SlideShare une entreprise Scribd logo

Intro to management_and_auditing_of_info_systs

Télécharger en tant que PPT, PDF
J
jakodongo
BusinessÉconomie & finance
1  sur  58
Lesson 1:Introduction to Management and Auditing of Information Systems Lecturer: Management and Auditing of Information Systems |
Lesson Objectives By the end of this lesson , you should:  Know the foundation of IS audit standards  Know the auditor’s professional requirements  Be familiar with auditor skills necessary for a successful audit  Differentiate mandatory versus discretionary wording of regulations  Describe the various types of audits  Know how to communicate with the auditee  Describe auditor leadership duties, including planning and setting priorities  Gain understanding the organizational structure of corporations and consulting firms  Gain understanding the methods of managing projects, including audit projects 5/29/2012 Report for 2010 2 |
The need for IS Audits • The reliance of many companies, organisations, governments, educational institutions etc on electronic data processing systems has led increasingly to the need for their proper control and management . • Just like financial auditors verify financial transaction, so does an IS auditor need to verify the integrity of an electronic system that is used to maintain crucial company data 5/29/2012 Report for 2010 3 |
The Demand for IS audits • Why is very necessary to have IS audits? The greatest focus has always been on financial audits: • Consider: • Italy’s Parmalat dairy scandal occurred in 2003, when executives admitted that an account that was supposed to be holding 4 billion Euro dollars of assets in the Cayman Islands did not exist. The 14 billion Euro organization collapsed into bankruptcy. According to industry news, four of the world’s leading banks were indicted in June 2007 for their participation. 5/29/2012 Report for 2010 4 |
The need for IS Audits • Adelphia Communications Corporation executives John Rigas and son Timothy Rigas were convicted of securities fraud, bank fraud for misrepresenting the source of $1.6 billion of funds used in company stock, and stealing $51 million in cash advances. Rigas’s illegally misrepresented $2.6 billion of off-balance sheet loans, which led to the company’s collapse in 2002. In July 2006, Comcast and Time Warner purchased the failed company and relocated it to Colorado. 5/29/2012 Report for 2010 5 |
The need for IS Audits • Arthur Andersen executive David Duncan violated his independence with his client, CFO Andrew Fastow of Enron. Duncan participated in improper, biased activities for Enron by ordering his staff to shred documents to obstruct the Enron investigation. • Converse Technology CEO Jacob ―Kobi‖ Alexander was captured by Federal authorities after fleeing the country in an attempt to avoid prosecution for orchestrating a fraudulent scheme of backdating options while running a secret stock options slush fund. This illegal • scheme made millions of dollars. CFO David Kreinberg and General Counsel William Sorin voluntarily surrendered to authorities for their participation in the scheme. All three are currently in jail awaiting prosecution. 5/29/2012 Report for 2010 6 |
The need for IS Audits • Closer home, what examples can we gather from well known frauds, scams, malpractices and other actions that have brought organizations to their knees or brought CEO and other officers to account? • Kenya Pipeline • NHIF • Goldenberg (Euro bank) • Trust Bank? • Others……………………………….. • Explain in your own words why you think there is a need for IS Audits against this backdrop 5/29/2012 Report for 2010 7 |
The need for IS Audits • More and more regulations are being put in place especially in western countries to effect control and minimize, detect or otherwise prevent deliberate or inadvertent mishaps like the examples above. • Have you heard of the Sarbanes- Oxley Act? • Do we have similar regulations in Kenya? • Other regulations exist in the US like Gramm-Leach-Bliley Act (financial transactions), Federal Information Security Management Act (FISMA, for government), Health Insurance Portability and Accountability Act (HIPAA), Supervisory Control and Data Acquisition (SCADA, for utilities), Fair and Accurate Credit Transactions Act (credit processing), Federal Financial Institutions Examination Council regulations (FFIEC), Payment Card Industry (PCI) 5/29/2012 Report for 2010 8 |
The need for IS Audits • All of these regulations require businesses to possess two simple components: • Evidence of business integrity • Evidence of internal controls to protect valuable assets 5/29/2012 Report for 2010 9 |
The need for IS Audits • Asset - anything of value, including trademarks, patents, secret recipes, durable goods, data files, competent personnel, and clients. People are never listed but they are key • Threat - as a negative event that would cause a loss if it occurred. • Vulnerability - path that allows a threat to occur. Without regulations, businesses would take risks that lead them into financial, or image problems. With the advent of widespread automation, small problems can escalate / cascade into major issues. Financial auditors focused on the financial transaction but there is a need to audit electronic systems. 5/29/2012 Report for 2010 10 |
Understanding Policies, Standards, Guidelines, and Procedures Type Description Compliance Issued by Policy Simple document stating mandatory CEO, CFO that a particular high- level control objective is important to the organization’s success. Standards mid-level documents to mandatory Middle level ensure uniform management application of a policy. For example ISO 5/29/2012 Report for 2010 11 |
Understanding Policies, Standards, Guidelines, and Procedures Type Description Compliance Issued by Guidelines provide advice pertaining to discretionary Proffessional how organizational bdies, objectives corporate might be obtained in the guidelines absence of a standard. The purpose is to provide information that would aid in making decisions about intended goals (should do), beneficial alternatives (could do), and actions that would not create problems (won’t hurt). 5/29/2012 Report for 2010 12 |
Understanding Policies, Standards, Guidelines, and Procedures Type Description Compliance Issued by Procedures These are ―cookbook‖ mandatory Operating officers recipes for accomplishing specific tasks necessary to meet a standard. Details are written in step-by-step format from the very beginning to the end. Good procedures include common troubleshooting steps in case the user encounters a known problem. 5/29/2012 Report for 2010 13 |
Code of Professional Ethics • As an IS auditor, you must adhere to certain codes of professional conduct. There are various guidelines but the most common one is by ISACA (Information Systems Audit and Control Association) • ISACA code of professional Ethics • Ethics statements are necessary to demonstrate the level of honesty and professionalism expected of every auditor. Overall, your profession requires you to be honest and fair in all representations you make. The goal is to build trust with clients. Your behavior should reflect a positive image on your profession 5/29/2012 Report for 2010 14 |
Preventing Ethical Conflicts • As an IS Auditor, do not participate in acts that would bring into question your professionalism and honesty. Anything that brings you into conflict with your work should be addressed immediately. Some of the conflicts that may bring an auditor into disrepute are:  Copyright violations  Guilty amnesty seekers  Failing to follow your own rules  Avoid violating general laws 5/29/2012 Report for 2010 15 |
Purpose of an Audit • Audit – review of past history • You are expected to follow the defined audit process, establish audit criteria, gather meaningful evidence, and render an independent opinion about internal controls. • It involves applying various techniques for collecting meaningful evidence, and then performing a comparison of the audit evidence against the standard for reference. • Always accurately report your findings, whether good or bad or indifferent. A good auditor will produce verifiable results. 5/29/2012 Report for 2010 16 |
Classifying Basic Types of Audits • Internal audits and assessments- auditing your own organization to discover inner workings (self assessment). They have more restrictions on scope. Findings are not shared with outsiders. • External audits- involves a related party like a customer auditing you. The goal is to ensure the expected level of performance as mutually agreed upon in their contracts. • Independent audits - these are outside of the customer-supplier influence. Third-party independent audits are frequently relied on for licensing, certification, or product approval. A simple example is independent consumer reports. 5/29/2012 Report for 2010 17 |
Classifying Basic Types of Audits • What is looked at during a systems audit? • Product audits - check the attributes against the design specification (size, color, markings). • Process audits - evaluate the process method to determine whether the activities or sequence of activities meet the published requirements (input process, output checks) • System audits – management, configuration, team members activities, control environment etc). • Financial audit- verifies financial transactions for integrity. • Operational audit - verifies effectiveness and efficiency of operational practices. Used mainly to audit service providers. 5/29/2012 Report for 2010 18 |
Classifying Basic Types of Audits • Integrated audit - includes both financial and operational controls audits • Administrative audit - verifies that appropriate policies and procedures exist and have been implemented as intended. This type of audit usually tests for the presence of required documentation. • Information systems certification and/or accreditation. - Certification usually involves system testing against a reference standard, whereas accreditation represents management’s level of acceptance. 5/29/2012 Report for 2010 19 |
The Auditor’s Responsibility • An Is auditor is expected to fulfill a fiduciary relationship. • Fiduciary relationship is whereby you are acting for the benefit of a given party and you put the interests of that party before yours. • However, it is important to provide the truth rather than just act in the auditees interests. 5/29/2012 Report for 2010 20 |
Comparing Audits to Assessments • Audit - An audit generates a report considered to represent a high assurance of truth. Audits are used in asset reporting engagements. • Assessment - An assessment is less formal and frequently more cooperative with the people/ objects under scrutiny. Its purpose is to see what exists and to assess value based on its relevance. • The assessment report is viewed to have lower value (moderate-to- low value) when compared to an audit. The primary role of an assessment is to help the employees improve their score. 5/29/2012 Report for 2010 21 |
Auditor Role versus Auditee Role • There are only two titles for persons directly involved in an audit. First is the auditor, the one who investigates. Second is the auditee, the subject of the audit. A third role exists which is normally outside of • Auditor - The auditor is the competent person performing the audit. • Auditee - The organization and people being audited are collectively called the auditee. • Client - The client is the person or organization with the authority to request the audit. A client may be the audit committee, external customer, internal audit department, or regulatory group. If the client is internal to the auditee, that client assumes the auditee role. the audit, known as the client. 5/29/2012 Report for 2010 22 |
Independence • An Is auditor is expected to be very independent in his work. • you are not related professionally, personally, or organizationally to the subject of the audit. You cannot be independent if the audit’s outcome results in your financial gain or if you are involved in the auditee’s decisions or design of the subject being audited. Applying an Independence Test • Are you auditing something you helped to develop? • Are you free of any conflicts, circumstances, or attitudes toward the auditee that might affect the audit outcome? 5/29/2012 Report for 2010 23 |
Independence • Is your personal life free of any relationships, off-duty behavior, or financial gain that could be perceived as affecting your judgment? • Do you have any organizational relationships with the auditee, including business deals, financial obligations, or pending legal actions? • Do you have a job conflict? Does the organizational structure require your position to work under the executive in charge of the area being audited? Did you receive any gifts of value or special favors? • If your answer is yes then your independence is compromised 5/29/2012 Report for 2010 24 |
Various Auditing Standards • audits either verify compliance (compliance test) or check the substance and integrity of a claim (substantive test). Just how does an auditor know what to do in these audits? • How does an IS auditor know what to do in these audits? • There are standards that can be used. • All these standards are in fundamental agreement with each other though they may seem many and daunting. • Our focus will be on the ISACA standards since they focus very much on IS auditing. 5/29/2012 Report for 2010 25 |
Various Auditing Standards • During the audit process, you will find clients are more receptive when your audit goals are linked to specific citations in the audit standards. You should aim to fill a known and defined point of compliance rather than provide a vague statement relating to something you may have read in a textbook. Don’t make the mistake of trusting your job to misinformation, rumors, or free advice on the Internet. 5/29/2012 Report for 2010 26 |
Specific Regulations Defining Best Practices • These are predominantly U.S. regulations with worldwide compliance implications due to global outsourcing. • Every regulation is designed to mandate the minimum acceptable requirements when conducting any form of business within that specific industry. The auditor must remain aware of two types of statements contained in all regulations: 5/29/2012 Report for 2010 27 |
Specific Regulations Defining Best Practices • Recommended (discretionary) - These are actions that usually contain statements with the word should—for example, suggested management responsibilities, staffing, control mechanisms, or technical attributes. • Required (mandatory) - These are actions that contain the word shall. Shall indicates that statement is a commandment of compliance. Shall is not optional. The auditor must remember that failing to meet a required Shall objective is a real concern. The regulations serve to protect the citizens at large. 5/29/2012 Report for 2010 28 |
Understanding the Auditors Position • Your clients expect you to be authoritative and professional regardless of the circumstances. Your office is mobile, so you are depended on to handle decisions in the field. Your clients include the highest levels of management within an organization. Those clients expect you to assist them with your observations and occasional advice. You will deal with the challenges of providing advice in a manner that does not interfere with the independent audit. 5/29/2012 Report for 2010 29 |
Understanding the Auditors Position • Confidentiality- a client entrusts an auditor with information and it should never be betrayed. Exercise confidentiality by least privilege whereby only the minimum necessary information is given. • Also:  Keep sensitive information as client property.  Contact legal counsels regarding confidentiality.  Back up and secure any work done on computer (automated working papers).  Physically secure any PC or laptops you use.  Keep securely every document file archive you make for every audit. 5/29/2012 Report for 2010 30 |
Understanding the Auditors Position • Working with lawyers – most communication between auditor and client is exempt from legal discovery hence a lawyer may not be needed. However, it is suggested that the client is consulted in case there is any need for communication with a lawyer. • Leadership – an auditor needs to have strong leadership qualities;  mark out when your directions are mandatory and when they are open to feedback and criticism  Develop specific requirements and share out the plans  Get your staff to believe in you 5/29/2012 Report for 2010 31 |
Understanding the Auditors Position • Planning and setting priorities- a good auditor plans and sets priorities on what needs to be done.  Gaining an understanding of the customer’s business  Respecting business cycles (monthly, quarterly, seasonal, and annual)  Establishing priorities  Selecting an audit strategy based on risk and information known or observed  Finding the people for your audit team  Coordinating the logistics prior to the audit for resources, work space, and facilities 5/29/2012 Report for 2010 32 |
Understanding the Auditors Position • Planning and setting priorities (continued)  Requesting documents (discovery requests)  Scheduling people’s time and availability  Arranging travel and accommodations  Planning for delays or nonperformance  Considering rescheduling if recent downtime or risks warrant it  Developing alternative strategies  Developing a briefing schedule 5/29/2012 Report for 2010 33 |
Understanding the Auditors Position • Providing standard terms of reference- an auditor needs to be courteous and polite to clients . Develop standard terms of reference to cultivate respectful and honest interpretation. – Auditee claim/statement – Present – Not present – Planned – Tested (how) – Not tested (why) – Observed – Verified (how) – Not verified – New requirement 5/29/2012 Report for 2010 34 |
Understanding the Auditors Position • Dealing with conflict/ failures – exercise common sense and quick responses. • Identifying the value of external vs. internal auditors - External auditors are paid to be independent reviewers for an organization. Internal auditors can add enormous value to an organization by providing ongoing efforts that help prepare the organization for an external audit. • Apply the evidence rule- A good auditor will use sufficient evidence to formulate their auditor’s opinion. No opinion can be formed when you lack evidence of acceptable quantity, relevance, and reliability. Your job is to be a professional skeptic and demand proof in the form of evidence you can verify. 5/29/2012 Report for 2010 35 |
Understanding the Auditors Position • Identify who you need to interview- plan for whom you will interview, how long it will take and what exactly you will ask. You have to be very specific. There are three classes of people in IS audits (data owner (e.g. CFO, CEO) , data custodian 9database administrator, systems administrator), data user (internal user, client) • Understand the organizational structure and roles- e.g. through use of hierarchy charts 5/29/2012 Report for 2010 36 |
Managing Projects • An audit exercise is essentially a project. An auditor must take a project management approach towards the audit. Some project management standards exist e.g.  Project Management Institute (PMI)  Prince2  Total Quality Management (TQM)  Six Sigma  ISO 9001  The PMI standard is by far the most comprehensive and most recommended standard for IS auditing. 5/29/2012 Report for 2010 37 |
Managing Projects What is a Project ? • Three characteristics define a project  A project is temporary (start end times)  A project is unique- is meant to facilitate a particular outcome  A project is progressively elaborated. The project starts out with simple high-level ideas that are polished and becomes defined into more and more detail during planning What is Project Management? • A simple definition of project management is to balance competing demands. These demands are referred to as the triple constraint. We can define them as competing values of  Scope  Resources (cost, time)  Quality 5/29/2012 Report for 2010 38 |
Managing Projects • The Project Management Framework • The Project Management Institute (PMI) defines the project management framework or PMBOK (Project Management Body Of Knowledge) • PMBOK offers five process groups: • The five process groups as defined by PMI are as follows: 1. Initiating 2. Planning 3. Executing 4. Monitoring and Controlling 5. Closing 5/29/2012 Report for 2010 39 |
Managing Projects 1. Initiating- This process group begins the project or a phase of the project. Sets the scope and authorization of the project. 2. Planning - Planning is where the project scope, goals, and objectives are detailed. 3. Executing- The processes within this group are used to create the project deliverables. 4. Monitoring and Controlling - measures performance and control changes. Examples include review meetings, dealing with substitutions, and schedule changes. 5. Closing - When a phase or the project is completed, this process group will pay vendors and put the files in an archive to close out the project. 5/29/2012 Report for 2010 40 |
Managing Projects Aspects of project management • Project Integration Management - Project Integration Management is the knowledge area containing processes that tie all of the other processes together • Project Scope Management - Project Scope Management contains processes that define the product created by the project and the work to be performed on the project. During this process, a structure is created that breaks each task into itemized details of work to be performed 5/29/2012 Report for 2010 41 |
Managing Projects Aspects of project management • Project Time Management - Project Time Management contains processes that define and control the activities required to complete the project as well as resources for the project. In this knowledge area, the project manager defines the baseline schedule for the project. • Project Cost Management • Project Cost Management comprises three processes that define, specify, and control costs for the project. This knowledge area uses earned value technique to measure cost performance for the project. Earned value (EV) is the current value of work that has been performed in the project. 5/29/2012 Report for 2010 42 |
Managing Projects Aspects of Project Management • Project Quality Management - The Project Quality Management knowledge area comprises three processes that define the level of quality applied to the project’s product and performance. Project team members audit the performance of their project. Next, the product created by the project is inspected for conformance to the design objectives. • Project Human Resource Management - Project Human Resource Management facilitates planning the organizational structure, job roles, specific responsibilities, and acquisition of staff for the project. This is the best technique to get the skilled people needed for your project. Use the work breakdown structure (WBS) from scope management planning to build a skills matrix. 5/29/2012 Report for 2010 43 |
Managing Projects Aspects of Project Management • Project Communications Management - Project Communications Management defines the communications needs of the project stakeholders, and then facilitates and controls communications distribution during the life of the project. Audit projects need this level of planning to clarify what is discussed or reported to our stakeholders. • Project Risk Management - Project Risk Management comprises processes that define the risk methods to be used, define the risks of the project, analyze the risks, and document responses to identified risks. 5/29/2012 Report for 2010 44 |
Managing Projects Aspects of Project Management • Project Procurement Management - Project Procurement Management defines the processes that are required to purchase resources. All projects need to procure people, equipment, and materials from outside the organization. 5/29/2012 Report for 2010 45 |
Managing Projects Using Project Management Diagramming Techniques Gannt Charts • are used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. The figure shows both sequential and concurrent activities in a linear bar-chart-style presentation. Milestones will be identified and progress reported against planned activities. 5/29/2012 Report for 2010 46 |
Managing Projects Using Project Management Diagramming Techniques PERT • Program Evaluation Review Technique (PERT) is used to illustrate the relationship between planned activities. PERT diagramming shows multiple routes through the project activities, as necessary for accomplishing the goal. • PERT has two major advantages. First is the ability to demonstrate a critical path. The second advantage is that PERT provides a quantitative measurement tool for risk analysis. It can help measure the risk of delays, failure, and likely completion. The most successful project managers use both Gantt and PERT—Gantt to display resource detail, and PERT to show the current and most up-to-date critical path. 5/29/2012 Report for 2010 47 |
Summary (Quiz) What is the difference between a policy and a procedure? A. Compliance to a policy is discretionary, and compliance to a procedure is mandatory. B. A procedure provides discretionary advice to aid in decision making. The policy defines specific requirements to ensure compliance. C. A policy is a high-level document signed by a person of authority, and compliance is mandatory. A procedure defines the mandatory steps to attain compliance. D. A policy is a mid-level document issued to advise the reader of desired actions in the absence of a standard. The procedure describes suggested steps to use. 5/29/2012 Report for 2010 48 |
Summary (Quiz) Which of the following in a business organization will be held liable by the government for failures of internal controls? A. President, vice presidents, and other true corporate officers B. Board of directors, president, vice presidents, department directors, and managers C. All members of management D. Board of directors, CEO, CFO, CIO, and department directors 5/29/2012 Report for 2010 49 |
Summary (Quiz) What does fiduciary responsibility mean? A. To use information gained for personal interests without breaching confidentiality of the client. B. To act for the benefit of another person and place the responsibilities to be fair and honest ahead of your own interest. C. To follow the desires of the client and maintain total confidentiality even if illegal acts are discovered. The auditor shall never disclose information from an audit in order to protect the client. D. None of the above. 5/29/2012 Report for 2010 50 |
Summary (Quiz) What are the different types of audits? A. Forensic, accounting, verification, regulatory B. Integrated, operational, compliance, administrative C. Financial, SAS-74, compliance, administrative D. Information systems, SAS-70, regulatory, procedural 5/29/2012 Report for 2010 51 |
Summary (Quiz) What is the difference between the word should and shall when used in regulations? A. Shall represents discretionary requirements, and should provides advice to the reader. B. Should indicates mandatory actions, whereas shall provides advisory information recommending actions when appropriate C. Should and shall are comparable in meaning. The difference is based on the individual circumstances faced by the audit. D. Should indicates actions that are discretionary according to need, whereas shall means the action is mandatory regardless of financial impact 5/29/2012 Report for 2010 52 |
Summary (Quiz) Which of the following is not defined as a nonaudit role? A. System designer B. Operational staff member C. Auditor D. Organizational manage 5/29/2012 Report for 2010 53 |
Summary (Quiz) Why is it necessary to protect audit documentation and work papers? A. The evidence gathered in an audit must be disclosed for regulatory compliance. B. A paper trail is necessary to prove the auditor is right and the auditee is wrong. C. The auditor will have to prove illegal activity in a court of law. D. Audit documentation work papers may reveal confidential information that should not be lost or disclosed. 5/29/2012 Report for 2010 54 |
Summary (Quiz) Which of the following is a network diagram that shows the critical path for a project? A. Program Evaluation Review Technique B. Gantt chart with activity sequencing C. Shortest Path Diagramming Technique D. Milestone reporting 5/29/2012 Report for 2010 55 |
Summary (Quiz) What is the purpose of standard terms of reference? A. To meet the legal requirement of regulatory compliance B. To prove who is responsible C. To ensure honest and unbiased communication D. To ensure that requirements are clearly identified in a regulation 5/29/2012 Report for 2010 56 |
Summary (Quiz) What does the term auditor independence relate to? A. It is not an issue for auditors working for a consulting company. B. It is required for an external audit. C. An internal auditor must undergo certification training to be independent. D. The audit committee bestows independence upon the auditor. 5/29/2012 Report for 2010 57 |
Ole Sangale Road, Madaraka Estate. PO Box 59857-00200, Nairobi, Kenya Tel +254 (0)20 606155, 606268, 606380 Fax +254 (0)20 607498 Mobile +254 (0)722 25 428, (0)733 618 135 Email info@strathmore.edu www.strathmore.edu |

Recommandé

Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...e-Democracy Conference
 
. Managing the Outsourcing _Governance final
. Managing the Outsourcing _Governance final. Managing the Outsourcing _Governance final
. Managing the Outsourcing _Governance finalGTTSlide
 
Business Structure
Business StructureBusiness Structure
Business StructureRichard Veryard
 
Lecture no. 2 org.structure
Lecture no. 2 org.structureLecture no. 2 org.structure
Lecture no. 2 org.structurePir Qasim Shah
 
Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Ignacio Reclusa
 
Best Practices: Change Management
Best Practices: Change ManagementBest Practices: Change Management
Best Practices: Change ManagementCorporate Compliance Seminars
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 

Recommandé

Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...Compliance in the framework of corporate governance (side panel 2) - Oliver O...
Compliance in the framework of corporate governance (side panel 2) - Oliver O...e-Democracy Conference
 
. Managing the Outsourcing _Governance final
. Managing the Outsourcing _Governance final. Managing the Outsourcing _Governance final
. Managing the Outsourcing _Governance finalGTTSlide
 
Business Structure
Business StructureBusiness Structure
Business StructureRichard Veryard
 
Lecture no. 2 org.structure
Lecture no. 2 org.structureLecture no. 2 org.structure
Lecture no. 2 org.structurePir Qasim Shah
 
Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Operational Risk Management for practitioners v1.0
Operational Risk Management for practitioners v1.0Ignacio Reclusa
 
Best Practices: Change Management
Best Practices: Change ManagementBest Practices: Change Management
Best Practices: Change ManagementCorporate Compliance Seminars
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 
Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
The Directors Tutorial
The Directors TutorialThe Directors Tutorial
The Directors TutorialDeborah_K_Williams
 
Ethics in Audit
Ethics in AuditEthics in Audit
Ethics in AuditBikash Kumar
 
ITIL vs. COBIT
ITIL vs. COBITITIL vs. COBIT
ITIL vs. COBITMohsen Yousefi
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationInternational Federation of Accountants
 
Managing The Business Risk Of Fraud
Managing The Business Risk Of FraudManaging The Business Risk Of Fraud
Managing The Business Risk Of FraudMahmoud Elbagoury
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Startrrowntree
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliancesalamali
 
Learning From Failure - A Tale of Three Projects
Learning From Failure - A Tale of Three ProjectsLearning From Failure - A Tale of Three Projects
Learning From Failure - A Tale of Three ProjectsPeter Salmon
 
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...Winston & Strawn LLP
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
Chap008
Chap008Chap008
Chap008ftsutton
 
What Is It Governance Introduction
What Is It Governance IntroductionWhat Is It Governance Introduction
What Is It Governance Introductionnicxenos
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3pjmartinez
 
Governance and Compliance for Credit Unions
Governance and Compliance for Credit UnionsGovernance and Compliance for Credit Unions
Governance and Compliance for Credit Unionsle chéile Group
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0aqel aqel
 
Corporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyCorporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyAlfred Rodrigues
 
COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsInternational Federation of Accountants
 

Contenu connexe

Tendances

Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkBlackLine
 
Managing The Business Risk Of Fraud
Managing The Business Risk Of FraudManaging The Business Risk Of Fraud
Managing The Business Risk Of FraudMahmoud Elbagoury
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Startrrowntree
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliancesalamali
 
Learning From Failure - A Tale of Three Projects
Learning From Failure - A Tale of Three ProjectsLearning From Failure - A Tale of Three Projects
Learning From Failure - A Tale of Three ProjectsPeter Salmon
 
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...Winston & Strawn LLP
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsCorporate Compliance Seminars
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationInternational Federation of Accountants
 
What Is It Governance Introduction
What Is It Governance IntroductionWhat Is It Governance Introduction
What Is It Governance Introductionnicxenos
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3pjmartinez
 
Governance and Compliance for Credit Unions
Governance and Compliance for Credit UnionsGovernance and Compliance for Credit Unions
Governance and Compliance for Credit Unionsle chéile Group
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Frameworksbyearly
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0aqel aqel
 
Corporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyCorporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyAlfred Rodrigues
 

Tendances (20)

Are You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls FrameworkAre You Ready? Implementing COSO's Updated Internal Controls Framework
Are You Ready? Implementing COSO's Updated Internal Controls Framework
 
The Directors Tutorial
The Directors TutorialThe Directors Tutorial
The Directors Tutorial
 
Ethics in Audit
Ethics in AuditEthics in Audit
Ethics in Audit
 
ITIL vs. COBIT
ITIL vs. COBITITIL vs. COBIT
ITIL vs. COBIT
 
Upgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your OrganizationUpgrading Risk Management and Internal Control in Your Organization
Upgrading Risk Management and Internal Control in Your Organization
 
Managing The Business Risk Of Fraud
Managing The Business Risk Of FraudManaging The Business Risk Of Fraud
Managing The Business Risk Of Fraud
 
Toronix - SOA Governance Quick Start
Toronix - SOA Governance Quick StartToronix - SOA Governance Quick Start
Toronix - SOA Governance Quick Start
 
Busines Continuity And Compliance
Busines Continuity And ComplianceBusines Continuity And Compliance
Busines Continuity And Compliance
 
Learning From Failure - A Tale of Three Projects
Learning From Failure - A Tale of Three ProjectsLearning From Failure - A Tale of Three Projects
Learning From Failure - A Tale of Three Projects
 
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
The NLRB's New Joint-Employer Test: What You Need to Know Regarding its Likel...
 
Introduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance SeminarsIntroduction to COSO 2013 - Corporate Compliance Seminars
Introduction to COSO 2013 - Corporate Compliance Seminars
 
Leveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your OrganizationLeveraging Effective Risk Management and Internal Control for Your Organization
Leveraging Effective Risk Management and Internal Control for Your Organization
 
Chap008
Chap008Chap008
Chap008
 
What Is It Governance Introduction
What Is It Governance IntroductionWhat Is It Governance Introduction
What Is It Governance Introduction
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3
 
Governance and Compliance for Credit Unions
Governance and Compliance for Credit UnionsGovernance and Compliance for Credit Unions
Governance and Compliance for Credit Unions
 
policyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated FrameworkpolicyIQ for COSO 2013 Internal Control - Integrated Framework
policyIQ for COSO 2013 Internal Control - Integrated Framework
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0
 
Corporate Governance in Subsidiary Company
Corporate Governance in Subsidiary CompanyCorporate Governance in Subsidiary Company
Corporate Governance in Subsidiary Company
 

Similaire à Intro to management_and_auditing_of_info_systs

COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to knowjennyhollingworth
 
ISO 22222 - Achieving A Competitive Edge Presentation 2010
ISO 22222 - Achieving A Competitive Edge Presentation 2010ISO 22222 - Achieving A Competitive Edge Presentation 2010
ISO 22222 - Achieving A Competitive Edge Presentation 2010Michelle Hoskin
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachMohammad Reda Katby
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
Thapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABAD
Thapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABADThapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABAD
Thapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABADam12sd34
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Iso 9001 2015 iso geek
Iso 9001 2015 iso geekIso 9001 2015 iso geek
Iso 9001 2015 iso geekVarinder Kumar
 
Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014Tami Flowers
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
ReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docx
ReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docxReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docx
ReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docxaudeleypearl
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controlstarunmallappa
 
Corporate Governance of Wipro.pptx
Corporate Governance of Wipro.pptxCorporate Governance of Wipro.pptx
Corporate Governance of Wipro.pptxDebojyotiDeySarkar
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)Sam Mandebvu
 

Similaire à Intro to management_and_auditing_of_info_systs (20)

COSO 2013: What you need to know
COSO 2013: What you need to knowCOSO 2013: What you need to know
COSO 2013: What you need to know
 
Recent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management DevelopmentsRecent COSO Internal Control and Risk Management Developments
Recent COSO Internal Control and Risk Management Developments
 
Corporate governance good-see
Corporate governance good-seeCorporate governance good-see
Corporate governance good-see
 
ISO 22222 - Achieving A Competitive Edge Presentation 2010
ISO 22222 - Achieving A Competitive Edge Presentation 2010ISO 22222 - Achieving A Competitive Edge Presentation 2010
ISO 22222 - Achieving A Competitive Edge Presentation 2010
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
Thapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABAD
Thapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABADThapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABAD
Thapas Sir Presentation ppt =priyanka rai -ICBM-SBE HYDERABAD
 
Mcs report
Mcs reportMcs report
Mcs report
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Hedge Fund Management
Hedge Fund ManagementHedge Fund Management
Hedge Fund Management
 
Iso 9001 2015 iso geek
Iso 9001 2015 iso geekIso 9001 2015 iso geek
Iso 9001 2015 iso geek
 
Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014Agile in a highly regulated organization 2014
Agile in a highly regulated organization 2014
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
How to pass cobit exam
How to pass cobit exam How to pass cobit exam
How to pass cobit exam
 
ReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docx
ReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docxReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docx
ReferencesRobbins, S. P., & Judge, T. A. (2019). Organizational .docx
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
Corporate Governance of Wipro.pptx
Corporate Governance of Wipro.pptxCorporate Governance of Wipro.pptx
Corporate Governance of Wipro.pptx
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Yrkreddy
YrkreddyYrkreddy
Yrkreddy
 

Dernier

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 

Dernier (20)

Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 

Intro to management_and_auditing_of_info_systs

  • 1. Lesson 1:Introduction to Management and Auditing of Information Systems Lecturer: Management and Auditing of Information Systems |
  • 2. Lesson Objectives By the end of this lesson , you should:  Know the foundation of IS audit standards  Know the auditor’s professional requirements  Be familiar with auditor skills necessary for a successful audit  Differentiate mandatory versus discretionary wording of regulations  Describe the various types of audits  Know how to communicate with the auditee  Describe auditor leadership duties, including planning and setting priorities  Gain understanding the organizational structure of corporations and consulting firms  Gain understanding the methods of managing projects, including audit projects 5/29/2012 Report for 2010 2 |
  • 3. The need for IS Audits • The reliance of many companies, organisations, governments, educational institutions etc on electronic data processing systems has led increasingly to the need for their proper control and management . • Just like financial auditors verify financial transaction, so does an IS auditor need to verify the integrity of an electronic system that is used to maintain crucial company data 5/29/2012 Report for 2010 3 |
  • 4. The Demand for IS audits • Why is very necessary to have IS audits? The greatest focus has always been on financial audits: • Consider: • Italy’s Parmalat dairy scandal occurred in 2003, when executives admitted that an account that was supposed to be holding 4 billion Euro dollars of assets in the Cayman Islands did not exist. The 14 billion Euro organization collapsed into bankruptcy. According to industry news, four of the world’s leading banks were indicted in June 2007 for their participation. 5/29/2012 Report for 2010 4 |
  • 5. The need for IS Audits • Adelphia Communications Corporation executives John Rigas and son Timothy Rigas were convicted of securities fraud, bank fraud for misrepresenting the source of $1.6 billion of funds used in company stock, and stealing $51 million in cash advances. Rigas’s illegally misrepresented $2.6 billion of off-balance sheet loans, which led to the company’s collapse in 2002. In July 2006, Comcast and Time Warner purchased the failed company and relocated it to Colorado. 5/29/2012 Report for 2010 5 |
  • 6. The need for IS Audits • Arthur Andersen executive David Duncan violated his independence with his client, CFO Andrew Fastow of Enron. Duncan participated in improper, biased activities for Enron by ordering his staff to shred documents to obstruct the Enron investigation. • Converse Technology CEO Jacob ―Kobi‖ Alexander was captured by Federal authorities after fleeing the country in an attempt to avoid prosecution for orchestrating a fraudulent scheme of backdating options while running a secret stock options slush fund. This illegal • scheme made millions of dollars. CFO David Kreinberg and General Counsel William Sorin voluntarily surrendered to authorities for their participation in the scheme. All three are currently in jail awaiting prosecution. 5/29/2012 Report for 2010 6 |
  • 7. The need for IS Audits • Closer home, what examples can we gather from well known frauds, scams, malpractices and other actions that have brought organizations to their knees or brought CEO and other officers to account? • Kenya Pipeline • NHIF • Goldenberg (Euro bank) • Trust Bank? • Others……………………………….. • Explain in your own words why you think there is a need for IS Audits against this backdrop 5/29/2012 Report for 2010 7 |
  • 8. The need for IS Audits • More and more regulations are being put in place especially in western countries to effect control and minimize, detect or otherwise prevent deliberate or inadvertent mishaps like the examples above. • Have you heard of the Sarbanes- Oxley Act? • Do we have similar regulations in Kenya? • Other regulations exist in the US like Gramm-Leach-Bliley Act (financial transactions), Federal Information Security Management Act (FISMA, for government), Health Insurance Portability and Accountability Act (HIPAA), Supervisory Control and Data Acquisition (SCADA, for utilities), Fair and Accurate Credit Transactions Act (credit processing), Federal Financial Institutions Examination Council regulations (FFIEC), Payment Card Industry (PCI) 5/29/2012 Report for 2010 8 |
  • 9. The need for IS Audits • All of these regulations require businesses to possess two simple components: • Evidence of business integrity • Evidence of internal controls to protect valuable assets 5/29/2012 Report for 2010 9 |
  • 10. The need for IS Audits • Asset - anything of value, including trademarks, patents, secret recipes, durable goods, data files, competent personnel, and clients. People are never listed but they are key • Threat - as a negative event that would cause a loss if it occurred. • Vulnerability - path that allows a threat to occur. Without regulations, businesses would take risks that lead them into financial, or image problems. With the advent of widespread automation, small problems can escalate / cascade into major issues. Financial auditors focused on the financial transaction but there is a need to audit electronic systems. 5/29/2012 Report for 2010 10 |
  • 11. Understanding Policies, Standards, Guidelines, and Procedures Type Description Compliance Issued by Policy Simple document stating mandatory CEO, CFO that a particular high- level control objective is important to the organization’s success. Standards mid-level documents to mandatory Middle level ensure uniform management application of a policy. For example ISO 5/29/2012 Report for 2010 11 |
  • 12. Understanding Policies, Standards, Guidelines, and Procedures Type Description Compliance Issued by Guidelines provide advice pertaining to discretionary Proffessional how organizational bdies, objectives corporate might be obtained in the guidelines absence of a standard. The purpose is to provide information that would aid in making decisions about intended goals (should do), beneficial alternatives (could do), and actions that would not create problems (won’t hurt). 5/29/2012 Report for 2010 12 |
  • 13. Understanding Policies, Standards, Guidelines, and Procedures Type Description Compliance Issued by Procedures These are ―cookbook‖ mandatory Operating officers recipes for accomplishing specific tasks necessary to meet a standard. Details are written in step-by-step format from the very beginning to the end. Good procedures include common troubleshooting steps in case the user encounters a known problem. 5/29/2012 Report for 2010 13 |
  • 14. Code of Professional Ethics • As an IS auditor, you must adhere to certain codes of professional conduct. There are various guidelines but the most common one is by ISACA (Information Systems Audit and Control Association) • ISACA code of professional Ethics • Ethics statements are necessary to demonstrate the level of honesty and professionalism expected of every auditor. Overall, your profession requires you to be honest and fair in all representations you make. The goal is to build trust with clients. Your behavior should reflect a positive image on your profession 5/29/2012 Report for 2010 14 |
  • 15. Preventing Ethical Conflicts • As an IS Auditor, do not participate in acts that would bring into question your professionalism and honesty. Anything that brings you into conflict with your work should be addressed immediately. Some of the conflicts that may bring an auditor into disrepute are:  Copyright violations  Guilty amnesty seekers  Failing to follow your own rules  Avoid violating general laws 5/29/2012 Report for 2010 15 |
  • 16. Purpose of an Audit • Audit – review of past history • You are expected to follow the defined audit process, establish audit criteria, gather meaningful evidence, and render an independent opinion about internal controls. • It involves applying various techniques for collecting meaningful evidence, and then performing a comparison of the audit evidence against the standard for reference. • Always accurately report your findings, whether good or bad or indifferent. A good auditor will produce verifiable results. 5/29/2012 Report for 2010 16 |
  • 17. Classifying Basic Types of Audits • Internal audits and assessments- auditing your own organization to discover inner workings (self assessment). They have more restrictions on scope. Findings are not shared with outsiders. • External audits- involves a related party like a customer auditing you. The goal is to ensure the expected level of performance as mutually agreed upon in their contracts. • Independent audits - these are outside of the customer-supplier influence. Third-party independent audits are frequently relied on for licensing, certification, or product approval. A simple example is independent consumer reports. 5/29/2012 Report for 2010 17 |
  • 18. Classifying Basic Types of Audits • What is looked at during a systems audit? • Product audits - check the attributes against the design specification (size, color, markings). • Process audits - evaluate the process method to determine whether the activities or sequence of activities meet the published requirements (input process, output checks) • System audits – management, configuration, team members activities, control environment etc). • Financial audit- verifies financial transactions for integrity. • Operational audit - verifies effectiveness and efficiency of operational practices. Used mainly to audit service providers. 5/29/2012 Report for 2010 18 |
  • 19. Classifying Basic Types of Audits • Integrated audit - includes both financial and operational controls audits • Administrative audit - verifies that appropriate policies and procedures exist and have been implemented as intended. This type of audit usually tests for the presence of required documentation. • Information systems certification and/or accreditation. - Certification usually involves system testing against a reference standard, whereas accreditation represents management’s level of acceptance. 5/29/2012 Report for 2010 19 |
  • 20. The Auditor’s Responsibility • An Is auditor is expected to fulfill a fiduciary relationship. • Fiduciary relationship is whereby you are acting for the benefit of a given party and you put the interests of that party before yours. • However, it is important to provide the truth rather than just act in the auditees interests. 5/29/2012 Report for 2010 20 |
  • 21. Comparing Audits to Assessments • Audit - An audit generates a report considered to represent a high assurance of truth. Audits are used in asset reporting engagements. • Assessment - An assessment is less formal and frequently more cooperative with the people/ objects under scrutiny. Its purpose is to see what exists and to assess value based on its relevance. • The assessment report is viewed to have lower value (moderate-to- low value) when compared to an audit. The primary role of an assessment is to help the employees improve their score. 5/29/2012 Report for 2010 21 |
  • 22. Auditor Role versus Auditee Role • There are only two titles for persons directly involved in an audit. First is the auditor, the one who investigates. Second is the auditee, the subject of the audit. A third role exists which is normally outside of • Auditor - The auditor is the competent person performing the audit. • Auditee - The organization and people being audited are collectively called the auditee. • Client - The client is the person or organization with the authority to request the audit. A client may be the audit committee, external customer, internal audit department, or regulatory group. If the client is internal to the auditee, that client assumes the auditee role. the audit, known as the client. 5/29/2012 Report for 2010 22 |
  • 23. Independence • An Is auditor is expected to be very independent in his work. • you are not related professionally, personally, or organizationally to the subject of the audit. You cannot be independent if the audit’s outcome results in your financial gain or if you are involved in the auditee’s decisions or design of the subject being audited. Applying an Independence Test • Are you auditing something you helped to develop? • Are you free of any conflicts, circumstances, or attitudes toward the auditee that might affect the audit outcome? 5/29/2012 Report for 2010 23 |
  • 24. Independence • Is your personal life free of any relationships, off-duty behavior, or financial gain that could be perceived as affecting your judgment? • Do you have any organizational relationships with the auditee, including business deals, financial obligations, or pending legal actions? • Do you have a job conflict? Does the organizational structure require your position to work under the executive in charge of the area being audited? Did you receive any gifts of value or special favors? • If your answer is yes then your independence is compromised 5/29/2012 Report for 2010 24 |
  • 25. Various Auditing Standards • audits either verify compliance (compliance test) or check the substance and integrity of a claim (substantive test). Just how does an auditor know what to do in these audits? • How does an IS auditor know what to do in these audits? • There are standards that can be used. • All these standards are in fundamental agreement with each other though they may seem many and daunting. • Our focus will be on the ISACA standards since they focus very much on IS auditing. 5/29/2012 Report for 2010 25 |
  • 26. Various Auditing Standards • During the audit process, you will find clients are more receptive when your audit goals are linked to specific citations in the audit standards. You should aim to fill a known and defined point of compliance rather than provide a vague statement relating to something you may have read in a textbook. Don’t make the mistake of trusting your job to misinformation, rumors, or free advice on the Internet. 5/29/2012 Report for 2010 26 |
  • 27. Specific Regulations Defining Best Practices • These are predominantly U.S. regulations with worldwide compliance implications due to global outsourcing. • Every regulation is designed to mandate the minimum acceptable requirements when conducting any form of business within that specific industry. The auditor must remain aware of two types of statements contained in all regulations: 5/29/2012 Report for 2010 27 |
  • 28. Specific Regulations Defining Best Practices • Recommended (discretionary) - These are actions that usually contain statements with the word should—for example, suggested management responsibilities, staffing, control mechanisms, or technical attributes. • Required (mandatory) - These are actions that contain the word shall. Shall indicates that statement is a commandment of compliance. Shall is not optional. The auditor must remember that failing to meet a required Shall objective is a real concern. The regulations serve to protect the citizens at large. 5/29/2012 Report for 2010 28 |
  • 29. Understanding the Auditors Position • Your clients expect you to be authoritative and professional regardless of the circumstances. Your office is mobile, so you are depended on to handle decisions in the field. Your clients include the highest levels of management within an organization. Those clients expect you to assist them with your observations and occasional advice. You will deal with the challenges of providing advice in a manner that does not interfere with the independent audit. 5/29/2012 Report for 2010 29 |
  • 30. Understanding the Auditors Position • Confidentiality- a client entrusts an auditor with information and it should never be betrayed. Exercise confidentiality by least privilege whereby only the minimum necessary information is given. • Also:  Keep sensitive information as client property.  Contact legal counsels regarding confidentiality.  Back up and secure any work done on computer (automated working papers).  Physically secure any PC or laptops you use.  Keep securely every document file archive you make for every audit. 5/29/2012 Report for 2010 30 |
  • 31. Understanding the Auditors Position • Working with lawyers – most communication between auditor and client is exempt from legal discovery hence a lawyer may not be needed. However, it is suggested that the client is consulted in case there is any need for communication with a lawyer. • Leadership – an auditor needs to have strong leadership qualities;  mark out when your directions are mandatory and when they are open to feedback and criticism  Develop specific requirements and share out the plans  Get your staff to believe in you 5/29/2012 Report for 2010 31 |
  • 32. Understanding the Auditors Position • Planning and setting priorities- a good auditor plans and sets priorities on what needs to be done.  Gaining an understanding of the customer’s business  Respecting business cycles (monthly, quarterly, seasonal, and annual)  Establishing priorities  Selecting an audit strategy based on risk and information known or observed  Finding the people for your audit team  Coordinating the logistics prior to the audit for resources, work space, and facilities 5/29/2012 Report for 2010 32 |
  • 33. Understanding the Auditors Position • Planning and setting priorities (continued)  Requesting documents (discovery requests)  Scheduling people’s time and availability  Arranging travel and accommodations  Planning for delays or nonperformance  Considering rescheduling if recent downtime or risks warrant it  Developing alternative strategies  Developing a briefing schedule 5/29/2012 Report for 2010 33 |
  • 34. Understanding the Auditors Position • Providing standard terms of reference- an auditor needs to be courteous and polite to clients . Develop standard terms of reference to cultivate respectful and honest interpretation. – Auditee claim/statement – Present – Not present – Planned – Tested (how) – Not tested (why) – Observed – Verified (how) – Not verified – New requirement 5/29/2012 Report for 2010 34 |
  • 35. Understanding the Auditors Position • Dealing with conflict/ failures – exercise common sense and quick responses. • Identifying the value of external vs. internal auditors - External auditors are paid to be independent reviewers for an organization. Internal auditors can add enormous value to an organization by providing ongoing efforts that help prepare the organization for an external audit. • Apply the evidence rule- A good auditor will use sufficient evidence to formulate their auditor’s opinion. No opinion can be formed when you lack evidence of acceptable quantity, relevance, and reliability. Your job is to be a professional skeptic and demand proof in the form of evidence you can verify. 5/29/2012 Report for 2010 35 |
  • 36. Understanding the Auditors Position • Identify who you need to interview- plan for whom you will interview, how long it will take and what exactly you will ask. You have to be very specific. There are three classes of people in IS audits (data owner (e.g. CFO, CEO) , data custodian 9database administrator, systems administrator), data user (internal user, client) • Understand the organizational structure and roles- e.g. through use of hierarchy charts 5/29/2012 Report for 2010 36 |
  • 37. Managing Projects • An audit exercise is essentially a project. An auditor must take a project management approach towards the audit. Some project management standards exist e.g.  Project Management Institute (PMI)  Prince2  Total Quality Management (TQM)  Six Sigma  ISO 9001  The PMI standard is by far the most comprehensive and most recommended standard for IS auditing. 5/29/2012 Report for 2010 37 |
  • 38. Managing Projects What is a Project ? • Three characteristics define a project  A project is temporary (start end times)  A project is unique- is meant to facilitate a particular outcome  A project is progressively elaborated. The project starts out with simple high-level ideas that are polished and becomes defined into more and more detail during planning What is Project Management? • A simple definition of project management is to balance competing demands. These demands are referred to as the triple constraint. We can define them as competing values of  Scope  Resources (cost, time)  Quality 5/29/2012 Report for 2010 38 |
  • 39. Managing Projects • The Project Management Framework • The Project Management Institute (PMI) defines the project management framework or PMBOK (Project Management Body Of Knowledge) • PMBOK offers five process groups: • The five process groups as defined by PMI are as follows: 1. Initiating 2. Planning 3. Executing 4. Monitoring and Controlling 5. Closing 5/29/2012 Report for 2010 39 |
  • 40. Managing Projects 1. Initiating- This process group begins the project or a phase of the project. Sets the scope and authorization of the project. 2. Planning - Planning is where the project scope, goals, and objectives are detailed. 3. Executing- The processes within this group are used to create the project deliverables. 4. Monitoring and Controlling - measures performance and control changes. Examples include review meetings, dealing with substitutions, and schedule changes. 5. Closing - When a phase or the project is completed, this process group will pay vendors and put the files in an archive to close out the project. 5/29/2012 Report for 2010 40 |
  • 41. Managing Projects Aspects of project management • Project Integration Management - Project Integration Management is the knowledge area containing processes that tie all of the other processes together • Project Scope Management - Project Scope Management contains processes that define the product created by the project and the work to be performed on the project. During this process, a structure is created that breaks each task into itemized details of work to be performed 5/29/2012 Report for 2010 41 |
  • 42. Managing Projects Aspects of project management • Project Time Management - Project Time Management contains processes that define and control the activities required to complete the project as well as resources for the project. In this knowledge area, the project manager defines the baseline schedule for the project. • Project Cost Management • Project Cost Management comprises three processes that define, specify, and control costs for the project. This knowledge area uses earned value technique to measure cost performance for the project. Earned value (EV) is the current value of work that has been performed in the project. 5/29/2012 Report for 2010 42 |
  • 43. Managing Projects Aspects of Project Management • Project Quality Management - The Project Quality Management knowledge area comprises three processes that define the level of quality applied to the project’s product and performance. Project team members audit the performance of their project. Next, the product created by the project is inspected for conformance to the design objectives. • Project Human Resource Management - Project Human Resource Management facilitates planning the organizational structure, job roles, specific responsibilities, and acquisition of staff for the project. This is the best technique to get the skilled people needed for your project. Use the work breakdown structure (WBS) from scope management planning to build a skills matrix. 5/29/2012 Report for 2010 43 |
  • 44. Managing Projects Aspects of Project Management • Project Communications Management - Project Communications Management defines the communications needs of the project stakeholders, and then facilitates and controls communications distribution during the life of the project. Audit projects need this level of planning to clarify what is discussed or reported to our stakeholders. • Project Risk Management - Project Risk Management comprises processes that define the risk methods to be used, define the risks of the project, analyze the risks, and document responses to identified risks. 5/29/2012 Report for 2010 44 |
  • 45. Managing Projects Aspects of Project Management • Project Procurement Management - Project Procurement Management defines the processes that are required to purchase resources. All projects need to procure people, equipment, and materials from outside the organization. 5/29/2012 Report for 2010 45 |
  • 46. Managing Projects Using Project Management Diagramming Techniques Gannt Charts • are used to schedule and sequence activities in a waterfall-type representation. Planned activities are shown flowing downward to completion. The figure shows both sequential and concurrent activities in a linear bar-chart-style presentation. Milestones will be identified and progress reported against planned activities. 5/29/2012 Report for 2010 46 |
  • 47. Managing Projects Using Project Management Diagramming Techniques PERT • Program Evaluation Review Technique (PERT) is used to illustrate the relationship between planned activities. PERT diagramming shows multiple routes through the project activities, as necessary for accomplishing the goal. • PERT has two major advantages. First is the ability to demonstrate a critical path. The second advantage is that PERT provides a quantitative measurement tool for risk analysis. It can help measure the risk of delays, failure, and likely completion. The most successful project managers use both Gantt and PERT—Gantt to display resource detail, and PERT to show the current and most up-to-date critical path. 5/29/2012 Report for 2010 47 |
  • 48. Summary (Quiz) What is the difference between a policy and a procedure? A. Compliance to a policy is discretionary, and compliance to a procedure is mandatory. B. A procedure provides discretionary advice to aid in decision making. The policy defines specific requirements to ensure compliance. C. A policy is a high-level document signed by a person of authority, and compliance is mandatory. A procedure defines the mandatory steps to attain compliance. D. A policy is a mid-level document issued to advise the reader of desired actions in the absence of a standard. The procedure describes suggested steps to use. 5/29/2012 Report for 2010 48 |
  • 49. Summary (Quiz) Which of the following in a business organization will be held liable by the government for failures of internal controls? A. President, vice presidents, and other true corporate officers B. Board of directors, president, vice presidents, department directors, and managers C. All members of management D. Board of directors, CEO, CFO, CIO, and department directors 5/29/2012 Report for 2010 49 |
  • 50. Summary (Quiz) What does fiduciary responsibility mean? A. To use information gained for personal interests without breaching confidentiality of the client. B. To act for the benefit of another person and place the responsibilities to be fair and honest ahead of your own interest. C. To follow the desires of the client and maintain total confidentiality even if illegal acts are discovered. The auditor shall never disclose information from an audit in order to protect the client. D. None of the above. 5/29/2012 Report for 2010 50 |
  • 51. Summary (Quiz) What are the different types of audits? A. Forensic, accounting, verification, regulatory B. Integrated, operational, compliance, administrative C. Financial, SAS-74, compliance, administrative D. Information systems, SAS-70, regulatory, procedural 5/29/2012 Report for 2010 51 |
  • 52. Summary (Quiz) What is the difference between the word should and shall when used in regulations? A. Shall represents discretionary requirements, and should provides advice to the reader. B. Should indicates mandatory actions, whereas shall provides advisory information recommending actions when appropriate C. Should and shall are comparable in meaning. The difference is based on the individual circumstances faced by the audit. D. Should indicates actions that are discretionary according to need, whereas shall means the action is mandatory regardless of financial impact 5/29/2012 Report for 2010 52 |
  • 53. Summary (Quiz) Which of the following is not defined as a nonaudit role? A. System designer B. Operational staff member C. Auditor D. Organizational manage 5/29/2012 Report for 2010 53 |
  • 54. Summary (Quiz) Why is it necessary to protect audit documentation and work papers? A. The evidence gathered in an audit must be disclosed for regulatory compliance. B. A paper trail is necessary to prove the auditor is right and the auditee is wrong. C. The auditor will have to prove illegal activity in a court of law. D. Audit documentation work papers may reveal confidential information that should not be lost or disclosed. 5/29/2012 Report for 2010 54 |
  • 55. Summary (Quiz) Which of the following is a network diagram that shows the critical path for a project? A. Program Evaluation Review Technique B. Gantt chart with activity sequencing C. Shortest Path Diagramming Technique D. Milestone reporting 5/29/2012 Report for 2010 55 |
  • 56. Summary (Quiz) What is the purpose of standard terms of reference? A. To meet the legal requirement of regulatory compliance B. To prove who is responsible C. To ensure honest and unbiased communication D. To ensure that requirements are clearly identified in a regulation 5/29/2012 Report for 2010 56 |
  • 57. Summary (Quiz) What does the term auditor independence relate to? A. It is not an issue for auditors working for a consulting company. B. It is required for an external audit. C. An internal auditor must undergo certification training to be independent. D. The audit committee bestows independence upon the auditor. 5/29/2012 Report for 2010 57 |
  • 58. Ole Sangale Road, Madaraka Estate. PO Box 59857-00200, Nairobi, Kenya Tel +254 (0)20 606155, 606268, 606380 Fax +254 (0)20 607498 Mobile +254 (0)722 25 428, (0)733 618 135 Email info@strathmore.edu www.strathmore.edu |