AuditNet Links
Audit Programs
AuditNet Library
AuditNet Newsletter
Ask the Auditor
AuditNet Lists
Audit Jobs
Travel
Career Links
Partner Discounts
Search
Sign Guestbook
AuditNet Sponsors
Advertising Opportunities
About AuditNet
About Jim Kaplan
AuditNet Seminars
AuditNet Homepage

Sponsor News!

This month check out Audit Leverage, department management software that uses Microsoft Access for working papers, risk assessment, staffing and scheduling, timekeeping, and more. Supporting our sponsors supports AuditNet^®!

Overlooked Issues in Wireless Security

Corporate security policies must be in place to address the unique risks of wireless technologies. These standards and polices should evaluate and document the risks that a company is willing to accept and the controls that will be implemented to mitigate them. Formal standards and policies also implement a baseline to which all access points can be configured, and against which they can be tested. Unfortunately, many companies have not developed the necessary wireless security policies.

This month's article on overlooked issues in wireless security was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com.

Click here for a list of commonly overlooked issues in organizational security policies.

Roles Models and Internal Audit

by Kastuv Ray

The common perception of an internal auditor by a department that has never been subject to an audit before is that “Godzilla is coming to town.” This conjures images of Japanese movies where a giant fire-breathing reptile sets their sights on Tokyo with mass hysteria and panic setting in and people fleeing.

What can we as internal auditors do to improve our image and our audit approach?

Click here for the article submitted by Kastuv Ray, a regular contributor to AuditNet^®.

Where the Jobs Are: Internal Auditing

(From the Jobsinthemoney Finance Career Newsletter)

The demand for internal auditors remains strong. It has been buoyed not only by cyclical recessionary economic conditions that put a premium on cost and operational control, but also by a broad-based desire to mitigate company excesses of the preceding boom period.

To paraphrase the Institute of Internal Auditors' definition, internal auditing is an 'assurance and consulting activity designed to add value and improve an organization's operations... by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.'

Keep in the loop! Register now to use our career management tools, receive jobs via email, apply to jobs and post a resume.

AuditNet Job Listings (& more)

Looking for an audit job? Go to the AuditNet^® Audit Jobs section for the latest job opportunities. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet^® your first stop to check out what's available.

This is just another benefit of using AuditNet^® as your one stop shop for all your audit and career resources.

A client called from a cellular phone just before entering an interview. He quickly queried, “What are they looking for if they ask me what are my career plans?”

The time to think through and determine how you will present your qualifications is well before you plan to walk through the employer’s door. Job interviews are the crucial last step in the job search process and it is where both you and the organization learn whether you are both a good fit for each other.

For ten strategic steps to practice days before your next job interview click here.

Each month the AuditNet^® Newsletter includes a career-related tip from Robbie Miller Kaplan, author of How to Say It in Your Job Search. If you like these tips, check out her books! For more career tips go the Job-Resources Web site.

For those who like to wade through the details on how popular AuditNet^® is, click here for the current stats or go to the online WebTrends report.

Auditors have been documenting internal controls and systems for as long as I can remember and longer. Here are some tips for Flow Charting 5 users.

The only periodical of its kind bringing useful and timely advice and insights into the prevention detection, and investigation of all forms of computer and Internet crime. The April 2003 issue includes articles on the biggest mistakes companies make in computer crime prevention, how to be prepared for an investigation of cyber-crime incidents, word processing dangers for information security and more. For more information visit www.cybercrimefighter.net

AuditNet^® Conference Update

AuditNet^® Book Reviews

Miller IT Audits

By Xenia Ley Parker

Perhaps this book should be called Everything You Wanted to Know About IT Auditing But Were Afraid to Ask. Ms. Parker has done an excellent job of covering the subject of IT Auditing from soup to nuts. This timely book is separated into three parts: The Basics, Controls and IT Auditing Today. All auditors now find themselves having to cover information technology in each audit they conduct. Ms. Parker includes coverage of e-commerce and the Internet as well as using software to audit. The easy to read and easy to understand approach for this technical area makes this book a must have for all professional audit libraries! An important component of Miller IT Audits that will be appreciated by all auditors is the CD-ROM accompanying the book as it includes audit programs, checklists, questionnaires, sample correspondence and IT security documentation.

ISBN 0735536244
1-800-638-8437

For more information go to www.aspenpublishers.com

International Auditing: Practical Resource Guide

by David O’Regan

Auditors involved in any aspect of international auditing should consider adding this book to their professional library. The book provides an in-depth analysis of all risks facing international entities and the challenges that auditors must confront in the global environment. Country by country this book covers the legal, regulatory and fiscal requirements as well as cultural differences and more. One brief update may be needed in this publication for Iraq. The author writes “at the time of writing, the United States is threatening to topple Saddam by military action if necessary, alleging that the Iraqi regime is developing weapons of mass destruction.” Many businesses now operate on a global scale and their auditors must be familiar with conducting business in this new arena.

Available from John Wiley ISBN 0471263826

AuditNet^® Feedback

I'm very impressed with your website. Very informative and educational...

Great source of information that is kept updated regularly, thanks Jim!

The site has been helpful. It's a very good way to introduce new audit staff to the web and the sources of information out there.

According to Norse Mythology, Valhalla was a hall where the great warriors after passing away were taken to feast at night and sing and talk of battles. This website can be compared to that Great Hall. The contributions the warriors and Jim Kaplan can be compared to Odin - the being that holds it all together. Therefore there is a Call to Arms for all auditors out there to contribute and make this the premier knowledge management database in the world. We as auditors need to leave behind a legacy to others to enter this fine profession. Kastuv Ray 31/03/03

Audit Work Programs Corner

Auditors Sharing Audit Programs and Working Papers

The following audit programs, ICQs, checklist or working papers were added this month. They are in format unless otherwise specified. They are also available in format by email in exchange for a contribution of an audit work program, ICQ or checklist.

1. Audit Finding Tracking Worksheet

2. Bank Consumer Compliance ICQ

3. Banking Regional Branch Audit

4. Community Reinvestment Act Checklist

5. Control Objectives

6. Costing Audit Program

7. Due Diligence (Corporate Merger)

8. Risk Matrix - Financial

9. Risk Matrix - Commercial

10. SAP Materials Management

11. Underwriting Procedures

Audit Documents in the Queue!

The following audit documents will be posted next month. Interested in them now? Send an audit work program, ICQ, checklist or other audit template and receive them via e-mail. Your contribution must include your name and email address. 

1. Audit Plan Template

2. Broker Dealer Review including NASD Audit Program

3. Capital Expenditures

4. Central Pharmacy Operations

5. Change Management

6. Conflict of Interest

7. Contract Audit Guidance

8. Cost Plus Construction Contract

9. Help Desk Audit Program

10. Insurance Claims Audit Program

11. Interest Rate Risk Audit Program

12. Internet Access Audit Program

13. IT General Controls

14. Limited Financial Review Audit Program

15. Mental Health and Mental Retardation Fee Billings and Collections

16. MS SQL Server Audit Program

17. Operational Audit Program

18. Oracle DB Technical Audit Program

19. Pier Operations Audit Program

20. Sales Commission Audit Program

21. SQL Server Master Audit Program

22. UNIX Audit Script

23. VAT Audit Work Program

24. Windows NT Security Audit

How to Sell Risk Management Internally

by Matthew Leitch

Is risk management "embedded" in your organization? It's a common goal and frequently claimed as achieved. The answer depends on what you mean by "embedded".

For the rest of the article click here.

Software Compliance Audit News

Software Piracy and Auditors

by Rob Harmer

The Internet and rapid advances in "software" copying capability via a wide range of media devices (USB card readers, zip drives CDROM burners/cable DSL and Peer2Peer File sharing etc) have generated a whole new category of audit-related issues that have an impact on workload, level of effort and have an impact on corporate and self governance.

Intellectual property and software copyright have up into now not really been significant areas of concern for auditors, BUT they should be, when you consider the impact and issues in the first of 2 articles called "Who is Responsible for Software Piracy"

Auditing for software compliance with software-license agreements right down to proving that what you have installed is "legally acquired, the license is owned and in your name, and you have the right number of licenses for what is installed" is now a critical part of audit plans due to potential legal liability that can be caused as a result of software copyright violations. Any organization that aims to comply with ISO 17799 and BS7799 (Code of Practice for Information Security Management) requires that auditors need to be more attentive in software compliance and licensing issues.

All auditors, accountants, management and company directors as well as computer managers need to ensure they have the information needed to control software piracy, and minimize the risk of lawsuits and adverse publicity towards their organization.

Failure to take heed of the issues surrounding software piracy can bring about a significant set of legal costs and penalties and details on these matters.

Having unauthorized copies of software loaded on your computers is not only foolish, but it is also risky business and PC Profile shows the many forms of software piracy that can be very damaging to the end user and management at http://www.pcprofile.com.

Fighting Project Fraud

By: Richard B. Lanza
and Steve Rollins

To date, there has been no true definition of project fraud. For instance, the Association of Certified Fraud Examiners identifies many types of fraud, some of which border the concept of project fraud (i.e., corruption, misappropriation of assets, etc.), but never specifically identify it. The authors believe that over time, this will change as projects become more the way business gets done. This is also in light of the increased awareness in the global economy to fraud reduction and improved corporate governance.

To read the rest of this article click here.

If you have an article on any internal audit subject that you would like to share send it to editor@auditnet.org

Your Secret Weapon in the War on Fraud

The April issue of this fraud newsletter features an article the interviewing techniques to nail fraudsters, how to get the entire organization supporting successful fraud strategies and more. AuditNet^® users qualify for special rates on this publication. For more information click here. 

The AuditNet^® Audit Bookstore

Looking for books on auditing related topics? We suggest using the AuditNet^® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet^® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet^®.

FREE! The Auditor's Guide to Internet Resources 2^nd Edition

Interested in a free copy of The Auditor's Guide to Internet Resources, 2nd Edition? Write an article for the next newsletter on how you are integrating the Internet in auditing. If your article is selected, I will send you either the book or CD. Send your article to editor@auditnet.org 

AuditNet^® Vendor News

Press Release

Pentana Inc and Control Solutions International join forces to produce an internal audit solution that facilitates compliance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002.

Audit automation specialist Pentana has joined forces with Control Solutions International to provide companies with a tool to guide them through the compliance process and a mechanism for the continuous monitoring of controls in accordance with the recent section 404 of the Sarbanes-Oxley Act.

Combining Pentana’s internal audit software expertise and Control Solutions International’s knowledge and experience in internal audit outsourcing and consulting, the two companies now offer the best of software and consulting.

The joint venture leverages Pentana's new 'Pentana Audit Work System', a generalized risk management and audit system, together with a control matrix based on COSO, and the Control Solutions proprietary process improvement model – Foundations of Improvement SM.

For further information please contact:

srandall@controlsolutions.com
karen.peary@pentana.com
anna.broughton@pentana.com

www.controlsolutions.com www.pentana.com

AuditNet^® Conference Corner

Want to announce your professional association conference to the global audit community? Send the conference name, date and URL details to editor@auditnet.org

May 21-23 9th Annual Canadian Fraud Conference (Toronto, Canada) www.cfenet.com/events/CanConf.asp

August 3-8, 2003 14th Annual ACFE Fraud Conference & Exhibition (Chicago) www.fraudconference.com

Preview of Coming Attractions!

The AuditNet Monograph Series  provides useful guides for all levels of auditors from juniors right up to audit directors. If you are interested in developing a monograph on a contract basis, send an email to editor@auditnet.org

More articles on audit software and Sarbanes-Oxley, project fraud, and other specialized areas are in the works. Book reviews on Investigating Corporate Fraud, Managing the Audit Function: A Corporate Audit Department Procedures Guide and Unaccountable: How the Accounting Profession Forfeited a Public Trust. Have an idea for a column? Send it to editor@auditnet.org

AuditNet® is working on new specialized resources for auditors. Watch the newsletter and keep checking the Library page for updates and new resources.