Qualified Audit Partners advices executive management on IT governance, performs IT audits, optimises business processes and provides training and education in IT Governance and audit.
Insurers' journeys to build a mastery in the IoT usage
Qualified Audit Partners Governance, Audit It, Audit Training
1. GOVERNANCE
GOVERNANCE
AUDIT AND GUIDANCE
A good understanding of business requirements is essential for reaching enterprise objectives. Therefore, business risks should be managed,
and business processes should be implemented according to best practices. It is widely recognised that effective risk control is a major
element in the framework of good governance.
Qualified Audit Partners assists organisations with the assessment of their internal control system, which contributes to the implementation
of risk management.
Risk analysis
In Tern A l CO nTr Ol COs O
enTerPrIse ObJeCTIves rIsKs
Strategic Control environment
Efficiency
Operational Business objectives
Effectiveness
Security Risk management
Confidentiality
Reporting Resource management
Integrity
Compliance Information & Communication
Availability
Monitoring and evaluation
Completeness
Reliability
Disclosure
Management is responsible for putting its internal control system in place. By taking into account the main risks, this control system is
designed to provide reasonable assurance regarding the achievement of objectives whether they are strategic, operational or IT-related.
How effective are your internal controls? Is your business continuity ensured? How can the efficiency and the effectiveness of your business
processes be improved?
Audit preparation
COnTrOl ObJeCTIves
AudIT sCOPe POTenTIAl rIsKs
The audit scope defines which products or services, which enterprise processes and/or which resources will be reviewed. Within this context,
the risks to the achievement of the business objectives are identified. Recognised frameworks such as COSO(1) are used to determine the
control objectives and related control measures that should be in place to manage those risks.
An audit is an impartial assessment of processes against identified suitable criteria. Based on interviews and tests, an audit opinion is rendered
by comparing this desired situation with the actual design and effectiveness of controls. To close the gaps, recommendations are issued in
the draft report.
Audit execution
MA nAge Men T
Au d IT OPI n IO n And
I nT e r nA l COn T rO l
re POr TIng/debr Ief I ng
r e COMM endATIO ns
s ysT e M e vA luAT I O n
The final step consists of a management discussion on how much effort is to be spent on mitigating these risks. Actions plans are
then drawn up. The final management report on the assurance level, in addition to the audit opinion, provides an overview of the agreed
recommendations with appropriate actions. Ultimately, a regular recommendation follow-up should be scheduled.
Qualified Audit Partners provides objective assurance on your IT systems and processes and enhances stakeholder value by improving
your organisation’s operations. Our audit approach complies with professional best practice and uses the most up-to-date
audit techniques. QAP has a wealth of experience in the private and public sector, primarily in the financial and service industry.
(1)
COSO is the widely accepted international framework for the implementation of internal controls and provides common definitions
of the control environment, standards, and criteria against which organizations can assess their control systems.
For additional information, contact Patrick Soenen • p.soenen@qap.eu • +32 477 75 78 61 • www.qap.eu qualified audit partners
2. IT AUDIT
IT AUDIT
Understanding the business requirements is essential for reaching enterprise objectives. Consequently, IT services should satisfy these
business requirements, IT-related risks should be known and best IT processes should be implemented. It is widely recognised that effective
IT risk control is a key element in the governance framework.
Qualified Audit Partners assists organisations with the assessment of the information system controls that contribute to the implementation
of IT risk management.
Risk analysis
CobiT COnTrOl frAMeWOrK
IT ObJeC TIves IT rIsKs
Quality Plan and Organise IT
Efficiency
Security Acquire et Implement IT
Effectiveness
Fiduciary Deliver and Support IT
Confidentiality
Monitor and Evaluate IT
Integrity
Availability
Reliability
Compliance
By looking at the fiduciary, quality and security requirements of an organisation, the «to-be-managed» IT risks are identified. Based on
these major risks, the CobiT® (1) control framework provides a set of generally accepted best practices. A high-level risk assessment based on
likelihood and business impact of the events determines which processes and issues are audited first.
Are IT projects contributing to the realisation of the business objectives? How does an IT disaster affect the continuity of the business services?
Are incidents managed and adequately resolved? Do third parties provide the expected service?
IT Audit preparation
CobiT COnTrOl ObJeCTIves
AudIT sCOPe POTenTIAl IT rIsKs
The audit scope determines which IT processes or resources will be audited. Within this context, the IT risks to the achievement of the
business objectives are identified. The required control objectives and related control measures that should be in place to manage those
risks are determined with the help of the CobiT® (1)
An audit is an impartial assessment of processes against identified suitable criteria. Based on interviews and tests, an audit opinion is rendered
by comparing this desired situation with the actual design and effectiveness of controls. To close the gaps, recommendations are issued in
a draft report.
IT Audit execution
MA nAge Men T
Au d IT OPI nIO n And
I T CO nT r Ol s ys T e M
re POr TIng/debr Ief I ng
r e COMM endATIO ns
e vA luAT I O n
The final step consists of a management discussion on how much effort is to be spent on mitigating these IT risks. Actions plans are
then drawn up. The final management report on the assurance level, in addition to the audit opinion, provides an overview of the agreed
recommendations with appropriate actions. Ultimately, a regular recommendation follow-up should be scheduled.
Qualified Audit Partners provides objective assurance on your IT systems and processes and enhances stakeholder value by improving
your organisation’s operations. Our audit approach complies with professional best practice and uses the most up-to-date
audit techniques. QAP has a wealth of experience in the private and public sector, primarily in the financial and service industry.
(1)
CobiT® – Control Objectives for Information and related Technology - ISACA – www.isaca.org
For additional information, contact Patrick Soenen • p.soenen@qap.eu • +32 477 75 78 61 • www.qap.eu qualified audit partners
3. TRAINING
TRAINING IN ACQUIRING AUDIT
AND GOVERNANCE KNOWLEDGE
Objectives
Governance practices ensure that enterprises identify, analyse and handle their operational and technological risks and put in place
an internal control system to manage them. As an actor within your organisation, your actions and behaviour determine the process
improvement and the development of your control environment. Enterprises wishing to expand nationally and internationally should
come into line with the European and international directives and standards.
Management questions:
• Can you anticipate events, and reduce areas of vulnerability?
• How do you mitigate the consequences of the risks?
• How do you avoid nasty surprises?
• How can your organisation’s reputation be affected?
These training programs allow you to
• Draw the lessons from existing failures;
• Understand the required control environment for good governance;
• Identify risks and understand the mitigation techniques;
• Learn the principles for developing and evaluating control measures;
• Build and maintain a governance culture in your organisation;
• Establish the roles and responsibilities in governance.
Target group
All executives, managers, auditors and controllers involved in establishing and evaluating a control framework within your organisation’s
operational or IT department should be interested.
Modules
Each course is personalised by focusing on one or several of the following modules:
1. governance principles
2. Audit methodology, practices and techniques
3. Performing IT Audits
4. risk-based audit
5. Process flow audit
6. Internal control assessment
7. risk management
8. Control risk self Assessment (CrsA)
Training program development
The training program is established in close cooperation with the requirements of the organisation. The budget and duration is tailored to
your specific needs.
I d e nT If y COu r s e COurse Pr Ov Ide COurse
TA r g e T g r Ou P COn C e P T I On Pre PAr ATIO n Tr AI n I ng fOllOW-uP
References
• ISACA (Association of IT audit and governance professionals).
• IIA (The Institute of Internal Auditors).
• IRE-IBR (Institute of Statutory Auditors).
• Marcus Evans.
For additional information, contact Patrick Soenen • p.soenen@qap.eu • +32 477 75 78 61 • www.qap.eu qualified audit partners