Essential audit skills learn how to successfully prepare and perform audits
Download
1 / 40

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits - PowerPoint PPT Presentation


  • 246 Views
  • Uploaded on
  • Presentation posted in: General

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits. Presented by Martin Holzke, Senior (IT) Auditor. Agenda. Presenter Motivation Planning the Audit Communication Performing the Audit Reporting Remediation Resources. Presenter. Martin Holzke

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Essential Audit Skills Learn How to Successfully Prepare and Perform Audits

Presented by

Martin Holzke, Senior (IT) Auditor


Agenda

  • Presenter

  • Motivation

  • Planning the Audit

  • Communication

  • Performing the Audit

  • Reporting

  • Remediation

  • Resources


Presenter

  • Martin Holzke

    • Director of SoftQualM (Scotland) Ltd

    • Degree in Physics

    • IT Consultant since 1991

    • IT Trainer since 1993

    • IT Auditor since 2003

    • Author of “Essential Audit Skills”


Motivation

  • Audits are Assessments

    • Reality vs.

    • Requirements, Expectations and Assumptions

  • Audits can

    • Make all the Difference or

    • Be a Waste of Resources


Motivation

  • Hands-on Experience

    • Customers, Colleagues, Trainees etc.

  • Lack of Learning Resources

    • Loads on Domain Schemes (CISA, SOX etc.)

    • Little on Soft Skills

  • Results

    • This High-Level Webinar

    • Further Learning Resources


Planning the Audit

  • The Purpose of Audits

  • Establishing the Scope of the Audit

  • Preparing the Audit

  • Scheduling the Audit


Planning the Audit

  • The Purpose of Audits

    • Re-Assurance of Stakeholders

    • Continuous Improvement

    • Added Value

      "Trust is good, control better."

      Vladimir Ilyich Lenin, Former Russian Leader


Planning the Audit

  • Establishing the Scope of the Audit

    • Scope? What Scope?

    • Scoping Issues

    • Documenting the Scope

    • Reviewing the Scope


Planning the Audit

  • Examples


Planning the Audit

  • Preparing the Audit

    • Getting the Business Ready for the Audit

    • Defining Reference Structures

    • Keeping Evidence

    • Defining the Audit Plan

    • Managing Documents

      “If it can’t be evidenced it doesn’t exist”


Planning the Audit

  • Scheduling the Audit

    • Who? What? When?

    • Dependencies

    • Testing Period

    • Availability and Notification Requirements

    • Announcing the Schedule


Communication

  • Communication is Key

  • Involving the Right People

  • Creating the Right Atmosphere

  • Opening and Closing Meetings with Management


Communication

  • Communication is Key

    • Jargon Free Language

    • Respect

    • Widen your Horizon


Communication

  • Involving the Right People

    • Internal and External Stakeholders

    • Management

    • Subject Matter Experts

    • Team Heads and Operators

    • Auditors

    • External Advisors


Communication

  • Creating the Right Atmosphere

    • Personal Motivation

    • Desire and Opportunity for Improvement

    • Appreciation and Reward of Honesty

    • No Blame Culture

      “If it's going to come out eventually, better have it come out immediately.”

      Henry A. Kissinger, Former US Secretary of State


Communication

  • Opening and Closing Meetings with Management

    • Awareness

    • Progress and Status

    • Commitment

    • Support


Performing the Audit

  • Assessing Documentation and Evidence

  • Interviewing and Corroborative Enquiry

  • Sampling Approaches

  • Identifying Exceptions and Deficiencies


Performing the Audit

  • Assessing Documentation and Evidence

    • Clerical

    • Sufficiency

    • Reprocessability

      “If it can’t be evidenced it doesn’t exist”


Performing the Audit

  • Examples

  • Review of Oracle DBA Accounts

  • Review performed by: Joe Smith, Manager Oracle Support Team

  • Review performed on: 01/12/2007

  • Oracle DB reviewed: ORAFI on UX10

  • List of DBA accounts obtained:

    • MEYERM

    • BLOGGJ

    • BROWND

    • ORABCK

  • Observations:

  • All accounts belong to current Oracle Support Team members with DBA duties except ORABCK.

  • Investigation of suspicious account ORABCK confirms requirement for extra privileges however well below DBA.

  • Actions:

  • M. Meyer (RFC 001265643)

    • Create DB role BCK

  • Remove DBA privileges from ORABCK

  • Grant role BCK to ORABCK

  • Conclusion:

  • One exception noted and addressed.

  • Successful completion TBC in next review due 01/01/2008.

    • 5. User Access to Systems and Applications

    • 5.1.All new and amended user access to any system or application is governed under this policy and respective procedures listed under 5.10. For the avoidance of any doubt amended user access here includes revoking the same.

    • 5.2.All applications for new or amended user access require the current application form as referenced under 5.10. to be completed and send to the IT Security Officer.

    • 5.3.Applications need to be authorised by signature of the respective employee’s line manager.

    • 5.4.Access to business applications additionally has to be authorised by signature of the respective application owner. The list of current applications and respective owners is referenced under 5.10.

    • 5.5. Applications owners are responsible to ensure segregation of duties requirements are not violated when authorising access.

    • 5.6.Elevated access (sys admin etc.) to corporate servers and network elements additionally has to be authorised by signature of the Head of CIO.

    • ...

    • 5.10.Additional documentation referred to in this policy is available from http://security.mycomp.com/useraccess/ on the corporate intranet.


    Performing the Audit

    • Interviewing and Corroborative Enquiry

      • Know-how

      • Reliability

      • Filling the Gaps

      • Proof of Absence

      • Observation

      • Last Resort Alternative to Evidence


    Performing the Audit

    • Sampling Approaches

      • Sampling vs. Point-in-Time

      • Sample Sizes

      • Obtaining a Reliable Sample

      • Resampling


    Performing the Audit

    • Identifying Exceptions and Deficiencies

      • What Constitutes an Exception?

      • Formal, Design and Isolated Exceptions

      • The “Sake” of Exceptions

      • When does it become a Deficiency?


    Reporting

    • Establishing Documentation Standards

    • Creating Workpapers

    • Compiling the Audit Report

    • Adding Recommendations for Improvements


    Reporting

    • Establishing Documentation Standards

      • Branding and Uniformity

      • Structure and Content

      • Ease-of-Use and Completeness

      • Template Libraries

      • Naming Conventions

      • File Types


    Reporting

    • Creating Workpapers

      • Templates

      • Transparency

      • Clerical

      • Reprocessability

      • Tabular Sample Assessments, Scans and Screenshots as Supporting Evidence


    Reporting

    • Examples


    Reporting

    • Compiling the Audit Report

      • Test Results

      • Exceptions and Deficiencies

      • Management Comments

      • Statistics

      • Conclusion


    Reporting

    • Adding Recommendations for Improvements

      • Recommendations vs. Exceptions

      • Always Room for Improvement

      • Early Warning System

    • Subjects

      • Business Processes and Evidence

      • Education and Awareness

      • Audit Structure


    Audit Follow-Through

    • Management Response

    • Root Cause Analysis

    • Remediation

    • Re-Assessment

    • Process Improvement


    Audit Follow-Through

    • Management Response

      • Acceptance and Remediation

      • Acceptance without Remediation

      • Rejection


    Audit Follow-Through

    • Root Cause Analysis

      • Cause Behind the Cause

      • Systematic and Structural: 5 Whys

      • Problem Management


    Audit Follow-Through

    • Remediation

      • Plan of Action

      • Responsibilities

      • Measurable Milestones

      • Success Indicators

      • Escalation


    Audit Follow-Through

    • Re-Assessment

      • On Reported Success of Corrective Action

      • Scope

      • Schedule


    Audit Follow-Through

    • Process Improvement

      • “The audit of the audit”

      • “There’a always room for improvement”

      • “Nobody is perfect!”


    Resources

    • Books

    • Tutoring

    • Courses


    Resources

    • Books by Martin Holzke

      • “Essential Audit Skills” ISBN 978-1-906972-03-5 (Paperback)ISBN 978-1-906972-06-6 (Kindle eBook)

      • “Oops-A-Daisy”ISBN 978-1-906972-01-1 (Paperback)ISBN 978-1-906972-07-3 (Kindle eBook)

      • www.softqualmpress.com


    Resources

    • Tutoring

      • Standard Package to Accompany the Book

      • Tailored Coaching Packaging

      • On-site, Distance Learning, In-house


    Resources

    • Courses

      • Full Range Hands-on Course (5 days)

      • Tailored Courses on Selected Aspects

      • On-site, Distance Learning, In-house


    Resources

    • Upcoming Series of 5 Webinars each

      • 2 hours Coverage of One Domain

      • Exercise to Take Home

      • 26th & 31st July, 2nd, 7th & 9th August 2012

      • 7PM UK Time (2PM Eastern, 12PM Pacific Time)

      • £49 (some €60 or US-$75)

      • £195 for all 5 (some €240 or US-$300) plus a free copy of the book “Essential Audit Skills”


    The End

    • Q&A

    • Thanks for attending …

    • I hope it was enjoyable …

    • And You have gained from it.

    • Feel free to connect on LinkedIn.


    ad
  • Login