SlideShare une entreprise Scribd logo

Audit prsentation

L
logyonetimi
BusinessTechnologie
1  sur  8
Télécharger pour lire hors ligne
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 1 IT Handbook Presentation Audit Booklet Visual Narrative 1. IT Handbook Presentations AuditAudit Open music 2. Changes Organization Content Readers will find both organizational and content changes between the new Audit Booklet and the Internal/External Audit chapter of the 1996 IS Examination Handbook. 3. Changes Organization – Examiner perspective – Comprehensive action summaries The booklet was reorganized to follow the actual flow of the examination process. Each section in the booklet now relates directly to a high-level issue that is of importance to examiners, and the booklet's action summaries provide a comprehensive synopsis of the content in each section. 4. Changes Organization Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act The new contents include changes in the examination process brought about by legislation that has been enacted since 1996 such as: ▪ The Sarbanes-Oxley Act of 2002, which addresses independence of board audit committees and accounting firms, and ▪ Section 501(b) of the Gramm-Leach-Bliley Act of 1999, which expanded security requirements for customer information.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 2 Visual Narrative 5. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In addition, the booklet specifically addresses two issues that have become of particular significance since 1996—outsourcing of IT audits and third-party reviews. 6. Outsourcing IT Audits In recent years, more and more institutions have begun to outsource IT audits. 7. Outsourcing IT Audits Cost savings This increase is due, in part, to current business models that see outsourcing as a way to cut operating costs. 8. Outsourcing IT Audits Cost savings Increased specialization IT in financial institutions has become increasingly prominent and complex over the past decade. It now requires a greater range and depth of IT audit skills to conduct effective internal audits, making it more and more expensive for an organization to maintain an adequate IT audit staff. The result of this trend is that a greater number of institutions are outsourcing some or all of their internal IT audit function in order to decrease overhead while maintaining or enhancing IT audit expertise.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 3 Visual Narrative 9. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In response to these changes, the Audit Booklet addresses IT audit outsourcing as a separate topic. 10. Third-Party Reviews Standards for external auditors – SAS 70 – Trust services reviews New information on third-party reviews of technology service providers includes perspectives on standards for external auditors by the AICPA - the American Institute of Certified Public Accountants. These include: - SAS 70 or Statement on Auditing Standards Number 70 (a widely recognized standard indicating that a service provider has had its control objectives examined by an independent accounting firm). - Trust Services (advisory- and assurance-level engagements such as SysTrust® and WebTrust® conducted by independent auditors using a core set of principles, criteria, and illustrative controls). 11. Residual Content Structure Role, independence, and staffing Role of external audit Risk-based methodology Audit participation There are also topics that remain substantially the same as they appeared in the earlier handbook. Key areas in a sound auditing program still include: ▪ The structure of an internal audit function, ▪ The role, independence, and staffing of internal IT Audit, ▪ The role of external audit ▪ Risk assessment and risk-based auditing methodology, and ▪ Audit participation in application acquisition, development, and testing. 12. Presentation Changes – Organization – Content Booklet organization Having considered some of the ways that the content in the booklet compares to that in the 1996 IS Examination Handbook, let's take a look at how the new booklet is organized.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 4 Visual Narrative 13. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program The first three sections address the basic requirements for implementing and staffing an effective internal audit program. 14. Booklet Organization IT Audit Roles and Responsibilities – Board of directors and senior management – Audit management – Internal audit staff – Operating management – External auditors First, the IT Audit Roles and Responsibilities section outlines audit program responsibilities for: ▪ The board of directors and senior management, ▪ Audit management, ▪ The internal audit staff, ▪ Operating management, and ▪ External auditors. 15. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit – Independent audit staff – Audit staff skills The next section, Independence and Staffing of Internal IT Audit, covers the importance of the: ▪ Independence of audit staff from operations management, and ▪ Skill level requirements being commensurate with the scope and sophistication of the institution’s IT environment. 16. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program ▪ Finally, the Internal Audit Program section outlines guidelines for developing and maintaining a formal internal audit program, including IT audits.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 5 Visual Narrative 17. Booklet Organization Implementing and staffing sections Risk Assessment and Risk- Based Auditing While the three previous sections address the implementation and staffing of internal audit programs, the next section covers the nature of, and requirements for, a risk-based approach to auditing. 18. Risk-Based Approach IT Risk Assessment Risk-Based Audit Plans IT Risk Assessment Risk-Based Audit Plans As with other IT Booklets, this booklet describes a risk-based approach to IT auditing, which includes performing an IT risk assessment and developing risk-based audit plans. 19. Risk-Based Approach Risk-based assessment – Identification – Ranking – Development – Implementation The booklet's guidelines for performing a risk assessment include: ▪ Identifying institutional resources and business activities, ▪ Ranking risks for significant business units and products, and ▪ Developing and implementing risk-based audit plans. 20. Audit Plans Audit cycle length Documentation requirements Guidelines for overriding assessments These audit plans should include: ▪ Maximum lengths of audit cycles for each level of risk within an institution, ▪ Specific documentation requirements, and ▪ Guidelines for overriding risk assessment cycles when dictated by special circumstances.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 6 Visual Narrative 21. Booklet Organization Implementing and staffing sections Risk-Based approach Additional Topics The final three sections of the booklet take a look at additional topics related to the IT audit function, including: 22. Alternative Activities Audit participation: – Application development – Acquisition – Conversions – Testing Outsourcing Internal IT Audit Third-Party Reviews of Technology Service Providers ▪ Audit participation in application development, acquisition, conversions and testing; ▪ Outsourcing internal IT audit; and ▪ Third-party reviews of technology service providers. 23. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance The booklet provides the standard IT Handbook appendices for: ▪ Examination Objectives and Procedures, ▪ Glossary, and ▪ Laws, Regulations, and Guidance. 24. Examination Procedures Tier I Tier II The examination objectives and procedures take a two-tier approach. Tier I primarily follows the organization of the booklet, providing tools for a detailed review of the effectiveness of the institution's audit function to identify and manage risks.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 7 Visual Narrative 25. Examination Procedures Tier I Tier II URSITURSIT Tier II corresponds to the rating areas in URSIT, the Uniform Rating System for Information Technology, and provides additional validation, as warranted by risk, to verify the effectiveness of an institution’s audit program. 26. Examination Procedures Tier IITier II Tier ITier I These two tiers of examination objectives and procedures provide a wide range of inquiries from which examiners can select specific issues significant for the particular institution they are examining. 27. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance Readers should also note the large number of resources listed in the Laws, Regulations, and Guidance appendix of this particular booklet. 28. Resources These items can serve as a valuable complement to booklet content, and all are available from the FFIEC IT Handbook InfoBase.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 8 Visual Narrative 29. Audit A strong audit program is essential to an institution’s safe and sound operation. It provides the framework for ensuring effective risk management practices, internal controls, and compliance with corporate policies. In every examination, determining the quality of an institution’s IT audit functions is a fundamental step in evaluating other aspects of the institution. 30. Audit The Audit Booklet provides comprehensive guidance for assessing the soundness and effectiveness of an institution's IT audit function.

Recommandé

ACC 675 Final Project
ACC 675 Final ProjectACC 675 Final Project
ACC 675 Final Project
AntonioBennet
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013
Lorri Jongeneel, CPA
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
Rizkie Hafizzah
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna Febriani
Donna Febriani
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )
TaDo8
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
Desmond Devendran
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
Aviva Spectrum™
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩
weige
 

Recommandé

ACC 675 Final Project
ACC 675 Final ProjectACC 675 Final Project
ACC 675 Final Project
AntonioBennet
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013
Lorri Jongeneel, CPA
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
Rizkie Hafizzah
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna Febriani
Donna Febriani
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )
TaDo8
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
Desmond Devendran
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
Aviva Spectrum™
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩
weige
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
cctv
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case Study
David Thompson
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ss
Kashif Rana ACCA
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzati
Lailatul Izzati
 
ACC 562 Final Exam
ACC 562 Final ExamACC 562 Final Exam
ACC 562 Final Exam
sonjon03
 
ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com
donaldzs48
 
Acc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comAcc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.com
robertleses2
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTF
David Fernandes
 
Auditing & Assurance Standards
Auditing & Assurance StandardsAuditing & Assurance Standards
Auditing & Assurance Standards
Gyananjaya Behera
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
The Business Council of Mongolia
 
Marketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPAMarketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPA
Robert_Sawhney
 
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Support for Improvement in Governance and Management SIGMA
 
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreements
Richard Austin
 
3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor
Rajeswaran Muthu Venkatachalam
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit Programme
Craig Thornton
 
IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptx
ssuserbdcb221
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
AavyaSidhu
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)
sakura rena
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
International Federation of Accountants
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire course
acatnicy1981
 

Contenu connexe

Tendances

香港六合彩
香港六合彩香港六合彩
香港六合彩
cctv
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit Programme
Craig Thornton
 

Tendances (17)

香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case Study
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ss
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzati
 
ACC 562 Final Exam
ACC 562 Final ExamACC 562 Final Exam
ACC 562 Final Exam
 
ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com
 
Acc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comAcc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.com
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTF
 
Auditing & Assurance Standards
Auditing & Assurance StandardsAuditing & Assurance Standards
Auditing & Assurance Standards
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
 
Marketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPAMarketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPA
 
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
 
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreements
 
3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit Programme
 

Similaire à Audit prsentation

Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templates
IT-Toolkits.org
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
Waqas Ahmad
 
ACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docxACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docx
nettletondevon
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
Phong Ho
 

Similaire à Audit prsentation (20)

IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptx
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire course
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
It Audit
It AuditIt Audit
It Audit
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templates
 
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
 
Audit Report Model and Sample
Audit Report Model and SampleAudit Report Model and Sample
Audit Report Model and Sample
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
 
ISO 19011-2018.pptx
ISO 19011-2018.pptxISO 19011-2018.pptx
ISO 19011-2018.pptx
 
ISO 19011-2018.pptx
ISO 19011-2018.pptxISO 19011-2018.pptx
ISO 19011-2018.pptx
 
ACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docxACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docx
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
 
IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Audits of SMEs - Sometimes Less is More
Audits of SMEs - Sometimes Less is MoreAudits of SMEs - Sometimes Less is More
Audits of SMEs - Sometimes Less is More
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
 

Dernier

Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
yulianti213969
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 

Dernier (20)

Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableCuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Cuttack Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDINGPuri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
Puri CALL GIRL ❤️8084732287❤️ CALL GIRLS IN ESCORT SERVICE WE ARW PROVIDING
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
obat aborsi bandung wa 081336238223 jual obat aborsi cytotec asli di bandung9...
 
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book nowKOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
KOTA 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 

Audit prsentation

  • 1. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 1 IT Handbook Presentation Audit Booklet Visual Narrative 1. IT Handbook Presentations AuditAudit Open music 2. Changes Organization Content Readers will find both organizational and content changes between the new Audit Booklet and the Internal/External Audit chapter of the 1996 IS Examination Handbook. 3. Changes Organization – Examiner perspective – Comprehensive action summaries The booklet was reorganized to follow the actual flow of the examination process. Each section in the booklet now relates directly to a high-level issue that is of importance to examiners, and the booklet's action summaries provide a comprehensive synopsis of the content in each section. 4. Changes Organization Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act The new contents include changes in the examination process brought about by legislation that has been enacted since 1996 such as: ▪ The Sarbanes-Oxley Act of 2002, which addresses independence of board audit committees and accounting firms, and ▪ Section 501(b) of the Gramm-Leach-Bliley Act of 1999, which expanded security requirements for customer information.
  • 2. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 2 Visual Narrative 5. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In addition, the booklet specifically addresses two issues that have become of particular significance since 1996—outsourcing of IT audits and third-party reviews. 6. Outsourcing IT Audits In recent years, more and more institutions have begun to outsource IT audits. 7. Outsourcing IT Audits Cost savings This increase is due, in part, to current business models that see outsourcing as a way to cut operating costs. 8. Outsourcing IT Audits Cost savings Increased specialization IT in financial institutions has become increasingly prominent and complex over the past decade. It now requires a greater range and depth of IT audit skills to conduct effective internal audits, making it more and more expensive for an organization to maintain an adequate IT audit staff. The result of this trend is that a greater number of institutions are outsourcing some or all of their internal IT audit function in order to decrease overhead while maintaining or enhancing IT audit expertise.
  • 3. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 3 Visual Narrative 9. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In response to these changes, the Audit Booklet addresses IT audit outsourcing as a separate topic. 10. Third-Party Reviews Standards for external auditors – SAS 70 – Trust services reviews New information on third-party reviews of technology service providers includes perspectives on standards for external auditors by the AICPA - the American Institute of Certified Public Accountants. These include: - SAS 70 or Statement on Auditing Standards Number 70 (a widely recognized standard indicating that a service provider has had its control objectives examined by an independent accounting firm). - Trust Services (advisory- and assurance-level engagements such as SysTrust® and WebTrust® conducted by independent auditors using a core set of principles, criteria, and illustrative controls). 11. Residual Content Structure Role, independence, and staffing Role of external audit Risk-based methodology Audit participation There are also topics that remain substantially the same as they appeared in the earlier handbook. Key areas in a sound auditing program still include: ▪ The structure of an internal audit function, ▪ The role, independence, and staffing of internal IT Audit, ▪ The role of external audit ▪ Risk assessment and risk-based auditing methodology, and ▪ Audit participation in application acquisition, development, and testing. 12. Presentation Changes – Organization – Content Booklet organization Having considered some of the ways that the content in the booklet compares to that in the 1996 IS Examination Handbook, let's take a look at how the new booklet is organized.
  • 4. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 4 Visual Narrative 13. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program The first three sections address the basic requirements for implementing and staffing an effective internal audit program. 14. Booklet Organization IT Audit Roles and Responsibilities – Board of directors and senior management – Audit management – Internal audit staff – Operating management – External auditors First, the IT Audit Roles and Responsibilities section outlines audit program responsibilities for: ▪ The board of directors and senior management, ▪ Audit management, ▪ The internal audit staff, ▪ Operating management, and ▪ External auditors. 15. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit – Independent audit staff – Audit staff skills The next section, Independence and Staffing of Internal IT Audit, covers the importance of the: ▪ Independence of audit staff from operations management, and ▪ Skill level requirements being commensurate with the scope and sophistication of the institution’s IT environment. 16. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program ▪ Finally, the Internal Audit Program section outlines guidelines for developing and maintaining a formal internal audit program, including IT audits.
  • 5. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 5 Visual Narrative 17. Booklet Organization Implementing and staffing sections Risk Assessment and Risk- Based Auditing While the three previous sections address the implementation and staffing of internal audit programs, the next section covers the nature of, and requirements for, a risk-based approach to auditing. 18. Risk-Based Approach IT Risk Assessment Risk-Based Audit Plans IT Risk Assessment Risk-Based Audit Plans As with other IT Booklets, this booklet describes a risk-based approach to IT auditing, which includes performing an IT risk assessment and developing risk-based audit plans. 19. Risk-Based Approach Risk-based assessment – Identification – Ranking – Development – Implementation The booklet's guidelines for performing a risk assessment include: ▪ Identifying institutional resources and business activities, ▪ Ranking risks for significant business units and products, and ▪ Developing and implementing risk-based audit plans. 20. Audit Plans Audit cycle length Documentation requirements Guidelines for overriding assessments These audit plans should include: ▪ Maximum lengths of audit cycles for each level of risk within an institution, ▪ Specific documentation requirements, and ▪ Guidelines for overriding risk assessment cycles when dictated by special circumstances.
  • 6. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 6 Visual Narrative 21. Booklet Organization Implementing and staffing sections Risk-Based approach Additional Topics The final three sections of the booklet take a look at additional topics related to the IT audit function, including: 22. Alternative Activities Audit participation: – Application development – Acquisition – Conversions – Testing Outsourcing Internal IT Audit Third-Party Reviews of Technology Service Providers ▪ Audit participation in application development, acquisition, conversions and testing; ▪ Outsourcing internal IT audit; and ▪ Third-party reviews of technology service providers. 23. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance The booklet provides the standard IT Handbook appendices for: ▪ Examination Objectives and Procedures, ▪ Glossary, and ▪ Laws, Regulations, and Guidance. 24. Examination Procedures Tier I Tier II The examination objectives and procedures take a two-tier approach. Tier I primarily follows the organization of the booklet, providing tools for a detailed review of the effectiveness of the institution's audit function to identify and manage risks.
  • 7. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 7 Visual Narrative 25. Examination Procedures Tier I Tier II URSITURSIT Tier II corresponds to the rating areas in URSIT, the Uniform Rating System for Information Technology, and provides additional validation, as warranted by risk, to verify the effectiveness of an institution’s audit program. 26. Examination Procedures Tier IITier II Tier ITier I These two tiers of examination objectives and procedures provide a wide range of inquiries from which examiners can select specific issues significant for the particular institution they are examining. 27. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance Readers should also note the large number of resources listed in the Laws, Regulations, and Guidance appendix of this particular booklet. 28. Resources These items can serve as a valuable complement to booklet content, and all are available from the FFIEC IT Handbook InfoBase.
  • 8. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 8 Visual Narrative 29. Audit A strong audit program is essential to an institution’s safe and sound operation. It provides the framework for ensuring effective risk management practices, internal controls, and compliance with corporate policies. In every examination, determining the quality of an institution’s IT audit functions is a fundamental step in evaluating other aspects of the institution. 30. Audit The Audit Booklet provides comprehensive guidance for assessing the soundness and effectiveness of an institution's IT audit function.