AuditNet Links
Audit Programs
AuditNet Library
AuditNet Newsletter
Ask the Auditor
AuditNet Lists
Audit Jobs
Travel
Career Links
Partner Discounts
Search
Sign Guestbook
AuditNet Sponsors
Advertising Opportunities
About AuditNet
About Jim Kaplan
AuditNet Seminars
AuditNet Homepage

Sponsor News!

This month check out Galileo Web-based solutions for an integrated audit and risk management system. Supporting our sponsors supports AuditNet^®!

The Auditor's Role in HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), a sweeping set of legislation designed to ensure the privacy, security and standardized transmission of health information, continues to have widespread implications for HIPAA-defined covered entities. Covered entities include health care providers, payers and clearinghouses as well as certain employers and universities. Penalties for non-compliance and potential litigation make it critical for affected organizations to ensure their ability to conform and meet remaining deadlines. Internal audit can support these efforts not only with ongoing testing and monitoring activities but also by participating proactively during the design and implementation phases.

This month's article on HIPAA compliance was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com.

Click here for some ideas for a successful audit approach to HIPAA compliance.

Ethics

by Kastuv Ray

The word “ethics” keeps on being thrust into the spotlight again and again and again. In the last 20 years, the world has been subject to spectacular collapses, near collapses and scandals. Companies such as Enron, WorldCom, Barings and BCCI come to mind. Some individuals may argue that these occurrences were due to a failure of risk management, whilst others may argue otherwise. The root problem may have been the culture within the organizations and the attitude that “We can get away with it” or “No one will ever find out”.

Click here for the rest of the story!

Where the Jobs Are: Internal Auditing

(From the Jobsinthemoney Finance Career Newsletter)

The demand for internal auditors remains strong. It has been buoyed not only by cyclical recessionary economic conditions that put a premium on cost and operational control, but also by a broad-based desire to mitigate company excesses of the preceding boom period.

To paraphrase the Institute of Internal Auditors' definition, internal auditing is an 'assurance and consulting activity designed to add value and improve an organization's operations... by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.'

Keep in the loop! Register now to use our career management tools, receive jobs via email, apply to jobs and post a resume.

AuditNet Job Listings (& more)

Looking for an audit job? Go to the AuditNet^® Audit Jobs section for the latest job opportunities. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet^® your first stop to check out what's available.

This is just another benefit of using AuditNet^® as your one stop shop for all your audit and career resources.

A client called from a cellular phone just before entering an interview. He quickly queried, “What are they looking for if they ask me what are my career plans?”

The time to think through and determine how you will present your qualifications is well before you plan to walk through the employer’s door. Job interviews are the crucial last step in the job search process and it is where both you and the organization learn whether you are both a good fit for each other.

For ten strategic steps to practice days before your next job interview click here.

Each month the AuditNet^® Newsletter includes a career-related tip from Robbie Miller Kaplan, author of How to Say It in Your Job Search. If you like these tips, check out her books! For more career tips go the Job-Resources Web site.

Looking for Auditors?

If your company has any audit job vacancies that you are looking to fill, have your HR people contact AuditNet® to post the job and search for candidates. Using the jobs section helps support AuditNet® as well! For more information click here.

For those who like to wade through the details on how popular AuditNet^® is, click here for the current stats or go to the online WebTrends report.

It starts small and just gets bigger and bigger until someone notices.

Nearly all the grief our profession has been getting lately stems from the giant fraud schemes and audit failures that make the front page of your daily paper. We read the articles and think they don’t apply to our company or firm. Unfortunately, that’s wishful thinking.

Click here for the complete article. This article is reprinted with the permission of Gary Zeune. (Watch for more articles from this author in future newsletters.)

The only periodical of its kind bringing useful and timely advice and insights into the prevention detection, and investigation of all forms of computer and Internet crime. The June 2003 issue includes the following articles; Zombies, Trojans, Worms and More (A Top Hacker's Scurity Advice to Business and Law Enforcement), Wireless Security, Anatomy of an Internet Fraud and more.  For more information visit www.cybercrimefighter.net

AuditNet^® Book Reviews

Investigating Corporate Fraud

by Mike Comer

S... happens and so does fraud according to the author. For the book review click here.

Managing the Audit Function A Corporate Audit Department Procedures Guide 3rd Edition

 by Michael P. Cangemi and Tommie Singleton

This book provides “a blueprint for the creation of an effective procedures manual for an internal audit department.” For the book review click here.

How do I find thee? Let me count the ways! One of the core competencies of digital literacy is the ability to search for and find information on the Internet using the available tools. But how many auditors really understand all the tools at hand and how they can use them to find information? Many auditors will turn to a general search engine such as Google (www.google.com) to conduct Internet research. But where do they go when Google doesn’t provide them the answer? A large number of auditors turn to AuditNet^® and post a question on Ask the Auditor. While I admit that AuditNet^® is a great resource I try to discourage using Jim Kaplan as a search engine. One suggestion I have for the Internet challenged auditor is to try using the discussion list for getting answers to audit questions. Why do I recommend this approach? First auditors join the discussion list specifically to share their expertise. Secondly where else can you reach hundreds of auditors with a single email? Third few auditors are aware that many discussion lists maintain archives of past threads of correspondence. For example, the archives for Audit-l are available at http://auditnetlists.org/audit-l/archives/. The archives for the National Association of Local Government Auditors discussion list are available at http://interactive.tempe.gov/archives/nalga.html So not only can you post a message but you can also see if your question has been asked before.

Oh the power of the Internet! It has the capability of making a difference for your audit function regardless of whether you are a one person shop or part of a mega audit department.

Stay tuned for more productivity tips from the auditing Internet guru!

Audit Work Programs Corner

Auditors Sharing Audit Programs and Working Papers

The following audit programs, ICQs, checklist or working papers were added this month. They are in format unless otherwise specified. Some may only be available in exchange for an audit work program contribution. They are also available in format by email in exchange for a contribution of an audit work program, ICQ or checklist.

1. Audit Plan Template

2. Broker Dealer Review including NASD Audit Program

3. Capital Expenditures

4. Central Pharmacy Operations

5. Change Management

6. Conflict of Interest

7. Contract Audit Guidance

8. Cost Plus Construction Contract

9. Help Desk Audit Program

10. Insurance Claims Audit Program

11. Interest Rate Risk Audit Program

12. Internet Access Audit Program

13. IT General Controls

14. Limited Financial Review Audit Program

15. Mental Health and Mental Retardation Fee Billings and Collections

16. MS SQL Server Audit Program (contribution required)

17. Operational Audit Program

18. Oracle DB Technical Audit Program

19. Pier Operations Audit Program

20. Sales Commission Audit Program

21. SQL Server Master Audit Program (contribution required)

22. UNIX Audit Script

23. VAT Audit Work Program

24. Windows NT Security Audit

Audit Documents in the Queue!

The following audit documents will be posted next month. Interested in them now? Send an audit work program, ICQ, checklist or other audit template and receive them via e-mail. Your contribution must include your name and email address. 

1. Cash and Negotiable Items - Bank

2. Computer Centers Audit Program

3. Contract File Closeout Checklist

4. Corporate Social Responsibility ICQ

5. Customer Profitability Audit Program

6. E-Mail Policy Compliance

7. Environmental Health Inspections ICQ

8. Financial Audit Program Template

9. Firewall Audit Program

10. General Business Audit Program (Spanish)

11. Gramm-Leach-Bliley Act Audit Program

12. Gramm-Leach-Bliley Act ICQ

13. Human Resources Audit Program

14. Investments and Other Assets

15. Interest Expense Audit Program

16. Management Letter Compliance

17. NASD Annual Audit Program

18. Netview/Omegamon Audit Program

19. Oracle Financials Security Checklist

20. Ordering and Purchasing ICQ

21. Recruitment of Staff ICQ

22. Remote Access Security Audit Program

23. Research & Development - Product Development

24. Research & Development - Project Appraisal and Monitoring - Development Project Management

25. Research & Development - Plant and Equipment

26. Research & Development - Legal and Regulatory Issues

27. Research & Development

28. Retirement Plan ICQ

29. Risk Assessment Methodology (CSA)

30. Student Counseling and Support ICQ

31. Travel Program Audit

32. Windows 2000 Active Directory (Program)

33. Windows 2000 Active Directory (Findings)

Risk Management and Internal Audit

by Matthew Leitch

Matthew had a surge of creative energy and wrote three articles of interest to internal auditors. Following are the links for the benefit of AuditNet^® readers:

How to interview someone about risks and controls

Fixing a process and controls mess

A new focus for Turnbull compliance

This is mainly of interest only in the UK, but the theme would also be applicable to SOX compliance in the USA and my paper does look at this to some extent. The basic theme, which is "less auditing - more action", could expand career opportunities for people who are currently internal auditors. In the UK our regulations on internal control for listed companies are very focused on evaluating controls, but the real aim is to have better controls. The same is true for SOX. My paper looks at how to shift resources from audit to anticipating the need to change internal control and doing so, skillfully, in good time.

Enjoy! JMK

Software Compliance Audit News

Who is Responsible for Software Piracy?

by Rob Harmer

In the 1st article we claimed that Microsoft are primarily responsible for allowing software piracy to occur. Make no mistake, Microsoft IS RESPONSIBLE for software piracy, by failing to prevent piracy from within the operating system! However, due to the lack of any means embedded within the operating system, management at all levels has permitted the spread of piracy within organizations by having slack approaches to the task as it is seen as "a soft issue" ie; not threatening and low on the priority list.

For the rest of this compelling article click here.

Meeting Sarbanes-Oxley Requirements Using Audit Software

By: Richard B. Lanza

Sarbanes-Oxley is the buzz within all public companies today as they work towards complying with the new regulations. Even private companies are joining in as a recent survey noted that 58% of private companies are instituting changes to improve their accounting practices in response to the new act.

One main effect of the Sarbanes-Oxley regulations is that CFOs will need to dig much deeper into how their companies control their financial reporting, as well as, disclosing material changes in their operations on a “rapid” basis. For many companies, the documentation and validation of internal controls (section 404) will be an entirely new experience and will take months, if not years, of consistent effort to be completed. The timeframe to complete the project could be reduced through transaction analysis audit software which would assist mainly in validating any documented controls. This effort, using 100% of the data for validation in less time than taking a sample, may identify control gaps and high risk areas for more current monitoring.

To read the rest of this article click here.

If you have an article on any internal audit subject that you would like to share send it to editor@auditnet.org

Your Secret Weapon in the War on Fraud

The May issue of this fraud newsletter features articles on the finding the right chief security officer, helping whistleblowers help the organization fight fraud and more. AuditNet^® users qualify for special rates on this publication. For more information click here. 

The AuditNet^® Audit Bookstore

Looking for books on auditing related topics? We suggest using the AuditNet^® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet^® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet^®.

FREE! The Auditor's Guide to Internet Resources 2^nd Edition

Interested in a free copy of The Auditor's Guide to Internet Resources, 2nd Edition? Write an article for the next newsletter on how you are integrating the Internet in auditing. If your article is selected, I will send you either the book or CD. Send your article to editor@auditnet.org 

AuditNet^® Partner Discounts

Check out Sheetware, maker of XDrill software that answers one of the most common yet difficult to answer questions about a spreadsheet: "Where does that number come from?". AuditNet^® users get a 25% discount. Click here for details.

Preview of Coming Attractions!

The AuditNet Monograph Series  provides useful guides for all levels of auditors from juniors right up to audit directors. If you are interested in developing a monograph on a contract basis, send an email to editor@auditnet.org

Watch for articles about forensics for auditors, risk management, audit report structure, exit conferences and more.   Book reviews on Unaccountable: How the Accounting Profession Forfeited a Public Trust, Auditor's Risk Management Guide: Integrating Auditing and ERM and more. Have an idea for a column? Send it to editor@auditnet.org

AuditNet® is working on new specialized resources for auditors. Watch the newsletter and keep checking the Library page for updates and new resources.