Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Top IT Concerns of Audit Committees

on

  • 1,777 views

Presentation given at the 2010 Banking Conference of the New York State Society of Certified Public Accountants and is based on the survey performed by the AICPA's Top Technology Task Force, on which ...

Presentation given at the 2010 Banking Conference of the New York State Society of Certified Public Accountants and is based on the survey performed by the AICPA's Top Technology Task Force, on which I served as co-Chair.

Statistics

Views

Total Views
1,777
Views on SlideShare
1,775
Embed Views
2

Actions

Likes
0
Downloads
22
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Top IT Concerns of Audit Committees Top IT Concerns of Audit Committees Presentation Transcript

  • INFORMATION TECHNOLOGY AND THE AUDIT COMMITTEE:Results of the AICPA’s 2010 Top Ten Technology Survey
    New York State Society of Certified Public Accountants
    2010 Banking Conference
    November 4, 2010
  • JOEL LANZCPA.CITP, CFF, CFE, CISSP, CISA, CISM
    Joel served as Co-Chair for the American Institute of Certified Public Accountants 2010 Top Technology Survey.
    He currently is an Adjunct Professor at State University of New York - College at Old Westbury, teaching graduate Accounting Information Systems, Advanced Auditing & Assurance Services, Auditing for Public Accounting and Forensic Accounting.
    Joel’s articles have been published in many peer-reviewed accounting and financial industry publications. He serves on the Editorial Board of The CPA Journal and Bank Accounting and Finance.
    Joel currently serves on the American Institute of Certified Public Accountants CITP credential committee, and serves as that committee’s liaison to the IT Executive Committee, a committee on which he recently completed a three-year term. He also serves on various Institute Task Forces.
    Joel previously served as Chairman of the New York State Society of Certified Public Accountants Information Technology Committee and the society’s Technology Assurance committee. He serves on the Institute of Internal Auditors – LI Chapter Board of Governors.
    Joel’s practice focuses on technology risk management, IT audit and information security. Prior to starting his practice in 2001, Joel was a Technology Risk Consulting Partner at Arthur Andersen and was a Manager at Price Waterhouse. His industry experience includes Vice President and Audit Manager at The Chase Manhattan Bank and senior IT auditor positions at two insurance companies.
  • 2010 Top Technology Initiatives
    2010 represents the 21st continuous year of publication for the AICPA Top Technologies Initiative (TTI) List.
    Various evolution of the list(s) during the 21 years to reflect changing business landscapes and heightened expectations of CPAs.
    Last five years saw an increasing trend relating to the CPAs unique perspective to comment on the use and importance of technology.
    TTI continues to recognize the enablement of paradigm shifts in the delivery of CPA services – whether in public practice or in industry.
    3
    View slide
  • Why Add the Audit Committee and Executive Mgmt?
    This list represents questions currently being asked by audit committees, CEOs, CFOs, etc. to AICPA members responding to the TTI survey.
    They reflect expectations by this constituency as to the ability of CPAs to consult and advise on critical areas of IT Governance and Risk Management.
    CPAs, whether as part of their audit involvement or participating in various management advisory or employment roles, should be sufficiently prepared to discuss these matters with the above stakeholders.
    The ability to appropriately discuss these questions can create competitive situations with other CPAs in the market
    4
    View slide
  • 2010 Top Technology Initiatives – 2 Lists
    How Do You Use Technology in Your Everyday Work To Deliver on Client or Employer Commitments?
    What are Audit Committees and Executive Management asking of CPAs as it relates to Information Technology?
    This list provides technologies ranked 1 – 10 that surveyed members of the AICPA believe will grow in importance over the next 12 – 18 months. The objectives of this list are very similar to those published over the past 21 years through the AICPA’s Top Technology Initiatives.
    As new technologies mature, businesses show interest in adopting IT to achieve competitive advantage. Increasingly, CPAs are asked to guide and assist in the selection, implementation and assessment of technology investments and effectiveness. Many clients expect that their CPAs to deliver trusted advisor guidance relating to IT’s impact on the business.
    5
  • What Audit Committees and Executive Managers are Asking of Their CPAs
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 1
    Are we ensuring that our data and technology resources are protected against hacking, viruses, or other compromises?
    Ongoing Security Training
    Management support and policies
    Frequent Risk and Countermeasure Assessment
    Properly configured firewalls and antivirus
    System Patches Current
    Review Access Controls
    Segregation of Duties
    7
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 2
    Are we considering/ implementing organizational security precautions even though we haven’t had a data breach or loss?
    Maintain Confidentiality, Integrity, and Availability (CIA) preventative controls
    Defense in depth
    Offsite backup and testing of systems and data
    Disaster recovery and business continuity planning
    “War Games” simulations
    Incident response plans
    8
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 3
    Are our current internal controls and IT governance policies and procedures effective?
    Well constructed and maintained security policy
    Penetration testing
    Thorough and frequent vulnerability assessments
    Assess legal and regulatory requirements for compliance environment
    See US Government NIST governance 800 Series http://csrc.nist.gov/publications/PubsSPs.html
    9
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 4
    Are we receiving the most relevant and current information from our reporting functions (business intelligence, dashboards, etc.) or are there areas for improvement?
    Business Intelligence involves creating value from “siloed” data
    Release locked up data
    Key finance benefit – not just an IT benefit
    Validate and standardize data – not just a grouping of spreadsheets or dashboards
    10
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 5
    Have we implemented a sound/appropriate privacy policies and procedures within the organization and for our customers?
    Review all privacy rules applicable to specific environment (medical, financial, etc.)
    Require written privacy policy for organization
    Determine FTC “Red Flag Rules” applicability and required actions
    Do employees acknowledge no right to privacy on company systems (i.e. e-mail)?
    11
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 6
    Are we appropriately considering the IT risks associated with the organization in initial planning of any audit or attest engagement?
    Attest engagement covers all major functions of IT function in organization
    Use standardized and validated metrics to evaluate IT risk factors across business units
    Written guidelines established by audit committee covering risk assessment models, tools, etc.
    12
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 7
    Are we capturing the appropriate control objectives during the initial planning of any audit or attest engagement to address the IT risks associated with the organization?
    Are assurance efforts focused on areas of higher risks vs. easy to audit controls?
    What risks are/aren’t addressed by general controls reviews or SAS 70s?
    What type of recognized standards or guidance is leveraged to help ensure that appropriate concerns are addressed?
    13
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 8
    Should we refresh our core and financial accounting software to leverage technology efficiencies every few years?
    Large, complex organizations should generally schedule major technology changes to achieve specific objectives.
    Systems as pervasive and complex as financial accounting software require significant time and expense to refresh.
    Significant technology changes should not be made lightly or on a predetermined schedule.
    14
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 9
    Can our data remain safe if we utilize cloud computing/ Software as a Service (SaaS) services?
    Security is a concern when using cloud computing / SaaS.
    Consider obtaining a valid SAS 70 (or new SSAE 16 when available) attestation Type II report.
    Understand the limitations inherent in a SAS 70/ SSAE 16 report – It is no guarantee of absolute security in the cloud.
    Consider the need for onsite due diligence and ongoing monitoring.
    15
  • 2010 Top Technology Initiatives
    Strategic Priorities, List 1 – Item Number 10
    Can we deliver on our service and product promises to our customers if we utilize cloud computing/ Software as a Service (SaaS) services?
    Many believe that cloud computing / SaaS will experience explosive growth over the next few years.
    Carefully selected cloud computing / SaaS infrastructures can be reliable and relatively inexpensive platforms for customer service.
    A significant amount of due diligence is required to determine the best Cloud / SaaS providers.
    16
  • Key Takeaways
  • Key Takeaways
    The demand for CPA services has expanded to include guidance with information technology issues.
    Client executives will very likely ask questions on IT issues, and the 2010 TTI provides a defined resource in preparing for the CPA’s expanded role in IT.
    Information security, in various forms, is a key concern for most businesses. This subject takes the top concern on both of the 2010 TTI lists, and information security has been the top concern on the single TTI list for eight consecutive years.
    18
  • Key Takeaways
    Virtualization, cloud computing, and SaaS will probably take on larger roles as active IT projects in the near future. Prepare to advise on these technologies.
    Some businesses are more evolved than others on the technology curve, and there are still opportunities to assist with mature technologies.
    Fundamental IT issues are often overlooked in the rush of day-to-day operation. Backup execution, disaster recover, and business continuity are key concerns for TTI and should be considered as part of any IT review.
    19
  • Key Takeways
    IT governance, including compliance with privacy laws, and IT audit planning are key concerns for many executives. Familiarity with compliance issues and SAS 70 (soon to be SSAE 16) will increase probably in importance.
    20
  • FOR FURTHER INFORMATION
    Contact Joel directly at:
    Joel Lanz
    Joel Lanz, CPA, P.C.
    471 N. Broadway-pmb 395
    Jericho, NY 11753
    (516) 933-3662
    jlanz@joellanzcpa.com
    www.joellanzcpa.com
    Visit www. joellanzcpa.com for related articles and other related presentations