Essential audit skills learn how to successfully prepare and perform audits l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 40

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits PowerPoint PPT Presentation


  • 190 Views
  • Uploaded on
  • Presentation posted in: General

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits. Presented by Martin Holzke, Senior (IT) Auditor. Agenda. Presenter Motivation Planning the Audit Communication Performing the Audit Reporting Remediation Resources. Presenter. Martin Holzke

Download Presentation

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Essential audit skills learn how to successfully prepare and perform audits l.jpg

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits

Presented by

Martin Holzke, Senior (IT) Auditor


Agenda l.jpg

Agenda

  • Presenter

  • Motivation

  • Planning the Audit

  • Communication

  • Performing the Audit

  • Reporting

  • Remediation

  • Resources


Presenter l.jpg

Presenter

  • Martin Holzke

    • Director of SoftQualM (Scotland) Ltd

    • Degree in Physics

    • IT Consultant since 1991

    • IT Trainer since 1993

    • IT Auditor since 2003

    • Author of “Essential Audit Skills”


Motivation l.jpg

Motivation

  • Audits are Assessments

    • Reality vs.

    • Requirements, Expectations and Assumptions

  • Audits can

    • Make all the Difference or

    • Be a Waste of Resources


Motivation5 l.jpg

Motivation

  • Hands-on Experience

    • Customers, Colleagues, Trainees etc.

  • Lack of Learning Resources

    • Loads on Domain Schemes (CISA, SOX etc.)

    • Little on Soft Skills

  • Results

    • This High-Level Webinar

    • Further Learning Resources


Planning the audit l.jpg

Planning the Audit

  • The Purpose of Audits

  • Establishing the Scope of the Audit

  • Preparing the Audit

  • Scheduling the Audit


Planning the audit7 l.jpg

Planning the Audit

  • The Purpose of Audits

    • Re-Assurance of Stakeholders

    • Continuous Improvement

    • Added Value

      "Trust is good, control better."

      Vladimir Ilyich Lenin, Former Russian Leader


Planning the audit8 l.jpg

Planning the Audit

  • Establishing the Scope of the Audit

    • Scope? What Scope?

    • Scoping Issues

    • Documenting the Scope

    • Reviewing the Scope


Planning the audit9 l.jpg

Planning the Audit

  • Examples


Planning the audit10 l.jpg

Planning the Audit

  • Preparing the Audit

    • Getting the Business Ready for the Audit

    • Defining Reference Structures

    • Keeping Evidence

    • Defining the Audit Plan

    • Managing Documents

      “If it can’t be evidenced it doesn’t exist”


Planning the audit11 l.jpg

Planning the Audit

  • Scheduling the Audit

    • Who? What? When?

    • Dependencies

    • Testing Period

    • Availability and Notification Requirements

    • Announcing the Schedule


Communication l.jpg

Communication

  • Communication is Key

  • Involving the Right People

  • Creating the Right Atmosphere

  • Opening and Closing Meetings with Management


Communication13 l.jpg

Communication

  • Communication is Key

    • Jargon Free Language

    • Respect

    • Widen your Horizon


Communication14 l.jpg

Communication

  • Involving the Right People

    • Internal and External Stakeholders

    • Management

    • Subject Matter Experts

    • Team Heads and Operators

    • Auditors

    • External Advisors


Communication15 l.jpg

Communication

  • Creating the Right Atmosphere

    • Personal Motivation

    • Desire and Opportunity for Improvement

    • Appreciation and Reward of Honesty

    • No Blame Culture

      “If it's going to come out eventually, better have it come out immediately.”

      Henry A. Kissinger, Former US Secretary of State


Communication16 l.jpg

Communication

  • Opening and Closing Meetings with Management

    • Awareness

    • Progress and Status

    • Commitment

    • Support


Performing the audit l.jpg

Performing the Audit

  • Assessing Documentation and Evidence

  • Interviewing and Corroborative Enquiry

  • Sampling Approaches

  • Identifying Exceptions and Deficiencies


Performing the audit18 l.jpg

Performing the Audit

  • Assessing Documentation and Evidence

    • Clerical

    • Sufficiency

    • Reprocessability

      “If it can’t be evidenced it doesn’t exist”


Performing the audit19 l.jpg

Performing the Audit

  • Examples

  • Review of Oracle DBA Accounts

  • Review performed by: Joe Smith, Manager Oracle Support Team

  • Review performed on: 01/12/2007

  • Oracle DB reviewed: ORAFI on UX10

  • List of DBA accounts obtained:

    • MEYERM

    • BLOGGJ

    • BROWND

    • ORABCK

  • Observations:

  • All accounts belong to current Oracle Support Team members with DBA duties except ORABCK.

  • Investigation of suspicious account ORABCK confirms requirement for extra privileges however well below DBA.

  • Actions:

  • M. Meyer (RFC 001265643)

    • Create DB role BCK

  • Remove DBA privileges from ORABCK

  • Grant role BCK to ORABCK

  • Conclusion:

  • One exception noted and addressed.

  • Successful completion TBC in next review due 01/01/2008.

    • 5. User Access to Systems and Applications

    • 5.1.All new and amended user access to any system or application is governed under this policy and respective procedures listed under 5.10. For the avoidance of any doubt amended user access here includes revoking the same.

    • 5.2.All applications for new or amended user access require the current application form as referenced under 5.10. to be completed and send to the IT Security Officer.

    • 5.3.Applications need to be authorised by signature of the respective employee’s line manager.

    • 5.4.Access to business applications additionally has to be authorised by signature of the respective application owner. The list of current applications and respective owners is referenced under 5.10.

    • 5.5. Applications owners are responsible to ensure segregation of duties requirements are not violated when authorising access.

    • 5.6.Elevated access (sys admin etc.) to corporate servers and network elements additionally has to be authorised by signature of the Head of CIO.

    • ...

    • 5.10.Additional documentation referred to in this policy is available from http://security.mycomp.com/useraccess/ on the corporate intranet.


    Performing the audit20 l.jpg

    Performing the Audit

    • Interviewing and Corroborative Enquiry

      • Know-how

      • Reliability

      • Filling the Gaps

      • Proof of Absence

      • Observation

      • Last Resort Alternative to Evidence


    Performing the audit21 l.jpg

    Performing the Audit

    • Sampling Approaches

      • Sampling vs. Point-in-Time

      • Sample Sizes

      • Obtaining a Reliable Sample

      • Resampling


    Performing the audit22 l.jpg

    Performing the Audit

    • Identifying Exceptions and Deficiencies

      • What Constitutes an Exception?

      • Formal, Design and Isolated Exceptions

      • The “Sake” of Exceptions

      • When does it become a Deficiency?


    Reporting l.jpg

    Reporting

    • Establishing Documentation Standards

    • Creating Workpapers

    • Compiling the Audit Report

    • Adding Recommendations for Improvements


    Reporting24 l.jpg

    Reporting

    • Establishing Documentation Standards

      • Branding and Uniformity

      • Structure and Content

      • Ease-of-Use and Completeness

      • Template Libraries

      • Naming Conventions

      • File Types


    Reporting25 l.jpg

    Reporting

    • Creating Workpapers

      • Templates

      • Transparency

      • Clerical

      • Reprocessability

      • Tabular Sample Assessments, Scans and Screenshots as Supporting Evidence


    Reporting26 l.jpg

    Reporting

    • Examples


    Reporting27 l.jpg

    Reporting

    • Compiling the Audit Report

      • Test Results

      • Exceptions and Deficiencies

      • Management Comments

      • Statistics

      • Conclusion


    Reporting28 l.jpg

    Reporting

    • Adding Recommendations for Improvements

      • Recommendations vs. Exceptions

      • Always Room for Improvement

      • Early Warning System

    • Subjects

      • Business Processes and Evidence

      • Education and Awareness

      • Audit Structure


    Audit follow through l.jpg

    Audit Follow-Through

    • Management Response

    • Root Cause Analysis

    • Remediation

    • Re-Assessment

    • Process Improvement


    Audit follow through30 l.jpg

    Audit Follow-Through

    • Management Response

      • Acceptance and Remediation

      • Acceptance without Remediation

      • Rejection


    Audit follow through31 l.jpg

    Audit Follow-Through

    • Root Cause Analysis

      • Cause Behind the Cause

      • Systematic and Structural: 5 Whys

      • Problem Management


    Audit follow through32 l.jpg

    Audit Follow-Through

    • Remediation

      • Plan of Action

      • Responsibilities

      • Measurable Milestones

      • Success Indicators

      • Escalation


    Audit follow through33 l.jpg

    Audit Follow-Through

    • Re-Assessment

      • On Reported Success of Corrective Action

      • Scope

      • Schedule


    Audit follow through34 l.jpg

    Audit Follow-Through

    • Process Improvement

      • “The audit of the audit”

      • “There’a always room for improvement”

      • “Nobody is perfect!”


    Resources l.jpg

    Resources

    • Books

    • Tutoring

    • Courses


    Resources36 l.jpg

    Resources

    • Books by Martin Holzke

      • “Essential Audit Skills” ISBN 978-1-906972-03-5 (Paperback)ISBN 978-1-906972-06-6 (Kindle eBook)

      • “Oops-A-Daisy”ISBN 978-1-906972-01-1 (Paperback)ISBN 978-1-906972-07-3 (Kindle eBook)

      • www.softqualmpress.com


    Resources37 l.jpg

    Resources

    • Tutoring

      • Standard Package to Accompany the Book

      • Tailored Coaching Packaging

      • On-site, Distance Learning, In-house


    Resources38 l.jpg

    Resources

    • Courses

      • Full Range Hands-on Course (5 days)

      • Tailored Courses on Selected Aspects

      • On-site, Distance Learning, In-house


    Resources39 l.jpg

    Resources

    • Upcoming Series of 5 Webinars each

      • 2 hours Coverage of One Domain

      • Exercise to Take Home

      • 26th & 31st July, 2nd, 7th & 9th August 2012

      • 7PM UK Time (2PM Eastern, 12PM Pacific Time)

      • £49 (some €60 or US-$75)

      • £195 for all 5 (some €240 or US-$300) plus a free copy of the book “Essential Audit Skills”


    The end l.jpg

    The End

    • Q&A

    • Thanks for attending …

    • I hope it was enjoyable …

    • And You have gained from it.

    • Feel free to connect on LinkedIn.


  • Login