|
|
||||||
|
|
|||||||
|
|
Latest Ways to Identify and Lower Enterprise Risks By Mark Cory, Protiviti
Organizations often use a top-down approach to risk management. While
this approach to risk management has become a familiar term, measuring
specific risks often requires bottom-up information. In this article,
Protiviti’s Mark Cory discusses how organizations can benefit from an
enterprise risk management approach that relies on both a top-down structure
and bottom-up information, and the synergies this powerful combination
creates. Click here for the rest of the story!
This article was contributed by Protiviti KnowledgeLeader, an online service providing tools, templates, and other resources for internal audit and risk management. Free trials available at www.knowledgeleader.com.
For a limited time KnowledgeLeader memberships are available for the reduced rate of $595 per year. Tell them you heard about it from AuditNet.org. AuditNet® Community Sponsor News!
Thanks to Paisley and TeamMate for sponsoring the newsletter!
The AuditNet® community has grown by leaps and bounds thanks to your continued support. Yes it is hard to imagine but it has been more a decade since this community was created! Support AuditNet® by supporting our advertisers. Advertisers, affiliates and document contributions from the AuditNet® community this site help to keep this site maintained in the quality that you have grown accustomed to.
This month we welcome a new advertiser, Fulcrumway, a leading provider of Governance, Risk and Compliance (GRC) solutions that help organizations efficiently monitor internal controls, intelligently manage risks, and optimally execute business processes to gain strategic advantage. Fulcrum’s proven GRC domain expertise and software services enable companies to leverage information technology investment and turn GRC challenges into business performance.
The theme of this month's newsletter is risk and therefore you will find articles, Webinars, audit programs and links to resources focused on the subject of risk. Next month's theme is best practices. If you have an article or resource on best practices please send it along to the editor.
Remember! Clicking on sponsored ads and visiting their sites helps support AuditNet®.
Career Advice Q&A Difficult Conversations at Work
author of How to Say it When You Don't Know What to Say: The Right Words For Difficult Times Illness and Death
We’ve all faced a situation at work that’s left us speechless. Your colleague’s baby is diagnosed with a life threatening illness or a client’s spouse is undergoing chemotherapy. It’s one thing to support a friend dealing with a difficult loss but harder to know what to say and do with relationships that lack intimacy. Robbie Miller Kaplan, author of “How to Say it When You Don’t Know What to Say: The Right Words for Difficult Times: Illness & Death,” shares strategies to help you deal with real-life situations.
Here is the Robbie Kaplan Interview
Also see the Comforting Words blog! The Risky Business of Falsifying Your Resume by Robbie Miller Kaplan
The numbers are shocking; according to Accu-Screen, an employment background screening firm, approximately 43% of all resumes and job applications contain falsifications. Recent high profile cases have toppled professionals and senior executives from every industry. With declines in the labor market, job seekers may become even more desperate to falsely “bolster” their credentials to compete for fewer openings.
Here is the rest of the Risky Business article!
Get a Free Resume Analysis! AuditNet Adds a New Career Feature: The Resume Tune-Up.
Nationally recognized resume expert and author of
How to Say it When You Don't Know What to Say: The Right Words For
Difficult Times If you would like your resume to be considered for a tune-up, please e-mail it to Ms. Kaplan. You will be notified by e-mail if your resume is selected. You will need to make yourself available via e-mail to answer a few questions with a tight deadline. Ms. Kaplan will send a critique and suggestions to the individual selected and a summary Resume Tune-Up will appear in the monthly newsletter column. If selected you give AuditNet the right to display your resume for the column. AuditNet® What's New This Month? From the Editor!
AuditNet fees for individual subscribers increased on January 1, 2009. With the new fee structure we will expand the offerings of audit programs and other new content. After a 30 day trial the fee for access to the basic level of audit programs will be $12 annually ($1 a month). The rate for individual subscribers at the premium level will be $125 annually. Rates for multi-user licenses will remain unchanged.
The draft of the monograph The Auditor's Guide to Developing Audit Work Programs will be available later this month. The draft Internal Audit Manual template is also on the schedule for completion. We are currently finalizing the new discussion forum that will be hosted on the AuditNet server. This will provide us the opportunity to expand discussions and threads for the global audit community.
Contest: Where in the world is Jim Kaplan? Congratulations to last month's winner for correctly identifying St. Petersburg, Russia. The picture will change periodically so check back for your chance to win free access for a year! Send your answer to WITW.
AuditNet is working on several initiatives to incorporate audit content into other software applications. One of these applications will offer Software as a Service (SaaS) solutions to requirement management. AuditNet has always supported new solutions and has encouraged start ups and other software vendors to enhance their products for both the mainstream as well as the small internal audit functions. We will continue to seek out opportunities that offer the global audit community new ways of doing business.
In conjunction with the Linkedin Professional Audit Information Networking (PAIN) Group established in December 2007 (and now numbering almost 2,000 professionals) we added a mapping application that demonstrates where AuditNet users live and work. The PAIN group provides an opportunity to tap into a global network of auditors. To add yourself to the map click here. To join the PAIN group click here.
AUDITNET® SURVEYS New Survey for Government Auditors
There have been a number of surveys conducted to determine the nature of auditing in government. While working in a local school district I conducted a survey of the 100 largest school districts to benchmark public school auditors. This survey looks at government auditors concentrating on size of staff, standards followed, reporting structure and more. If you work as a government auditor please help us by completing the survey. If you have contacts that are not AuditNet users please forward the survey link to them as well so we can get as large a response as possible.
Previous Surveys
Sarbanes-Oxley and Internal Audit
Pay by Phone or FAX AuditNet is now set up to accept credit card payments for subscriptions by phone or fax. If you are interested in this option click here! Writing for AuditNet? AuditNet Editorial Guidelines Based on the number of articles being contributed to AuditNet we have developed editorial guidelines for future submissions. If you are planning to write an article please review the guidelines before submission. We appreciate receiving material from the global audit community in the interest of sharing knowledge. We are also in the process of guidelines for book reviews and other material submitted for inclusion on AuditNet. Get Audit Related Books Free! Interested in developing your writing skills with having access to the latest audit and business related books? AuditNet is looking for auditors that would like to review books for the benefit of the audit community. This is an excellent way to build your professional publication library and provide a valuable service for AuditNet users. A list of available books will be provided on request. For the guidelines click here. New Benefits of Registration AuditNet receives many questions on what kind of audit related information is available on the Internet and where to find it. As a result of my research to find the answers to those questions I discover value added resources that are useful for auditors. In the past these resources would have been added to the AuditNet Links Page (aka KARL). To provide an incentive for auditors to register on AuditNet I will begin loading these links to a special page that is only available to registered users. Also expect more resources to transition to the registered users area.
AuditNet continues to forge new relationships with professional associations and audit and accounting sites to provide auditors with access to audit work programs.
Group Access to AuditNet Audit Programs.
Join the other groups such as CCH TeamMate, Protiviti KnowledgeLeader and the Association of Healthcare Internal Auditors that have access to all of the AuditNetNet audit programs.
If you want your group or professional association (IIA, ISACA, ACFE, ACUA, ACUIA etc) to have transparent access to AuditNet audit programs and other content as a benefit of membership contact your professional association official or group leader and ask them to pursue this with AuditNet. Fraud News Feed Go to the AuditNet Fraud Resource Center and check out the fraud news feed to keep up to date with media reported fraud happenings. Audit Programs The audit programs section of AuditNet requires registration in order to access. Beginning in January 2009 there will be a fee (TBD) to access the Level 1 audit programs. There will also be an increase (TBD) in Level 2 or premium content subscriptions. The rates will be announced at a later date. New audit program contributions are available only to paid subscribers or on a one-for-one exchange basis. There are currently over 100,000 registered users. A multi-user subscription rate is also available. Organizations that need more than 2 staff members accessing the service will benefit from this option. There are new additions to the premium audit programs each month that are available as an alternative for those auditors that are unable to or choose not to contribute material to AuditNet®. Site licenses are also available for organizations with more than 15 users. The best way to find all the resources on the site is by going to the AuditNet Library or use the site search. IIA Technology Audit Guide Series
Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.
|
||||||
Interview
with Robbie Miller Kaplan 
,
Robbie Miller Kaplan will select one auditor resume each month and
suggest ways to transform the resume from passable to powerful. 
|
In a mere two decades, the ACFE has produced a grass-roots, anti-fraud
movement that's just getting started.
Joseph Wells and Jim Ratley sat in chairs on the wide porch of the Victorian house that served as their office in Austin, Texas. As they enjoyed the morning breeze in the spring of 1988, they talked about Wells & Associates, their successful financial investigative firm. Then Wells told Ratley he'd like to do something that had never been done. |
This article is from Fraud Magazine, the professional magazine
of the Association of Certified Fraud
Examiners
ACFE FraudInfo Newsletter click here!
Coming Attractions!
AuditNet continues working on building a benchmarking network of resources for the internal audit community. Watch for new links and resources as well as opportunities to benchmark your audit function against others as well as tap into benchmarking and best practices resources and sites. There is a great deal of interest in this type of tool so stay tuned for updates!
AuditNet is working with professional associations to provide access to the audit program inventory. Stay tuned!
The AuditNet Monograph Series provides useful guides for all levels of auditors from juniors right up to audit directors. We are currently working on new guides for Sarbanes-Oxley, internal controls and Internet for auditors and other relevant subjects. These guides will be available to registered subscribers. If you are interested in developing a monograph on a contract basis, contact us.
Watch for new articles on Sarbanes-Oxley, Information Security, Software Auditing, CAATTs, DATTA and more from contributors. Reviews are in the works for more audit and SOx books. Watch the newsletter for more products, services and tools for auditors. Have an idea for a column? Contact us.
AuditNet® continues adding new specialized resources for auditors. Watch the newsletter and keep checking the Library page for updates and new resources.
Updated Pages Since Last Month
International Financial Reporting Standards (IFRS) resources
Leading professional associations:
“Saying you ‘don’t want fraud’ is not enough!”
ALTAMONTE SPRINGS, Fla. – New guidelines for fighting fraud have been
released jointly by three leading professional organizations.
“Managing the Business Risk of Fraud: A Practical Guide” is sponsored by the
Association of Certified Fraud Examiners (ACFE), the American Institute of
Certified Public Accountants (AICPA), and The Institute of Internal Auditors
(IIA). Principles for establishing effective fraud risk management,
regardless of the type or size of an organization, are outlined in the
guide.
Click for the Guide!
AuditNet® Conference & Training News
Want to announce your professional association conference to the global audit community? Send us conference name, date and URL details. (A reciprocal link to AuditNet is required). AuditNet supports co-marketing sponsorship agreements for conferences on a case by case basis.
3rd Annual Internal Audit for Financial Institutions 18-20 February, Amsterdam
Fraud and Corruption Summit 2009,3rd Annual Fraud and Corruption Summit, March 18-20, Brussels, Belgium
* indicates events where you can meet Jim Kaplan
|
AuditNet
Gives Back! In 2008 we saw the economy suffer the worst upheavals since the great depression. Millions of people lost their jobs, their homes, their retirement funds and their self esteem. AuditNet is dedicated not only to providing resources for the global audit community but also giving back to help others. AuditNet made contributions in 2008 to DC Central Kitchen, the Capital Area Food Bank, So Others Might Eat, Bread for the City and Reston Interfaith, food banks in the Washington, DC metropolitan area. AuditNet will continue to make donations to non-denominational organizations throughout the year. If you can suggest an organization in your community that needs help, we'd like to know. We will choose one community from your suggestions each month so AuditNet can continue to help those less fortunate than ourselves. Upcoming Webcasts and Webinars for Auditors
Addressing S&P’s Upcoming Enterprise Risk Management Evaluations Enterprise Risk Management (ERM) is no longer considered optional as more and more attention is being placed on how a company manages their risks. Standard & Poor's (S&P) recently announced that by Q3 2008 they will begin to include ERM evaluations as part of their credit ratings process and in 2009 they will begin scoring ERM quality. What is the right approach to addressing S&P's evaluation requirements, which also provides you the foundation for an overall ERM program?
Date: Wednesday, January 21st at 11:00 a.m. – 12:00 p.m. ET
Active Directory AuditNet will be hosting a series of Webinars on Auditing Active Directory. Following are the titles, dates and times for these events.
CAN’T MAKE THE LIVE EVENT? Register anyway to receive a link to the recorded Webinar.
|
 Best practices for accelerating performance
In today's climate of extreme market uncertainty, companies need a highly focused measurement system to consistently track performance. A well-implemented measurement system can engineer genuine and lasting improvement --the kind executives want to see.
Now available to you through AuditNet, is PricewaterhouseCoopers' Global Best Practices team's paper, "Accelerating performance improvement" presenting best practices approaches to establishing a disciplined, replicable process for performance improvement. For more information, please contact Global Best Practices |
Sarbanes-Oxley News and Views
What are the Primary Challenges and Trends in Governance, Risk and Compliance?
SOX TV Research Alert New Research!
SOX Television is an Internet Television Network that covers every aspect of the Sarbanes-Oxley Act and the related areas of governance, risk and compliance. Along with its sister network, Risk Television, it reaches more than 300,000 financial, governance, risk and compliance professionals worldwide.
Recovery Auditing: Reducing Profit Leaks
Audit Work Programs Corner
30 Day Trial to the Premium Section
Access to the free audit program section now requires registration. The following audit programs, ICQs, checklists or working papers were added this month. They are available on a 1 for 1 exchange for an original audit work program not currently in the inventory. If you unable to share audit programs then consider subscribing to the premium content which provides you with access free and premium content 24/7/365. Interested in previewing all the programs in the premium content section? Contribute an original audit work program not currently in the inventory and receive a 30 day trial subscription to the premium content. Contribute 5 programs and receive a one year trial subscription. (Offer only available for new programs submitted).
CCH
TeamMate users now have access to all the AuditNet audit programs in
TeamStores format. Access through the TeamStores support site.
E-Book for
Subscribers to the Annual Audit Programs
- Anti Money Laundering Checklist (Jan 09)
- Business Continuity, DRP, Backup Audit -Gov (Jan 09)
- Basel II Checklist - Responsibilities of External, Internal, Management, and Regulators (Jan 09)
- Document Control Center Audit Procedures-Insurance (Jan 09)
- Not for Profit Charity Review with SOD Matrix (Jan 09)
- Payroll Internal Control Questionnaire (Jan 09)
- Risk Assessment Audit Program-Gov (Jan 09)
- Safety Training-Gov (Jan 09)
- System Development Audit Program-Gov (Jan 09)
- Web Based Application Development-Gov (Jan 09)
Ask the Auditor
Each month I select one question submitted to Ask the Auditor and provide an answer using the same digital tools and techniques that I recommend to all auditors.
Risks Associated with Payroll
Q;
What kind of risks are associated with the payroll functions? When
payroll is carried out, are two employees required to ensure that
risks are minimized? What documents should I be looking for in
testing payroll from a financial review point of view?
A: Payroll is an area frequently reviewed by internal
auditors due to the risk associated with the function. Start a review of
this area by determining the objectives, purpose and scope of the audit.
For example here are some risks:
-
Entries/transactions not adequately monitored and evaluated may result in fraud or errors.
-
Incomplete or inaccurate reporting of employee wages.
-
Unauthorized and/or inaccurate payroll disbursements and deductions, time and attendance and unreliable financial information.
-
Employees on the payroll may not be bona fide employees (ghost employees)
The functions of hiring employees and firing employees should be separated from those functions associated with paying employees.
The AuditNet inventory of audit programs includes many of the procedures (including documents reviewed) in an audit of payroll and human resources. AuditNet developed a monograph on Developing Audit Work Programs, Questionnaires, Control Matrices and Checklists which includes sample objectives for payroll as well as other standard audit areas. The monograph will be available to subscribers.
For more tips go to Ask the Auditor Forum for How Do I...
Submit a question for Ask the Auditor!
Looking to Earn Some Extra $$?
AuditNet is interested in developing a series of SOx or industry related audit programs for organizations. If anyone is interested in writing audit programs, ICQs, questionnaires, or control matrices on a work for hire basis please contact me. If you may know of anyone who would be interested in this as well please pass along my contact information.
AuditNet Construction Corner News
Effective Management & Audit of Construction Contracts
Pricing of Construction Contracts
by Gursharan Singh
The pricing of Construction Contracts is generally divided into three categories: r
equirement that need to be provided prior to commencement of any actual work or preliminaries; components that involve actual implementation or main works; and components that involve works supplies that are of special nature that is generally to be undertaken by contractors who have knowledge and facilities that is relevant to the specialized nature of the works to be done or prime cost items.
This article will refer to Implementation of Main Works -
Categorization of Components
Infrastructure Works – Schedule of Rates
Buildings Works Bills of Quantities.
For the rest of the story click here!
AuditNet Career Center
Auditors Looking for Jobs!
Companies Looking for Auditors!
The Matching Service for Auditors!
Go to the AuditNet® Career Center now for the latest job opportunities and career-related information and tools. 24 hours a day, 7 days a week you have the ability to not only look at available jobs, but you can also post your resume, apply for open jobs, research companies and obtain career advice. If you are in the market for a new job, make AuditNet® your first stop to check out what's available.
If your company has any audit job vacancies that you are looking to fill, have your HR people contact AuditNet® to post the job and search for candidates.
This is just another benefit of using AuditNet® as your one stop shop for all your audit and career resources.
AuditNet® Book Reviews
AuditNet® Fraud Auditing Corner
Got
problems?
10 steps to effectively implementing
the new Risk Assessment Standards
By Gary D. Zeune, CPA
Much has been written about the technical
requirements of Statement on Auditing Standards No.104-111,
collectively called the Risk Assessment Standards (Risk Standards).
So we’ll focus on the 10 steps to effectively implement them.
Read the article to learn about the 10 Steps.
Gary Zeune has the ONLY speaker's bureau in the country specializing in white-collar criminals — The Pros & The Cons. Mr. Zeune's speakers tell their stories of how and they committed their crimes. Their frauds range from $18,000 to $350 million. Speakers include CPAs, attorneys, and business people.
Fraud News
Need to keep up with fraud news and happenings? There are several options available. One is to subscribe to the free ACFE FraudInfo E-newsletter.
Another free resource is the Auditing & Fraud News. Service for research professionals. Constantly updated news and information about Business & Companies. Go to FraudNet and click on the link Click Here for Fraud News.
AuditNet® Software Compliance Audit Corner
|
After 19 years in the antipiracy software game Rob Harmer of PCProfile will be stepping down. Following is the email I received from Rob, a frequent contributor and champion of software compliance.
Early in 2009 I am stepping down from the antipiracy game after 17 years as the only independent non-vendor organization offering assistance to businesses in Australia and Overseas with advice and services on how they can protect themselves from being caught with illegal and unauthorized software.
This decision has come as a direct result of our observations from 1st hand experience and discussions with others in the industry that by the end of 2008 the end user population far and wide is now well versed and switched on to a “it’s soft therefore it’s free” mindset driven due by an Open Source, P2P and Bit Torrent culture. This culture is now very firmly ingrained in end users and even management and has been evolving at an increasing rate over the last 5 years.
My advice to start-up software vendors is very clearly “have deep pockets and be prepared to be ripped off” by an unrelenting end user base that is hell bent on getting your software for free no matter how hard you try and lock it down etc. Having obtained a free version for evaluation, this is sometimes then uploaded to underground sites and flogged everywhere including any lock down keys etc. If you don’t offer it for free you are bagged and canned on Whirlpool type forums. Sour grapes, not really, just an observation of what is actually happening!
My gut feel is the software industry will find slim pickings for software developers going forward unless they have a deep seated capital base and even better encryption and lockdown capability. This has also come about due to the perceived high prices of Microsoft, commonly referred to as Micro$oft by many.
Everyone, at all levels in an organization, now demand software for free, not crippled evaluation versions, but full versions unlocked unrestricted “for evaluation” and many have absolutely no intention of paying.
Small software developer start-ups will not be able to compete in this “mindset culture” environment and it’s due to the ground shift brought about by file sharing , p2p bit torrent and open source, and small start-ups are the least likely to be able to be as charitable in the manner they used to in the past.
My web site
Have a Happy and Healthy New Year
Rob Harmer
|
Your Secret Weapon in the War on Fraud
White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Each month you’ll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies you can put to work immediately to protect your organization.
Click here for a link to subscribe to the e-newsletter.
The AuditNet® Audit Bookstore Corner
Looking for books on auditing related topics? We suggest using the AuditNet® bookstore. The bookstore focuses on Internal Audit but includes other related subjects as well. AuditNet® uses Amazon to power the bookstore so each purchase you make through this link helps support AuditNet®.
AuditNet® Vendor News
Check here for the latest news from our AuditNet® sponsors!
Breaking News!
Then check out the CCSA Study System published by Pleier Corporation.
Using the "McKeever CCSA Study System" will improve
users' probability of successfully passing the IIA CCSA exam
by teaching users to answer the type of questions typically
presented on the CCSA exam. Additionally, this system helps
users identify CCSA domains that require their additional
study and lists references useful for any additional study.
The "McKeever CCSA Study System" is available in 2
versions - a 288-page spiral-bound workbook and CD-ROM (for
those who prefer clicking a mouse to turning pages) - for
details click
here!
DISCOUNTS TO AUDITNET READERS
As a reminder, Pleier Corporation offers 10 % discounts to
AuditNet readers at
www.pleier.com. To take this discount order online and
enter the word AUDITNET in the coupon field at checkout.
Click here for opportunities to share your knowledge and earn royalties
Exceeding Expectations for Internal Auditors
Here are the steps followed by one governmental unit to assess risk within their organization.
Purpose: To identify the threats facing the program or
agency under audit; identify the controls or procedures the city has
in place to prevent, eliminate or minimize the threats, and to
determine the probability that noncompliance and abuse, which is
individually or in the aggregate material, could occur and not be
prevented or detected in a timely manner by the internal controls in
place. The risk assessment is utilized to sharpen the preliminary
scope, methodology and objectives identified in the Scoping
Statement as part of the development of the audit and work programs.
1. Based on information gathered during the Preliminary Survey, prepare a tentative list of threats for the major audit areas identified during Scoping Statement analysis. If information systems processed data is an important or integral part of the audit and the reliability of the data is crucial to accomplishing audit objectives, the auditor should include threats to information systems-processed data in this list. Consult with the project supervisor to determine the need for EDP audit assistance.
2. Summarize the management (internal) controls identified that directly address the threats listed in item 1 above. This should include those controls which should mitigate the threats listed in item 1 above as well as any potential weaknesses in those controls. Add to this list any other controls identified during the Preliminary Survey (both actual and potential controls).
3. Assess the risk that abuse, fraud, or illegal acts could occur and materially impact the client’s compliance with laws, rules, or regulations or have a material effect on the client’s operations. Consider whether the client has controls that are effective in preventing or detecting illegal acts.
4. If information systems or information systems -processed data are included as threats or as controls above, consult with the project supervisor to determine the need for EDP audit assistance.
5. Assess whether work requires coordination with other auditors for work completed or on-going that can be used to help carry out the project. Similarly, if there are investigations or legal proceedings initiated or in process, auditors should assess the impact upon the current audit and suggest actions as appropriate.
6. Identify material and significant findings and recommendations from previous reports issued by the office on the agency or program. Significant previous findings and recommendations that could affect the present audit objectives require follow-up in the current project.
Dan's Internal Audit Corner
Risk Oversight Leadership is needed!
By Dan Swanson
In today’s economy and very challenging business environment effective risk management processes are critical.
Board risk oversight is fundamental to good governance and the senior management’s day to day management of strategic, tactical, and operational risk has become hugely important, some say absolutely necessary, for long term success.
Some questions to consider:
- Are the organization's risk management efforts appropriate to its needs?
- Has a risk management program been developed and
implemented?
- How effective are the risk management efforts?
-
Do we need to increase the understanding of our key risks?
-
Has accountability been established (for risk management?
What else needs to be done? - i.e. Have we done everything
necessary?
Some resources to assist your risk management efforts are
provided here.
Have another great year!
Best regards.
Dan Swanson
Also check out the latest IT and Information Security Titles Published by Taylor & Francis!
Have another great month.
Regards,
Dan