Jim Kaplan's
|
|
||||||
|
|
|||||||
|
|
AuditNet® Community Sponsor News!
The AuditNet® community has grown by leaps and bounds thanks to your continued support. Yes it is hard to imagine but it has been more a decade since this community was created! Support AuditNet® by supporting our sponsors. Without sponsor and affiliate advertising and contributions from the AuditNet® community everyone would have to pay for use of this site.
Caseware-IDEA - Data Analysis Software, is the standard in ease of use for auditors, accountants and financial managers. Remember! Clicking on sponsored ads and visiting their sites helps support AuditNet®. Linking IT Controls to Business Objectives
By Jack Bess
On a July 25, 2006 Institute of Internal Auditors (IIA) web cast, four panelists spoke about linking IT business controls to business objectives using a top-down approach and how GAIT supports the process Much like how computer technology is inextricably woven into the fabric of everyday life, information technology (IT) controls are an essential part of what a business sets out to achieve. There is a complex interrelationship between IT and business. It is easy to see how, for example, damage to a data center results in business disruption. A link is less clear if you ask how IT functionality impacts the financial statements. But that link is there. Accordingly, IT controls must be included in an audit from the start, as an essential part of a top-down, risk-based approach. Click here for the rest of the story! This article was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com. For a limited time KnowledgeLeader memberships are available for the reduced rate of $595 per year. Tell them you heard about it from AuditNet.org. Resume Tune-Ups by Robbie Miller Kaplan Appearances
Count Resumes are many things but one thing they are not, is a report. It’s important to follow specific resume guidelines when producing your resume so employers will easily know that you have prepared a document to highlight your work experience, achievements, and credentials. For the rest of the tune-up click here! Get a Free Resume Analysis! AuditNet Adds a New Career Feature: The Resume Tune-Up. Nationally recognized resume expert and author of How to Say It In Your Job Search, Robbie Miller Kaplan will select one auditor resume each month and suggest ways to transform the resume from passable to powerful. If you would like your resume to be considered for a tune-up, please e-mail it to Ms. Kaplan. You will be notified by e-mail if your resume is selected. You will need to make yourself available via e-mail to answer a few questions with a tight deadline. Ms. Kaplan will send a critique and suggestions to the individual selected and a summary Resume Tune-Up will appear in the monthly newsletter column. If selected you give AuditNet the right to display your resume for the column. AuditNet® What's New This Month? AuditNet forges new relationships with professional associations and accounting sites to provide auditors with access to audit work programs. New Advertiser Welcome to Global Best Practices® from PricewaterhouseCoopers' an online resource used by auditors to benchmark business process performance, identify areas of strength, opportunity, and risk, and study best practices that support process improvement. A process classification framework, qualitative and quantitative benchmarking tools, risk and controls information, and comprehensive best practices reports are included in the knowledge base. Visit their site today and check out this excellent resource! Late breaking news! The Global Best Practices group will sponsor a column and share best practice papers from their archives. Another great benefit to the AuditNet community! New Design Premiers AuditNet is updating the site with a new design format. You will notice the new design on the home page and other pages. Feel free to give us feedback on the new look! Audit Programs The audit programs section of AuditNet requires registration in order to access. New audit program contributions are available only to paid subscribers or on a one-for-one exchange basis. However 181 standard management audit programs were added this month to the free content thanks to Professor Andrew Chambers of the UK. There are over 38,000 registered users. A multi-user subscription rate was added to the individual subscription program to the premium content. Organizations that need more than 2 staff members accessing the service will benefit from this new rate. There are new additions to the premium audit programs available as an alternative for those auditors that are unable to contribute material to AuditNet®. Site licenses are also available for organizations with more than 15 users. The best way to find all the resources on the site is by going to the Virtual Library or use the site search.
SERVICES OF TECHNICAL CONSULTANTS
|
||||||
|
Though the main Enron characters have received their prison sentences, there's no closure for corporate fraud. Sherron Watkins, Enron's sentinel, describes the debacle's details and warns that it could happen again. |
This article is from Fraud Magazine, the professional magazine
of the Association of Certified Fraud
Examiners
For the rest of the article from the latest ACFE Fraud Magazine click here.
EDPACS Makes Article Archives Available
EDPACS is a monthly audit, control, and security newsletter with ~24
pages of content in each issue. It is the world's longest running IT Audit
newsletter now into its 35th year!
Going forward, EDPACS will be focused on four key areas, that is, providing comprehensive articles regarding Governance, Audit, Control, and Security. For more info click here
For a limited time EDPACS will make their archived articles available to the audit community free of charge. Take advantage of this opportunity to research and check out what EDPACS has to offer.
Dan Swanson, President and CEO, Dan Swanson & Associates and an AuditNet contributor was recently named the new editor (part time) of EDPACS. Kudos to Dan on his new position! If you are interested in writing for EDPACS then contact Dan at dswanson_2005@yahoo.com
AuditNet® Conference & Training News
Want to announce your professional association conference to the global audit community? Send us conference name, date and URL details. (A reciprocal link to AuditNet is required).
2006 ACFE Fraud Conferences and Training
2006 IIA Conferences and Training
* indicates events where Jim Kaplan is speaking
Need Help in Passing the CCSA Exam? Then check out the CCSA Study System published by Pleier Corporation. Using the "McKeever CCSA Study System" will improve
users' probability of successfully passing the IIA CCSA exam
by teaching users to answer the type of questions typically
presented on the CCSA exam. Additionally, this system helps
users identify CCSA domains that require their additional
study and lists references useful for any additional study. The "McKeever CCSA Study System" is available in 2
versions - a 288-page spiral-bound workbook and CD-ROM (for
those who prefer clicking a mouse to turning pages) - for
details see
http://pleier.com/CSAPRO.html Opportunities to Share Your Knowledge and Earn Royalties Pleier Corporation is still seeking
additional authors to publish on CD and earn royalties. |
Exceeding Expectations for Internal Auditors
Registered User Free Tools
Internal Audit Manual (Coming Soon)
AMIGO (Audit Management and Information Guidance Software)
The Perils of Mount Must Read
SOXERM
AuditNet Monographs
Premium User Tools
Sarbanes-Oxley, IT and Management Audit Programs
The Auditor's Guide to Internet Resources 2nd edition
Sarbanes-Oxley Section 404 Compliance for IT Managers 2nd Edition
Procedure Guidelines and Controls Documentation
Cobit 4th Edition Domain Quiz
Coming Attractions!
AuditNet will be working with AccountingWeb to provide readers with knowledge feeds to deliver digital content directly to AuditNet users. Watch for details. AuditNet is also working with professional associations to provide access to the audit program inventory. Stay tuned!
The AuditNet Monograph Series provides useful guides for all levels of auditors from juniors right up to audit directors. As soon as I can make some time I will be working on new guides for Sarbanes-Oxley, internal controls and Internet for auditors and other relevant subjects. These guides will be available to registered subscribers. If you are interested in developing a monograph on a contract basis, contact us.
Watch for new articles on Sarbanes-Oxley, Information Security, Software Auditing, CAATTs, and more from contributors. Reviews are in the works for more audit and SOx books. Watch the newsletter for more products, services and tools for auditors. Have an idea for a column? Contact us.
AuditNet® continues adding new specialized resources for auditors. Watch the newsletter and keep checking the Library page for updates and new resources.
Ask the Auditor
Each month I select one question submitted to Ask the Auditor and provide an answer using the same digital tools and techniques that I recommend to all auditors.
Q: One of the key controls at this company is quarterly review of access rights, including privileged accounts (i.e., administrator, operator, system, service, etc.).
Walkthrough of control revealed accounts are reviewed by "visual inspection". Due to the number of privileged accounts, this listing can be quite large. It would seem to me best practice would be to compare against a baseline for a review to be effective.
However, I can't seem to find much material on this subject (COBIT DS5.5 - Management review of user accounts)?
A: I agree with you although finding a best practice on this may be difficult. Check out the following that may help:
HIPAA Security Best Practice Guidelines
Harvard University Risk Management and Audit Services Best Practices
There are several audit programs that focus on logical security issues.
One is available here and another here.
Also you should refer to IS Auditing Guideline here
1.2.3 Examples of compliance testing of controls where sampling
could be considered include user access rights, program change control
procedures, procedures documentation, program documentation, follow up
of exceptions, review of logs, software licenses audits, etc.
If anyone else has suggestions they can contact
us and we will share in a follow-up.
Heard on the Net!
Online Discussion Forums for Auditors
Perhaps one of the most underutilized resources for
internal auditors are online discussion forums. These online
communities are a powerful tool for auditors as they provide the
opportunity to ask questions, share experiences, and find resources.
Check out the IIA Discussion
Forums or the AuditNet
Discussion Forums and see the ways that others are using them.
Thanks for your support and until next month!
If you have a tip on how you are using the Internet or software applications for auditing contact us. Watch for more Internet boot camp tips from the auditing Internet guru!
Audit Work Programs Corner
Free Access to the Premium Section for New Audit Programs Shared!
Access to the free audit program section now requires registration. The following audit programs, ICQs, checklists or working papers were added this month. They are available on a 1 for 1 exchange for an original audit work program not currently in the inventory. If you unable to share audit programs then consider subscribing to the premium content which provides you with access free and premium content 24/7/365. For a limited time AuditNet is offering free access to the premium content section. Contribute an original audit work program not currently in the inventory and receive 2 months free access to the premium content. Contribute 5 programs and receive a subscription for one year. (Offer only available for new programs submitted).
E-Books for
Subscribers to the Annual Audit Programs
-
Cancer Programs-Healthcare (Feb 07)
-
Complaint Resolutions-Healthcare (Feb 07)
-
IT Assets and Security Questionnaire (Feb 07)
-
IT Physical Security (Feb 07)
-
Inpatient Unit Scheduling-Healthcare (Feb -07)
-
Lab Services-Healthcare (Feb 07)
-
Managed Care-Healthcare (Feb 07)
-
Physician Billing-Healthcare (Feb 07)
-
Pulmonary Services-Healthcare (Feb 07)
-
Pyxis Drug and Supply Process-Healthcare (Feb 07)
-
Rehabilitation Services-Healthcare (Feb 07)
-
Treasury & Investment Internal Control Matrix (Feb 07)
Lots of Inquiries but No One Stepping Up to the Plate
AuditNet is interested in developing a series of SOx or industry related audit programs for organizations. If anyone is interested in writing audit programs, ICQs, questionnaires, or control matrices on a work for hire basis please contact me. If you may know of anyone who would be interested in this as well please pass along my contact information.
Global Best Practice Papers
PricewaterhouseCoopers Global Best Practices will provide an article from their archives each month highlighting their research. This month the featured article is on accounts payable best practices.
In recent years, accounts payable (A/P) operations have automated and streamlined their processes. New technology, such as electronic invoice presentment and payment (EIPP) and electronic funds transfer (EFT), has enabled automation of many A/P transactions.
Despite this push toward automation, companies still strive to maintain a strong relationship-based focus. They seek progressive approaches to supplier communications, payment timing, and fraud prevention. They also leverage other organizational initiatives, such as regulatory compliance and internal control efforts, to achieve better A/P efficiency.
This paper is one in a series that focuses on key best practices for improving financial effectiveness.
Click here for Accounts Payable Best Practices
AuditNet Training for Auditors
AuditNet has teamed with the Quality Assurance Institute and the Internal Control Institute to offer you the following online cost-effective audit-related courses. The courses cost from $30 to $90 depending on the course and provide 1 to 3 continuing professional education units. An easy way to get CPE!
For a list of course offerings click here!
AuditNet Sarbanes-Oxley News
SOX Compliance Readiness Tool
Exclusively for AuditNet
Looking for a low cost solution to SOX? The Compliance Readiness Tool™ allows organization’s to evaluate the effectiveness of their information technology environment and controls in relation to section 404 of SOX and the Committee of Sponsoring Organizations (COSO) internal control framework.
For more information click here!
There are plenty of articles in the news on the topic of Sarbanes Oxley. Here is a link to a site that does the research and provides you with links to all the relevant stories.
AuditNet Career Center
Auditors Looking for Jobs!
Companies Looking for Auditors!
The Matching Service for Auditors!
Go to the AuditNet® Career Center now for the latest job opportunities and career-related information and tools. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet® your first stop to check out what's available.
If your company has any audit job vacancies that you are looking to fill, have your HR people contact AuditNet® to post the job and search for candidates.
This is just another benefit of using AuditNet® as your one stop shop for all your audit and career resources.
AuditNet® CAATT Corner
Fear Not the Software
FRAUD-FIGHTING WITH DATA ANALYSIS TOOLS
Proactive journal entry testing
Detecting Entries Made in the Middle of the Night
By Richard B. Lanza, CPA/CITP, CFE, PMP
The ACFE’s “2006 Report to the Nation” pins the median
financial statement misstatement at $2 million, which occurred in 10.6
percent of the study’s reported cases. When looking at some of the
recent large-scale frauds, such as WorldCom, management override
around the journal
entry process was the key contributing factor.1 This is to be expected
because the easiest route to changing the books and records is for
executive management to post a top-side journal
entry. Though it’s always possible to make the adjustments in the
sub-ledgers (for example, fixed assets, sales journals, etc.), this
requires more collusion with other organizational departments. So the
top-side entry is still the best way to commit the financial statement
fraud.
For the rest of the story click here!
UPCOMING WEBINARS
1. February 6, 2007 Best Practices For Selecting and Implementing Audit, Anti-Fraud and Assurance Software - Executive Summary
AuditNet® Book Reviews
AuditNet® Software Compliance Audit Corner
|
Hasta La Vista This will make life interesting for some and a nightmare for the IT Audit team and the IT HelpDesk. “Register within 30 days or the lights might go out on your career if you don't have a valid version ............ “ For a career limiting move make sure that you don’t let staff install Vista in your office hacked and cracked. If you do then see how long you survive in the IT industry!” For the rest of the story click here! Monograph on Software Compliance Auditing: Looking for a Career Change? Registered users can read the complete monograph by clicking here! Registered AuditNet users can send for 20 free software compliance articles. Log in to your account and click on the link. Also the following articles should interest you! Looking for a low cost audit software tool? AuditNet users can order PC Profile's AUDIT Baseline version 4 for $140 (normally $195). Click here for info and make sure you let them know you are an AuditNet user. |
Your Secret Weapon in the War on Fraud
The December 2006 issue of this fraud newsletter features articles on whether the legal system will uphold or undermine SOX's whistleblower protections, straight talk on fraud prevention, e-mail in fraud cases and more. For a free issue of this excellent publication click here!
The AuditNet® Audit Bookstore Corner
Looking for books on auditing related topics? We suggest using the AuditNet® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet®.
How to Say It When You Don't Know What to Say The Right Words for Difficult Times
By Robbie Miller Kaplan
As auditors we constantly interact with diverse stakeholders such as colleagues, managers, employees and others. Frequently we encounter people dealing with challenging and difficult times that may or may not be related to work. Our reaction to these situations is conveyed in our behavior both nonverbal and verbal.
For the rest of the review click here.
FREE! The Auditor's Guide to Internet Resources 2nd Edition
Interested in a free copy of The Auditor's Guide to Internet Resources, 2nd Edition? Write an article for the next newsletter on how you are integrating the Internet in auditing. If your article is selected, I will send you an electronic copy of the book. Contact us for details.
AuditNet® Vendor News
Check here for the latest news from our AuditNet® sponsors!
Paisley Consulting press releases
Dan's Internal Audit Corner
Each month Dan Swanson, a senior security and internal audit professional will provide his list of recommended resources for AuditNet readers. You can reach Dan at his website or by clicking here.
Auditing IT Initiatives “Thought Leadership”.
- (Because an IT Project Failure is NOT An Option)
Leadership is the great challenge of the 21st century in science, politics, education, and industry. But the greatest challenge in leadership is parenting. We need to do more than just get our enterprises ready for the challenges of the twenty-first century. We also need to get our children ready for the challenges of the 21st century. - Jim Rohn.
Assessing the implementation “preparedness” of your various IT initiatives is always needed prior to start-up – (by someone).
Some key questions to consider:
For the questions and resources click
here.
Have another great month.
Best regards.
Dan Swanson
Sustaining SOX Compliance
Tripwire has made available for free download it's Whitepaper on implementing IT controls that deliver long-term competitive advantages and SOX compliance. There are also other documents available for download on this page however they require registration.
Click here for the link page!
AuditNet® Resource List
Please let us know of links that are not working!
Click here for the latest update!