SlideShare a Scribd company logo

Fieldwork Webinar

â€ĸ
â€ĸ
Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

The fieldwork phase is the heart of the audit process. Everything auditors do in the planning phase drives them to do the right things in fieldwork. Everything auditors do in the reporting phase relates to what was found in fieldwork. Everything auditors do in the follow-up phase relates to the issues identified in fieldwork. This webinar will focus on the testing for control effectiveness. This includes capturing the best audit evidence and documenting quality work in the workpapers. This helps ensure that any competent third party person can re-perform the work and come to the same conclusion. This webinar is for auditors who want to understand the key elements of the fieldwork phase of the audit process. The learning objectives include the following: - Learn about internal control terminology - Learn about testing techniques and workpaper quality - Learn about audit evidence - Learn about workpaper documentation guidelines Learn about Issues & Recommendations (I&Rs)

Education
1 of 30
Download to read offline
7/26/2017 1 Internal Audit Skills Training Fieldwork About Jim Kaplan, CIA, CFE īŽ President and Founder of AuditNetÂŽ, the global resource for auditors īŽ Auditor, Author, Web Site Guru, Internet for Auditors Pioneer īŽ Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.
7/26/2017 2 About AuditNet LLC â€ĸ AuditNetÂŽ, the global resource for auditors, is the pre-eminent online portal for the global audit community hosting a comprehensive catalogue of audit procedures. â€ĸ Available on the Web, iPad, iPhone, Windows and Android devices and features: â€ĸ Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices â€ĸ Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. â€ĸ Audit guides, manuals, and books on audit basics and using audit technology â€ĸ LinkedIn Networking Groups â€ĸ Monthly Newsletters with Expert Guest Columnists â€ĸ Surveys on timely topics for internal auditors Housekeeping This webinar and its material are the property of AuditNetÂŽ and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. īŽ If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual īŽ This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. īŽ We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. īŽ You must answer all the polling questions to qualify for CPE per NASBA. īŽ If you meet the NASBA criteria for earning CPE you will receive a link via email within 5 days to download your certificate. You must be able to receive emails from gensend.io with HTML links. Check you inbox and junk mail folders and contact your IT department if your system blocks emails. The email will be sent to the same email address that you used to register for the Webinar. īŽ Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. īŽ Please complete the evaluation questionnaire to help us continuously improve our Webinars.
7/26/2017 3 IMPORTANT INFORMATION REGARDING CPE! īŽ Regarding CPE – If you attend the Webinar and are a basic, premium , group subscriber or a site license users and answer all the polling questions you will receive an email within one week with the link to download your CPE certificate. The official email for CPE will be sent out and the sender address will be NoReply@gensend.io. Blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io will impact your receiving the email with the link. īŽ If we receive an email request for CPE after sending out the official CPE email because you did not receive your CPE we will require a processing fee to resend to an alternate email address or to send you a claim link. īŽ We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. īŽ We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNetÂŽ LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNetÂŽ makes every effort to ensure information is accurate and complete, AuditNetÂŽ makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNetÂŽ specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNetÂŽ website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNetÂŽ LLC
7/26/2017 4 William Woodington CPA CIA CRMA īŽ President Woodington Training Solutions īŽ Managed the Learning & Development (L&D) function for Wells Fargo Audit & Security for 18 years. īŽ Audit Specialist for 4 years supervising audit projects prior to moving into the L&D position. īŽ Worked for First Bank System and Deloitte and Touche. īŽ Member IIA and ATD īŽ Teaches audit, business writing, and leadership seminars Fieldwork
7/26/2017 5 Training Objectives īŽ Learn about internal control terminology īŽ Learn about testing techniques and workpaper quality īŽ Learn about audit evidence īŽ Learn about workpaper documentation guidelines īŽ Learn about Issues & Recommendations (I&Rs) Internal Control īŽ Control Adequacy – Is the internal control properly designed? īŽ Control Effectiveness – Is the internal control working as intended? Controls can be designed to carry out various functions. Some are installed to prevent undesirable outcomes before they happen (preventive controls). Others are designed to identify the undesirable outcomes when they do happen (detective controls).
7/26/2017 6 Polling Question #1 Polling Question #2
7/26/2017 7 Internal Control Types Preventive Controls Detective Controls Cost Effective More expensive Competent and trustworthy people Reviews & comparisons Segregation of duties Reconciliations Proper authorization Physical counts Adequate documentation Analyses of variances Physical control over assets Computerized techniques IIA Standards 2120 – Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. 2120.A1 – The internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the: īŽ Reliability and integrity of financial and operational information. īŽ Effectiveness and efficiency of operations and programs. īŽ Safeguarding of assets. īŽ Compliance with laws, regulations, policies, procedures, and contracts.
7/26/2017 8 IIA Standards 2300 – Performing the Engagement Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives. 2310 – Identifying Information Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives. 2320 – Analysis and Evaluation Internal auditors must base conclusions and engagement results on appropriate analyses and evaluations. 2330 – Documenting Information Internal auditors must document relevant information to support the conclusions and engagement results. Testing The following information was taken from “The Practice of Modern Internal Auditing” by Lawrence B. Sawyer. The Purpose of Testing Auditors achieve audit objectives by a process known as testing. Testing implies placing activities or transactions on trial, by putting selected items to the proof and revealing their inherent qualities or characteristics. To the internal auditor, testing implies the measurement of representative transactions or processes and comparison of the results with established standards or criteria. The purpose is to help provide the auditor with a basis for forming an audit opinion. The audit test usually implies evaluation of transactions, records, activities, functions, and assertions by examining all or part of them.
7/26/2017 9 Testing The objective of testing is to determine: īŽ Validity, i.e., propriety, genuineness, reasonableness īŽ Accuracy, i.e., quantity, quality, classification īŽ Compliance with applicable procedures, regulations, laws, etc. īŽ Competence of controls, i.e., the degree that risks are neutralized Simply put, testing determines whether something is as it should be. Testing Techniques Observing – Seeing, noticing, not passing over. Questioning – Asking open-ended unbiased questions. Oral representations must be substantiated by some other form of audit evidence. Analyzing – Implies a detailed examination. It means dividing a complex entity into parts for the purpose of determining its true nature. Verifying – Confirming the truth, accuracy, genuineness, or validity of something. Investigating – An inquiry aimed at uncovering the hidden facts and establishing the truth. Evaluating – Estimation of worth. In auditing, it means arriving at judgment.
7/26/2017 10 Workpaper Quality īŽ State Who, What, When, Where, Why, and How īŽ Note why we performed a test and how it met objectives. īŽ Ensure testing provides enough depth to reach a viable conclusion. īŽ State the objective. īŽ Tell a story (Reader’s Digest Version). Ensure enough information is given to cover the subject, but not too much that you have trouble finding the main message. īŽ Note the reason for testing. īŽ Ensure the Lead Auditor set expectations up front. īŽ Explain what was done in testing, what the conclusions were, and the audit universe. Workpaper Quality īŽ Ensure documentation supports testing. A third party should be able to recreate the test step and arrive at the same conclusions. īŽ Ensure the narrative is easy to read from beginning to end. īŽ Ensure testing is independent versus conversational. īŽ Ensure testing addresses all the objectives. īŽ Ensure all exceptions are dispositioned. īŽ Ensure sampling documentation is complete. īŽ Ensure conclusions provide enough information related to the testing performed. īŽ Ensure the narrative is a complete description of the work performed.
7/26/2017 11 Audit Evidence īŽ Sufficient īŽ Competent īŽ Relevant īŽ Useful Audit Evidence Sufficient – Factual, adequate and convincing. Quality audit evidence ensures the scope of the work addresses the control being tested and the sample sizes/items selected adequately represent the population being tested. It ensures conclusions are supported by factual information. Competent – Reliable and the best attainable. Quality audit evidence is gathered from the most independent source available. It does not depend solely on oral representations as this is the least reliable source of evidence. Trust but verify!
7/26/2017 12 Audit Evidence Relevant – Supports audit findings and recommendations and is consistent with the objectives of the audit. Quality audit evidence ensures only information pertinent to the test objectives are included. It focuses on current control conditions and timely audit feedback. Useful – Helps the organization meet its goals. Polling Question #3
7/26/2017 13 Audit Evidence īŽ All audit evidence must be approached with a healthy professional skepticism. īŽ Professional auditors approach all assertions with uncertainty – with an uneasy and dissatisfied state of mind. īŽ When reduced to its barest essentials, fieldwork is simply the gathering of evidence for measurement and evaluation. īŽ Care is always required in the documentation process, if there is a possibility of litigation or some type of legal action, the evidence must be in a form that is legally usable. īŽ Legal evidence and audit evidence have much in common. They have the same objective – to provide proof, to foster an honest belief about the truth or falsity of any proposition at issue. Nature of Audit Evidence Physical – Obtained by observing people, property, and events. It can take the form of photographs, charts, maps, graphs, or other pictorial representations. Testimonial – Takes the form of letters or statements in response to inquiries or interviews. This should be supported by documentation. Documentary – The most common form of audit evidence. The source of documentary evidence affects its reliability. Analytical – Stems from analysis and verification.
7/26/2017 14 Audit Workpapers Clear – Free from confusion or doubt. Quality audit workpapers tell a story, in a logical order, of the steps taken to perform the work. Concise – Short and to the point. Quality audit workpapers make every word count towards supporting the audit objective and conclusions. Complete – Having all the necessary parts. All test objectives are addressed; exceptions conditions are dispositioned; conclusion statements, source, scope and sampling techniques are properly documented. Verifiable –The reader should be able to re-perform the work based on the content of the workpaper. Audit Workpapers Question – Would any third party person be able to re-perform the test work and reach the same conclusion as the auditor who originally performed the test work?
7/26/2017 15 Control Effectiveness Testing īŽ Trust but verify īŽ Don’t clutter workpapers with background information. īŽ Issue audit findings and recommendations to the business partner as they are identified and request written responses. īŽ Workpapers are confidential. īŽ Notify Audit engagement manager of any regulatory exceptions. īŽ Do not refer to potential or substantiated regulatory exceptions as regulatory violations Control Effectiveness Testing īŽ Develop sufficient business knowledge to perform the assigned audit steps. A thorough understanding of the risks inherent in the business and the implications of these risks must exist prior to the conclusion of the audit. īŽ Obtain sufficient audit evidence to evaluate the system of internal control. Use techniques including observation, inquiry, and testing to obtain this evidence. Perform substantive/corroborative testing to fully support conclusions.
7/26/2017 16 Control Effectiveness Testing īŽ Document that all program steps have been properly performed. This sign-off indicates the assigned audit work has been completed and the documentation is thorough and can be relied upon. īŽ Be alert to indications of irregular or suspicious activity. Should you identify irregular activity during the course of an audit, inform the auditor in-charge as soon as possible. Control Effectiveness Testing īŽ Inform the auditor in-charge of any situations where an expansion or constriction of scope should be considered. īŽ Obtain the approval of the audit manager or the designee for material changes in scope. īŽ Take responsibility for the effective and efficient use of time. Have significant deviations approved by the audit manager prior to incurring overages. Justify all material variances.
7/26/2017 17 Workpaper Documentation Guidelines īŽ Risk Statement – A high level description of the business risk. The risk should be stated in terms of what could go wrong and the potential impact/result. īŽ Control Statement – A high level description of the controls in place that mitigate the business risk. The control statement should describe specifically what the control is designed to do (control objective). Workpaper Documentation Guidelines īŽ Test Objective – Stated in terms of evaluating the effectiveness of the controls in assisting management to mitigate risk and achieve objectives. īŽ Test Steps – Should be risk-based, direct the auditor to test the effectiveness of the control, and prompt the auditor to identify, analyze, evaluate, and record audit evidence and results, as well as utilize data analysis techniques wherever possible.
7/26/2017 18 Workpaper Documentation Guidelines īŽ Source – List the names/titles of the team members talked to and the names/as of dates of documents/reports reviewed and the names/titles of the team members the documents/reports were obtained from. īŽ Scope – Include a brief summary of the work performed including population source, characteristics and validation, as well as time period covered. Workpaper Documentation Guidelines īŽ Audit Evidence – Ensure quality audit evidence (sufficient, competent, relevant, useful). Inquiry and observation testing should include who interviewed, process/control observed, date of interview/observation and description of results. Do not rely solely on a verbal representation from the business partner. īŽ Attribute Testing – Include an attribute table (when practical) to facilitate efficient workpaper preparation and review. īŽ Exceptions & Issues – Denote using a red X tickmark (X1, X2, etc.) and disposition as an Isolated/Immaterial Exception or an Exception.
7/26/2017 19 Workpaper Documentation Guidelines īŽ Source Documentation – When exception items are noted, include copies of source documents to support exception items. Only a sample of exception items is needed. īŽ Electronic Source Documents – Use whenever possible. īŽ Hardcopy Source Documents – Store in pockets or other appropriate means and label per policy requirements. Click on HCWP in ACE test document. Workpaper Documentation Guidelines īŽ Test Conclusion – Select overall control effectiveness rating in the “Status Conclusion” section. A rationale statement (defined in terms of impact and probability) must be provided in the “Reason” field.
7/26/2017 20 Workpaper Documentation Guidelines īŽ Strong and Effective – The system of internal control provides assurance the risks are well-managed. īŽ Effective – The system of internal control provides reasonable assurance the risks are being effectively managed. īŽ Generally Effective – The system of internal control provides reasonable assurance that risks are being managed. Control exceptions exist but corrective action plans are in place. īŽ Needs Improvement – The system of internal control may not provide reasonable assurance that risks are being managed. Control exceptions exist that need to be addressed. īŽ Ineffective – The system of internal control does not provide assurance that risks are being managed. Immediate management attention is needed to address the control exceptions. Other Fieldwork Tips īŽ Communicate frequently with your AIC (Exceptions/I&Rs, scope changes, etc.). īŽ Set up communication guidelines with the business partner. īŽ Ensure review notes are cleared in the test document. īŽ Be alert to indications of irregular or suspicious activity (fraud).
7/26/2017 21 Killing the Spider Surface Pertinent Issues and Demand Effective Resolution (SPIDER) Killing the Spider īŽ Provide recommendations that not only correct the problems, but also address the root cause of those problems. īŽ This is the difference between “cleaning up the spider webs” (simply fixing the current problem) and “killing the spider” (addressing the root cause to mitigate future occurrences). īŽ Too often auditors focus on conditions but ignore causes. īŽ Too often auditors simply compare what the audited areas is doing (the condition) with what the policy states it should be doing (the criterion).
7/26/2017 22 Killing the Spider īŽ Generally the cause of the problem stems from a breakdown in one or more of the five COSO components: īŽ Control Environment īŽ Risk Assessment īŽ Control Activities īŽ Information and Communication īŽ Monitoring īŽ To pinpoint the cause, start by looking at management’s risk assessment and control activities. īŽ Has there been an assessment of risk? īŽ Has management established policies/procedures to address the risk? Exceptions & Issues īŽ Isolated/Immaterial Exception – A condition that falls within allowable parameters of a control’s performance. These are typically an infrequent human error with an insignificant negative impact. īŽ Exception – a risk exposure resulting from a control breakdown or deficiency that was not detected and corrected or mitigated by existing controls. īŽ Issue – A risk exposure resulting from a systemic or material control breakdown or deficiency, supported by one or more Exceptions whose potential negative impact is sufficient to warrant corrective action by business management.
7/26/2017 23 Exceptions & Issues īŽ Reportable Issue – An issue that will be formally reported via the Audit Report. All reportable issues will be denoted by significance, repeat status, root cause, and risk category. īŽ All Reportable Issues must be reviewed and approved by the Audit Manager. īŽ All Reportable Issues are communicated in writing and given to the business partner during fieldwork. This is done by either the staff auditor or AIC. īŽ A written management response must be received for every Reportable Issue. The response must be reviewed for adequacy by the AIC and supervisor or SAM prior to final acceptance. Exceptions & Issues īŽ Validation – The process for ensuring the facts of the Exception and/or Issue are accurate through communication with the business partner. īŽ Management response – A formal written reply from the business partner that is received for every Reportable Issue. It should include the following: īŽ Be specific and responsive īŽ Be complete in addressing all material aspects īŽ Include reasonable and achievable target dates īŽ Include achievable actions that will prevent recurrence īŽ Include designated individuals to own the corrective action
7/26/2017 24 Exceptions & Issues īŽ All audit evidence supporting Exceptions, Issues, and conclusions must be documented in the workpapers. īŽ Isolated/Immaterial Exceptions will be dispositioned in the workpapers. īŽ Exceptions will be developed on the Exception document and will be communicated to the business partner and validated. Exceptions are classified as reportable (I&R) or non-reportable. All Exceptions must be independently reviewed by the AIC, supervisor, or manager. Exceptions & Issues īŽ Issues will be developed on the Issue & Recommendation (I&R) document and will be communicated to the business partner and validated. All issues must be independently reviewed by the AIC and supervisor or manager.
7/26/2017 25 Issue & Recommendation (I&R) A properly written I&R should include the following attributes: īŽ Condition - What is the problem? īŽ Criterion – What should be? īŽ Cause – What led to the condition? īŽ Effect – So what? īŽ Recommendation – What should be done? The recommendation should address the cause (kill the spider)! Sell your recommendation based on the effect (risk)! CIA Exam Question We find that due to inadequate monitoring of cost-effective transportation and hotel options, the department's travel budget has increased steadily by a total of 1 percent per quarter, thus failing to achieve management's objective of reducing travel-related expenses by 1 percent over the same time period. Which of the following elements is missing from the finding stated above? īŽ Criteria īŽ Effect īŽ Cause īŽ Condition
7/26/2017 26 CIA Exam Question Answer - Effect CIA Exam Question Late charges were waived on an excessive number of delinquent installment loan payments at the Spring Street Branch. We were informed that late charge waivers are not approved by an officer. Approximately US $5,000 per year in revenues is being lost. In order to provide a better control over late charges waived and loss of income, we recommend that a lending officer be responsible for waiving late charges and that this approval be in writing. Which of the following elements of a deficiency finding is not properly addressed? īŽ Condition īŽ Criteria or standards īŽ Effect īŽ Cause
7/26/2017 27 CIA Exam Question Answer – Criteria or standards Polling Question #4
7/26/2017 28 Issue Severity Ratings īŽ Low – (Previously known as Verbal) A non-reportable issue that does not require corrective action. Remedial corrective actions may result in improved business processes, and should be considered by business unit management. īŽ Moderate – A reportable issue that requires management attention. Remedial corrective actions should be addressed in a reasonable timeframe. If no action is taken, the issue may have an adverse effect on business unit management’s ability to meet a business objective. Issue Severity Ratings īŽ High – A reportable issue needing timely corrective action by business unit management to adequately mitigate risks to the business. If action is not taken in a timely manner, the issue may have an adverse effect on business unit management’s ability to meet one or more of its business objectives. īŽ Very High – A reportable issue needing immediate corrective action by business unit management to adequately mitigate risks to the business. If not immediately addressed, the issue may have significant adverse effects on business unit management’s ability to meet one or more of its business objectives. Persistence of the Issue may also have adverse effects to Wells Fargo at the enterprise level. Management should monitor progress on the corrective action until completed.
7/26/2017 29 Questions? Thank You! William Woodington, CPA, CIA Woodington Training Solutions 763-568-1181 http://woodingtontraining.com/ bill@woodingtontraining.com Jim Kaplan, CIA, CFE AuditNet LLCÂŽ 800-385-1625 www.auditnet.org webinars@auditnet.org
7/26/2017 30 AuditNetÂŽ and cRisk Academy īŽ If you would like forever access to this webinar recording īŽ If you are watching the recording, and would like to obtain CPE credit for this webinar īŽ Previous AuditNetÂŽ webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacade my.com Use coupon code: 50OFF for a discount on this webinar for one week

Recommended

Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsJim Kaplan CIA CFE
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and CountermeasuresJim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 

Recommended

Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsJim Kaplan CIA CFE
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and CountermeasuresJim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slidesJim Kaplan CIA CFE
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksJim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
The Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsThe Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsJim Kaplan CIA CFE
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social MediaJim Kaplan CIA CFE
 
20160210 webinarslides
20160210 webinarslides20160210 webinarslides
20160210 webinarslidesJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
20150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv220150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv2Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
It42015 slides
It42015 slidesIt42015 slides
It42015 slidesJim Kaplan CIA CFE
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal AuditorsJim Kaplan CIA CFE
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing BasicsJim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 

More Related Content

What's hot

How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksJim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
The Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsThe Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
20150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv220150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv2Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal AuditorsJim Kaplan CIA CFE
 

What's hot (20)

How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risks
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?
 
The Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data AnalyticsThe Truth Behind Detecting Fraud Using Data Analytics
The Truth Behind Detecting Fraud Using Data Analytics
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social Media
 
20160210 webinarslides
20160210 webinarslides20160210 webinarslides
20160210 webinarslides
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reporting
 
Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excel
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
 
20150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv220150311 auditnet ap_procure_excel_rlv2
20150311 auditnet ap_procure_excel_rlv2
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
It42015 slides
It42015 slidesIt42015 slides
It42015 slides
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 

Similar to Fieldwork Webinar

Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing BasicsJim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
 
Audit analytics and the agile auditor
Audit analytics and the agile auditorAudit analytics and the agile auditor
Audit analytics and the agile auditorJim Kaplan CIA CFE
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 
Auditing Basics
Auditing BasicsAuditing Basics
Auditing BasicsMaan M
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal AuditorsJim Kaplan CIA CFE
 
Embracing Multigenerational Teams in Audit
Embracing Multigenerational Teams in AuditEmbracing Multigenerational Teams in Audit
Embracing Multigenerational Teams in AuditJim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
Openhelp11
Openhelp11Openhelp11
Openhelp11Dru Lavigne
 
Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...Lanate Drummond
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 

Similar to Fieldwork Webinar (20)

Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Audit analytics and the agile auditor
Audit analytics and the agile auditorAudit analytics and the agile auditor
Audit analytics and the agile auditor
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slides
 
Auditing Basics
Auditing BasicsAuditing Basics
Auditing Basics
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
 
20141203 akjk
20141203 akjk20141203 akjk
20141203 akjk
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Embracing Multigenerational Teams in Audit
Embracing Multigenerational Teams in AuditEmbracing Multigenerational Teams in Audit
Embracing Multigenerational Teams in Audit
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Openhelp11
Openhelp11Openhelp11
Openhelp11
 
Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...Key Concepts And Principles Of Internal Quality Assurance...
Key Concepts And Principles Of Internal Quality Assurance...
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 

More from Jim Kaplan CIA CFE

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditorsJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated AnalyticsJim Kaplan CIA CFE
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceJim Kaplan CIA CFE
 

More from Jim Kaplan CIA CFE (16)

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics Excellence
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
CÃŗdigo Creativo y Arte de Software | Unidad 1
CÃŗdigo Creativo y Arte de Software | Unidad 1CÃŗdigo Creativo y Arte de Software | Unidad 1
CÃŗdigo Creativo y Arte de Software | Unidad 1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 

Fieldwork Webinar

  • 1. 7/26/2017 1 Internal Audit Skills Training Fieldwork About Jim Kaplan, CIA, CFE īŽ President and Founder of AuditNetÂŽ, the global resource for auditors īŽ Auditor, Author, Web Site Guru, Internet for Auditors Pioneer īŽ Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.
  • 2. 7/26/2017 2 About AuditNet LLC â€ĸ AuditNetÂŽ, the global resource for auditors, is the pre-eminent online portal for the global audit community hosting a comprehensive catalogue of audit procedures. â€ĸ Available on the Web, iPad, iPhone, Windows and Android devices and features: â€ĸ Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices â€ĸ Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. â€ĸ Audit guides, manuals, and books on audit basics and using audit technology â€ĸ LinkedIn Networking Groups â€ĸ Monthly Newsletters with Expert Guest Columnists â€ĸ Surveys on timely topics for internal auditors Housekeeping This webinar and its material are the property of AuditNetÂŽ and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. īŽ If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual īŽ This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. īŽ We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. īŽ You must answer all the polling questions to qualify for CPE per NASBA. īŽ If you meet the NASBA criteria for earning CPE you will receive a link via email within 5 days to download your certificate. You must be able to receive emails from gensend.io with HTML links. Check you inbox and junk mail folders and contact your IT department if your system blocks emails. The email will be sent to the same email address that you used to register for the Webinar. īŽ Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. īŽ Please complete the evaluation questionnaire to help us continuously improve our Webinars.
  • 3. 7/26/2017 3 IMPORTANT INFORMATION REGARDING CPE! īŽ Regarding CPE – If you attend the Webinar and are a basic, premium , group subscriber or a site license users and answer all the polling questions you will receive an email within one week with the link to download your CPE certificate. The official email for CPE will be sent out and the sender address will be NoReply@gensend.io. Blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io will impact your receiving the email with the link. īŽ If we receive an email request for CPE after sending out the official CPE email because you did not receive your CPE we will require a processing fee to resend to an alternate email address or to send you a claim link. īŽ We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. īŽ We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNetÂŽ LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNetÂŽ makes every effort to ensure information is accurate and complete, AuditNetÂŽ makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNetÂŽ specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNetÂŽ website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNetÂŽ LLC
  • 4. 7/26/2017 4 William Woodington CPA CIA CRMA īŽ President Woodington Training Solutions īŽ Managed the Learning & Development (L&D) function for Wells Fargo Audit & Security for 18 years. īŽ Audit Specialist for 4 years supervising audit projects prior to moving into the L&D position. īŽ Worked for First Bank System and Deloitte and Touche. īŽ Member IIA and ATD īŽ Teaches audit, business writing, and leadership seminars Fieldwork
  • 5. 7/26/2017 5 Training Objectives īŽ Learn about internal control terminology īŽ Learn about testing techniques and workpaper quality īŽ Learn about audit evidence īŽ Learn about workpaper documentation guidelines īŽ Learn about Issues & Recommendations (I&Rs) Internal Control īŽ Control Adequacy – Is the internal control properly designed? īŽ Control Effectiveness – Is the internal control working as intended? Controls can be designed to carry out various functions. Some are installed to prevent undesirable outcomes before they happen (preventive controls). Others are designed to identify the undesirable outcomes when they do happen (detective controls).
  • 7. 7/26/2017 7 Internal Control Types Preventive Controls Detective Controls Cost Effective More expensive Competent and trustworthy people Reviews & comparisons Segregation of duties Reconciliations Proper authorization Physical counts Adequate documentation Analyses of variances Physical control over assets Computerized techniques IIA Standards 2120 – Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. 2120.A1 – The internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the: īŽ Reliability and integrity of financial and operational information. īŽ Effectiveness and efficiency of operations and programs. īŽ Safeguarding of assets. īŽ Compliance with laws, regulations, policies, procedures, and contracts.
  • 8. 7/26/2017 8 IIA Standards 2300 – Performing the Engagement Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives. 2310 – Identifying Information Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives. 2320 – Analysis and Evaluation Internal auditors must base conclusions and engagement results on appropriate analyses and evaluations. 2330 – Documenting Information Internal auditors must document relevant information to support the conclusions and engagement results. Testing The following information was taken from “The Practice of Modern Internal Auditing” by Lawrence B. Sawyer. The Purpose of Testing Auditors achieve audit objectives by a process known as testing. Testing implies placing activities or transactions on trial, by putting selected items to the proof and revealing their inherent qualities or characteristics. To the internal auditor, testing implies the measurement of representative transactions or processes and comparison of the results with established standards or criteria. The purpose is to help provide the auditor with a basis for forming an audit opinion. The audit test usually implies evaluation of transactions, records, activities, functions, and assertions by examining all or part of them.
  • 9. 7/26/2017 9 Testing The objective of testing is to determine: īŽ Validity, i.e., propriety, genuineness, reasonableness īŽ Accuracy, i.e., quantity, quality, classification īŽ Compliance with applicable procedures, regulations, laws, etc. īŽ Competence of controls, i.e., the degree that risks are neutralized Simply put, testing determines whether something is as it should be. Testing Techniques Observing – Seeing, noticing, not passing over. Questioning – Asking open-ended unbiased questions. Oral representations must be substantiated by some other form of audit evidence. Analyzing – Implies a detailed examination. It means dividing a complex entity into parts for the purpose of determining its true nature. Verifying – Confirming the truth, accuracy, genuineness, or validity of something. Investigating – An inquiry aimed at uncovering the hidden facts and establishing the truth. Evaluating – Estimation of worth. In auditing, it means arriving at judgment.
  • 10. 7/26/2017 10 Workpaper Quality īŽ State Who, What, When, Where, Why, and How īŽ Note why we performed a test and how it met objectives. īŽ Ensure testing provides enough depth to reach a viable conclusion. īŽ State the objective. īŽ Tell a story (Reader’s Digest Version). Ensure enough information is given to cover the subject, but not too much that you have trouble finding the main message. īŽ Note the reason for testing. īŽ Ensure the Lead Auditor set expectations up front. īŽ Explain what was done in testing, what the conclusions were, and the audit universe. Workpaper Quality īŽ Ensure documentation supports testing. A third party should be able to recreate the test step and arrive at the same conclusions. īŽ Ensure the narrative is easy to read from beginning to end. īŽ Ensure testing is independent versus conversational. īŽ Ensure testing addresses all the objectives. īŽ Ensure all exceptions are dispositioned. īŽ Ensure sampling documentation is complete. īŽ Ensure conclusions provide enough information related to the testing performed. īŽ Ensure the narrative is a complete description of the work performed.
  • 11. 7/26/2017 11 Audit Evidence īŽ Sufficient īŽ Competent īŽ Relevant īŽ Useful Audit Evidence Sufficient – Factual, adequate and convincing. Quality audit evidence ensures the scope of the work addresses the control being tested and the sample sizes/items selected adequately represent the population being tested. It ensures conclusions are supported by factual information. Competent – Reliable and the best attainable. Quality audit evidence is gathered from the most independent source available. It does not depend solely on oral representations as this is the least reliable source of evidence. Trust but verify!
  • 12. 7/26/2017 12 Audit Evidence Relevant – Supports audit findings and recommendations and is consistent with the objectives of the audit. Quality audit evidence ensures only information pertinent to the test objectives are included. It focuses on current control conditions and timely audit feedback. Useful – Helps the organization meet its goals. Polling Question #3
  • 13. 7/26/2017 13 Audit Evidence īŽ All audit evidence must be approached with a healthy professional skepticism. īŽ Professional auditors approach all assertions with uncertainty – with an uneasy and dissatisfied state of mind. īŽ When reduced to its barest essentials, fieldwork is simply the gathering of evidence for measurement and evaluation. īŽ Care is always required in the documentation process, if there is a possibility of litigation or some type of legal action, the evidence must be in a form that is legally usable. īŽ Legal evidence and audit evidence have much in common. They have the same objective – to provide proof, to foster an honest belief about the truth or falsity of any proposition at issue. Nature of Audit Evidence Physical – Obtained by observing people, property, and events. It can take the form of photographs, charts, maps, graphs, or other pictorial representations. Testimonial – Takes the form of letters or statements in response to inquiries or interviews. This should be supported by documentation. Documentary – The most common form of audit evidence. The source of documentary evidence affects its reliability. Analytical – Stems from analysis and verification.
  • 14. 7/26/2017 14 Audit Workpapers Clear – Free from confusion or doubt. Quality audit workpapers tell a story, in a logical order, of the steps taken to perform the work. Concise – Short and to the point. Quality audit workpapers make every word count towards supporting the audit objective and conclusions. Complete – Having all the necessary parts. All test objectives are addressed; exceptions conditions are dispositioned; conclusion statements, source, scope and sampling techniques are properly documented. Verifiable –The reader should be able to re-perform the work based on the content of the workpaper. Audit Workpapers Question – Would any third party person be able to re-perform the test work and reach the same conclusion as the auditor who originally performed the test work?
  • 15. 7/26/2017 15 Control Effectiveness Testing īŽ Trust but verify īŽ Don’t clutter workpapers with background information. īŽ Issue audit findings and recommendations to the business partner as they are identified and request written responses. īŽ Workpapers are confidential. īŽ Notify Audit engagement manager of any regulatory exceptions. īŽ Do not refer to potential or substantiated regulatory exceptions as regulatory violations Control Effectiveness Testing īŽ Develop sufficient business knowledge to perform the assigned audit steps. A thorough understanding of the risks inherent in the business and the implications of these risks must exist prior to the conclusion of the audit. īŽ Obtain sufficient audit evidence to evaluate the system of internal control. Use techniques including observation, inquiry, and testing to obtain this evidence. Perform substantive/corroborative testing to fully support conclusions.
  • 16. 7/26/2017 16 Control Effectiveness Testing īŽ Document that all program steps have been properly performed. This sign-off indicates the assigned audit work has been completed and the documentation is thorough and can be relied upon. īŽ Be alert to indications of irregular or suspicious activity. Should you identify irregular activity during the course of an audit, inform the auditor in-charge as soon as possible. Control Effectiveness Testing īŽ Inform the auditor in-charge of any situations where an expansion or constriction of scope should be considered. īŽ Obtain the approval of the audit manager or the designee for material changes in scope. īŽ Take responsibility for the effective and efficient use of time. Have significant deviations approved by the audit manager prior to incurring overages. Justify all material variances.
  • 17. 7/26/2017 17 Workpaper Documentation Guidelines īŽ Risk Statement – A high level description of the business risk. The risk should be stated in terms of what could go wrong and the potential impact/result. īŽ Control Statement – A high level description of the controls in place that mitigate the business risk. The control statement should describe specifically what the control is designed to do (control objective). Workpaper Documentation Guidelines īŽ Test Objective – Stated in terms of evaluating the effectiveness of the controls in assisting management to mitigate risk and achieve objectives. īŽ Test Steps – Should be risk-based, direct the auditor to test the effectiveness of the control, and prompt the auditor to identify, analyze, evaluate, and record audit evidence and results, as well as utilize data analysis techniques wherever possible.
  • 18. 7/26/2017 18 Workpaper Documentation Guidelines īŽ Source – List the names/titles of the team members talked to and the names/as of dates of documents/reports reviewed and the names/titles of the team members the documents/reports were obtained from. īŽ Scope – Include a brief summary of the work performed including population source, characteristics and validation, as well as time period covered. Workpaper Documentation Guidelines īŽ Audit Evidence – Ensure quality audit evidence (sufficient, competent, relevant, useful). Inquiry and observation testing should include who interviewed, process/control observed, date of interview/observation and description of results. Do not rely solely on a verbal representation from the business partner. īŽ Attribute Testing – Include an attribute table (when practical) to facilitate efficient workpaper preparation and review. īŽ Exceptions & Issues – Denote using a red X tickmark (X1, X2, etc.) and disposition as an Isolated/Immaterial Exception or an Exception.
  • 19. 7/26/2017 19 Workpaper Documentation Guidelines īŽ Source Documentation – When exception items are noted, include copies of source documents to support exception items. Only a sample of exception items is needed. īŽ Electronic Source Documents – Use whenever possible. īŽ Hardcopy Source Documents – Store in pockets or other appropriate means and label per policy requirements. Click on HCWP in ACE test document. Workpaper Documentation Guidelines īŽ Test Conclusion – Select overall control effectiveness rating in the “Status Conclusion” section. A rationale statement (defined in terms of impact and probability) must be provided in the “Reason” field.
  • 20. 7/26/2017 20 Workpaper Documentation Guidelines īŽ Strong and Effective – The system of internal control provides assurance the risks are well-managed. īŽ Effective – The system of internal control provides reasonable assurance the risks are being effectively managed. īŽ Generally Effective – The system of internal control provides reasonable assurance that risks are being managed. Control exceptions exist but corrective action plans are in place. īŽ Needs Improvement – The system of internal control may not provide reasonable assurance that risks are being managed. Control exceptions exist that need to be addressed. īŽ Ineffective – The system of internal control does not provide assurance that risks are being managed. Immediate management attention is needed to address the control exceptions. Other Fieldwork Tips īŽ Communicate frequently with your AIC (Exceptions/I&Rs, scope changes, etc.). īŽ Set up communication guidelines with the business partner. īŽ Ensure review notes are cleared in the test document. īŽ Be alert to indications of irregular or suspicious activity (fraud).
  • 21. 7/26/2017 21 Killing the Spider Surface Pertinent Issues and Demand Effective Resolution (SPIDER) Killing the Spider īŽ Provide recommendations that not only correct the problems, but also address the root cause of those problems. īŽ This is the difference between “cleaning up the spider webs” (simply fixing the current problem) and “killing the spider” (addressing the root cause to mitigate future occurrences). īŽ Too often auditors focus on conditions but ignore causes. īŽ Too often auditors simply compare what the audited areas is doing (the condition) with what the policy states it should be doing (the criterion).
  • 22. 7/26/2017 22 Killing the Spider īŽ Generally the cause of the problem stems from a breakdown in one or more of the five COSO components: īŽ Control Environment īŽ Risk Assessment īŽ Control Activities īŽ Information and Communication īŽ Monitoring īŽ To pinpoint the cause, start by looking at management’s risk assessment and control activities. īŽ Has there been an assessment of risk? īŽ Has management established policies/procedures to address the risk? Exceptions & Issues īŽ Isolated/Immaterial Exception – A condition that falls within allowable parameters of a control’s performance. These are typically an infrequent human error with an insignificant negative impact. īŽ Exception – a risk exposure resulting from a control breakdown or deficiency that was not detected and corrected or mitigated by existing controls. īŽ Issue – A risk exposure resulting from a systemic or material control breakdown or deficiency, supported by one or more Exceptions whose potential negative impact is sufficient to warrant corrective action by business management.
  • 23. 7/26/2017 23 Exceptions & Issues īŽ Reportable Issue – An issue that will be formally reported via the Audit Report. All reportable issues will be denoted by significance, repeat status, root cause, and risk category. īŽ All Reportable Issues must be reviewed and approved by the Audit Manager. īŽ All Reportable Issues are communicated in writing and given to the business partner during fieldwork. This is done by either the staff auditor or AIC. īŽ A written management response must be received for every Reportable Issue. The response must be reviewed for adequacy by the AIC and supervisor or SAM prior to final acceptance. Exceptions & Issues īŽ Validation – The process for ensuring the facts of the Exception and/or Issue are accurate through communication with the business partner. īŽ Management response – A formal written reply from the business partner that is received for every Reportable Issue. It should include the following: īŽ Be specific and responsive īŽ Be complete in addressing all material aspects īŽ Include reasonable and achievable target dates īŽ Include achievable actions that will prevent recurrence īŽ Include designated individuals to own the corrective action
  • 24. 7/26/2017 24 Exceptions & Issues īŽ All audit evidence supporting Exceptions, Issues, and conclusions must be documented in the workpapers. īŽ Isolated/Immaterial Exceptions will be dispositioned in the workpapers. īŽ Exceptions will be developed on the Exception document and will be communicated to the business partner and validated. Exceptions are classified as reportable (I&R) or non-reportable. All Exceptions must be independently reviewed by the AIC, supervisor, or manager. Exceptions & Issues īŽ Issues will be developed on the Issue & Recommendation (I&R) document and will be communicated to the business partner and validated. All issues must be independently reviewed by the AIC and supervisor or manager.
  • 25. 7/26/2017 25 Issue & Recommendation (I&R) A properly written I&R should include the following attributes: īŽ Condition - What is the problem? īŽ Criterion – What should be? īŽ Cause – What led to the condition? īŽ Effect – So what? īŽ Recommendation – What should be done? The recommendation should address the cause (kill the spider)! Sell your recommendation based on the effect (risk)! CIA Exam Question We find that due to inadequate monitoring of cost-effective transportation and hotel options, the department's travel budget has increased steadily by a total of 1 percent per quarter, thus failing to achieve management's objective of reducing travel-related expenses by 1 percent over the same time period. Which of the following elements is missing from the finding stated above? īŽ Criteria īŽ Effect īŽ Cause īŽ Condition
  • 26. 7/26/2017 26 CIA Exam Question Answer - Effect CIA Exam Question Late charges were waived on an excessive number of delinquent installment loan payments at the Spring Street Branch. We were informed that late charge waivers are not approved by an officer. Approximately US $5,000 per year in revenues is being lost. In order to provide a better control over late charges waived and loss of income, we recommend that a lending officer be responsible for waiving late charges and that this approval be in writing. Which of the following elements of a deficiency finding is not properly addressed? īŽ Condition īŽ Criteria or standards īŽ Effect īŽ Cause
  • 27. 7/26/2017 27 CIA Exam Question Answer – Criteria or standards Polling Question #4
  • 28. 7/26/2017 28 Issue Severity Ratings īŽ Low – (Previously known as Verbal) A non-reportable issue that does not require corrective action. Remedial corrective actions may result in improved business processes, and should be considered by business unit management. īŽ Moderate – A reportable issue that requires management attention. Remedial corrective actions should be addressed in a reasonable timeframe. If no action is taken, the issue may have an adverse effect on business unit management’s ability to meet a business objective. Issue Severity Ratings īŽ High – A reportable issue needing timely corrective action by business unit management to adequately mitigate risks to the business. If action is not taken in a timely manner, the issue may have an adverse effect on business unit management’s ability to meet one or more of its business objectives. īŽ Very High – A reportable issue needing immediate corrective action by business unit management to adequately mitigate risks to the business. If not immediately addressed, the issue may have significant adverse effects on business unit management’s ability to meet one or more of its business objectives. Persistence of the Issue may also have adverse effects to Wells Fargo at the enterprise level. Management should monitor progress on the corrective action until completed.
  • 29. 7/26/2017 29 Questions? Thank You! William Woodington, CPA, CIA Woodington Training Solutions 763-568-1181 http://woodingtontraining.com/ bill@woodingtontraining.com Jim Kaplan, CIA, CFE AuditNet LLCÂŽ 800-385-1625 www.auditnet.org webinars@auditnet.org
  • 30. 7/26/2017 30 AuditNetÂŽ and cRisk Academy īŽ If you would like forever access to this webinar recording īŽ If you are watching the recording, and would like to obtain CPE credit for this webinar īŽ Previous AuditNetÂŽ webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacade my.com Use coupon code: 50OFF for a discount on this webinar for one week