Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
EXAMINING A CAREER AS AN AUDITOR
P E C B P A R T N E R E V E N T I N S I N G A P O R E
2
Anders Carlstedt
Managing Director PECB NORDICS
+46 738224090
anders.carlstedt@pecb.com
www.pecb.com
https://www.linkedi...
3
Master the context
Audit……
ISO 19011, Clause 3.1
Systematic, independent and documented process for
obtaining audit evid...
4
What is an auditor?
Synonyms
• Accountant
• Bookkeeper
• Controller
• Actuary
• Investigator
• Assessor
• Questioner
• B...
5
The perception of the Auditor
https://youtu.be/PGIrZz93wSU
6
(Reasonable) Assurance
• The auditor is looking to obtain reasonable
assurance that the audited cybersecurity
framework ...
7
Independence
ISO 19011, Clause 4e
Note: The auditor
shall ensure
independence of mind
and the appearance of
independence...
8
Focus and knowledge of Audit Criteria
ISO 19011, clause 3.2: set of policies, procedures or requirements used
as a refer...
9
Master the landscape
ISO 19011, Clause 3.6 to 3.10
Organization or person requesting the audit
Auditee
Auditor
Expert
Au...
10
To know and respect your client…
The auditee
A relationship
based on
trust…
11
What Audit?
Second Party Audit
Our organization audits our
supplier
Second Party Audit
Our customer audits our
organiza...
12
Audit Approach Based on Risk
Audit Risks
1. Inherent Risk
2. Control
Risk
3.
Detection
Risk
Risk that the auditor is no...
13
Materiality
Definition
To limit audit risks and to obtain reasonable
assurance, the auditor must place the emphasis on
...
14
Maintain Focus…
Addressing risk and materiality is added value as well…
LOW
AUDIT RISK PLANNED AUDIT
PROCEDURES
LESS
AS...
15
Audit Objectives
To receive advice and recommendationsOpinion Audit
To prepare for certification
Pre-assessment
Audit
T...
16
Questions??
17
Thank you!!
Anders Carlstedt - Examining a Career as an Auditor - Auditing experiences
Prochain SlideShare
Chargement dans…5
×

Anders Carlstedt - Examining a Career as an Auditor - Auditing experiences

133 vues

Publié le

Anders is an officer of ISO/IEC JTC1 SC27 - the ISO committee
responsible for the ISO/IEC 27000-series and other standards
on Privacy, Cyber Security and more, since 2002.

Publié dans : Formation
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Anders Carlstedt - Examining a Career as an Auditor - Auditing experiences

  1. 1. EXAMINING A CAREER AS AN AUDITOR P E C B P A R T N E R E V E N T I N S I N G A P O R E
  2. 2. 2 Anders Carlstedt Managing Director PECB NORDICS +46 738224090 anders.carlstedt@pecb.com www.pecb.com https://www.linkedin.com/in/anderscarlstedt/
  3. 3. 3 Master the context Audit…… ISO 19011, Clause 3.1 Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled In brief: Auditing means asking the auditee what he does, and checking to see if he does it
  4. 4. 4 What is an auditor? Synonyms • Accountant • Bookkeeper • Controller • Actuary • Investigator • Assessor • Questioner • Bean counter • Eavesdropper Set and meet expectations
  5. 5. 5 The perception of the Auditor https://youtu.be/PGIrZz93wSU
  6. 6. 6 (Reasonable) Assurance • The auditor is looking to obtain reasonable assurance that the audited cybersecurity framework is exempt of erroneous material representation and of non-conformity • An auditor cannot obtain absolute assurance • The client expects a result
  7. 7. 7 Independence ISO 19011, Clause 4e Note: The auditor shall ensure independence of mind and the appearance of independence Independent Auditors ISMS Audit ISMS Management Management Users ISMS Auditee
  8. 8. 8 Focus and knowledge of Audit Criteria ISO 19011, clause 3.2: set of policies, procedures or requirements used as a reference against which audit evidence is compared ISO 9001HIPAA SSAE-16 (Replacement of SAS 70) SOX ISO 27001 NIST 800-53 PCI-DSS WLA-SCS IT Baseline OECD Principles
  9. 9. 9 Master the landscape ISO 19011, Clause 3.6 to 3.10 Organization or person requesting the audit Auditee Auditor Expert Audit team Audited organization Competent person conducting the audit Person who provides specific knowledge or expertise to the audit team One or more auditors conducting an audit, supported if needed by technical experts Client
  10. 10. 10 To know and respect your client… The auditee A relationship based on trust…
  11. 11. 11 What Audit? Second Party Audit Our organization audits our supplier Second Party Audit Our customer audits our organization Third Party Audit Our organization is audited by an independent organization Supplier External Internal Organization First Party Audit Our organization audits its own systems Customer
  12. 12. 12 Audit Approach Based on Risk Audit Risks 1. Inherent Risk 2. Control Risk 3. Detection Risk Risk that the auditor is not able to detect a significant defect during an audit Risk that a significant defect not be prevented nor detected by an internal control of the organization Risk that a significant defect arises in the management system without taking into account the processes and controls in place (Risk related to the industrial sector)
  13. 13. 13 Materiality Definition To limit audit risks and to obtain reasonable assurance, the auditor must place the emphasis on the processes and the systems deemed material (synonym: critical)
  14. 14. 14 Maintain Focus… Addressing risk and materiality is added value as well… LOW AUDIT RISK PLANNED AUDIT PROCEDURES LESS ASSERTIVE PLANNED AUDIT PROCEDURES LOW MATERIALITY LESS ASSERTIVE PLANNED AUDIT PROCEDURES MEDIUM MATERIALITY MORE ASSERTIVE ASSERTIVE MORE ASSERTIVE PLANNED AUDIT PROCEDURES HIGH MATERIALITY MORE ASSERTIVE ASSERTIVE ASSERTIVE HIGH AUDIT RISK MEDIUM AUDIT RISK LESS ASSERTIVE
  15. 15. 15 Audit Objectives To receive advice and recommendationsOpinion Audit To prepare for certification Pre-assessment Audit To recommend certification or not Certification Audit
  16. 16. 16 Questions??
  17. 17. 17 Thank you!!

×