Jim Kaplan's
|
|
|||||
|
|
||||||
|
|
Corporate Governance Certification
To get more information click here. AuditNet® Community Sponsor News!
The AuditNet® community has grown by leaps and bounds thanks to your continued support. Yes it is hard to imagine but it has been more a decade since this community was created! Support AuditNet® by supporting our sponsors. Without sponsor and affiliate advertising and contributions from the AuditNet® community everyone would have to pay for use of this site.
This month check out Caseware IDEA Data Analysis Software that is the standard in ease of use for auditors, accountants and financial managers. Remember! Clicking on sponsored ads and visiting their sites helps support AuditNet®. Getting
Controls Right and Automating Them
First-year Sarbanes-Oxley endeavors were, by necessity, somewhat limited in terms of efficiency and effectiveness. This article suggests that companies should now move towards automated controls, otherwise they will continue to see only minor decreases in their costs related to internal controls and compliance. Click here for the rest of the story! This tool was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com. For a limited time KnowledgeLeader memberships are available for the reduced rate of $595 per year. Tell them you heard about it from AuditNet.org. AuditNet® What's New This Month? The new AuditNet Career Center debuted this month. Register to take advantage of all the benefits of this new career resource. There is an Internal Audit Guide (draft) available from the OCEG with the opportunity to comment. Check out the new CD Store with training material from Pleier and Associates including discount offers for AuditNet users. The audit programs section of AuditNet now requires registration in order to access. New audit program contributions are available only to paid subscribers or on a one-for-one exchange basis. There are over 34,000 registered users. A multi-user subscription rate was added to the individual subscription program to the premium content. Organizations that need more than 2 staff members accessing the service will benefit from this new rate. There are new additions to the premium audit programs available as an alternative for those auditors that are unable to contribute material to AuditNet®. Site licenses are also available for organizations with more than 15 users. AuditNet continues to receive new books for review. If you would like to review books please let me know as I could also use a fresh set of eyes! The AuditNet discussion forum page has over 450 registered members. There are threads for special interest groups, Sarbanes-Oxley and more. The more auditors that participate, the livelier the exchange so get connected and start posting! The AuditNet PowerPoint Presentation Library Exchange offers another medium for auditors to share their work to help the entire community. The best way to find all the resources on the site is by going to the Virtual Library or use the site search. Guidelines for the Audit of Construction Projectsby Gursharan Singh The construction industry is a multi-billion dollar industry in almost all countries around the world whether it is developed, developing or under-developed. Unfortunately it is given a comparative low priority by the audit profession and only lip service being provided with very little tangible support of the management. This article provides detailed guidelines for auditing construction projects. Click here for the rest of the article! IIA Technology Audit Guide Series New Guide Released Guide 5: Managing and Auditing Privacy Risks Global Technology Audit Guide – 5: Managing and Auditing Privacy Risks is intended to provide the chief audit executive (CAE), internal auditors, and management with insight into privacy risks that the organization should address when it collects, uses, retains, or discloses personal information. This guide provides an overview of key privacy frameworks which help to understand the basic concepts and aid in finding the right sources for more guidance regarding expectations and what works well in a variety of environments. It also covers the details on how internal auditors complete privacy assessments. Each Global Technology Audit Guide (GTAG) will be written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG will be a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices. Previous Guides:
AuditNet® Fraud Auditing Corner |
|||||
|
As the top civilian in charge of contract procurement in the U.S. Army Corps of Engineers, Bunny Greenhouse says she saw contract abuse leading up to the Iraq War. She went public with her accusations and says she was demoted for her honesty. |
This article is from Fraud Magazine, the professional magazine
of the Association of Certified Fraud
Examiners
For the rest of the article from the latest ACFE Fraud Magazine click here.
Wrong Strategy + Wrong People = Fraud/Theft/Abuse
by Gary D. Zeune
Pretend you’re a small business owner: you spend years of hard work building your business, only to discover a long-term trusted employee is stealing you blind. Don’t think so? The average business loses 6% of revenue or $9 per day per employee to fraud, theft and abuse. And I’ll bet 6% of revenue is material to every one of you reading this article.
So what’s the best way to prevent someone from robbing you blind?
For the rest of the story click here!
Auditing and Fraud in Publics Schools - Recent News
This column will features articles and news on the topic of auditing in public schools. If you have an article or story link you would like to contribute please contact us.
AG: County can look at school finances, not performance
Opinion fails to address whether Seven Locks audit was within IG’s
authority
Montgomery County’s inspector general may look into the school system’s finances but needs consent to investigate how the school board makes decisions, the state’s attorney general said last week.
For the complete story click here!
Audit Finds Good
Financial Practices at
Deposit Central School District
A Comptroller’s audit of the Deposit Central School District found good financial management practices, State Comptroller Alan G. Hevesi’s office said today.
The audit of the Deposit School District, which covers the Towns of Deposit, Masonville and Tompkins in Delaware County and the Town of Sanford in Broome County, is part of a statewide effort by the State Comptroller’s office to improve oversight and fiscal practices at schools. The initiative began in response to widespread theft and other questionable actions that came to light in several school districts on Long Island in 2004.
For the rest of the story click here!
For more school and local government news from New York State click here!
AuditNet® Conference & Training News
Want to announce your professional association conference to the global audit community? Send us conference name, date and URL details. (A reciprocal link to AuditNet is required).
Government Budgeting Week, Aug 28 -31, Arlington, VA Discount available to AuditNet users 25% (Code P537MO1)
Continuous Sarbanes Oxley Compliance -
Best Practices for Sustainable SOX Compliance, Sep 12-14, 2006 New York,
NY
9th Annual Risk Management and Internal Audit in Telecoms 2006 Sep 18-19, 2006 London, UK
IIA Mid-Atlantic Region District 1 Conference, October 19 & 20, 2006 Virginia Beach, VA
This event uniquely addresses the current operational and functional concerns of risk and audit within an organization. It is a perfect opportunity to learn from major telecom operators how to promote internal audit coverage of all risks, understand what executives want from risk reporting and implement and maintain a simple and appropriate structure. Gain insight into these issues from our panel of top industry speakers as they deliver brand new, case study based presentations. (15% discount on all bookings before July 15, 2006)
2006 ACFE Fraud Conferences and Training
2006 IIA Conferences and Training
* indicates events where Jim Kaplan is speaking
AuditNet users qualify for a $20 coupon CORRUPT valid for online sales from May 15 to June 15 that discounts the $95 regular price. “Exceeding Expectations” contains 1 hour and
20 minutes of PowerPoint presentation with synchronized
digital soundtrack offering thought-provoking and practical
ideas about how Internal Auditors can exceed the
expectations of audit clients. This seminar offers
state-of-the-art thinking using state-of-the-art technology.
Receive all the benefits of attending a seminar at your
convenience in a suitable format for both group and
individual self-paced training. Opportunities to Share Your Knowledge and Earn Royalties Pleier Corporation is still seeking
additional authors to publish on CD and earn royalties. |
Coming Attractions!
Next month registered users will have access to more than 170 standard management audit programs from Andrew Chambers. They will cover common audit areas plus several special-purpose programs.
Watch for the new AuditNet Monograph Series on Software Compliance: Looking for a Career Change available next month to registered users.
Beginning in January all new audit programs became available only to annual subscribers. Subscribe now to lock in the subscription rate for 2006.
One of the frequently asked questions I receive pertains to internal audit manuals. AuditNet has arranged for a free trial for users of an excellent Internal Audit Manual that follows the IIA guidelines. The link should be available in September 2006 to all registered users.
AuditNet will be working with AccountingWeb to provide readers with knowledge feeds to deliver digital content directly to AuditNet users. Watch for details.
Also a security audit column is in the works for later this year featuring a recognized and respected audit professional.
The AuditNet Monograph Series provides useful guides for all levels of auditors from juniors right up to audit directors. As soon as I can make some time I will be working on new guides for Sarbanes-Oxley, internal controls and Internet for auditors and other relevant subjects. These guides will be available to registered subscribers. If you are interested in developing a monograph on a contract basis, contact us.
Watch for new articles on Sarbanes-Oxley, Information Security, Software Auditing, CAATTs, and more from contributors. Reviews are in the works for more audit and SOx books. Watch the newsletter for more products, services and tools for auditors. Have an idea for a column? Contact us.
AuditNet® continues adding new specialized resources for auditors. Watch the newsletter and keep checking the Library page for updates and new resources.
FFIEC IT Examination Handbook (updated)
July 27, 2006: The Federal Financial Institutions
Examination Council issued
revised guidance for examiners and financial institutions to use
in identifying information security risks and evaluating the
adequacy of controls and applicable risk management practices of
financial institutions.
For the new handbook click here!
Ask the Auditor
Each month I select one question submitted to Ask the Auditor and provide an answer using the same digital tools and techniques that I recommend to all auditors.
Q: How do you determine the sample size for SOX IT General Controls, like segregation of duties, change management, user access reviews etc? Is any specific guidance available on this topic?
A: To answer this question I turned to Sox404-l, a discussion list sponsored by AuditNet. Here is what subscribers provided:
For system controls (password rules, automatic email notices etc) we test the controls once in the first year and then depend on change control and other access controls for future years. Since we had so many issues in year 1, we made a conscious decision to retest them in year 2, but theoretically, you shouldn't have to.
For all other controls, depends on the frequency of the controls. The following details our sample sizing that has been agreed upon with PwC (externals)
control frequency, interim sample size, update sample size
- Multiple per day (>365), 25, 5
- Daily (70-365), 20, 3
- Weekly(20-69), 5, 2
- Monthly (8-19), 3,1
- Quarterly (3-7), 2, 1
- Annually (1-2), 1, 1
Protiviti has a good downloadable guide. It's called "Guide to Sarbanes-Oxley Act: Managing Application Risks and Controls"
You can also browse the
IIA GTAG
(global technology audit guide) papers.
There are five of them now.
Heard on the Net!
AuditNet® Security Resources for Auditors
Looking for security resources on the 'Net? AuditNet
has several pages devoted to the subject such as
AuditNet Information Security and
Security Resources. But if you really want to
keep up to date on security issues then an excellent knowledge
resource feed is the information disseminated by Dan Swanson.
His
SEC emails provide online resources in support of your IT Audit and IT
Security efforts. Content related to Governance, Risk Management, and
Internal Audit is provided on occasion. Finally, resources related to
leadership and strategy are frequently included.
Thanks for your support and until next month!
If you have a tip on how you are using the Internet or software applications for auditing contact us. Watch for more Internet boot camp tips from the auditing Internet guru!
Audit Work Programs Corner
Access to the free audit program section now requires registration. The following audit programs, ICQs, checklists or working papers were added this month. They are available on a 1 for 1 exchange for an original audit work program not currently in the inventory. If you unable to share audit programs then consider subscribing to the premium content which provides you with access free and premium content 24/7/365.
E-Books for
Subscribers to the Annual Audit Programs
-
Accounts Receivable (Aug 06)
-
Construction Audit A&E Phases (Aug 06)
-
Contract Development w Insurance Requirements (Aug 06)
-
Contract Development Insurance Confirmation (Aug 06)
-
Corporate Performance Management (Aug 06)
-
GA-Travel & Entertainment (Aug 06)
-
Inbound Logistics Control (Aug 06)
-
Inpatient Unit Scheduling-Healthcare (Aug 06)
-
Property Plant & Equipment (Aug 06)
-
Pxyis Medication Administration-Healthcare (Aug 06)
-
Records Management (Aug 06)
-
Sales & Marketing Promotions-Manufacturing (Aug 06)
-
Store Audit Program-Pharmacy (Aug 06)
-
Submit Tender Offer for Store Development (Aug 06)
Internal Audit Manual
Looking for the "technically correct" answer to an internal audit related question or inquiry? Don't have a manual or yours does not include the current professional requirements? Not a problem - just go to Your IAM. It's as easy as that!
Based upon past internal audit experiences and observations of current internal audit practices, the benefits to be gained by using Your IAM are numerous. For example:
- Your IAM is always on-line and can be accessed from anywhere, at any time
- It is always current and more importantly, you don't have to up-date it
- Become more efficient and effective - do it the "right way" the first time
- Reduce your training costs
- Become "State-of-the-Art" - especially now in preparation for that required external QAR
AuditNet users will get a 5% discount off the published rates. In order to get this discount, enter 0605 in the "client code" box on the subscription form.
Sarbanes-Oxley Corner
Sarbanes Oxley Section 404 Compliance For IT Managers E-book Updated
This popular e-book available to current subscribers for free or to non-subscribers for purchase was recently updated. The Section 404 compliance date for smaller companies has been pushed back twice. But it appears now that the new target date for compliance, July 2007 will go ahead as scheduled and there will be no further extensions. The larger public companies or accelerated filers, have gone through two rounds of SOX audits now and many lessons have been learned regarding the scope of these audits and their costs.
The second edition of this publication hopes to shed some light on what those lessons are and how small public companies can benefit.
Need more information? Click for the Table of Contents or a Sample Chapter!
There are plenty of articles in the news on the topic of Sarbanes-Oxley. Here is a link to a site that does the research and provides you with links to all the relevant stories.
AuditNet Career Center
Auditors Looking for Jobs!
Companies Looking for Auditors!
The Matching Service for Auditors!
Go to the AuditNet® Career Center now for the latest job opportunities and career-related information and tools. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet® your first stop to check out what's available.
If your company has any audit job vacancies that you are looking to fill, have your HR people contact AuditNet® to post the job and search for candidates.
This is just another benefit of using AuditNet® as your one stop shop for all your audit and career resources.
AuditNet Adds a New Career Feature: The Resume Tune-Up.
Nationally recognized resume expert and author of How to Say It In Your Job Search, Robbie Miller Kaplan will select one auditor resume each month and suggest ways to transform the resume from passable to powerful.
Send your resume to Ms. Kaplan with Resume Tune-Up in the Subject line. Ms. Kaplan will send a critique and suggestions to the individual selected and a summary Resume Tune-Up will appear in the monthly newsletter column.
AuditNet® CAATT Corner
Selecting SOX Software
Avoid confusion and get the right solution.
By Richard B. Lanza, CPA/CITP, CFE, PMP
To manage the onslaught of work required to document, report on, and audit internal controls, technology is a sensible solution. However, with the "Sarbanes-Oxley Software" bumper sticker being slapped on almost every technology product these days, the buying market can become confused quickly. Against this backdrop, here are three considerations in automating your Sarbanes-Oxley efforts.
For the rest of the story click here!
Editors Note: Also see a free Webinar on fighting T&E expense fraud - Improve Your Bottom Line: Eliminate T&E Fraud Through Expense Automation
AuditNet® Book Reviews
AuditNet® Software Compliance Audit Corner
An Emerging Threat You May Not Have Counted On
This news is relevant for security and audit and management professionals in USA and around the world.
The Business Software Alliance (BSA) in USA announced in the last few days that it has increased its cash incentive (reward) to $US200,000 for information on software piracy that leads to an infringement settlement with software vendors. Of course there are conditions, but suffice to day many have already put their hands up to claim their cash prize!
The previous USA reward which ended on 28th February 2006 was $US50,000 (which was the highest we have known in the last 15 years) and it generated over 1,000 “reports” which means there are 1,000 organizations “under investigation”.
Will this reward scheme have any effect outside USA? It sure will, where organizations have a US parent and/or an offshore subsidiary or vice versa. It will also induce other countries anti-piracy bodies to offer rewards seeing the successes to date with reports flooding in.
The “anti-piracy net” could well widen to your country due to the
very size and nature of the reward scheme on offer. As auditors and
managers and chief executives in organizations you really need to take
notice of what is going on and make sure you are well protected!
Get the facts on the reward scheme from
BSA and
PCProfile.
If you want to know how they can knock on your door and seize your
assets (Can they do this ? Sure can!) read
this!
If you want to know more about what this “reward system” can do to both you your organization send an e-mail to pcprofile@internode.on.net and we’ll give you an inside rundown on the risks you face. They are really very substantial now that the stakes have been raised to this level! Wait until the music and the movie industry catch on to this reward scheme and see what sort of fun you will have then.
There are some very simple and pragmatic steps you can take to ease
the pain being created by this reward system. (besides taking a
headache tablet or 2 to calm your nerves).
Your Secret Weapon in the War on Fraud
The August 2006 issue of this fraud newsletter features articles on Internal Audit and Information Security, How to Avoid Costly Traps in International Anti-Fraud Law and more. For a free issue of this excellent publication click here!
The AuditNet® Audit Bookstore Corner
Looking for books on auditing related topics? We suggest using the AuditNet® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet®.
How to Say It When You Don't Know What to Say The Right Words for Difficult Times
By Robbie Miller Kaplan
As auditors we constantly interact with diverse stakeholders such as colleagues, managers, employees and others. Frequently we encounter people dealing with challenging and difficult times that may or may not be related to work. Our reaction to these situations is conveyed in our behavior both nonverbal and verbal.
For the rest of the review click here.
FREE! The Auditor's Guide to Internet Resources 2nd Edition
Interested in a free copy of The Auditor's Guide to Internet Resources, 2nd Edition? Write an article for the next newsletter on how you are integrating the Internet in auditing. If your article is selected, I will send you an electronic copy of the book. Contact us for details.
AuditNet® Vendor News
Check here for the latest news from our AuditNet® sponsors!
Paisley Consulting press releases
Free Audit Guide from OCEG
The Open Compliance and Ethics Group (OCEG), a non-profit organization with a mission to help organizations align their governance, risk and compliance (GRC) management activities to drive business performance and promote integrity, announced the release of an internal audit guide (The Guide) exposure draft.
Watch for more free guides from OCEG!
AuditNet® Resource List
Please let us know of links that are not working!
Registered User Free Tools
Internal Audit Manual (Coming Soon)
AMIGO (Audit Management and Information Guidance Software)
The Perils of Mount Must Read
SOXERM
Premium User Tools
Sarbanes-Oxley, IT and Management Audit Programs
The Auditor's Guide to Internet Resources 2nd edition
Sarbanes-Oxley Section 404 Compliance for IT Managers 2nd Edition
Procedure Guidelines and Controls Documentation
Cobit 4th Edition Domain Quiz
AuditNet® Statistics
For those who like to wade through the details on how popular AuditNet® is, click here for the current stats.