To avoid a hasty rip-and-replace of existing systems, IT control professionals are recommended to assess the organization s technology capabilities in the following categories 28 Ibid. 29 Sarva, Srinivas. Continuous Auditing Through Leveraging Technology. (2006). ISACA JournalOnline. 10 June < 30 Johnson, Arik. Definitely Maybe. Competitive Intelligence Magazine. 7.6 (2004): 37. ProQuest. University of Waterloo Lib. 25 July Chan, Sally and Lepeak, Stan. IT and SARBANES-OXLEY. CMA Management (2004): ProQuest. University of Waterloo Lib. 25 June Johnson, Arik. Definitely Maybe. Competitive Intelligence Magazine. 7.6 (2004): 37. ProQuest. University of Waterloo Lib. 25 July Page 6 of 13
8 to secure a smooth transition in compliance with Section 409: 1) Quality of financial modeling capabilities: High quality of financial modeling capabilities help organizations anticipate and possibly avoid awkward reporting situations and help them adapt to rapidly changing situations. 33 2) Availability of internal and external portals: Portals help route and identify reporting issues and requirements to investors and other relevant parties. These capabilities address the need for rapid disclosure. 34 3) Breadth and adequacy of financial triggers and alerts: Financial triggers and alerts act as the defense line in order to comply with the Section 409 disclosure event. 35 4) Adequacy of document repositories: Repositories play a critical role both from the standpoint of event monitoring to assess disclosure needs as well as providing a mechanism to audit disclosure adequacy. 36 5) Adequacy of captured document audit trails: This is a critical element in establishing adequate disclosure processes and records of that disclosure. 37 Once these factors have been identified and assessed, the organizations should search to determine whether sufficient technologies are available in order to accomplish integration of data and hence be in compliance with Section 409. The following major vendors of business systems, information, and software provide solutions for their clients by catering to their regulatory compliance needs (i.e. Section 409 of the Act): 1) Oracle: Provides solutions in providing organizations access to a complete and accurate financial data that are timely, relevant, consistent, and available in real-time. Business systems help streamline the transparency of policies and procedures, enforce them, reduce the risk of malfeasance and errors, and improve confidence in business data. 38 2) SAP: SAP ERP Financials feature the following SOX compliance functions: project organization for documentation, testing, and sign-off for internal controls; test procedures based on the risk management framework defined by the Committee of Sponsoring Organizations of the Treadway Commission; risk mitigation and remediation; real-time drilldown analysis and reporting; management reporting and much more. 39 Furthermore, the company s capacity to be an early adopter of XBRL should be 33 Chan, Sally and Lepeak, Stan. IT and SARBANES-OXLEY. CMA Management (2004): ProQuest. University of Waterloo Lib. 25 June Ibid. 35 Ibid. 36 Ibid. 37 Ibid. 38 Oracle. Governance and Compliance. Oracle. 26 July < 39 SAP. SAP ERM Financials Compliance Solutions. SAP. 26 July < Page 7 of 13
9 determined 40 as its use has placed a substantial footing in the worldwide business community 41. XBRL will be a key tool to integrate and interface transactional systems, reporting and analytical tools, portals and repositories. 42 IMPACT OF CAAT ON SARBANES-OXLEY ACT SECTIONS 404 AND 409 Perhaps a key to being able to meet the requirements of improved efficiency and increased effectiveness in providing an audit opinion on a company s ICFR lies with continuous auditing. As well, given the constant demand for timely and reliable information, implementation of continuous auditing techniques combined with more frequent reporting can benefit those that rely on the published information. Furthermore, given the markets' tendencies to strategically react to the released earnings announcements in advance of audited financial results, continuous auditing may help in enabling detection of problems that materially affect organizations financial results as they occur rather than at the end of a reporting period. 43 The question still lies: What is the most prominent CAAT that is available in order for auditors to perform continuous auditing and for organizations to report on material financial or operational triggers in order to comply with the Sections 404 and 409 of the Act? The discussions on the implications of the Sections above lead to a CAAT that serves the needs of both auditors and organizations: Extensible Business Reporting Language (XBRL). XBRL is a platform and application-independent means of identifying, extracting, and presenting financial data and other business information in any way the user requires. Using XBRL, organizations can capture financial information at any point in the business cycle. XBRL is also a specialized business reporting language for existing and emerging financial and business reporting requirements. It makes the analysis and exchange of corporate information easier to facilitate, as well as more flexible and reliable. 44 The use of XBRL was driven by increasing investor demands and regulatory requirements for more frequent and detailed financial reporting. Such demands were primarily outlined in the two key provisions discussed in this report as they require high-level executives to sign off on the accuracy of financial statements and require companies to 40 Ibid. 41 Coderre, Dave. Are You Ready for XBRL? The Internal Auditor (2004): ProQuest. University of Waterloo Lib. 25 July Ibid. 43 Braun, Robert L. and Davis, Harold E. Computer-assisted audit tools and techniques: analysis and perspectives. Managerial Auditing Journal (2003): ProQuest. University of Waterloo Lib. 14 June Coderre, Dave. Are You Ready for XBRL? The Internal Auditor (2004): ProQuest. University of Waterloo Lib. 25 July Page 8 of 13
10 provide information on a timelier basis. Moreover, to decrease the public mistrust in the capital market, the provisions mandate companies to provide information in form that is easily understandable by public stakeholders and potential investors that supports evaluative and trend analysis. 45 XBRL is also advocated as it solves the long-standing problems of difficulty in communicating and employing information both within and outside an organization as a result of using widely disparate and incompatible systems to process their business data. It also solves the problems arising from inconsistent accounting terminology, principles, practices, and jurisdictional regulations by creating a vocabulary to precisely describe the information included in a report, taking regulatory, jurisdictional, and other variances into consideration. It works in conjunction with extensible markup language (XML), an Internetbased language that serves as the universal format for data on the Web. XBRL allows organizations to label or "tag" data in specific and meaningful ways for other potential uses (e.g. export tagged financial data in Excel spreadsheet using XBRL to the balance sheet). 46 These capabilities can improve the quality and quantity of financial reporting data, which has led XBRL to be endorsed by the International Accounting Standards Board and used by organizations in nations such as Australia, Canada, South Korea, Japan, Spain, the United Kingdom, and the United States. 47 XBRL is also a powerful and critical audit tool for auditors in reviewing their clients' compliance with the Act, particularly the Sections 404 and 409. Auditors need reliable information on a timely basis and in a reusable format such that it may be easily used for analysis. Prior to the introduction of XBRL, auditors had to search and manually input data into different software in order to reuse financial information for analysis and tests. XBRL improves the quality and effectiveness of audits by allowing auditors to retrieve data more easily and analyze it with greater accuracy. The data in XBRL format enables auditors to perform more analyses of data, facilitates comparisons against external data, increases the timeliness of reported information, and provides greater transparency. 48 XBRL is now supported by most current accounting, financial management, and tax software. This enables electronic exchange for importing and exporting data in an XBRL format. XBRL's interoperability with financial and data analysis applications significantly simplifies the preparation, dissemination, and analysis of financial and compliance reports. 45 Ibid. 46 Ibid. 47 Ibid. 48 Ibid. Page 9 of 13
11 Moreover, XBRL provides more relevant and reliable extraction and exchange of information between organizations, because it is an open process, which is not based on any proprietary technology, and requires minimal human involvement, resulting in fewer errors. 49 With an automated analysis and identification of items by attached XBRL tag, auditors benefit from being able to perform fast and accurate electronic searches and move the data to analytical software or a spreadsheet with a click of a mouse. Functions of XBRL also allow auditors to customize searches for multiple company data, making it easier to perform trend analysis and continuous auditing, and to compare data with industry benchmarks, other organizations, or different intracompany operations. 50 Moreover, XBRL facilitates the use of Web-enabled audit programs for standardsbased financial statement reviews. By integrating data analysis software programs into accounting functions, XBRL allows auditors to extract, analyze, and interpret evidence and to detect unusual transactions or patterns of transactions to deter fraud. Continuous auditing, supported by the XBRL format of financial data, can increase the efficiency and effectiveness of the audit process substantially, resulting in cost savings for auditors and their clients. 51 CONCLUSION With the implementation of two key provisions, Section 404 and 409, of Sarbanes Oxley Act in 2002, to restore investors confidence in the capital markets, Section 404 required highlevel executives to sign off on the accuracy of financial statements. Section 409 then mandated companies to provide information on a real-time basis and in way that is easily understandable by public stakeholders and potential investors with support from evaluative and trend analysis. Hence, organizations must respond by implementing an effective and economical data delivery mechanism to monitor, analyze and report functional, financial and operational events, which include those that may obstruct organizations from achieving its business objectives, increase the probability of risk, fraud, crime and other losses due to its material nature. One of the most promising technologies being implemented in organizations today is a real-time reporting solution. 52 In addressing the needs of both organizations and its auditors, the use of Extensible Business Reporting Language is recommended in order to facilitate the compliance of the Sections 404 and 409 of the Sarbanes-Oxley Act. 49 Ibid. 50 Ibid. 51 Ibid. 52 Cunningham, Michael. Meeting Sarbanes-Oxley Section 409 Requirements. Sept Sarbanes-Oxley Compliance Journal. 25 July < Page 10 of 13
12 APPENDIX I The Section 409 Real Time Issuer Disclosures itself is geared more towards the C-suite executives of organizations than towards a CA practitioner. This is due to the fact that the Act requires all SEC-registered companies to report any event that may cause a material effect on their financial or operational results within 48 hours in a form that can be understood by the public stakeholders and potential new investors of the organization. While the report addressed the responsibilities of C-suite executives, particularly CFOs, of publicly held companies on how to comply with the Section, the report also addresses the assurance side of the Section by recommending a CAAT that can be used in order to audit organizations compliance to the Act. Page 11 of 13
13 REFERENCES AICPA. Continuous Audit. AICPA Information Technology Centre. 25 July < dit/continuous+audit> Braun, Robert L. and Davis, Harold E. Computer-assisted audit tools and techniques: analysis and perspectives. Managerial Auditing Journal (2003): ProQuest. University of Waterloo Lib. 14 June Brownlee, Elaine and O Shea, Niall. SOx s404: The New Guidance: What It Really Means. Accountancy Ireland (2007): ProQuest. University of Waterloo Lib. 13 June Cerullo, Michael J. and Cerullo, M. Virginia. Impact of SAS No. 94 on Computer Audit Techniques. Information Systems Control Journal. 1 (2003). ISACA - Information Systems Control Journal. 10 June < Computer_Audit_Techniques.htm> Chan, Sally and Lepeak, Stan. IT and SARBANES-OXLEY. CMA Management (2004): ProQuest. University of Waterloo Lib. 25 June Coderre, David. Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment. Global Technology Audit Guide. Institute of Internal Auditors. 25 July < Coderre, Dave. Are You Ready for XBRL? The Internal Auditor (2004): ProQuest. University of Waterloo Lib. 25 July Cunningham, Michael. Meeting Sarbanes-Oxley Section 409 Requirements. Sept Sarbanes-Oxley Compliance Journal. 25 July < Deloitte & Touche, Ernst & Young, KPMG, PricewaterhouseCoopers. Perspectives on Internal Control Reporting A Resource of Financial Market Participants. AICPA. December < Huang, Shi-Ming et al. Developing A Continuous Auditing Assistance System Based On Information Process Models. The Journal of Computer Information Systems (2007): ProQuest. University of Waterloo Lib. 25 July ISACA. Use of Computer-Assisted Audit Techniques. IS Auditing Guideline. (1998): June < _Audit.htm> Johnson, Arik. Definitely Maybe. Competitive Intelligence Magazine. 7.6 (2004): 37. ProQuest. University of Waterloo Lib. 25 July Page 12 of 13
14 Oracle. Governance and Compliance. Oracle. 26 July < SAP. SAP ERM Financials Compliance Solutions. SAP. 26 July < Sarva, Srinivas. Continuous Auditing Through Leveraging Technology. (2006). ISACA JournalOnline. 10 June < gh_leveraging_technology1.htm> Singleton, Tommie. Generalized Audit Software: Effective and Efficient Tool for Today s IT Audits. ISACA JournalOnline. 2 (2006). 10 June < _Effective_and_Efficient_Tool_for_Todays_IT_Audits.htm> U.S. Securities and Exchange Commission. SEC Approves PCAOB Auditing Standard No. 5 Regarding Audits of Internal Control Over Financial Reporting; Adopts Definition of "Significant Deficiency. 25 July U.S. Securities and Exchange Commission. 12 June < Vuchnich, Alex. Using CAATTs in Preliminary Analytical Review to Enhance the Auditor's Risk Assessment. The CPA Journal (2008): ProQuest. University of Waterloo Lib. 12 June Page 13 of 13
Auditing Standard 5- Effective and Efficient SOX Compliance
Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More information1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition
1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...
More informationAN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationIFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11 October 2008, Beijing, China
International Accounting Standards Committee Foundation, Ministry of Finance (PRC), and Shulun Pan Certified Public Accountants IFRS in Asia 2008 Driving the Capital Markets of Tomorrow 10-11, Beijing,
More informationInspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through No.15)
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through
More informationSARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners
SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners The Institute of Internal Auditors
More informationRisk Management Advisory Services, LLC Capital markets audit and control
Risk Management Advisory Services, LLC Capital markets audit and control November 14, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C., 20006-2803
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationPerforming Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
Performing Audit Procedures in Response to Assessed Risks 1781 AU Section 318 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Supersedes SAS No. 55.)
More informationSarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:
Beyond Sarbanes-Oxley: Using compliance requirements to boost business performance The business regulatory environment in the United States has changed. Public companies have new obligations to report
More informationCOSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE
COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,
More informationSarbanes-Oxley Section 404: Management s Assessment Process
Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning
More informationOBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES
More informationIn recent years, information technology (IT) used by firms,
Copyright 2003 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. Impact of SAS No. 94 on Computer Audit Techniques By M. Virginia Cerullo, CPA, CIA, CFE, and Michael
More informationInternal Audit Practice Guide
Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional
More informationU S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S
U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S A C a s e W a r e I D E A R e s e a r c h R e p o r t CaseWare IDEA Inc.
More information26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Ms. Nancy M. Morris, Secretary
More informationAddressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014
Addressing SOX compliance with XaitPorter Version 1.0 Sept. 2014 Table of Contents 1 Addressing Compliance... 1 2 SOX Compliance... 2 3 Key Benefits... 5 4 Contact Information... 6 1 Addressing Compliance
More informationCOSO Internal Control Integrated Framework (2013)
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
More informationThe Power of Risk, Compliance & Security Management in SAP S/4HANA
The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution
More informationMANAGE. Sarbanes-Oxley Readiness with Microsoft Dynamics NAV. Microsoft Dynamics NAV 5.0. White Paper
MANAGE Microsoft Dynamics NAV 5.0 Sarbanes-Oxley Readiness with Microsoft Dynamics NAV White Paper This paper discusses the impact of the Sarbanes-Oxley Act of 2002 (SOX) on businesses and explains how
More informationAn Introduction to Continuous Controls Monitoring
An Introduction to Continuous Controls Monitoring Reduce compliance costs, strengthen the control environment and lessen the risk of unintentional errors and fraud Richard Hunt, Managing Director Marc
More informationSarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers
Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................
More informationElectronic Audit Evidence (EAE) and Application Controls. Tulsa ISACA Chapter December 11, 2014
Electronic Audit Evidence (EAE) and Application Controls Tulsa ISACA Chapter December 11, 2014 Agenda Recent IT-related PCAOB inspection themes: Internal control over financial reporting Multi-location
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org RISK ASSESSMENT IN FINANCIAL STATEMENT AUDITS Introduction The Standing Advisory Group ("SAG")
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationAUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC
AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC Today s Agenda Background: Audit Standard #5 adopted by PCAOB and approved by the SEC in 2007 was intended
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationTHE AUDITOR S RESPONSES TO ASSESSED RISKS
SINGAPORE STANDARD ON AUDITING SSA 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS This revised Singapore Standard on Auditing (SSA) 330 supersedes SSA 330 The Auditor s Procedures in Response to Assessed
More informationContinuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment Global Technology Audit Guide Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment Author David
More informationIndustry Sound Practices for Financial and Accounting Controls at Financial Institutions
Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Federal Reserve Bank of New York January 2006 FINANCIAL AND ACCOUNTING CONTROLS: INDUSTRY SOUND PRACTICES FOR FINANCIAL
More informationUC4 Software: HELPING IT ACHEIVE SARBANES-OXLEY COMPLIANCE
UC4 Software: HELPING IT ACHEIVE SARBANES-OXLEY COMPLIANCE Introduction...2 SOX and COBIT: A Brief Review...2 The COBIT Structure...2 Structure of this Document...3 Planning & Organisation...3 Acquisition
More information[RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06]
SECURITIES AND EXCHANGE COMMISSION 17 CFR PART 241 [RELEASE NOS. 33-8810; 34-55929; FR-77; File No. S7-24-06] Commission Guidance Regarding Management s Report on Internal Control Over Financial Reporting
More informationSarbanes-Oxley Control Transformation Through Automation
Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com
More informationINTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction
More informationACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances
ACL WHITEPAPER Automating Fraud Detection: The Essential Guide John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances Contents EXECUTIVE SUMMARY..................................................................3
More information) ) ) ) ) ) ) ) ) ) ) )
1666 K Street, NW Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org AUDITING STANDARD No. 16 COMMUNICATIONS WITH AUDIT COMMITTEES; RELATED AMENDMENTS TO PCAOB STANDARDS;
More informationKnowledge Management Series. Internal Audit in ERP Environment
Knowledge Management Series Internal Audit in ERP Environment G BALU ASSOCIATES Knowledge Management Series ISSUE-5 ; VOL 1 Internal Audit in ERP Environment APRIL/2012 Editorial Greetings..!!! Raja Gopalan.B
More informationNavigating the Standards for Information Technology Controls
Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley
More informationSarbanes-Oxley Compliance: Section 404-Past, Present, and Future
Sarbanes-Oxley Compliance: Section 404-Past, Present, and Future BADM 590/395 IT Governance MS1 Professor Michael Shaw Submitted by: Amy Smith BA in MIS University of Illinois at Urbana-Champaign Smith
More informationInternal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned
Internal Controls over Financial Reporting Integrating in Business Processes & Key Lessons learned Introduction Stephen McIntyre, CA, CPA (Illinois) Senior Manager at Ernst & Young in the Risk Advisory
More informationInformation about 2015 Inspections
Vol. 2015/2 October 2015 Staff Inspection Brief The staff of the Public Company Accounting Oversight Board ( PCAOB or Board ) prepares Inspection Briefs to assist auditors, audit committees, investors,
More informationDisclosure management: Streamlining the Last Mile
Disclosure management: Streamlining the Last Mile March 2012 Automating and streamlining pervasive manual last mile process and control steps for more effective and efficient reporting At a glance Current
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationHow To Audit A Company
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STAFF AUDIT PRACTICE ALERT NO. 11 CONSIDERATIONS FOR AUDITS OF INTERNAL CONTROL OVER FINANCIAL
More informationXBRL & GRC Future opportunities?
XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul
More informationGuide to Public Company Auditing
Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationTHE PROVEN PLATFORM HOW THE BUSINESS OF MONEY GETS MOVING INTERACTIVE PDF
THE PROVEN PLATFORM HOW THE BUSINESS OF MONEY GETS MOVING INTERACTIVE PDF $500 Billion of Institutional Liquidity Is Traded Through Portals. Liquidity portals provide financial institutions with new revenue
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationPERFORMANCE-BASED BUDGETING METHODOLOGY AND TOOLS
LEARN HOW TO LINK YOUR BUDGET DECISIONS WITH STRATEGIC OUTCOMES In this time of economic instability, citizens want real-time updates on the financial decisions and budget allocations made by their local
More informationAGA Kansas City Chapter Data Analytics & Continuous Monitoring
AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help
More informationConsultation Response
Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.
More informationengage. empower. evolve. SARBANES-OXLEY COMPLIANCE
engage. empower. evolve. SARBANES-OXLEY COMPLIANCE engage. empower. evolve. OVERVIEW OF THE SARBANES-OXLEY ACT The Sarbanes-Oxley Act of 2002 is the single most important piece of legislation affecting
More informationCIIA South West Analytics in Internal Audit - Tackling Fraud
CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls
More informationIn-Depth Guide to Public Company Auditing: The Financial Statement Audit
In-Depth Guide to Public Company Auditing: The Financial Statement Audit Why an In-Depth Guide to Public Company Auditing? The foundation for confidence in U.S. capital markets is strengthened through
More informationApplying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm
Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More informationXBRL: Streamlining Credit Risk Management
XBRL: Streamlining Credit Risk Management By: Mike Willis Brad Saegesser Abstract Computing power is changing credit assessment processes in profound ways. Credit risk modeling and benchmarking are becoming
More informationApplication Control Effectiveness for SAP. December 2007
Application Control Effectiveness for SAP December 2007 Meeting Objectives Application Control Effectiveness Compliance at a glance Trends and challenges Technology issues Application Control Business
More informationSharing of Experience Section 404 Sarbanes-Oxley Act
Sharing of Experience Section 404 Sarbanes-Oxley Act 13th September 2005 Peter Koo Partner Deloitte Touche Tohmatsu CPA(HK), CA, AICPA, CISA, CISM, CIA,CFE, CRP Tel (HK): +852-2852-6507 Tel (China) : +86
More informationAudit Quality Thematic Review
Thematic Review Professional discipline Financial Reporting Council December 2014 Audit Quality Thematic Review The audit of loan loss provisions and related IT controls in banks and building societies
More informationIFIAR 2015 Member Profile - PCAOB
Jurisdiction United States of America (USA) 1. Organization Insert the name of the Organization, both in the local language and in English: Public Company Accounting Oversight Board ( PCAOB ) Include relevant
More informationSarbanes-Oxley Section 404 Implementation Practices of Leading Companies
Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies Dr. Robert A. Howell Distinguished Visiting Professor of
More informationWhitepaper. GL Consolidation. Published on: August 2011 Author: Sivasankar. Hexaware Technologies. All rights reserved. www.hexaware.
Published on: August 2011 Author: Sivasankar Hexaware Technologies. All rights reserved. Table of Contents 1. General Ledger Consolidation - Making The Right Moves 2. Problem Statement / Concerns 3. Solutions
More informationSarbanes-Oxley and Sage MAS 90, 200, and 500. www.sagemas.com
Sarbanes-Oxley and Sage MAS 90, 200, and 500 www.sagemas.com Table of Contents Introduction... 3 Separating Truth From Fiction... 3 Impact of Sarbanes-Oxley... 5 Integrated Systems... 5 Security by Design...
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationAUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL
AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL AUDIT REPORT JUNE 2010 TABLE OF CONTENTS EXCUTIVE SUMMARY... 3 1 INTRODUCTION... 5 1.1 AUDIT OBJECTIVE. 5 1.2 SCOPE...5 1.3 SUMMARY
More informationPartner With Your Auditor on Controls
WHITE PAPER Partner With Your Auditor on Controls How management can help its auditors address PCAOB inspections findings on internal control Written by Thomas Ray, Distinguished Lecturer at Baruch College
More informationImpact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit
Impact of the Sarbanes-Oxley Act on the System of Internal Controls and IS Audit Eva Šimková Hewlett-Packard s.r.o. Vyskočilova 1/1410 14021 PRAHA eva.simkova@hp.com Abstract: The purpose of this paper
More informationStages of the Audit Process
Chapter 5 Stages of the Audit Process Learning Objectives Upon completion of this chapter you should be able to explain: LO 1 Explain the audit process. LO 2 Accept a new client or confirming the continuance
More informationAn Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements
Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
More informationWhite Paper March 2009. Consolidation automation Advancing compliance and performance management
White Paper March 2009 Consolidation automation Advancing compliance and performance management 2 Contents 3 Business problems 3 Business drivers Consolidation: At the core of compliance and performance
More informationEU Project N MARKT/2007/15/F LOT 2
EU Project N MARKT/2007/15/F LOT 2 Evaluation of the differences between International Standards on Auditing (ISA) and the standards of the US Public Company Accounting Oversight Board (PCAOB) Maastricht
More informationSTAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014 This publication
More informationData mining life cycle in fraud auditing
Data mining life cycle in fraud auditing ELENA MONICA SABĂU Faculty of Accounting and Management Information Systems Academy of Economic Studies 6, Romană Square, District 1, Bucharest emsabau@gmail.com
More informationBDO Seidman, LLP Accountants and Consultants
BDO Seidman, LLP Accountants and Consultants 330 Madison Avenue New York, NY 10017 (212) 885-8000 Phone (212) 697-1299 Fax Via E-mail: comments@pcaobus.org Office of the Secretary Public Company Accounting
More informationAccounting and Auditing Matters
Accounting and Auditing Matters The Chief Accountant is the principal adviser to the Commission on accounting and auditing matters arising from the administration of the federal securities laws. Activities
More informationReport on. 2010 Inspection of PricewaterhouseCoopers LLP (Headquartered in New York, New York) Public Company Accounting Oversight Board
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Report on 2010 (Headquartered in New York, New York) Issued by the Public Company Accounting
More informationCommunicating Internal Control Related Matters Identified in an Audit
Communicating Internal Control 1843 AU Section 325 Communicating Internal Control Related Matters Identified in an Audit (Supersedes SAS No. 112.) Source: SAS No. 115. Effective for audits of financial
More informationSupply Chain Management Build Connections
Build Connections Enabling a business in manufacturing Building High-Value Connections with Partners and Suppliers Build Connections Is your supply chain responsive, adaptive, agile, and efficient? How
More informationResponse e-mailed to comments@pcaobus.org
Richard F. Chambers Certified Internal Auditor Certified Government Auditing Professional Certification in Control Self-Assessment President and Chief Executive Officer DATE Office of the Secretary PCAOB
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationContinuous auditing: the audit of the future
Zabihollah Rezaee Professor of Accounting, Middle Tennessee State University, Murfreesboro, Tennessee, USA Rick Elam Reynolds Professor of Accountancy, University of Mississippi, Oxford, Mississippi, USA
More informationAre CAATs keeping you awake at night?
Are CAATs keeping you awake at night? SUMMARY: The importance of using Computer-Assisted Audit Techniques is discussed. A challenge is made regarding the audit profession s traditional methodology. The
More informationCycle Counts of Inventory, A Practical Guide
Cycle Counts of Inventory, A Practical Guide Background The most successful are continually looking for ways to improve the efficiency and effectiveness of their operations. Following the widespread adoption
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.
Aboriginal Affairs and Northern Development Canada Internal Audit Report Audit of Internal Controls Over Financial Reporting Prepared by: Audit and Assurance Services Branch Project #: 14-05 November 2014
More informationAttestation of Identity Information. An Oracle White Paper May 2006
Attestation of Identity Information An Oracle White Paper May 2006 Attestation of Identity Information INTRODUCTION... 3 CHALLENGES AND THE NEED FOR AUTOMATED ATTESTATION... 3 KEY FACTORS, BENEFITS AND
More informationHow To Get A Tech Startup To Comply With Regulations
Agile Technology Controls for Startups a Contradiction in Terms or a Real Opportunity? Implementing Dynamic, Flexible and Continuously Optimized IT General Controls POWERFUL INSIGHTS Issue It s not a secret
More informationChanges to Broker-Dealer Reporting & Auditing
Background The Sarbanes-Oxley Act of 2002 created the Public Company Accounting Oversight Board (PCAOB) and required that auditors of U.S. public companies be subject to external, independent oversight
More informationThe Information Systems Audit
November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated
More informationWhat Should IS Majors Know About Regulatory Compliance?
What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.
More informationGuide to Pcaob Inspections
Guide to Pcaob Inspections october 2012 Since 2002, a new regulator, the Public Company Accounting Oversight Board (PCAOB), has had responsibility for overseeing auditors of public companies. Regular inspections
More informationINTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS
INTERNATIONAL STANDARD ON ENGAGEMENTS 2410 OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY (Effective for reviews of interim financial information for periods beginning
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationwww.sryas.com Analance Data Integration Technical Whitepaper
Analance Data Integration Technical Whitepaper Executive Summary Business Intelligence is a thriving discipline in the marvelous era of computing in which we live. It s the process of analyzing and exploring
More information