
2011 IT Audit Benchmarking
Survey Report
Technology is permeating virtually every aspect of business today. From
email and mobile communication tools to global complex ERP systems and
extensive internet activities, most companies today rely on technology
to the point that without it, their operations would grind to a halt. Of
course, such a heavy reliance on technology also creates a high volume
of significant risks that companies must assess, manage and monitor
appropriately. This was the case before the introduction of social media
channels such as LinkedIn, Facebook, Twitter and now Google+ that
employees can access any time of the day, if not on company systems then
certainly on personal computers or mobile devices. This access has
created an entirely new realm of IT risks that companies today are just
now beginning to define and understand how to manage.
It is in this dynamic IT environment that Protiviti conducted its
inaugural IT Audit Benchmarking Survey, seeking to analyze some of the many
underlying IT audit trends and gaps evident in organizations today. For the
purposes of this study, we define “IT audit” as the process of collecting
and evaluating evidence of the management of controls over an organization’s
information systems, practices, controls and operations. The evaluation of
evidence obtained through the IT audit process determines if the information
systems are safeguarding assets, maintaining data integrity, and operating
effectively to achieve the organization’s goals and objectives. This may
include traditional audits of technology processes and components as well as
integrated audits for audit activities, technology-dependent regulatory
processes (i.e., privacy) or data analytics support. These are some of the
key trends and takeaways from the study that are discussed further in our
report:
- The growth and prevalence of technology throughout most operations
in a company are outpacing the assessment, management and monitoring of
related IT risks.
- IT risks do not garner nearly enough attention in organizations
today, especially not in small companies.
- A large percentage of organizations are not complying with IIA
Standard 2110.A2, which requires the internal audit function (usually
through IT audit) to assess whether the organization’s information
technology governance sustains and supports its strategies and
objectives.
- Many organizations do not have the requisite skills and capabilities
to assess their key IT risks adequately.
- A surprisingly large number of organizations fail to conduct an
annual IT risk assessment.
- IT audit functions in North America invest significantly more time
on compliance-related activities than these functions do in other
regions of the world.
We would like to thank the close to 500 professionals (including chief
audit executives, audit directors, and IT audit directors and managers,
among many others) who participated in this year’s survey.
For the complete survey click
here!
This article was contributed by Protiviti KnowledgeLeader, an online
service providing tools, templates, and other resources for internal
audit and risk management. Free trials available at
www.knowledgeleader.com.

Growing Need for Internal Auditors to Determine Effectiveness of Technology
Efforts, According to CCH TeamMate Survey
Internal Audit Technology Survey Aims to Help Auditors Increase Technology
Value
MINNEAPOLIS – Dec. 21, 2011 – Budgetary
trends show companies are putting an increased focus on technology in the
audit space, but internal auditors have room for improvement when it comes
to determining how effectively they are using technology, according to the CCH TeamMate Internal
Audit Technology survey.
The survey,
conducted in September of this year, was completed by 585 internal auditors
across the globe who use the TeamMate audit
management system, offered by Wolters Kluwer’s ARC Logicsbusiness.
The survey was developed to help internal auditors see how their peers are
using technology, and consider ways they can use technology more
effectively.
More than 35
percent of the survey respondents experienced an increase in their
technology budgets this year. About 30 percent expect their technology
budgets to increase over the next two years and more than half predict
technology allocations will stay about the same. Less than 15 percent expect
budgets to drop.
However, while
roughly two-thirds of respondents say most of their staff has proficient
technology skills, about 80 percent indicate their audit departments haven’t
determined how effectively they are leveraging technology.
“There are a number
of factors that can help auditors better determine the effectiveness of
their technology initiatives, including ongoing training programs and the
implementation of key performance measures,” said Mike Gowell, vice
president and general manager, CCH TeamMate.
“Technology can help ensure key business risks are being managed
appropriately and can greatly enhance auditors’ productivity, but it
requires ongoing assessments to reap those benefits.”
CCH TeamMate’s
internal audit experts recommend a five-step approach in increasing
technology value:
-
Convey the Right “Tone at the Top” –
Strong leadership and support from the chief audit executive (CAE) can
be a key factor in improving technology value at an organization.
-
Place a High Priority on Leveraging Technology to Boost Performance –
Members of an internal audit department’s staff may be using technology
tools, but beyond that, they need to also fully understand all of the
applications available to them.
-
Hire Technology Skills Selectively –
Hiring outside talent with experience in data analytics and data mining
can jump-start implementation of major technology initiatives.
-
Train, Train, Train –
It’s not only about mastering technical skills, but also retaining them.
-
Measure What Really Matters –
Have performance measures in place to determine how effectively you are
leveraging technology.
More information
about this approach is included with the full
results of the CCH TeamMate Internal
Audit Survey online.
AuditNet®
Community
Sponsor
News!
 
Thanks to ACL, CCH TeamMate and ThomsonReuters
for sponsoring the newsletter!

Training Institute
a Wholly Owned Division of
AuditNet®
in conjunction with:

AuditNet and Richard Cascarino & Associates developed training for IDEA
Software and IT Audit. This training will start this month as follows:
IDEA Software Training
1. IDEA Basics, Getting Started, and Basics of Importing Data February
15, 2012
2. Importing Data - The Complete Course in All File Types and Data Tricks to
Get Your Data Ready for Analysis February 28, 2012
IT Audit Training
1. Fundamentals of IT Auditing February 14, 2012
Technology and
Auditing
CAATT Tales

Welcome to CAATT Tales a new feature column that focuses on computer
assisted audit tools and techniques (CAATTs)
to increase audit efficiency and effectiveness. Donald E Sparks,
CIA, CISA, ARM and Vice President Industry Relations for Audimation
Services, Inc. suggested a column titled Moving Forward with Data
Analysis Q&A to provide a forum for readers to submit questions
about how to best conduct internal auditing related data analysis
activities. AuditNet renamed the column to
CAATT Tales and expanded the scope to include all uses of
technology to enhance audit efficiency and effectiveness. Audimation
Services Inc., a Houston TX based company is the sole U.S. distributor of IDEA, CaseWare™ Monitor and SmartExporter for SAP
Come back next month for a
new article!
Organizational Internal Controls for Social Media
by Jim Kaplan CIA CFE

(This article was written for Protiviti KnowledgeLeader
and appeared April 11, 2011)
As online social media continue to gain mainstream acceptance,
traditional face-to-face contact is taking a back seat as the networking
method of choice. Facebook, Twitter and LinkedIn are gradually changing the
protocol of how businesses and professionals operate.
In the past, for someone to do the bulk of their communication online
would have been unusual, whereas now that is the norm. Everyone is
e-mailing, blogging, using wikis or all of the above to give their business
a boost. It is a paradigm shift that has brought with it new demands on
building an internal control environment that specifically addresses the
social media process.
For the rest of the story click
here!
See the summary results of our survey
Social Media Risk
Control & Audit Survey Summary Results
Social
Media Risk Control and Audit
The
Auditor's Role
Surveys have shown that increasing numbers of corporate employees are
using social networking sites in the office. Many view this as a good thing
as social media is a powerful tool for collaboration, and employees
searching for answers to work-related questions often rely on networking
tools. But many managers and employees do not recognize the organizational
risk exposures posed by these tools.
I have written several articles on this topic and one is included in this
newsletter. But in order to assess the impact this phenomenon is having on
auditors I felt that the timing is right for a survey.
This survey is now closed and summary results can be accessed now. We will follow up with a complete report and
conclusions.
Social Media Risk
Control & Audit Survey Summary Results
AUDITNET® SURVEYS

Over 400 Auditors
Respond to the AuditNet 2012 Survey on Fraud Detection Techniques Using Technology
The professional standards relating to the auditor’s
responsibility for detecting and preventing fraud changed in 2009 when the
Institute of Internal Auditors (IIA) updated the International Professional
Practices Framework (IPPF). Auditors must now consider fraud risks and red
flags as part of planning audits. In conjunction with these changes the IIA
released Practice Guides for Internal Auditing and Fraud, Fraud Prevention
and Detection in an Automated World (GTAG 13) and Data Analysis Technologies
(GTAG 16). ISACA also issued a White Paper titled Data Analytics – A
Practical Approach.
According to GTAG 13:
Data analysis technology enables auditors and other
fraud examiners to analyze transactional data to obtain insights into the
operating effectiveness of internal controls and to identify indicators of
fraud risk or actual fraudulent activities.
Most audit professionals and fraud examiners are aware
of the ACFE Report to the Nation survey covering how frauds are detected,
who commits fraud and the types of frauds perpetrated. The ACFE survey
found that over 40% of reported frauds are uncovered by tips. The report
does not however ask questions relating to the use of technology in
uncovering frauds. AuditNet is conducting a survey to answer the question
and determine fraud detection techniques using technology.
Here is a
link to an article in CPA Trendlines with the preliminary results. The
survey closed and we are in the process of finalizing the survey results and
support.
We are also developing surveys
for the following topics. If you have an area that you feel would add value
please share it with us.
The State of Audit Management Software Technology Usage
Risk Control and Audit of
Mobile Devices
Flowchart Best Practices for
Internal Audit
Best Practices in Acquiring and
Importing Data
Audit Software Capabilities
Survey
AuditNet Past
Surveys
AuditNet® conducts
periodic user surveys based on relevant or hot topics as well as areas
suggested by our users. Click here for a list of the surveys that we have
completed.
If you have an idea for a survey or would
like us to conduct a survey for a particular subject send us an
email. We are particularly interested in surveys that explore the use of
technology for auditors.
What's
Happening Next Month?

The theme of this month's newsletter is Auditing Governance
Risk and Compliance and you will find articles and links to resources
focused on that subject. Next month's theme is CAATTs and Auditors. We will be reviewing two new books next month;
Business Continuity and Risk Management and Root Cause Analysis
Handbook. If you have an article or resource on the theme
please send it along to the
editor.

Jim Kaplan, founder of AuditNet will be speaking at the
CCH TeamMate User Forum in Orlando (October 2-5, 2011). I look forward
to meeting TeamMate Users at this event.
Need CPE? Sign Up now for the this month's Webinars by clicking
here!
Remember! Clicking on sponsored ads and visiting their
sites helps support AuditNet®.
AuditNet®
Communication Skills
Words That Comfort
Follow AuditNet on
Finding the Best Resources
for Auditors
If there is one area that we have
excelled at it is finding
the best audit resources for auditors.
AuditNet has a large number of audit programs, checklists,
matrices and more on audit related topics. We also are working with other
subject matter experts to develop audit programs, articles,
guides, training and more on all things relating to audit, fraud, compliance
and more.
If are interested in the best methods of researching for
audit topics or to have AuditNet present at your meeting or conference then just send us an email.
Update on AuditNet®
Networking and Information
AuditNet® has established new networking opportunities for
auditors through social networking sites such as LinkedIn, Google Groups,
Yahoo Groups and more. LinkedIn's
Professional Audit Information Network has over 4,800 members. What a
great tool which includes group discussions, news and the opportunity to
network with other professionals around the world!
AuditNet continues building the library of resources
with new audit programs, monographs, fraud analytics into
audit work programs and more to provide auditors with a new tools for compliance
with the standards. We are working on a monograph on Building
Fraud Detection into the Audit Process.
New audit programs are also now available.
Subscribers may access these documents now.
AuditNet articles will now include the ability to
provide feedback and comments. We are looking at a way to rate audit
programs as well. Stay tuned!
AuditNet is working on several fronts to enhance the
audit programs and incorporate audit content into other software
applications. One of these applications will begin offering Software as a Service
(SaaS) solutions to requirement management. AuditNet has always
supported new solutions and has encouraged start ups and other software
vendors to enhance their products for both the mainstream as well as the
small internal audit functions. We will continue to seek out
opportunities that offer the global audit community new ways of doing
business.
Benefits of Registration
AuditNet continues to forge new relationships with
software vendors,
professional associations, and audit and accounting sites to provide
auditors with access to audit work programs.
Group Access to AuditNet Audit Programs.
Join the other groups such as
ACL, CCH TeamMate,
Protiviti KnowledgeLeader and the
Association of Healthcare Internal Auditors that have access to all
of the AuditNet audit programs.
If you want your group or professional association (IIA,
ISACA, ACFE, ACUA, ACUIA etc) to have transparent access to AuditNet
audit programs and other content as a benefit of membership contact your
professional association official or group leader and ask them to pursue
this with AuditNet.
Fraud News Feed
Go to the AuditNet Fraud Resource
Center and check out the fraud news feed to keep up to date with
media reported fraud happenings.
The best way to find all the resources on the site is by
going to the AuditNet Library
or use the site search.
The
10 Tell-Tale Signs of Deception
The Words Reveal
By PAUL M. CLIKEMAN, PH.D., CFE
Suspects and witnesses often reveal more than
they intend through their choices of words.
Here are ways to detect possible deception in
written and oral statements.
The manager of a fast food restaurant calls the
police late at night to report that an armed robber had entered the
restaurant while the manager was alone in the office finishing some
paperwork. The manager said the gunman had stolen the entire day's
cash receipts — a little more than $4,000. The manager had reported
a similar robbery at the restaurant about six months earlier. No
other witnesses were present at either alleged robbery. The
restaurant owner learns from police investigators that armed robbery
is extremely unusual in the surrounding neighborhood. Also, the
owner knows that the manager's wages have been garnished for the
last year for nonpayment of child support. The owner hires you, a
CFE, to investigate whether the manager is filing false police
reports to cover his thefts. You begin your investigation by asking
the manager to write a description of the evening's events.
For the rest of the article from the latest ACFE
Fraud Magazine click
here.
This article is from Fraud Magazine, the professional
magazine of the Association of
Certified Fraud Examiners and is a regular feature of
AuditNet under a new cooperative relationships and partnership with
professional associations in the interest of sharing resources for
the benefit of the global AuditNet® community. .
ACFE FraudInfo Newsletter click
here!
Coming Attractions!
AuditNet Begins
Compiling an inventory clearinghouse of Standard Audit Condition
Statements (SACS).
AuditNet is building a library of standard audit
conditions (comments/observations/findings). Similar to the audit
programs inventory this will create a clearinghouse of well written
findings to jump start development of audit findings. You will still
need to add the other elements such as criteria, cause and effect
however we have observed over the years that many conditions repeat
themselves.
Why recreate the wheel if someone has already
crafted a well written condition statement?
AuditNet® is working on
an audit program development service. If we don’t have an audit
program in our inventory that meets your needs we will develop a
program if you can provide the type of program you need, along with
the objectives, purpose and scope. This will be a fee based service.
Stay tuned for the roll out of this innovative new program.
We have chosen a firm for the AuditNet® site redesign.
The prototype for the site redesign is available at
http://auditnet.workpapers.com In conjunction with the redesign project we have
begun classifying the audit programs by category. This is an important step in creating a database
for subscriber access using search capabilities. As part of the
integration we will utilize techniques to capture download by
program as well as rating criteria to highlight which programs
subscribers find most useful. We expect to role out the redesign in
the fourth quarter of 2011.
Based on the success of our first free Webinar we
are exploring opportunities for additional topics for the remainder
of 2011. We will offer free CPE for future events utilizing quality
presenters. Stay tuned for announcements and promotions!
The AuditNet Social Media - Risk, Control and Audit
Survey 2011 is closed and thanks to the 167 auditors who responded.
The summary results are now available and we will be issuing a
report on the survey next month.
We are working on surveys for cloud computing,
mobile devices and flowchart software and the impact of technology
on internal audit then and now. We will be launching these
surveys later this year.
AuditNet continues working with professional associations
to provide access to the audit program inventory. If your
professional association is not providing their members with access
to AuditNet® then they are missing a
great opportunity. Let your association know that access to
AuditNet® would be a value added benefit they could provide to
members!
The AuditNet Monograph Series
provides useful guides for all levels of auditors from juniors right
up to audit directors. We are currently working on new guides
covering audit basics as well as emerging technologies. These
guides will be available to registered
subscribers. If you are interested in developing a monograph on
a contract basis, contact us.
AuditNet® continues adding new specialized resources
for auditors. Watch the newsletter and keep checking the Library
page for updates and new resources.
AuditNet®
Featured Books and Reviews
The AuditNet® Audit Bookstore
Corner
Looking for books on auditing
related topics? We suggest using the AuditNet®
bookstore. The bookstore focuses on Internal Audit but includes
other related subjects as well. AuditNet® uses Amazon to
power the bookstore so each purchase you make through this link
helps support AuditNet®.
Do You Kindle?
Get yours today!
AuditNet®
Data Analysis Corner

Pleier Corporation has
partnered with AuditNet® and FraudAware®
to publish “Data Mining for Payroll
Fraud” webinar on CD-ROM click
for details. This is the first
publication of a “Data Mining for Fraud
Series”.
A very popular joint AuditNet(R) and Fraudaware(R)
Webinar of 1 hour and 42 minutes of video recorded live and
distributed on CD-ROM.
Here are some of the benefits of this type data
mining and analysis:
- Reduce control weaknesses before fraud
escalates
- Determine cost impact of fraud
- Analyze complete data sets for fraud
- Efficient and cost-effective ability to automate for
continuous monitoring/auditing
- Uncover specific fraud scenarios and schemes
By attending you will receive expert guidance on:
- Costliest forms of internal and external
payroll fraud
- Who commits payroll fraud
- Gathering accurate data for effective payroll fraud data
analysis
- Powerful and user-friendly audit automation tests and
techniques
- Using data analytics results to improve payroll fraud
preventative controls
- Using meta-data and cross-referencing to produce better
results
- Tools, Techniques and Tips of Data Mining Success
- Much MORE
AuditNet® Vendor News
Check
here for the latest news from our AuditNet®
Kindle - Get Yours Today!

|