|
|
||||||
|
|
|||||||
|
|
Guidelines for Reviewing the Appropriateness of User Access By Denise Silon Louie, Protiviti Associate Director
The media is full of high-profile stories publicizing organizations that
have recently experienced a security breach, leaving important data in the
hands of the culprits. However, it is important to remember that
Click here for the rest of the story!
This article was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com.
For a limited time KnowledgeLeader memberships are available for the reduced rate of $595 per year. Tell them you heard about it from AuditNet.org. AuditNet® Community Sponsor News!
Thanks to Paisley and TeamMate for sponsoring the newsletter! The AuditNet® community has grown by leaps and bounds thanks to your continued support. Yes it is hard to imagine but it has been more a decade since this community was created! Support AuditNet® by supporting our sponsors. Without sponsor and affiliate advertising and contributions from the AuditNet® community everyone would have to pay for use of this site.
This month check out Pentana who produces software for audit professionals, including integrated risk and audit management, staff scheduling and information security questionnaires.
Remember! Clicking on sponsored ads and visiting their sites helps support AuditNet®. Career Advice Q&A Speak with Savvy
author of How to Say it When You Don't Know What to Say: The Right Words For Difficult Times
We can’t hide from it – we’re expected to communicate in
meetings, workshops, training events, and conferences. Communication
skills are highly prized in today’s culturally diverse and
technology-driven workplace so it’s important to master this skill. Joan
Detz, author of Can You Say a Few Words?, Second Revised Edition: How to Prepare and Deliver a Speech for Any Special Occasion
For the Q&A click here! Resume Tune-Ups Add Resume Writing to Your Strengths by Robbie Miller Kaplan When you spend approximately 25% of your professional time writing reports, it’s easy to think of your resume as just another report. But your resume needs to communicate your strengths and credentials, and potential employers need to see them in a quick scan; a report format just can’t do the job.
Abdul has taken the time to chronicle all his experience and strengths but his report format is just too tedious to read. The format also lacks consistency; Abdul mixes it up with dashes, roman numerals, boxes, and letters.
The first step in writing a resume is to understand your intent; what position are you seeking, what are the job requirements, and how do your credentials match? Next, write and produce a resume document that details the exact qualifications that the potential employer is seeking. Extraneous information relating to unnecessary experience, skills, and training is all clutter and any clutter takes away from your core credentials.
Knowing what to eliminate is as important as knowing what to include.
Each of us must have an impartial eye when evaluating our resumes. Ask yourself “Is it easy to read?” “Are my qualifications right up front?” “Do details that support my job objective follow?”
It’s not enough to be an expert at writing reports; you must be an expert in communicating your credentials and strengths.
Get a Free Resume Analysis! AuditNet Adds a New Career Feature: The Resume Tune-Up.
Nationally recognized resume expert and author of How to Say it When You Don't Know What to Say: The Right Words For Difficult Times If you would like your resume to be considered for a tune-up, please e-mail it to Ms. Kaplan. You will be notified by e-mail if your resume is selected. You will need to make yourself available via e-mail to answer a few questions with a tight deadline. Ms. Kaplan will send a critique and suggestions to the individual selected and a summary Resume Tune-Up will appear in the monthly newsletter column. If selected you give AuditNet the right to display your resume for the column. AuditNet® What's New This Month? From the Editor!
AUDITNET TEAMS UP WITH PUBLISHER OF WHITE-COLLAR CRIME FIGHTER TO OFFER FRAUD AWARENESS TRAINING TO THE PROFESSION
Oakton, VA, March 20, 2008. Recognizing the growing need for new tools to combat organizational fraud, AuditNet® has partnered with White-Collar Crime 101 LLC (WCC 101), publishers of White-Collar Crime Fighter newsletter, to make WCC 101’s Web-based fraud awareness course, FraudAware®, available to audit firms, organizations and their clients. FraudAware® helps organizations motivate all employees to Prevent, Detect and Report fraud through its customized, high-impact format of real-life scenarios, interactive exercises and quizzes. Other benefits of the training include substantial fraud-loss reduction... significantly increased fraud hotline usage ... deterrence against internal fraud ... and support of the organization’s legal and regulatory compliance efforts. FraudAware® which has been successfully implemented at numerous Fortune 500 companies in the financial services, hospitality, insurance and entertainment industries, among others, represents a proven way to slash fraud losses by as much as 50%, according to the Association of Certified Fraud Examiners (ACFE). ---
Note: AuditNet® members who learned about FraudAware® through AuditNet® will receive a FREE three-month subscription to White-Collar Crime Fighter. Please mention that you heard about FraudAware® through AuditNet to qualify for this offer. (This is a risk-free offer. If you choose not to become a FraudAware® customer, the three free issues of White-Collar Crime Fighter are yours to keep with no further obligation.)
New AuditNet Survey
Auditors frequently ask questions about audit management software. In order to address these questions AuditNet has launched a new survey on audit management software. Click Here to take the survey!
Pay by Phone or FAX AuditNet is now set up to accept credit card payments for subscriptions by phone or fax. If you are interested in this option click here! Writing for AuditNet? AuditNet Editorial Guidelines Based on the number of articles being contributed to AuditNet we have developed editorial guidelines for future submissions. If you are planning to write an article please review the guidelines before submission. We appreciate receiving material from the global audit community in the interest of sharing knowledge. We are also in the process of guidelines for book reviews and other material submitted for inclusion on AuditNet. Get Audit Related Books Free! Interested in developing your writing skills with having access to the latest audit and business related books? AuditNet is looking for auditors that would like to review books for the benefit of the audit community. This is an excellent way to build your professional publication library and provide a valuable service for AuditNet users. A list of available books will be provided on request. For the guidelines click here. New Benefits of Registration AuditNet receives many questions on what kind of audit related information is available on the Internet and where to find it. As a result of my research to find the answers to those questions I discover value added resources that are useful for auditors. In the past these resources would have been added to the AuditNet Links Page (aka KARL). To provide an incentive for auditors to register on AuditNet I will begin loading these links to a special page that is only available to registered users. AuditNet forges new relationships with professional associations and accounting sites to provide auditors with access to audit work programs. Professional Association Access to AuditNet Audit Programs. If you want your professional association (IIA, ISACA, ACFE, ACUA, ACUIA etc) to have transparent access to AuditNet audit programs and other content as a benefit of membership contact your professional association official and ask them to pursue this with AuditNet. Fraud News Feed Go to the AuditNet Fraud Resource Center and check out the fraud news feed to keep up to date with media reported fraud happenings. Audit Programs The audit programs section of AuditNet requires registration in order to access. New audit program contributions are available only to paid subscribers or on a one-for-one exchange basis. There are over 80,000 registered users. A multi-user subscription rate was added to the individual subscription program to the premium content. Organizations that need more than 2 staff members accessing the service will benefit from this new rate. There are new additions to the premium audit programs available as an alternative for those auditors that are unable to contribute material to AuditNet®. Site licenses are also available for organizations with more than 15 users. The best way to find all the resources on the site is by going to the Virtual Library or use the site search. IIA Technology Audit Guide Series
Are you unsure how effectively you assess deficiencies identified through an audit, or whether your audit plan addresses the IT controls that are critical to achieving business goals and objectives?
Look to The Institute of Internal Auditors (IIA) for guidance in these areas. In January 2007, The IIA released the GAIT Methodology, the first practice guide in its Guide to the Assessment of IT Risk (GAIT) series. This document provides a methodology to help organizations identify the key IT general controls (ITGCs) needed for an efficient and effective scope of work for Section 404 of the U.S. Sarbanes-Oxley Act of 2002.
The IIA follows that up this year with two new guides, released March 17, to further strengthen your audit plan.
Introducing new GAIT guidance:
GAIT for IT General Control Deficiency Assessment provides an approach for assessing any IT general controls deficiencies identified during the annual assessment of internal control over financial reporting. GAIT for Business and IT Risk focuses on identifying the critical aspects
of IT processes that are essential to the management and mitigation of
business risk.
Previous Guides:
Establishing a Repeatable Audit Process Using Excel by Mike Blakely Many organizations have recurring audits, either over time or over locations, or both. Examples include branch audits, inventory audits, store audits, etc. Often these audits will have narrowly defined objectives, which have evolved over time based upon prior results. Assigned staff may include entry level personnel with limited knowledge and experience. Turnover can also erode the knowledge levels over time.
The challenge is how best to leverage these resources so they can be used in the most efficient and effective manner. This article looks at two approaches, both framed in an Excel environment and both automated to the extent feasible.
For the rest of this article by Mike click here! About the author: Mike Blakley is currently an IT auditor with the State of North Carolina, Department of Health and Human Services. Mike maintains a blog devoted to audit software topics at http://blog.ezrstats.com and his e-mail address is Mike.Blakley@ezrstats.org.
*Data Analysis Tools and Techniques for Auditors AuditNet® Fraud Auditing CornerFraudster Profiles Looking for a great way to educate employees on how an ethical employee goes to the dark side, and the consequences of poor internal controls? Check out the following video from one of Gary Zeune's speakers. Master Fraudster Mark Morze ZZZ Best on FMN tells how he fooled auditors and what they could have done to detect the fraud. Gary Zeune has the ONLY speaker's bureau in the country specializing in white-collar criminals — The Pros & The Cons. Mr. Zeune's speakers tell their stories of how and they committed their crimes. Their frauds range from $18,000 to $350 million. Speakers include CPAs, attorneys, and business people.
|
||||||
Interview by Robbie Miller Kaplan 
shares strategies to help you
calm your nerves and maximize opportunities to present yourself in the
most favorable light. 
, Robbie Miller Kaplan will select one
auditor resume each month and suggest ways to transform the resume
from passable to powerful. 
|
Cynthia Cooper just wanted to live a quiet life working for the pride of Mississippi - WorldCom. But as vice president of internal audit she discovered some suspicious entries in the company's books. Her tenacious investigations uncovered the largest fraud in corporate history.
|
This article is from Fraud Magazine, the professional magazine
of the Association of Certified Fraud
Examiners
ACFE FraudInfo Newsletter click here!
AuditNet® Conference & Training News
Want to announce your professional association conference to the global audit community? Send us conference name, date and URL details. (A reciprocal link to AuditNet is required). AuditNet supports co-marketing sponsorship agreements for conferences on a case by case basis.
SuperStrategies 2008 April 14-16, 2008 Las Vegas - JW Marriott Resort
* indicates events where Jim Kaplan is speaking
EDPACS
Click for a recent (free) example of
EDPACS
The free example issue includes:
1) The State of IT Auditing in 2007
- by Gary Hinson.
2) Why is Security a Software Issue?
- by Julia Allen.
EDPACs call for articles (PDF)
EDPACS Editorial Board (current membership)
EDPACS subscription page
_____________________________________
ATTENTION AUDITNET MEMBERS
We have negotiated an exclusive discount to Compliance Week's 3rd Annual
Conference, which takes place at The Mayflower Hotel in Washington, D.C.,
June 4-5, 2008.
This exclusive peer-to-peer event features NUMEROUS risk and audit
sessions led by corporate officers including:
- PepsiCo General Auditor Robert Mac Kay
- Raytheon VP Internal Audit Larry Harrington
- Pitney Bowes VP ERM Cynthia Schmitt
- And others from Yahoo, HP, Starbucks, Merck, Prudential, Lockheed Martin
and more.
Keynotes will be delivered by officials from the Securities and Exchange
Commission and Department of Justice.
This conference include numerous small group "conversations," in which
you can compare and contrast your programs with your peers:
- Pfizer Chief Compliance Officer Douglas Lankler will lead a small-group
discussion on your "early warning systems"
- Yahoo and HP's CCOs will lead a small-group conversation to compare and
contrast your compliance programs
- Pride International CCO Brady Long will lead a discussion on your FCPA
risk assessment challenges
- Intuit's ERM officer and BNSF's corporate audit leader will lead a
conversation on approaches to ERM
This event includes an extensive agenda on critical issues related to
risk management, FCPA compliance, compliance program effectiveness, reliable
financial reporting (including XBRL), and more.
Details are at http://conference.complianceweek.com/
I'LL BE THERE TOO, SO MAKE SURE YOU REGISTER USING THE
FOLLOWING
REGISTRATION FORM , WHICH INCLUDES A BUILT-IN DISCOUNT FOR YOU AND YOUR
TEAM, COURTESY AUDITNET!!!
AUDITNET TEAMS UP WITH PUBLISHER OF WHITE-COLLAR CRIME FIGHTER TO OFFER FRAUD AWARENESS TRAINING TO THE PROFESSION
Oakton, VA, March 20, 2008. Recognizing the growing need for new tools to combat organizational fraud, AuditNet® has partnered with White-Collar Crime 101 LLC (WCC 101), publishers of White-Collar Crime Fighter newsletter, to make WCC 101’s Web-based fraud awareness course, FraudAware®, available to audit firms, organizations and their clients.
FraudAware® helps organizations motivate all employees to Prevent, Detect and Report fraud through its customized, high-impact format of real-life scenarios, interactive exercises and quizzes. Other benefits of the training include substantial fraud-loss reduction... significantly increased fraud hotline usage ... deterrence against internal fraud ... and support of the organization’s legal and regulatory compliance efforts.
FraudAware® which has been successfully implemented at numerous Fortune 500 companies in the financial services, hospitality, insurance and entertainment industries, among others, represents a proven way to slash fraud losses by as much as 50%, according to the Association of Certified Fraud Examiners (ACFE).
---
AuditNet® members can now view a free demo of FraudAware® by visiting
auditnet_landing_page. For further information about FraudAware®
and White-Collar Crime 101 LLC contact Peter Goldmann, President at
pgoldmann@fraudaware.com
Note: AuditNet® members who learned about FraudAware® through AuditNet® will receive a FREE three-month subscription to White-Collar Crime Fighter. Please mention that you heard about FraudAware® through AuditNet to qualify for this offer. (This is a risk-free offer. If you choose not to become a FraudAware® customer, the three free issues of White-Collar Crime Fighter are yours to keep with no further obligation.)
Global Best Practice Papers
 PricewaterhouseCoopers helps you "Uncover the Gap" in process performance through Global Best Practices® complimentary benchmarking opportunity
How can you uncover the gap between your
organization's current performance and the suggested, more optimal way
to perform the process? Benchmarking can often help provide the answer.
|
Dan's Internal Audit Corner
Implementing A World Class Internal Audit Function
- By Dan Swanson
Internal auditing provides managers and the board with
valuable assistance by giving objective assurance and consulting opinions
regarding the organization’s governance, risk-management and control
processes.
Where an organization has not staffed an internal audit department the
identification of the benefits and various role(s) internal audit should
play is the initial step. Where an internal audit function has been in
operation, a review of its recent performance and a revisiting of the
organization’s assurance requirements are recommended.
Click here for the rest of the article!
Have another great month
Dan
Also check out the latest IT and Information Security Titles Published by Taylor & Francis!
Have another great month.
Regards,
Dan
Recovery Auditing: Reducing Profit Leaks
Use Reports to Identify Malfeasance
by Richard Lanza, CPA/CITP
Recovery audits routinely uncover instances of accidental double
billings, overpayments, and missed discounts. But at what point does a
simple mistake become a crime? Here we’ll examine several examples,
taken from recovery audits, which at first glance didn’t seem blatant
but actually were fraud. I provide a list of report ideas that a fraud
examiner could execute in a data query/analysis program. These are
fictional
accounts, but the frauds are all too real, as are the losses suffered
by the victims of these “victimless” crimes.
To read the rest of this article click here!
Upcoming Webinars and Events
How to Reduce the Cash Leakage from Your Procure-to-Pay Function - April 24, May 5, and May 8, 2008
Cash Leakage Best Practice Seminars
How to Reduce the Cash Leakage from Your Procure-to-Pay Function: A Best Practice Approach Seminar
April 24, 2008 Chicago, IL
May 5, 2008 Philadelphia, PA
May 8, 2008 Online
For more information and registration click here!
Make sure you mention AuditNet when registering for the above
events! Audit Work Programs Corner
30 Day Trial to the Premium Section
Access to the free audit program section now requires registration. The following audit programs, ICQs, checklists or working papers were added this month. They are available on a 1 for 1 exchange for an original audit work program not currently in the inventory. If you unable to share audit programs then consider subscribing to the premium content which provides you with access free and premium content 24/7/365. Interested in previewing all the programs in the premium content section? Contribute an original audit work program not currently in the inventory and receive a 30 day trial subscription to the premium content. Contribute 5 programs and receive a one year trial subscription. (Offer only available for new programs submitted).
E-Book for
Subscribers to the Annual Audit Programs
- Retail-Business Process Management (Apr 08)
- Retail-ERP Systems (Apr 08)
- Retail-Financial Controls Working Capital Management (Apr 08)
- Retail-HR Benefits Management (Apr 08)
- Retail-HR Employee Performance Management (Apr 08)
- Retail-HR Incentive Compensation Management (Apr 08)
- Retail-HR Workforce Management (Apr 08)
- Retail-Order to Receipt POS System (Apr 08)
- Retail-Procure to Pay Vendor Selection (Apr 08)
- Retail-Risk Management (Apr 08)
Ask the Auditor
Each month I select one question submitted to Ask the Auditor and provide an answer using the same digital tools and techniques that I recommend to all auditors.
Q: Consideration of the probability of error, irregularity or noncompliance
I'm looking for guidance on how to assist my Internal Audit function to apply the IIA standard regarding "consideration of the probability of error, irregularity or noncompliance" (Standards 1220 and 2210) in the audit planning phase.
Under what circumstances is it appropriate and not appropriate to consider the probability of significant error?
Is it relevant only to financial based audit work and substantive testing of transactions/balances, or is it appropriate for all audit test work?
How has this standard been applied in practice?
A: (Thanks to Ferdinand Balfoort) I would suggest that the auditor should at all times consider the probable risk of any significant error, irregularity or non compliance in the planning phase.
During the planning phase you would design your systems descriptions and identify key controls and apparent weaknesses. Using your own assessments you would then develop your audit program or adjust any existing ones. Preferably all key controls and all weaknesses should be tested for, firstly to confirm the existence and operation of controls, and in the second case to measure the extent and impact of the weakness identified by substantive, preferably unbiased statistical sampling.
If you have a time or resource limitation you could conceivably drop off some items, which is where your assessment of materiality comes in, ie, which key controls or weaknesses pose the greatest risks in terms of a probable significant error.
This is relevant for all types of audits and reviews. For example, if in a pharmaceutical manufacturing scenario the internal control of regularly calibrating dosing meters breaks down, we could conceivably end up poisoning patients with off spec medicines. Although this may look like an operational or engineering maintenance issue, the reality is that any subsequent recalls, loss of brand value, risks of legal suits etc, would definitely affect the financial situation of the organization.
Another example is in the financial sector. Testing an internal control to ensure that private banking client files are complete and secure may seem like a very mundane exercise until you realize that those files are the key evidence to prove that Anti Money Laundering regulations have been complied with, in terms of doing a proper due diligence on any new private banking clients.
More discussion on this question can be found at LinkedIn Answers for auditing by clicking
here.
For those auditors who have not seen the power of using a networking group, I recommend a visit to LinkedIn
If you have a question for Ask the Auditor click here!
Looking to Earn Some Extra $$?
AuditNet is interested in developing a series of SOx or industry related audit programs for organizations. If anyone is interested in writing audit programs, ICQs, questionnaires, or control matrices on a work for hire basis please contact me. If you may know of anyone who would be interested in this as well please pass along my contact information.
AuditNet Construction Corner News
Procurement Strategies and Planning
By Gursharan Singh
The procurement of construction machineries, equipment, tools and building materials generally constitute over 40% of any construction project or for trading, manufacturing purposes. Consequently, it has a direct effect on the efficient implementation of any works or supplies. This in turn will affect the financial viability of the procurement. Similarly, procurement of office supplies and professional services also involve millions of dollars for companies and other organizations whereas it may be in just hundreds or thousands for individuals.
For the rest of the story click here!
AuditNet Sarbanes-Oxley News
Low Cost SOX Compliance Readiness Tool
Exclusively for AuditNet
Looking for a low cost ($100) solution for SOX compliance? The Compliance Readiness Tool™ allows organization’s to evaluate the effectiveness of their information technology environment and controls in relation to section 404 of SOX and the Committee of Sponsoring Organizations (COSO) internal control framework.
For more information click here!
There are plenty of articles in the news on the topic of Sarbanes Oxley. Here is a link to a site that does the research and provides you with links to all the relevant stories.
AuditNet Career Center
Auditors Looking for Jobs!
Companies Looking for Auditors!
The Matching Service for Auditors!
Go to the AuditNet® Career Center now for the latest job opportunities and career-related information and tools. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet® your first stop to check out what's available.
If your company has any audit job vacancies that you are looking to fill, have your HR people contact AuditNet® to post the job and search for candidates.
This is just another benefit of using AuditNet® as your one stop shop for all your audit and career resources.
AuditNet® Book Reviews
AuditNet® Software Compliance Audit Corner
|
Click here for a special offer and late-breaking software compliance news!
Monograph on Software Compliance Auditing: Looking for a Career Change? Registered users can read the complete monograph by clicking here! Registered AuditNet users can send for 20 free software compliance articles. Login to your account and click on the link to receive the articles by email. Also the following articles should interest you! Microsoft has started a program recently in UK that has wide reaching implications for smaller and medium sized organizations, that auditors need to be aware of to minimize risk. More details can be seen by clicking here! |
Your Secret Weapon in the War on Fraud
White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Each month you’ll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies you can put to work immediately to protect your organization.
Click here for the latest e-newsletter and subscription details.
The AuditNet® Audit Bookstore Corner
Looking for books on auditing related topics? We suggest using the AuditNet® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet®.
How to Say It When You Don't Know What to Say The Right Words for Difficult Times
By Robbie Miller Kaplan
As auditors we constantly interact with diverse stakeholders such as colleagues, managers, employees and others. Frequently we encounter people dealing with challenging and difficult times that may or may not be related to work. Our reaction to these situations is conveyed in our behavior both nonverbal and verbal.
For the rest of the review click here.
AuditNet® Vendor News
Check here for the latest news from our AuditNet® sponsors!
Then check out the CCSA Study System published by Pleier Corporation.
Using the "McKeever CCSA Study System" will improve
users' probability of successfully passing the IIA CCSA exam
by teaching users to answer the type of questions typically
presented on the CCSA exam. Additionally, this system helps
users identify CCSA domains that require their additional
study and lists references useful for any additional study.
The "McKeever CCSA Study System" is available in 2
versions - a 288-page spiral-bound workbook and CD-ROM (for
those who prefer clicking a mouse to turning pages) - for
details click
here!
DISCOUNTS TO AUDITNET READERS
As a reminder, Pleier Corporation offers 10 % discounts to
AuditNet readers at
www.pleier.com. To take this discount order online and
enter the word AUDITNET in the coupon field at checkout.
Click here for opportunities to share your knowledge and earn royalties
Exceeding Expectations for Internal Auditors
AuditNet® Resource List
Please let us know of links that are not working!
Click here for the latest update!