SlideShare ist ein Scribd-Unternehmen logo

Audit prsentation

L
logyonetimi
BusinessTechnologie
1 von 8
Downloaden Sie, um offline zu lesen
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 1 IT Handbook Presentation Audit Booklet Visual Narrative 1. IT Handbook Presentations AuditAudit Open music 2. Changes Organization Content Readers will find both organizational and content changes between the new Audit Booklet and the Internal/External Audit chapter of the 1996 IS Examination Handbook. 3. Changes Organization – Examiner perspective – Comprehensive action summaries The booklet was reorganized to follow the actual flow of the examination process. Each section in the booklet now relates directly to a high-level issue that is of importance to examiners, and the booklet's action summaries provide a comprehensive synopsis of the content in each section. 4. Changes Organization Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act The new contents include changes in the examination process brought about by legislation that has been enacted since 1996 such as: ▪ The Sarbanes-Oxley Act of 2002, which addresses independence of board audit committees and accounting firms, and ▪ Section 501(b) of the Gramm-Leach-Bliley Act of 1999, which expanded security requirements for customer information.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 2 Visual Narrative 5. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In addition, the booklet specifically addresses two issues that have become of particular significance since 1996—outsourcing of IT audits and third-party reviews. 6. Outsourcing IT Audits In recent years, more and more institutions have begun to outsource IT audits. 7. Outsourcing IT Audits Cost savings This increase is due, in part, to current business models that see outsourcing as a way to cut operating costs. 8. Outsourcing IT Audits Cost savings Increased specialization IT in financial institutions has become increasingly prominent and complex over the past decade. It now requires a greater range and depth of IT audit skills to conduct effective internal audits, making it more and more expensive for an organization to maintain an adequate IT audit staff. The result of this trend is that a greater number of institutions are outsourcing some or all of their internal IT audit function in order to decrease overhead while maintaining or enhancing IT audit expertise.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 3 Visual Narrative 9. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In response to these changes, the Audit Booklet addresses IT audit outsourcing as a separate topic. 10. Third-Party Reviews Standards for external auditors – SAS 70 – Trust services reviews New information on third-party reviews of technology service providers includes perspectives on standards for external auditors by the AICPA - the American Institute of Certified Public Accountants. These include: - SAS 70 or Statement on Auditing Standards Number 70 (a widely recognized standard indicating that a service provider has had its control objectives examined by an independent accounting firm). - Trust Services (advisory- and assurance-level engagements such as SysTrust® and WebTrust® conducted by independent auditors using a core set of principles, criteria, and illustrative controls). 11. Residual Content Structure Role, independence, and staffing Role of external audit Risk-based methodology Audit participation There are also topics that remain substantially the same as they appeared in the earlier handbook. Key areas in a sound auditing program still include: ▪ The structure of an internal audit function, ▪ The role, independence, and staffing of internal IT Audit, ▪ The role of external audit ▪ Risk assessment and risk-based auditing methodology, and ▪ Audit participation in application acquisition, development, and testing. 12. Presentation Changes – Organization – Content Booklet organization Having considered some of the ways that the content in the booklet compares to that in the 1996 IS Examination Handbook, let's take a look at how the new booklet is organized.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 4 Visual Narrative 13. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program The first three sections address the basic requirements for implementing and staffing an effective internal audit program. 14. Booklet Organization IT Audit Roles and Responsibilities – Board of directors and senior management – Audit management – Internal audit staff – Operating management – External auditors First, the IT Audit Roles and Responsibilities section outlines audit program responsibilities for: ▪ The board of directors and senior management, ▪ Audit management, ▪ The internal audit staff, ▪ Operating management, and ▪ External auditors. 15. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit – Independent audit staff – Audit staff skills The next section, Independence and Staffing of Internal IT Audit, covers the importance of the: ▪ Independence of audit staff from operations management, and ▪ Skill level requirements being commensurate with the scope and sophistication of the institution’s IT environment. 16. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program ▪ Finally, the Internal Audit Program section outlines guidelines for developing and maintaining a formal internal audit program, including IT audits.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 5 Visual Narrative 17. Booklet Organization Implementing and staffing sections Risk Assessment and Risk- Based Auditing While the three previous sections address the implementation and staffing of internal audit programs, the next section covers the nature of, and requirements for, a risk-based approach to auditing. 18. Risk-Based Approach IT Risk Assessment Risk-Based Audit Plans IT Risk Assessment Risk-Based Audit Plans As with other IT Booklets, this booklet describes a risk-based approach to IT auditing, which includes performing an IT risk assessment and developing risk-based audit plans. 19. Risk-Based Approach Risk-based assessment – Identification – Ranking – Development – Implementation The booklet's guidelines for performing a risk assessment include: ▪ Identifying institutional resources and business activities, ▪ Ranking risks for significant business units and products, and ▪ Developing and implementing risk-based audit plans. 20. Audit Plans Audit cycle length Documentation requirements Guidelines for overriding assessments These audit plans should include: ▪ Maximum lengths of audit cycles for each level of risk within an institution, ▪ Specific documentation requirements, and ▪ Guidelines for overriding risk assessment cycles when dictated by special circumstances.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 6 Visual Narrative 21. Booklet Organization Implementing and staffing sections Risk-Based approach Additional Topics The final three sections of the booklet take a look at additional topics related to the IT audit function, including: 22. Alternative Activities Audit participation: – Application development – Acquisition – Conversions – Testing Outsourcing Internal IT Audit Third-Party Reviews of Technology Service Providers ▪ Audit participation in application development, acquisition, conversions and testing; ▪ Outsourcing internal IT audit; and ▪ Third-party reviews of technology service providers. 23. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance The booklet provides the standard IT Handbook appendices for: ▪ Examination Objectives and Procedures, ▪ Glossary, and ▪ Laws, Regulations, and Guidance. 24. Examination Procedures Tier I Tier II The examination objectives and procedures take a two-tier approach. Tier I primarily follows the organization of the booklet, providing tools for a detailed review of the effectiveness of the institution's audit function to identify and manage risks.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 7 Visual Narrative 25. Examination Procedures Tier I Tier II URSITURSIT Tier II corresponds to the rating areas in URSIT, the Uniform Rating System for Information Technology, and provides additional validation, as warranted by risk, to verify the effectiveness of an institution’s audit program. 26. Examination Procedures Tier IITier II Tier ITier I These two tiers of examination objectives and procedures provide a wide range of inquiries from which examiners can select specific issues significant for the particular institution they are examining. 27. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance Readers should also note the large number of resources listed in the Laws, Regulations, and Guidance appendix of this particular booklet. 28. Resources These items can serve as a valuable complement to booklet content, and all are available from the FFIEC IT Handbook InfoBase.
Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 8 Visual Narrative 29. Audit A strong audit program is essential to an institution’s safe and sound operation. It provides the framework for ensuring effective risk management practices, internal controls, and compliance with corporate policies. In every examination, determining the quality of an institution’s IT audit functions is a fundamental step in evaluating other aspects of the institution. 30. Audit The Audit Booklet provides comprehensive guidance for assessing the soundness and effectiveness of an institution's IT audit function.

Empfohlen

ACC 675 Final Project
ACC 675 Final ProjectACC 675 Final Project
ACC 675 Final ProjectAntonioBennet
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013Lorri Jongeneel, CPA
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )TaDo8
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseDesmond Devendran
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - TemplatesAviva Spectrum™
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩weige
 

Empfohlen

ACC 675 Final Project
ACC 675 Final ProjectACC 675 Final Project
ACC 675 Final ProjectAntonioBennet
 
SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013SOX 2016 - PART I - COSO 2013
SOX 2016 - PART I - COSO 2013Lorri Jongeneel, CPA
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )TaDo8
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseDesmond Devendran
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - TemplatesAviva Spectrum™
 
六合彩-香港六合彩
六合彩-香港六合彩六合彩-香港六合彩
六合彩-香港六合彩weige
 
香港六合彩
香港六合彩香港六合彩
香港六合彩cctv
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyDavid Thompson
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ssKashif Rana ACCA
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzatiLailatul Izzati
 
ACC 562 Final Exam
ACC 562 Final ExamACC 562 Final Exam
ACC 562 Final Examsonjon03
 
ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com donaldzs48
 
Acc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comAcc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comrobertleses2
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTFDavid Fernandes
 
Auditing & Assurance Standards
Auditing & Assurance StandardsAuditing & Assurance Standards
Auditing & Assurance StandardsGyananjaya Behera
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...The Business Council of Mongolia
 
Marketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPAMarketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPARobert_Sawhney
 
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...Support for Improvement in Governance and Management SIGMA
 
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreementsRichard Austin
 
3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor3d 3 Todays Internal Auditor
3d 3 Todays Internal AuditorRajeswaran Muthu Venkatachalam
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeCraig Thornton
 
IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxssuserbdcb221
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfAavyaSidhu
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarInternational Federation of Accountants
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire courseacatnicy1981
 

Weitere ähnliche Inhalte

Was ist angesagt?

香港六合彩
香港六合彩香港六合彩
香港六合彩cctv
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyDavid Thompson
 
ACC 562 Final Exam
ACC 562 Final ExamACC 562 Final Exam
ACC 562 Final Examsonjon03
 
ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com donaldzs48
 
Acc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comAcc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comrobertleses2
 
Auditing & Assurance Standards
Auditing & Assurance StandardsAuditing & Assurance Standards
Auditing & Assurance StandardsGyananjaya Behera
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...The Business Council of Mongolia
 
Marketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPAMarketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPARobert_Sawhney
 
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreementsRichard Austin
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeCraig Thornton
 

Was ist angesagt? (17)

香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case Study
 
Internal controls & ai ss
Internal controls & ai ssInternal controls & ai ss
Internal controls & ai ss
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzati
 
ACC 562 Final Exam
ACC 562 Final ExamACC 562 Final Exam
ACC 562 Final Exam
 
ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com ACC 562 Enhance teaching / snaptutorial.com
ACC 562 Enhance teaching / snaptutorial.com
 
Acc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.comAcc 562 Exceptional Education-snaptutorial.com
Acc 562 Exceptional Education-snaptutorial.com
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTF
 
Auditing & Assurance Standards
Auditing & Assurance StandardsAuditing & Assurance Standards
Auditing & Assurance Standards
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
 
Marketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPAMarketing Accounting Firms: presentation for the HKICPA
Marketing Accounting Firms: presentation for the HKICPA
 
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
Presentation 2, Audit methodologies, Workshop on System-based auditing, Tiran...
 
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint ConsultingEPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
EPC Group SharePoint ROI Business Value Case Study - SharePoint Consulting
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreements
 
3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit Programme
 

Ähnlich wie Audit prsentation

IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxssuserbdcb221
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfAavyaSidhu
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire courseacatnicy1981
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templatesIT-Toolkits.org
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Waqas Ahmad
 
ISO 19011-2018.pptx
ISO 19011-2018.pptxISO 19011-2018.pptx
ISO 19011-2018.pptxSmppMondha
 
ISO 19011-2018.pptx
ISO 19011-2018.pptxISO 19011-2018.pptx
ISO 19011-2018.pptxSmppMondha
 
ACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docxACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docxnettletondevon
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...Nancy Ideker
 
Sample audit plan
Sample audit planSample audit plan
Sample audit planMaher Manan
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice Bikash Kumar
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qsPhong Ho
 

Ähnlich wie Audit prsentation (20)

IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptx
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire course
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
It Audit
It AuditIt Audit
It Audit
 
It management audits it management templates
It management audits it management templatesIt management audits it management templates
It management audits it management templates
 
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
ISA 315 (Revised) - Exposure Draft Webinar, October 3rd, 2018
 
Audit Report Model and Sample
Audit Report Model and SampleAudit Report Model and Sample
Audit Report Model and Sample
 
Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02Chap1 2007cisareviewcourse-090511232029-phpapp02
Chap1 2007cisareviewcourse-090511232029-phpapp02
 
ISO 19011-2018.pptx
ISO 19011-2018.pptxISO 19011-2018.pptx
ISO 19011-2018.pptx
 
ISO 19011-2018.pptx
ISO 19011-2018.pptxISO 19011-2018.pptx
ISO 19011-2018.pptx
 
ACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docxACC 675 Final Project Guidelines and Rubric Overvie.docx
ACC 675 Final Project Guidelines and Rubric Overvie.docx
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
 
IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
Audits of SMEs - Sometimes Less is More
Audits of SMEs - Sometimes Less is MoreAudits of SMEs - Sometimes Less is More
Audits of SMEs - Sometimes Less is More
 
Auditing Standard and Practice
Auditing Standard and Practice Auditing Standard and Practice
Auditing Standard and Practice
 
Sap audit programs_and_ic_qs
Sap audit programs_and_ic_qsSap audit programs_and_ic_qs
Sap audit programs_and_ic_qs
 

Kürzlich hochgeladen

8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandSharisaBethune
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Doge Mining Website
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 

Kürzlich hochgeladen (20)

8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal Brand
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
Unlocking the Future: Explore Web 3.0 Workshop to Start Earning Today!
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 

Audit prsentation

  • 1. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 1 IT Handbook Presentation Audit Booklet Visual Narrative 1. IT Handbook Presentations AuditAudit Open music 2. Changes Organization Content Readers will find both organizational and content changes between the new Audit Booklet and the Internal/External Audit chapter of the 1996 IS Examination Handbook. 3. Changes Organization – Examiner perspective – Comprehensive action summaries The booklet was reorganized to follow the actual flow of the examination process. Each section in the booklet now relates directly to a high-level issue that is of importance to examiners, and the booklet's action summaries provide a comprehensive synopsis of the content in each section. 4. Changes Organization Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act The new contents include changes in the examination process brought about by legislation that has been enacted since 1996 such as: ▪ The Sarbanes-Oxley Act of 2002, which addresses independence of board audit committees and accounting firms, and ▪ Section 501(b) of the Gramm-Leach-Bliley Act of 1999, which expanded security requirements for customer information.
  • 2. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 2 Visual Narrative 5. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In addition, the booklet specifically addresses two issues that have become of particular significance since 1996—outsourcing of IT audits and third-party reviews. 6. Outsourcing IT Audits In recent years, more and more institutions have begun to outsource IT audits. 7. Outsourcing IT Audits Cost savings This increase is due, in part, to current business models that see outsourcing as a way to cut operating costs. 8. Outsourcing IT Audits Cost savings Increased specialization IT in financial institutions has become increasingly prominent and complex over the past decade. It now requires a greater range and depth of IT audit skills to conduct effective internal audits, making it more and more expensive for an organization to maintain an adequate IT audit staff. The result of this trend is that a greater number of institutions are outsourcing some or all of their internal IT audit function in order to decrease overhead while maintaining or enhancing IT audit expertise.
  • 3. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 3 Visual Narrative 9. Changes Content – Sarbanes-Oxley Act – Gramm-Leach-Bliley Act – Outsourcing of IT audits – Third-Party reviews In response to these changes, the Audit Booklet addresses IT audit outsourcing as a separate topic. 10. Third-Party Reviews Standards for external auditors – SAS 70 – Trust services reviews New information on third-party reviews of technology service providers includes perspectives on standards for external auditors by the AICPA - the American Institute of Certified Public Accountants. These include: - SAS 70 or Statement on Auditing Standards Number 70 (a widely recognized standard indicating that a service provider has had its control objectives examined by an independent accounting firm). - Trust Services (advisory- and assurance-level engagements such as SysTrust® and WebTrust® conducted by independent auditors using a core set of principles, criteria, and illustrative controls). 11. Residual Content Structure Role, independence, and staffing Role of external audit Risk-based methodology Audit participation There are also topics that remain substantially the same as they appeared in the earlier handbook. Key areas in a sound auditing program still include: ▪ The structure of an internal audit function, ▪ The role, independence, and staffing of internal IT Audit, ▪ The role of external audit ▪ Risk assessment and risk-based auditing methodology, and ▪ Audit participation in application acquisition, development, and testing. 12. Presentation Changes – Organization – Content Booklet organization Having considered some of the ways that the content in the booklet compares to that in the 1996 IS Examination Handbook, let's take a look at how the new booklet is organized.
  • 4. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 4 Visual Narrative 13. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program The first three sections address the basic requirements for implementing and staffing an effective internal audit program. 14. Booklet Organization IT Audit Roles and Responsibilities – Board of directors and senior management – Audit management – Internal audit staff – Operating management – External auditors First, the IT Audit Roles and Responsibilities section outlines audit program responsibilities for: ▪ The board of directors and senior management, ▪ Audit management, ▪ The internal audit staff, ▪ Operating management, and ▪ External auditors. 15. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit – Independent audit staff – Audit staff skills The next section, Independence and Staffing of Internal IT Audit, covers the importance of the: ▪ Independence of audit staff from operations management, and ▪ Skill level requirements being commensurate with the scope and sophistication of the institution’s IT environment. 16. Booklet Organization IT Audit Roles and Responsibilities Independence and Staffing of Internal IT Audit Internal Audit Program ▪ Finally, the Internal Audit Program section outlines guidelines for developing and maintaining a formal internal audit program, including IT audits.
  • 5. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 5 Visual Narrative 17. Booklet Organization Implementing and staffing sections Risk Assessment and Risk- Based Auditing While the three previous sections address the implementation and staffing of internal audit programs, the next section covers the nature of, and requirements for, a risk-based approach to auditing. 18. Risk-Based Approach IT Risk Assessment Risk-Based Audit Plans IT Risk Assessment Risk-Based Audit Plans As with other IT Booklets, this booklet describes a risk-based approach to IT auditing, which includes performing an IT risk assessment and developing risk-based audit plans. 19. Risk-Based Approach Risk-based assessment – Identification – Ranking – Development – Implementation The booklet's guidelines for performing a risk assessment include: ▪ Identifying institutional resources and business activities, ▪ Ranking risks for significant business units and products, and ▪ Developing and implementing risk-based audit plans. 20. Audit Plans Audit cycle length Documentation requirements Guidelines for overriding assessments These audit plans should include: ▪ Maximum lengths of audit cycles for each level of risk within an institution, ▪ Specific documentation requirements, and ▪ Guidelines for overriding risk assessment cycles when dictated by special circumstances.
  • 6. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 6 Visual Narrative 21. Booklet Organization Implementing and staffing sections Risk-Based approach Additional Topics The final three sections of the booklet take a look at additional topics related to the IT audit function, including: 22. Alternative Activities Audit participation: – Application development – Acquisition – Conversions – Testing Outsourcing Internal IT Audit Third-Party Reviews of Technology Service Providers ▪ Audit participation in application development, acquisition, conversions and testing; ▪ Outsourcing internal IT audit; and ▪ Third-party reviews of technology service providers. 23. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance The booklet provides the standard IT Handbook appendices for: ▪ Examination Objectives and Procedures, ▪ Glossary, and ▪ Laws, Regulations, and Guidance. 24. Examination Procedures Tier I Tier II The examination objectives and procedures take a two-tier approach. Tier I primarily follows the organization of the booklet, providing tools for a detailed review of the effectiveness of the institution's audit function to identify and manage risks.
  • 7. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 7 Visual Narrative 25. Examination Procedures Tier I Tier II URSITURSIT Tier II corresponds to the rating areas in URSIT, the Uniform Rating System for Information Technology, and provides additional validation, as warranted by risk, to verify the effectiveness of an institution’s audit program. 26. Examination Procedures Tier IITier II Tier ITier I These two tiers of examination objectives and procedures provide a wide range of inquiries from which examiners can select specific issues significant for the particular institution they are examining. 27. Appendices A: Examination Procedures B: Glossary C: Laws, Regulations, and Guidance Readers should also note the large number of resources listed in the Laws, Regulations, and Guidance appendix of this particular booklet. 28. Resources These items can serve as a valuable complement to booklet content, and all are available from the FFIEC IT Handbook InfoBase.
  • 8. Audit Booklet – August 2003 FFIEC IT Examination Handbook Page 8 Visual Narrative 29. Audit A strong audit program is essential to an institution’s safe and sound operation. It provides the framework for ensuring effective risk management practices, internal controls, and compliance with corporate policies. In every examination, determining the quality of an institution’s IT audit functions is a fundamental step in evaluating other aspects of the institution. 30. Audit The Audit Booklet provides comprehensive guidance for assessing the soundness and effectiveness of an institution's IT audit function.