180 likes | 355 Views
University of Colorado SAP & ISACA. University of Colorado SAP & ISACA. University of Colorado SAP & ISACA. University of Colorado SAP & ISACA. Presenters Ryan McMeekin Nancy Bong Scott Murphy. Agenda/Contents. Table of Contents. What is Risk Assurance?.
E N D
University of Colorado SAP & ISACA University of ColoradoSAP & ISACA University of ColoradoSAP & ISACA University of ColoradoSAP & ISACA Presenters Ryan McMeekin Nancy Bong Scott Murphy
Agenda/Contents Table of Contents
What is Risk Assurance? What is Risk Assurance? • Risk Assurance at PwC • Business Process / IT Controls • Internal Audit Services • Third Party Assurance • IT Project Assurance • Enterprise Risk Management, etc. • Our Clients: • Financial Audit and External Clients
What is a Control? What is Risk Assurance? • Why are systems and controls important? • In accounting and auditing internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems designed to help the organization accomplish specific goals or objectives. “COSO” - Committee of Sponsoring Organizations of the Treadway Commission: Internal Control - Integrated Framework (1992) • Key information system control objectives: • Safeguarding assets • Maintaining data integrity • Operating effectively and efficiently • Examples of IT Audits: • Financial Statement Audits, public (SOX) and private • Third-Party Assurance • PCI (Payment Card Industry) • Internal Audit
Information Technology Risk and Controls Diagram What is Risk Assurance?
Information Technology Risk Layers What is Risk Assurance?
Exercise • Please get in groups of 3 or 4 • 1) What are examples of IT risk? • 2) How does IT risk impact a business? • 3) How can IT risk impact Financial Statements? PwC
Exercise Debrief • What are examples of IT risk and security? • Restricted Access and Segregation of Duties • Change Management / SDLC • Batch Processing, System Interfaces • 2) How does IT risk impact a business? • Safeguarding of assets, data integrity, efficiency of operations • Compliance requirements (SOX, HIPAA, PCI) • Investor Confidence • 3) How can IT risk impact Financial Statements? • Indirectly impacting financial statement assertions • Pervasiveness of impact. PwC
Reporting • Key Reports • Information used in performance of a key control • Configurable to Client Environment • SAP (Customized or Canned) • Changes • Access • How do we use SQL Statements? • Reporting • Integrity of Data
SAP - Financial General Ledger • What are Risks with these Accounting Areas? • Journal Entries • Period End Closing • Foreign Exchange • New GL • - FI/CO Integration
Exercise - Financial General Ledger Period End Closing Control The standard SAP reports indicating general ledger account metrics are investigated and resolved during period end on a timely basis. • Create a Test Plan • - What are the Key Conditions of this Controls (italicized) - How could we test/verify that the control is operating?
Exercise – Debrief • How to Test & Interpretation • Inquire of management to determine whether: • SAP reports are relied upon during the period end close process • ii) Report review is performed by a person independent from the transaction processing activities • iii) Exceptions are investigated and resolved on a timely basis • a) Evaluate if there is sufficient and appropriate evidence to test the control • b) Inspect / examine a sample of reports to determine whether evidence exists • c) for the timely resolution of exceptions
SAP – Procure to Pay & Accounts Payable • Integrates purchasing department with Account Payables department. • - Business Processes • - 3-way Match • - Agree Purchase order • - Invoice • - Receiving • Automated Process of SAP • Circumnavigate Business Processes? • Basis and IT Controls
What is ISACA? • Information Systems Audit & Control Association (ISACA) • Goal: To expand the knowledge and value of the IT governance and control field • Members work in: • Financial and banking, public accounting, government,the public sector, and theprivate sector • Chapter Meetings • Accounting and Information Security focus • CISA Relationships and Personal Experiences
CISA Description • The Certified Information Systems Auditor (CISA) is ISACA’s cornerstone certification • Devoted exclusively to IT audit, controls, and security • Importance • Good certification for individuals who have audit, control and/or security responsibilities
Recruitment Information • Thursday September 8th - Accounting Firm "Roadshow" - 7pm to 9pm - Koelbel Building • Monday September 12th - BAP Kick-Ball Tournament - 4pm - 6pm - field by Koelbel Building • Wednesday September 14th - MBSA Meeting Accounting Night - 5:30 p.m. to 7:30 p.m. - Koelbel Building • Thursday September 15th - Meet the Firms - 6:30 p.m. - 9:00 p.m. - UMC, on campus • Monday September 19th - Resume deadline