1 / 40

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits. Presented by Martin Holzke, Senior (IT) Auditor. Agenda. Presenter Motivation Planning the Audit Communication Performing the Audit Reporting Remediation Resources. Presenter. Martin Holzke

daniel_millan
Download Presentation

Essential Audit Skills Learn How to Successfully Prepare and Perform Audits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Essential Audit Skills Learn How to Successfully Prepare and Perform Audits Presented by Martin Holzke, Senior (IT) Auditor

  2. Agenda • Presenter • Motivation • Planning the Audit • Communication • Performing the Audit • Reporting • Remediation • Resources

  3. Presenter • Martin Holzke • Director of SoftQualM (Scotland) Ltd • Degree in Physics • IT Consultant since 1991 • IT Trainer since 1993 • IT Auditor since 2003 • Author of “Essential Audit Skills”

  4. Motivation • Audits are Assessments • Reality vs. • Requirements, Expectations and Assumptions • Audits can • Make all the Difference or • Be a Waste of Resources

  5. Motivation • Hands-on Experience • Customers, Colleagues, Trainees etc. • Lack of Learning Resources • Loads on Domain Schemes (CISA, SOX etc.) • Little on Soft Skills • Results • This High-Level Webinar • Further Learning Resources

  6. Planning the Audit • The Purpose of Audits • Establishing the Scope of the Audit • Preparing the Audit • Scheduling the Audit

  7. Planning the Audit • The Purpose of Audits • Re-Assurance of Stakeholders • Continuous Improvement • Added Value "Trust is good, control better." Vladimir Ilyich Lenin, Former Russian Leader

  8. Planning the Audit • Establishing the Scope of the Audit • Scope? What Scope? • Scoping Issues • Documenting the Scope • Reviewing the Scope

  9. Planning the Audit • Examples

  10. Planning the Audit • Preparing the Audit • Getting the Business Ready for the Audit • Defining Reference Structures • Keeping Evidence • Defining the Audit Plan • Managing Documents “If it can’t be evidenced it doesn’t exist”

  11. Planning the Audit • Scheduling the Audit • Who? What? When? • Dependencies • Testing Period • Availability and Notification Requirements • Announcing the Schedule

  12. Communication • Communication is Key • Involving the Right People • Creating the Right Atmosphere • Opening and Closing Meetings with Management

  13. Communication • Communication is Key • Jargon Free Language • Respect • Widen your Horizon

  14. Communication • Involving the Right People • Internal and External Stakeholders • Management • Subject Matter Experts • Team Heads and Operators • Auditors • External Advisors

  15. Communication • Creating the Right Atmosphere • Personal Motivation • Desire and Opportunity for Improvement • Appreciation and Reward of Honesty • No Blame Culture “If it's going to come out eventually, better have it come out immediately.” Henry A. Kissinger, Former US Secretary of State

  16. Communication • Opening and Closing Meetings with Management • Awareness • Progress and Status • Commitment • Support

  17. Performing the Audit • Assessing Documentation and Evidence • Interviewing and Corroborative Enquiry • Sampling Approaches • Identifying Exceptions and Deficiencies

  18. Performing the Audit • Assessing Documentation and Evidence • Clerical • Sufficiency • Reprocessability “If it can’t be evidenced it doesn’t exist”

  19. Performing the Audit • Examples • Review of Oracle DBA Accounts • Review performed by: Joe Smith, Manager Oracle Support Team • Review performed on: 01/12/2007 • Oracle DB reviewed: ORAFI on UX10 • List of DBA accounts obtained: • MEYERM • BLOGGJ • BROWND • ORABCK • Observations: • All accounts belong to current Oracle Support Team members with DBA duties except ORABCK. • Investigation of suspicious account ORABCK confirms requirement for extra privileges however well below DBA. • Actions: • M. Meyer (RFC 001265643) • Create DB role BCK • Remove DBA privileges from ORABCK • Grant role BCK to ORABCK • Conclusion: • One exception noted and addressed. • Successful completion TBC in next review due 01/01/2008. • 5. User Access to Systems and Applications • 5.1. All new and amended user access to any system or application is governed under this policy and respective procedures listed under 5.10. For the avoidance of any doubt amended user access here includes revoking the same. • 5.2. All applications for new or amended user access require the current application form as referenced under 5.10. to be completed and send to the IT Security Officer. • 5.3. Applications need to be authorised by signature of the respective employee’s line manager. • 5.4. Access to business applications additionally has to be authorised by signature of the respective application owner. The list of current applications and respective owners is referenced under 5.10. • 5.5. Applications owners are responsible to ensure segregation of duties requirements are not violated when authorising access. • 5.6. Elevated access (sys admin etc.) to corporate servers and network elements additionally has to be authorised by signature of the Head of CIO. • ... • 5.10. Additional documentation referred to in this policy is available from http://security.mycomp.com/useraccess/ on the corporate intranet.

  20. Performing the Audit • Interviewing and Corroborative Enquiry • Know-how • Reliability • Filling the Gaps • Proof of Absence • Observation • Last Resort Alternative to Evidence

  21. Performing the Audit • Sampling Approaches • Sampling vs. Point-in-Time • Sample Sizes • Obtaining a Reliable Sample • Resampling

  22. Performing the Audit • Identifying Exceptions and Deficiencies • What Constitutes an Exception? • Formal, Design and Isolated Exceptions • The “Sake” of Exceptions • When does it become a Deficiency?

  23. Reporting • Establishing Documentation Standards • Creating Workpapers • Compiling the Audit Report • Adding Recommendations for Improvements

  24. Reporting • Establishing Documentation Standards • Branding and Uniformity • Structure and Content • Ease-of-Use and Completeness • Template Libraries • Naming Conventions • File Types

  25. Reporting • Creating Workpapers • Templates • Transparency • Clerical • Reprocessability • Tabular Sample Assessments, Scans and Screenshots as Supporting Evidence

  26. Reporting • Examples

  27. Reporting • Compiling the Audit Report • Test Results • Exceptions and Deficiencies • Management Comments • Statistics • Conclusion

  28. Reporting • Adding Recommendations for Improvements • Recommendations vs. Exceptions • Always Room for Improvement • Early Warning System • Subjects • Business Processes and Evidence • Education and Awareness • Audit Structure

  29. Audit Follow-Through • Management Response • Root Cause Analysis • Remediation • Re-Assessment • Process Improvement

  30. Audit Follow-Through • Management Response • Acceptance and Remediation • Acceptance without Remediation • Rejection

  31. Audit Follow-Through • Root Cause Analysis • Cause Behind the Cause • Systematic and Structural: 5 Whys • Problem Management

  32. Audit Follow-Through • Remediation • Plan of Action • Responsibilities • Measurable Milestones • Success Indicators • Escalation

  33. Audit Follow-Through • Re-Assessment • On Reported Success of Corrective Action • Scope • Schedule

  34. Audit Follow-Through • Process Improvement • “The audit of the audit” • “There’a always room for improvement” • “Nobody is perfect!”

  35. Resources • Books • Tutoring • Courses

  36. Resources • Books by Martin Holzke • “Essential Audit Skills” ISBN 978-1-906972-03-5 (Paperback)ISBN 978-1-906972-06-6 (Kindle eBook) • “Oops-A-Daisy”ISBN 978-1-906972-01-1 (Paperback)ISBN 978-1-906972-07-3 (Kindle eBook) • www.softqualmpress.com

  37. Resources • Tutoring • Standard Package to Accompany the Book • Tailored Coaching Packaging • On-site, Distance Learning, In-house

  38. Resources • Courses • Full Range Hands-on Course (5 days) • Tailored Courses on Selected Aspects • On-site, Distance Learning, In-house

  39. Resources • Upcoming Series of 5 Webinars each • 2 hours Coverage of One Domain • Exercise to Take Home • 26th & 31st July, 2nd, 7th & 9th August 2012 • 7PM UK Time (2PM Eastern, 12PM Pacific Time) • £49 (some €60 or US-$75) • £195 for all 5 (some €240 or US-$300) plus a free copy of the book “Essential Audit Skills”

  40. The End • Q&A • Thanks for attending … • I hope it was enjoyable … • And You have gained from it. • Feel free to connect on LinkedIn.

More Related