Jim Kaplan's
|
|
||||||||||||||
|
|
|||||||||||||||
|
|
AuditNet® Community Sponsor News!
The AuditNet® community has grown by leaps and bounds thanks to your continued support. Yes it is hard to imagine but it has been more a decade since this community was created! Support AuditNet® by supporting our sponsors. Without sponsor and affiliate advertising and contributions from the AuditNet® community everyone would have to pay for use of this site.
This month check out Paisley Consulting products that address the needs of today's changing internal audit departments. Products include AutoAudit (audit automation software), and Workforce (audit staff scheduling software). Remember! Clicking on sponsored ads and visiting their sites helps support AuditNet®. SAS 70 reports continue to grow in demand and utility for Sarbanes-Oxley compliance
By Mark Stephenson
It has become apparent to those with outsourced business processes that external service providers are a significant component of the company's financial reporting process. This article discusses how the outsourcing trend is increasing the public interest in SAS 70s. In addition, Service Corporation International shares its experience in utilizing SAS 70 reports and how the quality and timeliness of these reports can be a service differentiator. Click here for the rest of the story! This article was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com. For a limited time KnowledgeLeader memberships are available for the reduced rate of $595 per year. Tell them you heard about it from AuditNet.org.
The Power of Networking A conversation with Anne Baber, co-author, with Lynne Waymon, of "Make Your Contacts Count: Networking Know-How for Business and Career Success," AMACOM Books, 2007 Www.ContactsCount.com Click here for the Q&A! Resume Tune-Ups by Robbie Miller Kaplan Format for
Effectiveness! Audit professionals must be adept at a wide range of written communications and your resume offers a window for potential employers to assess your writing skills. But a resume is a resume and it must look like one if it is to capture an employer’s interest. For the rest of the tune-up click here! Get a Free Resume Analysis! AuditNet Adds a New Career Feature: The Resume Tune-Up. Nationally recognized resume expert and author of How to Say It In Your Job Search, Robbie Miller Kaplan will select one auditor resume each month and suggest ways to transform the resume from passable to powerful. If you would like your resume to be considered for a tune-up, please e-mail it to Ms. Kaplan. You will be notified by e-mail if your resume is selected. You will need to make yourself available via e-mail to answer a few questions with a tight deadline. Ms. Kaplan will send a critique and suggestions to the individual selected and a summary Resume Tune-Up will appear in the monthly newsletter column. If selected you give AuditNet the right to display your resume for the column. AuditNet® What's New This Month? AuditNet forges new relationships with professional associations and accounting sites to provide auditors with access to audit work programs. Association of Healthcare Internal Auditors May Access AuditNet Audit Programs. AHIA members now have access to AuditNet audit programs. If you are a member of the AHIA you can log in to the AHIA site and access the AuditNet audit programs without having to register or login again with AuditNet. If you want your professional association (IIA, ISACA, ACFE, ACUA, ACUIA etc) to have this as a benefit of membership contact your professional association official and ask them to pursue this with AuditNet. Access to Free AuditNet Audit Programs Through AccountingWeb AccountingWeb registered users may now access the free audit programs section of AuditNet without having to register and login through AuditNet. AccountingWeb offers free registration for their excellent accounting news service. Get all your accounting news delivered directly to your inbox. This is an excellent digital knowledge resource service and the price is right. As a bonus you will have transparent access to AuditNet and be able to view and download all the free audit programs. What could be easier? Go to AccountingWeb now and register. Fraud News Feed Go to the AuditNet Fraud Resource Center and check out the fraud news feed to keep up to date with media reported fraud happenings. Audit Programs The audit programs section of AuditNet requires registration in order to access. New audit program contributions are available only to paid subscribers or on a one-for-one exchange basis. However 181 standard management audit programs were added this month to the free content thanks to Professor Andrew Chambers of the UK. There are over 38,000 registered users. A multi-user subscription rate was added to the individual subscription program to the premium content. Organizations that need more than 2 staff members accessing the service will benefit from this new rate. There are new additions to the premium audit programs available as an alternative for those auditors that are unable to contribute material to AuditNet®. Site licenses are also available for organizations with more than 15 users. The best way to find all the resources on the site is by going to the Virtual Library or use the site search. AUDIT COMMITTEE – PROACTIVE, REACTIVE OR COSMETIC [EFFECTIVENESS]by Gursharan Singh Audit Committees [AC] have been generally established in
various organizations be they Government or Non-Government Organizations,
Commercial or Others. They are established voluntarily or in compliance with
the constitution or under rules under which they are established or mandated
under specific laws of the country. Click here for the author's perspective on how to make audit committees more effective. IIA Technology Audit Guide Series New Guide Released Guide 6: Managing and Auditing IT Vulnerabilities Chief audit executives (CAEs) and internal auditors who want to learn more about managing and auditing IT vulnerabilities are in luck. The IIA has just released its sixth guide in its Global Technology Audit Guide® (GTAG®) series, Managing and Auditing IT Vulnerabilities. The 24-page guide was developed to help CAEs and internal auditors ask the right questions of IT security staff when assessing the effectiveness of their vulnerability management processes. The guide recommends specific management practices to help an organization achieve and sustain higher levels of effectiveness and efficiency and illustrates the differences between high- and low-performing vulnerability management efforts. Each Global Technology Audit Guide (GTAG) will be written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG will be a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices. Previous Guides:
AuditNet® Fraud Auditing Corner |
||||||||||||||
|
How does a company train and enforce ethics among 123,000 employees in 43 countries? Carefully and thoroughly. Perry Minnis describes how Alcoa manages ethics and compliance so that infractions don't grow into irregularities that could morph into threatening frauds. Here are practical lessons for all of us. |
This article is from Fraud Magazine, the professional magazine
of the Association of Certified Fraud
Examiners
For the rest of the article from the latest ACFE Fraud Magazine click here.
ACFE FraudInfo Newsletter click here!
AuditNet® Conference & Training News
Want to announce your professional association conference to the global audit community? Send us conference name, date and URL details. (A reciprocal link to AuditNet is required).
2007 Fraud Summit at SuperStrategies*
2007 ACFE Fraud Conferences and Training
2007 IIA Conferences and Training
Internal Control and SOX Compliance Seminars:
-
Atlanta, Georgia – April 3, 2007
-
Houston, Texas - April 5, 2007
-
Chicago, Illinois – April 23, 2007
-
Detroit, Michigan - April 25, 2007
-
Columbus, Ohio – April 27, 2007
Compliance with OMB A-123 and SOX:
-
Arlington, Virginia – April 17, 2007
|
||||||
* indicates events where Jim Kaplan is speaking
Need Help in Passing the CCSA Exam? Then check out the CCSA Study System published by Pleier Corporation. Using the "McKeever CCSA Study System" will improve
users' probability of successfully passing the IIA CCSA exam
by teaching users to answer the type of questions typically
presented on the CCSA exam. Additionally, this system helps
users identify CCSA domains that require their additional
study and lists references useful for any additional study. The "McKeever CCSA Study System" is available in 2
versions - a 288-page spiral-bound workbook and CD-ROM (for
those who prefer clicking a mouse to turning pages) - for
details click
here! Opportunities to Share Your Knowledge and Earn Royalties Pleier Corporation is still seeking
additional authors to publish on CD and earn royalties. |
Exceeding Expectations for Internal Auditors
Registered User Free Tools
Internal Audit Manual (Coming Soon)
AMIGO (Audit Management and Information Guidance Software)
The Perils of Mount Must Read
SOXERM
AuditNet Monographs
Premium User Tools
Sarbanes-Oxley, IT and Management Audit Programs
The Auditor's Guide to Internet Resources 2nd edition
Sarbanes-Oxley Section 404 Compliance for IT Managers 2nd Edition
Procedure Guidelines and Controls Documentation
Cobit 4th Edition Domain Quiz
Fraud News
Need to keep up with fraud news and happenings? There are several options available. One is to subscribe to the free ACFE FraudInfo E-newsletter.
Another free resource is the Auditing & Fraud News. Service for research professionals. Constantly updated news and information about Business & Companies. Go to FraudNet and click on the link Click Here for Fraud News.
Sustaining SOX Compliance
Tripwire has made available for free download it's Whitepaper on implementing IT controls that deliver long-term competitive advantages and SOX compliance. There are also other documents available for download on this page however they require registration.
Click here for the link page!
Coming Attractions!
AuditNet is working with professional associations to provide access to the audit program inventory. Stay tuned!
The AuditNet Monograph Series provides useful guides for all levels of auditors from juniors right up to audit directors. As soon as I can make some time I will be working on new guides for Sarbanes-Oxley, internal controls and Internet for auditors and other relevant subjects. These guides will be available to registered subscribers. If you are interested in developing a monograph on a contract basis, contact us.
Watch for new articles on Sarbanes-Oxley, Information Security, Software Auditing, CAATTs, and more from contributors. Reviews are in the works for more audit and SOx books. Watch the newsletter for more products, services and tools for auditors. Have an idea for a column? Contact us.
AuditNet® continues adding new specialized resources for auditors. Watch the newsletter and keep checking the Library page for updates and new resources.
AuditNet® CAATT Corner
Is Your Company Working With Terrorists?
Simple spreadsheet queries can help you decipher the unknown.
By Richard B. Lanza, CPA/CITP, CFE, PMP
The last thing a company finance director wants to wake up and find out is that their company is linked to terrorist organizations through one of its customers, suppliers or employee relationships. While it’s natural to assume that terrorist organizations are secretive and otherwise unknown, the United States Treasury maintains a Web site listing names and addresses of those on its watch list
For the rest of the story click here!
UPCOMING SEMINARS, WEBINARS, PODCASTS
April 19, 2007 A Trio of Seminars on Detecting
Fraud, Automating Internal Audit Departments, and Automating Your
Anti-Fraud Procedures, McLean VA
Audit Work Programs Corner
Free Access to the Premium Section for New Audit
Programs Shared!
Access to the free audit program section now requires registration. The following audit programs, ICQs, checklists or working papers were added this month. They are available on a 1 for 1 exchange for an original audit work program not currently in the inventory. If you unable to share audit programs then consider subscribing to the premium content which provides you with access free and premium content 24/7/365. For a limited time AuditNet is offering free access to the premium content section. Contribute an original audit work program not currently in the inventory and receive 2 months free access to the premium content. Contribute 5 programs and receive a subscription for one year. (Offer only available for new programs submitted).
E-Books for
Subscribers to the Annual Audit Programs
-
Capital Acquisition Review Checklist (Apr 07)
-
Sarbanes-Oxley Consumer Commercial Control Matrix-Banking (Apr 07)
-
Data Standard Audit Program-Gov (Apr 07)
-
General Services Internal Charges-Gov (Apr 07)
-
Indirect Lending Audit Program (Apr 07)
-
Policy and Procedure Review (Apr 07)
-
Sarbanes-Oxley Cobit Selection (Apr 07)
-
Track-It Audit Program (Apr 07)
-
Windows Server 2003 Audit Program for Member Servers (Apr 07) (3rd party program-each person must request the work program after logging in)
-
Windows Domain Controllers and Active Directory (Apr 07) (3rd party program-each person must request the work program after logging in)
Ask the Auditor
Each month I select one question submitted to Ask the Auditor and provide an answer using the same digital tools and techniques that I recommend to all auditors.
Q: What is the recommended placement of the internal audit function within an organization with regards to reporting structures, as laid out in the audit guidelines?
A: The IIA s International Standards for the
Professional Practice of Internal Auditing
(Standards) require that the chief audit executive (CAE) report to a
level within the organization that allows the internal audit activity
to fulfill its responsibilities. The IIA believes strongly that to
achieve necessary independence, the CAE should report functionally to
the audit committee or its equivalent. For administrative purposes, in
most circumstances, the CAE should report directly to the chief
executive officer of the organization.
For more information on reporting structures go to the IIA website.
Lots of Inquiries but No One Stepping Up to the Plate
AuditNet is interested in developing a series of SOx or industry related audit programs for organizations. If anyone is interested in writing audit programs, ICQs, questionnaires, or control matrices on a work for hire basis please contact me. If you may know of anyone who would be interested in this as well please pass along my contact information.
Global Best Practice Papers
Treasury and Working Capital Management
|
PricewaterhouseCoopers Global Best Practices will provide an article each month highlighting research. This month the featured article is on treasury and working capital management. In this new paper, Best practices for treasury and working capital management, we share insights into the ways leading companies take advantage of myriad opportunities to strengthen cash flow, settle payments quickly, reduce working capital liabilities, negotiate favorable payment terms with suppliers, establish clear accountability in accounts payable and receivable, and increase the value of collections personnel. |
Click here for
Best practices for treasury and
working capital management.
AccountingWeb News
E-mails As Evidence: Business Owners Face New Procedures
AccountingWEB.com - Feb-22-2007 - Changes in federal employment law may change the way you and your employees store e-mails and e-messages, but Business & Legal Reports reports that one of the key changes facing small business owners this year is not a change in law at all.
For the rest of the story click here!
To register to receive AccountingWeb news click here! (Editors note: AccountingWeb registered users will soon have transparent access to the AuditNet free audit programs)
AuditNet Sarbanes-Oxley News
Low Cost SOX Compliance Readiness Tool
Exclusively for AuditNet
Looking for a low cost ($100) solution for SOX compliance? The Compliance Readiness Tool™ allows organization’s to evaluate the effectiveness of their information technology environment and controls in relation to section 404 of SOX and the Committee of Sponsoring Organizations (COSO) internal control framework.
For more information click here!
There are plenty of articles in the news on the topic of Sarbanes Oxley. Here is a link to a site that does the research and provides you with links to all the relevant stories.
AuditNet Career Center
Auditors Looking for Jobs!
Companies Looking for Auditors!
The Matching Service for Auditors!
Go to the AuditNet® Career Center now for the latest job opportunities and career-related information and tools. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet® your first stop to check out what's available.
If your company has any audit job vacancies that you are looking to fill, have your HR people contact AuditNet® to post the job and search for candidates.
This is just another benefit of using AuditNet® as your one stop shop for all your audit and career resources.
AuditNet® Book Reviews
AuditNet® Software Compliance Audit Corner
|
Hasta La Vista This will make life interesting for some and a nightmare for the IT Audit team and the IT HelpDesk. “Register within 30 days or the lights might go out on your career if you don't have a valid version ............ “ For a career limiting move make sure that you don’t let staff install Vista in your office hacked and cracked. If you do then see how long you survive in the IT industry!” For the rest of the story click here! Monograph on Software Compliance Auditing: Looking for a Career Change? Registered users can read the complete monograph by clicking here! Registered AuditNet users can send for 20 free software compliance articles. Login to your account and click on the link to receive the articles by email. Also the following articles should interest you! Microsoft has started a program recently in UK that has wide reaching implications for smaller and medium sized organizations, that auditors need to be aware of to minimize risk. More details can be seen by clicking here! |
Your Secret Weapon in the War on Fraud
White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Each month you’ll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies you can put to work immediately to protect your organization.
Click here for the latest e-newsletter and subscription details.
The AuditNet® Audit Bookstore Corner
Looking for books on auditing related topics? We suggest using the AuditNet® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet®.
How to Say It When You Don't Know What to Say The Right Words for Difficult Times
By Robbie Miller Kaplan
As auditors we constantly interact with diverse stakeholders such as colleagues, managers, employees and others. Frequently we encounter people dealing with challenging and difficult times that may or may not be related to work. Our reaction to these situations is conveyed in our behavior both nonverbal and verbal.
For the rest of the review click here.
FREE! The Auditor's Guide to Internet Resources 2nd Edition
Interested in a free copy of The Auditor's Guide to Internet Resources, 2nd Edition? Write an article for the next newsletter on how you are integrating the Internet in auditing. If your article is selected, I will send you an electronic copy of the book. Contact us for details.
AuditNet® Vendor News
Check here for the latest news from our AuditNet® sponsors!
Paisley Consulting press releases
Dan's Internal Audit Corner
Each month Dan Swanson, a senior security and internal audit professional will provide his list of recommended resources for AuditNet readers. You can reach Dan at his website or by clicking here.
Auditing security using the PCI standard and related guidance - (Because personal information must be protected)
We need to protect personal information much more than ever before and extensive help from the PCI Security Standards Council and numerous other organizations does exist.
Read on…
Canadian CIOs lash out at compliance pressures, i.e. they're sick and tired of being needled by auditors and forced to adopt inefficient policies, and they're not afraid to talk about it. Read exclusive excerpts from a roundtable where the frustrations came to the forefront.Various significant incidents regarding breaches in personal data continue to occur way too regularly. Rather than blame the auditors for indicating compliance and regulatory requirements need to be met, perhaps the CIO community should promote the required changes as the opportunity it truly presents – that is, for the CIO to establish a secure environment for the organization’s information assets.
Click here for a list of extensive resources regarding the PCI data standard and its related guidance; plus leading resources supporting information security and the auditing of information security.
Have you assessed your information security and privacy efforts lately? (it is a management responsibility to do so regularly).
Have
another great month.
Dan
Late Breaking News!
ITCI has released a New IT Audit Checklist: Payment Card Industry (PCI) (registration required)
The IT Audit Checklist for PCI offers:
54 specific checklist items to help assess your audit readiness
- Recommendations for avoiding common PCI compliance failures
- Pointers on audit planning, preparation, testing, and reporting
- Clarification on what auditors want (and don't want) to see
What Is This Paper About?
This paper, "IT Audit Checklist: PCI," supports an internal audit
of a merchant's technical security controls for payment card data. The
paper includes advice on assessing the robustness of PCI controls,
recommendations for avoiding common PCI compliance failures, guidance
on fulfilling management responsibility in relation to audits, and
information on ensuring continual improvement of IT security efforts.
The paper is intended to help IT, compliance, audit, and business managers prepare for a PCI audit and to provide concrete tools managers can use to ensure that the audit experience and results are as beneficial as possible to both IT leaders and the company as a whole.
AuditNet® Resource List
Please let us know of links that are not working!
Click here for the latest update!