Brink's Modern. Internal Auditing. Eighth Edition. A Common Body of Knowledge ROBERT R. MOELLER WILEY
|
|
- Drusilla Sherman
- 7 years ago
- Views:
Transcription
1 Brink's Modern Internal Auditing Eighth Edition A Common Body of Knowledge ROBERT R. MOELLER WILEY
2 Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update Internal Auditing History and Background Mission of Internal Auditing Organization of this Book 9 Note 10 Chapter 2: An Internal Audit Common Body of Knowledge What Is a CBOK? Experiences from Other Professions What Does an Internal Auditor Need to Know? An Internal Auditing CBOK Another Attempt: The IIA Research Foundation's CBOK Essential Internal Audit Knowledge Areas 25 Notes 25 PART TWO: IMPORTANCE OF INTERNAL CONTROLS Chapter 3: The COSO Internal Control Framework Understanding Internal Controls Revised COSO Framework Business and Operating Environment Changes The Revised COSO Internal Control Framework COSO Internal Control Principles COSO Internal Control Components: The Control Environment COSO Internal Control Components: Risk Assessment COSO Internal Control Components: Internal Control Activities COSO Internal Control Components: Information and Communication COSO Internal Control Components: Monitoring Activities The COSO Framework's Other Dimensions 57 vii
3 Contents Chapter 4: The 17 COSO Internal Control Principles COSO Internal Control Framework Principles Control Environment Principle 1: Integrity and Ethical Values Control Environment Principle 2: Role ofthe Board of Directors Control Environment Principle 3: Authority and Responsibility Needs Control Environment Principle 4: Commitment to a Competent Workforce Control Environment Principle 5: Holding People Accountable Risk Assessment Principle 6: Specifying Appropriate Objectives Risk Assessment Principle 7: Identifying and Analyzing Risks Risk Assessment Principle 8: Evaluating Fraud Risks Risk Assessment Principle 9: Identifying Changes Affecting Internal Controls Control Activities Principle 10: Selecting Control Activities That Mitigate Risks Control Activities Principle 11: Selecting and Developing Technology Controls Control Activities Principle 12: Policies and Procedures Information and Communication Principle 13: Using Relevant, Quality Information Information and Communication Principle 14: Internal Communications Information and Communication Principle 15: External Communications Monitoring Principle 16: Internal Control Evaluations Monitoring Principle 17: Communicating Internal Control Deficiencies 83 Note 84 Chapter 5: Sarbanes-Oxley (SOx) and Beyond Key Sarbanes-Oxley Act (SOx) Elements Performing Section 404 Reviews under ASS ASS Rules and Internal Audit Impact of the Sarbanes-Oxley Act 120 Notes 121 Chapter 6: COBIT and Other ISACA Guidance Introduction to COBIT COBIT Framework Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End to End Principle 3: A Single Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance from Management Using COBIT to Assess Internal Controls Mapping COBIT to COSO Internal Controls 139 Notes 139
4 Contents ix Chapter 7: Enterprise Risk Management: COSO ERM Risk Management Fundamentals COSO ERM: Enterprise Risk Management COSO ERM Key Elements Other Dimensions of COSO ERM: Enterprise Risk Objectives Entity-Level Risks Putting It All Together: Auditing Risk and COSO ERM Processes 175 Notes 178 PART THREE: FLANNING AND PERFORMING INTERNAL AUDITS Chapter 8: Performing Effective Internal Audits Initiating and Launching an Internal Audit Organizing and Flanning Internal Audits Internal Audit Preparatory Activities Starting the Internal Audit Developing and Preparing Audit Programs Performing the Internal Audit Wrapping Up the Field Engagement Internal Audit Performing an Individual Internal Audit 213 Chapter 9: Standards for the Professional Practice of Internal Auditing What ls the IPPF? The Internal Auditing Professional Practice Standards: A Key IPPF Component Content of the IIA Standards Codes of Ethics: The IIA and ISACA Internal Audit Principles IPPF Future Directions 232 Notes 233 Chapter 10: Testing, Assessing, and Evaluating Audit Evidence Gathering Appropriate Audit Evidence Audit Assessment and Evaluation Techniques Internal Audit Judgmental Sampling Statistical Audit Sampling: An Introduction Developing a Statistical Sampling Plan Audit Sampling Approaches Attributes Sampling Audit Example Attributes Sampling Advantages and Limitations Monetary Unit Sampling Other Audit Sampling Techniques Making Efficient and Effective Use of Audit Sampling 269 Notes 271
5 Contents Preface Chapter 11: Continuous Auditing and Computer-Assisted Audit Techniques Implementing Continuous Assurance Auditing ACL, NetSuite, BusinessObjects, and Other Continuous Assurance Systems Benefits of CAA Computer-Assisted Audit Tools and Techniques Determining the Need for CAATTs Steps to Building Effective CAATTs Importance of Using CAATTs for Audit Evidence Gathering XBRL: The Internet-Based Extensible Marking Language 290 Notes 293 Chapter 12: Control Self-Assessments and Internal Audit Benchmarking Importance of Control Self-Assessments CSA Model Launching the CSA Process Evaluating CSA Results Benchmarking and Internal Audit Better Understanding Internal Audit Activities 312 Notes 313 Chapter 13: Areas to Audit: Establishing an Audit Universe and Audit Programs Defining the Scope and Objectives of the Internal Audit Universe Assessing Internal Audit Capabilities and Objectives Audit Universe Time and Resource Limitations "Selling" an Audit Universe Concept to the Audit Committee and Management Assembling Audit Programs: Audit Universe Key Components Audit Universe and Program Maintenance 330 PART FOUR: ORGANIZING AND MANAGING INTERNAL AUDIT ACTIVITIES Chapter 14: Charters and Building the Internal Audit Function Establishing an Internal Audit Function Audit Committee and Management Authorization of an Audit Charter Establishing an Internal Audit Function 338 Notes 345
6 Contents xi Chapter 15: Managing the Internal Audit Universe and Key Competencies Auditing in the Weeds: Problems with Reviews of Nonmainstream Audit Areas Importance of an Audit Universe Schedule: What Is Right or Wrong Importance of Internal Audit Key Competencies Importance of Internal Audit Risk Management Internal Auditor Interview Skills Internal Audit Analytical and Testing Skills Competencies Internal Auditor Documentation Skills Recommending Results and Corrective Actions Internal Auditor Negotiation Skills An Internal Auditor Commitment to Learning Importance of Internal Auditor Core Competencies 363 Chapter 16: Flanning Audits and Understanding Project Management The Project Management Process PMBOK: The Project Management Book of Knowledge PMBOK Program and Portfolio Management Flanning an Internal Audit Understanding the Environment: Flanning and Launching an Internal Audit Audit Flanning: Documenting and Understanding the Internal Control Environment Performing Appropriate Internal Audit Procedures and Wrapping Up the Audit Project Management Best Practices and Internal Audit 386 Note 387 Chapter 17: Documenting Audit Results through Process Modeling and Workpapers Internal Audit Documentation Requirements Process Modeling for Internal Auditors Internal Audit Workpapers Workpaper Document Organization Workpaper Preparation Techniques Internal Audit Document Records Management Importance of Internal Audit Documentation 410 Notes 410 Chapter 18: Reporting Internal Audit Results The Audit Report Framework Purposes and Types of Internal Audit Reports Published Audit Reports Alternative Audit Report Formats 425
7 Contents 18.5 Internal Audit Reporting Cycle Internal Audit Communications Problems and Opportunities Audit Reports and Understanding People in Internal Auditing 436 PART FIVE: IMPACT OF INFORMATION SYSTEMS ON INTERNAL AUDITING Chapter 19: ITIL Best Practices, the IT Infrastructure, and General Controls Importance of IT General Controls Client-Server and Small Systems General IT Controls Client-Server Computer Systems Small Systems Operations Internal Controls Auditing IT General Controls for Small IT Systems Mainframe Legacy System Components and Controls Internal Control Reviews of Classic Mainframe or Legacy IT Systems Legacy of Lange System General Control Reviews ITIL Service Support and Delivery IT Infrastructure Best Practices Service Delivery Best Practices Auditing IT Infrastructure Management Internal Auditor CBOK Needs for IT General Controls 483 Notes 484 Chapter 20: BYOD Practices and Social Media Internal Audit Issues The Growth and Impact of BYOD Understanding the Enterprise BYOD Environment BYOD Security Policy Elements Social Media Computing Enterprise Social Media Computing Risks and Vulnerabilities Social Media Policies 504 Chapter 21: Big Data and Enterprise Content Management Big Data Overview Big Data Governance, Risk, and Compliance Issues Big Data Management, Hadoop, and Security Issues Compliance Monitoring and Big Data Analytics Internal Auditing in a Big Data Environment Enterprise Content Management Internal Controls Auditing Enterprise Content Management Processes 520 Notes 521 Chapter 22: Reviewing Application and Software Management Controls IT Application Components Selecting Applications for Internal Audit Reviews 533
8 Contents xiii 22.3 Preliminary Steps to Performing Application Controls Reviews Completing the IT Application Controls Audit Application Review Example: Client-Server Budgeting System Auditing Applications under Development Importance of Reviewing IT Application Controls 557 Notes 558 Chapter 23: Cybersecurity, Hacking Risks, and Privacy Controls Hacking and IT Network Security Fundamentals Data Security Concepts Importance of IT Passwords Viruses and Malicious Program Code System Firewall Controls Social Engineering IT Risks IT Systems Privacy Concerns The NIST Cybersecurity Framework Auditing IT Security and Privacy PCI DSS Fundamentals Security and Privacy in the Internal Audit Department Internal Audit's Privacy and Cybersecurity Roles 584 Chapter 24: Business Continuity and Disaster Recovery Flanning IT Disaster and Business Continuity Flanning Today Auditing Business Continuity Flanning Process es Building the IT Business Continuity Plan Business Continuity Flanning and Service Level Agreements Auditing Business Continuity Plans Business Continuity Flanning Going Forward 605 Notes 606 PART SIX: INTERNAL AUDIT AND ENTERPRISE GOVERNANCE Chapter 25: Board Audit Committee Communications Role of the Audit Committee Audit Committee Organization and Charters Audit Committee's Financial Expert and Internal Audit Audit Committee Responsibilities for Internal Audit Audit Committee Review and Action on Significant Audit Findings Audit Committee and Its External Auditors Whistleblower Programs and Codes of Conduct Other Audit Committee Roles 626 Note 627 Chapter 26: Ethics and Whistleblower Programs Enterprise Ethics, Compliance, and Governance Ethics First Steps: Developing a Mission Statement 632
9 Contents 26.3 Understanding the Ethics Risk Environment Summarizing Ethics Survey Results: Do We Have a Problem? Enterprise Codes of Conduct Whistleblower and Hotline Functions Auditing the Enterprise's Ethics Functions Improving Corporate Governance Practices 651 Notes 651 Chapter 27: Fraud Detection and Prevention Understanding and Recognizing Fraud Red Flags: Fraud Detection Signs for Internal Auditors Public Accounting's Role in Fraud Detection IIA Standards for Detecting and Investigating Fraud Fraud Investigations for Internal Auditors Information Technology Fraud Prevention Processes Fraud Detection and the Internal Auditor 669 Notes 669 Chapter 28: Internal Audit GRC Approaches and Other Compliance Requirements The Road to Effective GRC Principles GRC Risk Management Components GRC and Internal Audit Enterprise Compliance Issues Importance of Effective GRC Practices and Principles 679 PART SEVEN: THE PROFESSIONAL INTERNAL AUDITOR Chapter 29: Professional Certifications: CIA, CISA, and More Certified Internal Auditor Responsibilities and Requirements Beyond the CIA: Other IIA Certifications Importance of the CIA Specialty Certification Examinations Certified Information Systems Auditor Certified Information Security Manager Certified in the Governance of Enterprise IT Certified in Risk and Information Systems Control Certified Fraud Examiner Certified Information Systems Security Professional ASQ Internal Audit Certifications Other Internal Auditor Certifications 700 Chapter 30: The Modern Internal Auditor as an Enterprise Consultant Standards for Internal Audit as an Enterprise Consultant Launching an Internal Audit Internal Consulting Facility 704
10 Contents xv 30.3 Ensuring an Audit and Consulting Separation of Duties Consulting Best Practices Expanded Internal Audit Services to Management 714 PART EIGHT: THE OTHER SIDES OF AUDITING: PROFESSIONAL CONVERGENCE Chapter 31: Quality Assurance Auditing and ASQ Standards Duties and Responsibilities of ASQ Quality Auditors Role of the Quality Auditor Performing ASQ Quality Audits Quality Assurance Reviews of the Internal Audit Function Launching the Internal Audit Quality Assurance Review Reporting the Results of an Internal Audit Quality Assurance Review Future Directions for Quality Assurance Auditing 744 Chapter 32: Six Sigma and Lean Techniques for Internal Audit Six Sigma Background and Concepts Implementing Six Sigma Six Sigma Leadership Roles and Responsibilities Launching an Enterprise Six Sigma Project Lean Six Sigma Auditing Six Sigma Processes Six Sigma in Internal Audit Operations 758 Notes 760 Chapter 33: ISO and Worldwide Internal Audit Standards ISO Standards Background ISO Standards Overview ISO IT Governance Standard ISO Standards and the COSO Internal Control Framework Internal Audit and International Auditing Standards 777 Notes 779 Chapter 34: A CBOK for the Modern Internal Auditor Part One: Foundations of Internal Auditing CBOK Requirements Part Two: Importance of Internal Controls CBOK Requirements PartThree: Flanning and Performing Internal Audit CBOK Requirements Part Four: Organizing and Managing Internal Audit Activities CBOK Requirements Part Five: Impact of IT on Internal Auditing CBOK Requirements Part Six: Internal Audit and Enterprise Governance CBOK Requirements Part Seven: Internal Auditor Professional CBOK Requirements 788
11 xvi Contents 34.8 Part Eight: The Other Sides of Internal Auditing: Professional Convergence CBOK Requirements A CBOK for the Modern Internal Auditor 789 Notes 794 About the Author 795 Index 797
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationExecutive's Guide to
Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS
More informationCOSO Enterprise Risk Management. Establishing Effective Governance, Risk, and Compliance (GRC) Processes. 2nd Edition. Wiley Corporate F&A
Brochure More information from http://www.researchandmarkets.com/reports/2220031/ COSO Enterprise Risk Management. Establishing Effective Governance, Risk, and Compliance (GRC) Processes. 2nd Edition.
More informationContents. xv xvii xxi. Case Studies Preface Acknowledgments
Contents Case Studies Preface Acknowledgments xv xvii xxi CHAPTER 1 CAATTs History 1 The New Audit Environment 2 The Age of Information Technology 3 Decentralization of Technology 3 Absence of the Paper
More informationProactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you
3/27/2012 Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you Executive Summary The time to test fraud controls is before you have a fraud
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationDepartment of Audit and Compliance. Quality Self-Assessment
Department of Audit and Compliance Quality Self-Assessment November 2014 CONTENTS EXECUTIVE SUMMARY... 2 PURPOSE OF SELF-ASSESSMENT... 4 SELF-ASSESSMENT SCOPE OF WORK... 4 RESULTS OF SELF-ASSESSMENT WORK...
More informationPrincipled Performance & GRC
part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationThe Information Systems Audit
November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated
More informationThe 2012 Healthcare Internal Auditing
Feature 2012 Healthcare Internal Auditing Survey Conducted by the Association of Healthcare Internal Auditors, Inc. and the Louisiana State University Center for Internal Auditing By Lydia Lafleur, CIA,
More informationGovernance Simplified
Information Security Governance Simplified From the Boardroom to the Keyboard TODD FITZGERALD, cissp; cisa, cism Foreword by Tom Peltier CRC Press Taylor & Francis Croup Boca Raton London NewYork CRC Press
More informationDatabase Security and Auditing
Database Security and Auditing COURSE DESCRIPTION: This seminar aims to provide the Database Administrators, System Administrators, Auditors and IT Security Officers an overview on how to secure and audit
More informationAgenda 3/7/2011. 2011 ERM Symposium March 14 16, 2011. Continuous Controls Monitoring. I. Changes In Corporate Environment
2011 ERM Symposium March 14 16, 2011 Continuous Controls Monitoring Futuristic Approach to Enterprise Risk Management Swissotel, Chicago, Chicago IL. Speakers: Syed M. Ali Alan Ash Sr. Audit Manager, Director
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationTable of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.
Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What
More informationCORE CONCEPTS OF. Thirteenth Edition. Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada
CORE CONCEPTS OF Accounting Information Systems Thirteenth Edition Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada Jacob M. Rose, Ph D. Trustee Professor Department
More informationNINTH EDITION A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT
NINTH EDITION AUDITING A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT Kar la M. Johnstone University of Wisconsin Madison Audrey A. Gramling Bellarmine University Larry E. Rittenberg University of
More informationInternal Audit Quality Assessment. Presented To: World Intellectual Property Organization
Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,
More informationEnterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A
Brochure More information from http://www.researchandmarkets.com/reports/2243175/ Enterprise Risk Management Best Practices. From Assessment to Ongoing Compliance. Wiley Corporate F&A Description: High-level
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationTHE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT. Session 4
THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT Session 4 Road Map of Presentation Review of the key responsibilities of the Board - the direct links to the IC System & IA function Analyze
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationPerformance Measures for Internal Auditing
Performance Measures for Internal Auditing A simple question someone may ask is Why measure performance? An even simpler response would be that what gets measured gets done. McMaster University s discussion
More informationPart I - CIA Entry Level Exam 125 Questions: 2.5 Hours (150 minutes)
art I - CI Entry Level Exam 125 Questions: 2.5 Hours (150 minutes) Domain I Mandatory Guidance (35-45%) Level of Definition of Internal uditing Code of Ethics C International Standards Domain II Internal
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationCYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA
CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA Robert Stroud International President, ISACA VP Strategy & Innovation, CA Technologies
More informationCESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationAUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives
AUD105-2nd Edition Auditor s Guide to IT - 20 hours Objectives More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types
More informationBuilding A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.
Building A Framework-based Compliance Program Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.com Agenda The compliance process Assembling requirements Useful frameworks
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationWhat s new In the News Data Breach Discussion The 5 W s Risk Analysis: Why, What, how, When, and Who Common Issues Observed Q / A Session Purdue
What s new In the News Data Breach Discussion The 5 W s Risk Analysis: Why, What, how, When, and Who Common Issues Observed Q / A Session Purdue Healthcare Advisors The # of data breaches is climbing The
More informationOctober 20, 2015. Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division
Internal Audit Annual Report Fiscal Year 2015 October 20, 2015 Honorable Greg Abbott, Governor Members of the Legislative Budget Board Members of the Sunset Advisory Commission Mr. John Keel, CPA, State
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationSECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT
SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing
More informationIT Auditing and. Discussion Topics. What is IT Auditing?
IT Auditing and Computer Forensics Kevin H. Doar, CISA Auditor Discussion Topics What is IT Auditing? IT Auditor Skillset IT Auditing Standards & Frameworks IT Controls with Case Examples The Direction
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationCOBIT 5 Introduction. 28 February 2012
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
More informationInternal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.
Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationTHE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014
THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014 Since the last Audit Committee meeting, the OIA has focused on finalizing the execution of the 2013 Audit Plan and the development of the
More informationGRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationInformation Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza
Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank
More informationAthens, 2 December 2011 Hellenic American Union Conference Center
Athens, 2 December 2011 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 1 st ISACA Athens Chapter Conference on December 2 nd, 2011. The
More informationSurviving an IT Audit. Michael Hammond, CISA, CRISC, CISSP, C EH Director, IT Audit Services O Connor & Drew P.C. mhammond@ocd.com www.ocd.
Surviving an IT Audit Michael Hammond, CISA, CRISC, CISSP, C EH Director, IT Audit Services O Connor & Drew P.C. mhammond@ocd.com www.ocd.com 1 Who am I? Michael Hammond USAF veteran (IT and paralegal)
More information1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition
1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...
More informationAHIA HCCA Auditing & Monitoring Focus Group Defining the Key Roles and Responsibilities Corporate Compliance and Internal Audit.
and Requirement: May be required if the organization must comply with Sarbanes-Oxley. Otherwise, is implemented as an organizational governance/business decision and best practice. Purpose: Provide independent
More informationInternal Auditing: Assurance, Insight, and Objectivity
Internal Auditing: Assurance, Insight, and Objectivity WHAT IS INTERNAL AUDITING? INTERNAL AUDITING business people all around the world are familiar with the term. But do they understand the value it
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationBOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL
BOARD OF EDUCATION OF BALTIMORE COUNTY INTERNAL AUDIT OPERATIONS MANUAL BACKGROUND The Office of Internal Audit Operations Manual was developed to be used as a guide and resource for the Office of Internal
More information3/17/2015 HOW AND WHEN TO UTILIZE IT INTERNAL AUDITORS IN COMPLIANCE CHASE WHITAKER HCA HOSPITAL CORPORATION OF AMERICA FACILITIES AND LOCATIONS
HOW AND WHEN TO UTILIZE IT INTERNAL AUDITORS IN COMPLIANCE CHASE WHITAKER HCA HOSPITAL CORPORATION OF AMERICA $37B annual net revenue $24B total assets $7B EBITDA $1.8B Net Income 215,000 employees 5%
More informationTOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationA Look at the Varied Responsibilities of Internal Auditors. internal auditing: All in a days work
ALL IN A DAY S WORK A Look at the Varied Responsibilities of Internal Auditors internal auditing: All in a days work The Institute of Internal Auditors Achieving Objectives For the most part, companies
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationCFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material
P a g e 1 CFE 2 Enterprise Risk Management Study Guide - Supplemental Background Material The passing score for this test is 74% Reference Guides: Enterprise Risk Management Best Practices: From Assessment
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Advisor, Health Information Trust Alliance 2011-2014 HITRUST LLC, Frisco,
More informationCIMA'S Official Learning System
cima CIMA'S Official Learning System Strategic Level Paul M. Collier Sam Agyei-Ampomah ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Contents
More informationAmid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry
Amid Ongoing Transformation and Compliance Challenges, Cybersecurity Represents Top IT Concern in Financial Services Industry IT leaders are battening down the hatches, according to Protiviti s latest
More informationIT Senior Audit Leader
IT Senior Audit Leader Locations: Minneapolis, MN; Phoenix, AZ; Denver, CO; Des Moines, IA; Philadelphia, PA; Charlotte, NC; San Francisco, CA and San Antonio, TX Job Description Wells Fargo Audit Services
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationIT Security & Compliance Risk Assessment Capabilities
ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,
More informationMANAGEMENT DEVELOPMENT COURSES
(FULL VIEW) MANAGEMENT DEVELOPMENT COURSES MANAGEMENT DEVELOPMENT COURSES LEADERSHIP DEVELOPMENT Developing Leadership Competencies 4 4 days 230,000 1-4 13-16 26-29 6-9 Critical Thinking: Tools for Problem
More informationOffice of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug
More informationRoles and Responsibilities Corporate Compliance and Internal Audit
Roles and Responsibilities and By Mark P. Ruppert, CPA, CIA, CISA, CHFP The focus group of Health Care Compliance Association (HCCA) and Association of Healthcare ors (AHIA) members continues to explore
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationThe Crossroads of Accounting & IT
The Crossroads of Accounting & IT Donna Kay, MBA, PhD, CPA, CITP Maryville University of Saint Louis Ali Ovlia, MS, DM Webster University Pearson Boston Columbus- Indianapolis New York San Francisco Upper
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationIT Manager's Handbook
IT Manager's Handbook Getting your new job done Third Edition Bill Holtsnider Brian D. Jaffe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan
More informationEMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES
EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationCompliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards
Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 11, 2014 Session
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationDevelop an Effective Control Environment. W. Wade Sapp CUNA Mutual Group February 11, 2015
Leveraging Slide Heading Frameworks to Develop an Effective Control Environment W. Wade Sapp CUNA Mutual Group February 11, 2015 Introductions Company CUNA Mutual Group, Madison Wi CUNA currently utilizes
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationRepublic of Rwanda. Government of Rwanda Internal Audit Procedures Manual
Republic of Rwanda Government of Rwanda Internal Audit Procedures Manual Published by Ministry of Finance & Economic Planning July 2011 i Distribution of this manual This manual is strictly for use by
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationPractical Guidance for Auditing IT General Controls. September 2, 2009
Practical Guidance for Auditing IT General Controls Chase Whitaker, CPA, CIA September 2, 2009 About Hospital Corporation of America $28B annual revenue $24B total assets $4.6B EBDITA $673M Net Income
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationPlease feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.
17 May 2012 International Internal Audit Standards Board Via e-mail: Lily.Bi@theiia.org Re: Definition of Internal Auditing Ms. Lily Bi, CIA, CISA, CGEIT Director, Standards and Guidance The Institute
More informationInternational Institute of Management
Executive Education Executive Action Learning Seminars Executive Seminars Executive Courses International Institute of Management Executive Education Courses CIO & Sarbanes Oxley Compliance SOX Implementation
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationInternal Controls and Risk Management Report
42 Internal Controls and Risk Management Report Responsibility Our Board of Directors has the overall responsibility to ensure that sound and effective internal controls are maintained, while management
More informationEffectively Assessing IT General Controls
Effectively Assessing IT General Controls Tommie Singleton UAB AGENDA Introduction Five Categories of ITGC Control Environment/ELC Change Management Logical Access Controls Backup/Recovery Third-Party
More informationHow quality assurance reviews can strengthen the strategic value of internal auditing*
How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,
More informationSTANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices
A S I S I N T E R N A T I O N A L Supply Chain Risk Management: Risk Assessment A Compilation of Best Practices ANSI/ASIS/RIMS SCRM.1-2014 RA.1-2015 STANDARD The worldwide leader in security standards
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More information