Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
Internal audit is a profession that struggles against the stereotypes of our past. When we explore our current processes and methodologies, one area that needs attention is executing the audit plan. If our focus is setting a plan in motion and tracking to completion each year, then we are not able to react to changes in our organizations. Financial services organizations face additional challenges in trying to balance emerging risks with the requirements of the regulatory authorities. By embracing the concept of agile auditing, we will be able to adjust more quickly and act as a more relevant partner to our organizations.
Learning Objectives
• Understand the concept of agile auditing
• Identify areas for applying agile techniques
• Discuss a strategy for successfully implementing agile audit
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 5
• Certification against GDPR
• The powers of supervisory authorities
• Lead supervisory authorities
• The role of the European Data Protection Board (EDPB)
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 7
• Lessons to be learned from common data security failures.
• The six data protection principles – how to apply them and demonstrate compliance.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 10
• Handling data subject access requests (DSARs).
• The roles of controllers and processors, and the relationships between them.
• Transferring personal data outside the EU and the mechanisms for compliance.
• How to become GDPR compliant using a compliance gap assessment
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
With more organizations exploring the concept of Combined Assurance, there have been many questions about how this relates to GRC. In this presentation, we will explore both concepts and discuss the differences between Combined Assurance and GRC so that you can consider and explore options that are most suited to the needs of your audit department and your organization as a whole.
Learning Objectives:
Understand the concepts behind Combined Assurance and GRC
Discuss pros and cons for both Combined Assurance and GRC
Learning about outliers and how to detect them in transactions of all types.
Learning Objectives: This webinar will explain the significance of outliers when testing transactions, whether they are vendor invoices, GL postings, or travel & entertainment expenses. Examples using Arbutus Analyzer will demonstrate the best analytics for identifying outliers.
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
Internal audit is a profession that struggles against the stereotypes of our past. When we explore our current processes and methodologies, one area that needs attention is executing the audit plan. If our focus is setting a plan in motion and tracking to completion each year, then we are not able to react to changes in our organizations. Financial services organizations face additional challenges in trying to balance emerging risks with the requirements of the regulatory authorities. By embracing the concept of agile auditing, we will be able to adjust more quickly and act as a more relevant partner to our organizations.
Learning Objectives
• Understand the concept of agile auditing
• Identify areas for applying agile techniques
• Discuss a strategy for successfully implementing agile audit
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 5
• Certification against GDPR
• The powers of supervisory authorities
• Lead supervisory authorities
• The role of the European Data Protection Board (EDPB)
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 7
• Lessons to be learned from common data security failures.
• The six data protection principles – how to apply them and demonstrate compliance.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 10
• Handling data subject access requests (DSARs).
• The roles of controllers and processors, and the relationships between them.
• Transferring personal data outside the EU and the mechanisms for compliance.
• How to become GDPR compliant using a compliance gap assessment
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
With more organizations exploring the concept of Combined Assurance, there have been many questions about how this relates to GRC. In this presentation, we will explore both concepts and discuss the differences between Combined Assurance and GRC so that you can consider and explore options that are most suited to the needs of your audit department and your organization as a whole.
Learning Objectives:
Understand the concepts behind Combined Assurance and GRC
Discuss pros and cons for both Combined Assurance and GRC
Learning about outliers and how to detect them in transactions of all types.
Learning Objectives: This webinar will explain the significance of outliers when testing transactions, whether they are vendor invoices, GL postings, or travel & entertainment expenses. Examples using Arbutus Analyzer will demonstrate the best analytics for identifying outliers.
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
IT Fraud Series: IT Fraud and Countermeasures - July 20, 2017
Description
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session IT Fraud and Countermeasures
• Investigating by computer
• Document collection and analysis
• Interviewing skills
• Documenting evidence
• Testifying as a witness
There are many misconceptions about the use of data analytics to detect fraud.
While in itself it does not detect fraud, data analytics is an integral part of the fraud detection process. This webinar will examine the truth behind the role of data analytics in the process including developing criteria to pare down data records, sorting through 100% of the records and tracking down anomalies hidden in your data.
Learning Objectives:
• Become familiar with data analysis processes
• Recognize misconceptions of how data analytic tools can be used for fraud detection
• Understand the real benefits of using data analytics and what it can do for you
• Obtain the steps required to apply the data analytic process to detect fraud
About the Presenter:
Sunder Gee, CPA, CMA, CIDA provides electronic data consultative services for tax lawyers, tax accountants and RTA Corporation. Sunder has also developed training material on various topics for the CRA and other organizations as well as published a book called "Fraud and Fraud Detection: A Data Analytics Approach”.
Duplicate payments, duplicate vendors, and segregation of duties in accounts payable are still the top tests being run by auditors using analytics. They are simple, effective, and save money which always helps the business case for analytics. Further, vendor and related payments fraud is the #1 fraud (in volume) affecting all organizations – big and small, public and private, regardless of the industry and sector. Excel templates will be provided with admission to assist to complete all testing and visualizations using graphs. Further data request letters and analytic audit programs will be provided to “jump start” your audit efforts in the accounts payable and vendor management areas.
Specific learning objectives include:
o Run over 20….key, proactive error and fraud tests in the areas of the accounts payable, vendor masterfiles, and purchase order files, all in Excel.
o Map the report results to an audit program to produce an analytically-enabled audit program.
o Discover the top frauds and corruption schemes along with top cost efficiencies to enact within accounts payable reviews.
o Distinguish between the top major accounting systems used when extracting accounts payable and vendor masterfile data and obtain a standard data request to aid the extractions
o Complete a multiple perspective visualization review of your accounts payable data including time based, amount based, company/profit center based, enterer, etc.
These are the slides. If you would like the associated data files they are available for download after payment. Videos of these sessions are available for free.
Details contact Rich Lanza (rich@richlanza.com)
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers risk analysis for auditors
While the majority of executives and internal audit leaders agree that data analytics is important, according to the 2016 IIA CBOK study, only 40% of respondents are using technology in audit methodology. Why the disconnect?
In this webinar, we will identify some of the common challenges associated with starting and continuing to use data analytics in your audit process. Easy-to-implement methods that help expand the use of data analytics and improve your audit coverage will also be presented.
Learning objectives
• Discuss ways to increase and expand the use of data analytics, including business and technology applications
• Identify the skills needed for successful use of data analytics
• Provide guidance on obtaining internal management support
• Offer tips on how to measure staff utilization and the effectiveness of analytics during audits
For information on our Webinars visit AuditNet.org (www.auditnet.org)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 8
• The security of personal data.
• An organizational risk management framework.
• Legal requirements for a DPIA.
• How to conduct a DPIA with a DPIA tool.
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
Artificial Intelligence (AI) is found in just about every industry today, and accounting and auditing are no exception. Auditors that aren’t already exploring the vast potential of AI-powered applications in their audit program will soon find these tools are the industry standard and will be left in the dust if they don’t adapt and adopt.
To learn how to easily use AI apps in audit today, join us as we welcome Deniz Appelbaum, Assistant Professor at Montclair State University, for this exclusive presentation. With deep experience in audit analytics, Big Data, blockchain, audit automation, and fraud detection, Appelbaum brings considerable practical experience with audit technology to the audit profession.
In this presentation, she will help guests:
● Gain a basic introductory understanding of AI in audit.
● Understand how AP applications can be used in the context of auditing.
● Learn how to use AI apps in an audit for specific, achievable, measurable results.
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
While the use of Data Analytics produces excellent results, they’re commonly applied in a tactical way for specific functional areas within an organization. This tactical approach often falls short of realizing the full potential of Data Analytics. Going beyond initial results, a more systematic approach to Data Analytics can help drive organizational learning (human and machine) from the various remediation processes.
In this Webinar, we’ll discuss 3 areas of Analytics Automation: (1) Producing the findings, (2) Managing the findings, and (3) Learning from the findings.
Key takeaways:
· The value of Analytics Automation
· Understanding the various technologies (i.e. RPA, AI, etc.)
· Practical ideas for deploying and managing Analytics Automation
· Using a more structured approach to remediation exceptions
· Benefits of Root Cause Analysis
· Using Analytics Automation to get a broader, more complete view of your organization over time
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...SolarWinds
WINNER: Overall Best In Show at 2014 AFCEA® Cyber Conference Solutions Trail
In a 2014 survey by SolarWinds and Market Connections, federal government and military IT professionals stated that their biggest cybersecurity threats are people both malicious external attackers and clueless insiders. So how do Federal IT Pros prevent activity that can put their agencies security at risk and address these living cybersecurity threats when human behavior is out of their
control? Implementing continuous monitoring solutions can help federal agencies safeguard against human error and quickly identify vulnerabilities, compliance issues and other threats by automatically collecting data and reporting on the performance, availability and security posture of an IT infrastructure. While continuous monitoring of the performance of networks, applications, servers, and
more will not stop hackers from attempting to infiltrate a network or stop careless employees from accidental blunders, it can provide a first line of defense and critical insight into how the IT infrastructure is impacted. In this session you will learn: " The top cybersecurity threats plaguing agencies today and their sources " The types of continuous monitoring tools and technologies that can be leveraged by both IT operations and information security simultaneously to quickly detect and mitigate threats " How to overcome common obstacles and frustrations agencies face when implementing continuous monitoring solutions and what benefits they see upon implementation.
Social media is a daily part of our lives, but many people are not allowed to access social media in their workplace. To understand more about Social Media Access in Hospitals, we asked healthcare professionals a few questions regarding their access. Here's what they said...
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
Webinar Description: In my years leading data analytics projects and teams, I have come across several different structures for the integration of DA. Some were at large multinational corporations and others were at small- and medium-sized organizations, including government bodies. Today, we'll look at four different models for the management of data analytics in Internal Audit departments. The key characteristics of each model will be described, as well as the strengths and weaknesses.
Participant Outcomes: By the end of this session, participants will be able to identify the model which best fits their organization.
The Future of Auditing and Fraud Detection – Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
o Define the top company areas for data integration from structured, unstructured and external data sources.
o Highlight culturally what audit and fraud detection functions must do to embrace continuous embedded analytic reviews.
A Retrospective in Analytic Auditing and What’s Ahead
Description
The speaker will outline salient best practices in establishing an analytic program based on lessons learned looking back on the past two and a half decades. Specific learning objectives include:
o Review key dates in the last two decade’s timing that led to the advancement of audit data analytic programs.
o Highlight lessons learned over the years through case study examples.
o Outline the effective culture around the analytics program to serve as its foundation.
o Learn to apply analytics across the entire lifecycle from risk assessment, to planning, fieldwork, and reporting.
o Present analytic best practices being deployed by top performing organizations.
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
IT Fraud Series: IT Fraud and Countermeasures - July 20, 2017
Description
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session IT Fraud and Countermeasures
• Investigating by computer
• Document collection and analysis
• Interviewing skills
• Documenting evidence
• Testifying as a witness
There are many misconceptions about the use of data analytics to detect fraud.
While in itself it does not detect fraud, data analytics is an integral part of the fraud detection process. This webinar will examine the truth behind the role of data analytics in the process including developing criteria to pare down data records, sorting through 100% of the records and tracking down anomalies hidden in your data.
Learning Objectives:
• Become familiar with data analysis processes
• Recognize misconceptions of how data analytic tools can be used for fraud detection
• Understand the real benefits of using data analytics and what it can do for you
• Obtain the steps required to apply the data analytic process to detect fraud
About the Presenter:
Sunder Gee, CPA, CMA, CIDA provides electronic data consultative services for tax lawyers, tax accountants and RTA Corporation. Sunder has also developed training material on various topics for the CRA and other organizations as well as published a book called "Fraud and Fraud Detection: A Data Analytics Approach”.
Duplicate payments, duplicate vendors, and segregation of duties in accounts payable are still the top tests being run by auditors using analytics. They are simple, effective, and save money which always helps the business case for analytics. Further, vendor and related payments fraud is the #1 fraud (in volume) affecting all organizations – big and small, public and private, regardless of the industry and sector. Excel templates will be provided with admission to assist to complete all testing and visualizations using graphs. Further data request letters and analytic audit programs will be provided to “jump start” your audit efforts in the accounts payable and vendor management areas.
Specific learning objectives include:
o Run over 20….key, proactive error and fraud tests in the areas of the accounts payable, vendor masterfiles, and purchase order files, all in Excel.
o Map the report results to an audit program to produce an analytically-enabled audit program.
o Discover the top frauds and corruption schemes along with top cost efficiencies to enact within accounts payable reviews.
o Distinguish between the top major accounting systems used when extracting accounts payable and vendor masterfile data and obtain a standard data request to aid the extractions
o Complete a multiple perspective visualization review of your accounts payable data including time based, amount based, company/profit center based, enterer, etc.
These are the slides. If you would like the associated data files they are available for download after payment. Videos of these sessions are available for free.
Details contact Rich Lanza (rich@richlanza.com)
The IT Auditing Series is a series of 10 2-hour webinars.
The study program consists of 5 modules Basic and 5 modules Advanced spanning a broad range of topics and issues in the IT Auditing field. The emphasis in all webinars is therefore on practical aspects, of Internal Auditing.
The course content is based upon ISACA Framework which has been accepted world-wide as the basis of skills and competencies required for all IT Auditors.
This session covers risk analysis for auditors
While the majority of executives and internal audit leaders agree that data analytics is important, according to the 2016 IIA CBOK study, only 40% of respondents are using technology in audit methodology. Why the disconnect?
In this webinar, we will identify some of the common challenges associated with starting and continuing to use data analytics in your audit process. Easy-to-implement methods that help expand the use of data analytics and improve your audit coverage will also be presented.
Learning objectives
• Discuss ways to increase and expand the use of data analytics, including business and technology applications
• Identify the skills needed for successful use of data analytics
• Provide guidance on obtaining internal management support
• Offer tips on how to measure staff utilization and the effectiveness of analytics during audits
For information on our Webinars visit AuditNet.org (www.auditnet.org)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 8
• The security of personal data.
• An organizational risk management framework.
• Legal requirements for a DPIA.
• How to conduct a DPIA with a DPIA tool.
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
Artificial Intelligence (AI) is found in just about every industry today, and accounting and auditing are no exception. Auditors that aren’t already exploring the vast potential of AI-powered applications in their audit program will soon find these tools are the industry standard and will be left in the dust if they don’t adapt and adopt.
To learn how to easily use AI apps in audit today, join us as we welcome Deniz Appelbaum, Assistant Professor at Montclair State University, for this exclusive presentation. With deep experience in audit analytics, Big Data, blockchain, audit automation, and fraud detection, Appelbaum brings considerable practical experience with audit technology to the audit profession.
In this presentation, she will help guests:
● Gain a basic introductory understanding of AI in audit.
● Understand how AP applications can be used in the context of auditing.
● Learn how to use AI apps in an audit for specific, achievable, measurable results.
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
While the use of Data Analytics produces excellent results, they’re commonly applied in a tactical way for specific functional areas within an organization. This tactical approach often falls short of realizing the full potential of Data Analytics. Going beyond initial results, a more systematic approach to Data Analytics can help drive organizational learning (human and machine) from the various remediation processes.
In this Webinar, we’ll discuss 3 areas of Analytics Automation: (1) Producing the findings, (2) Managing the findings, and (3) Learning from the findings.
Key takeaways:
· The value of Analytics Automation
· Understanding the various technologies (i.e. RPA, AI, etc.)
· Practical ideas for deploying and managing Analytics Automation
· Using a more structured approach to remediation exceptions
· Benefits of Root Cause Analysis
· Using Analytics Automation to get a broader, more complete view of your organization over time
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...SolarWinds
WINNER: Overall Best In Show at 2014 AFCEA® Cyber Conference Solutions Trail
In a 2014 survey by SolarWinds and Market Connections, federal government and military IT professionals stated that their biggest cybersecurity threats are people both malicious external attackers and clueless insiders. So how do Federal IT Pros prevent activity that can put their agencies security at risk and address these living cybersecurity threats when human behavior is out of their
control? Implementing continuous monitoring solutions can help federal agencies safeguard against human error and quickly identify vulnerabilities, compliance issues and other threats by automatically collecting data and reporting on the performance, availability and security posture of an IT infrastructure. While continuous monitoring of the performance of networks, applications, servers, and
more will not stop hackers from attempting to infiltrate a network or stop careless employees from accidental blunders, it can provide a first line of defense and critical insight into how the IT infrastructure is impacted. In this session you will learn: " The top cybersecurity threats plaguing agencies today and their sources " The types of continuous monitoring tools and technologies that can be leveraged by both IT operations and information security simultaneously to quickly detect and mitigate threats " How to overcome common obstacles and frustrations agencies face when implementing continuous monitoring solutions and what benefits they see upon implementation.
Social media is a daily part of our lives, but many people are not allowed to access social media in their workplace. To understand more about Social Media Access in Hospitals, we asked healthcare professionals a few questions regarding their access. Here's what they said...
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
Webinar Description: In my years leading data analytics projects and teams, I have come across several different structures for the integration of DA. Some were at large multinational corporations and others were at small- and medium-sized organizations, including government bodies. Today, we'll look at four different models for the management of data analytics in Internal Audit departments. The key characteristics of each model will be described, as well as the strengths and weaknesses.
Participant Outcomes: By the end of this session, participants will be able to identify the model which best fits their organization.
The Future of Auditing and Fraud Detection – Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
o Define the top company areas for data integration from structured, unstructured and external data sources.
o Highlight culturally what audit and fraud detection functions must do to embrace continuous embedded analytic reviews.
A Retrospective in Analytic Auditing and What’s Ahead
Description
The speaker will outline salient best practices in establishing an analytic program based on lessons learned looking back on the past two and a half decades. Specific learning objectives include:
o Review key dates in the last two decade’s timing that led to the advancement of audit data analytic programs.
o Highlight lessons learned over the years through case study examples.
o Outline the effective culture around the analytics program to serve as its foundation.
o Learn to apply analytics across the entire lifecycle from risk assessment, to planning, fieldwork, and reporting.
o Present analytic best practices being deployed by top performing organizations.
Today's fast-paced and evolving business environment requires internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”?
Our research has found an approach that builds on three dimensions of effectiveness that must be addressed to be highly effective:
• Meeting stakeholder expectations
• Operating core processes
• Conforming to internal audit standards and applicable regulatory requirements
Learning Objectives
In this session, participants will:
• Discuss the need for and importance of strategic planning within the internal audit function
• Explore the 3 dimensions that contribute to a highly effective internal audit function
• Populate a framework to understand how processes and expectations are aligned and where changes need to occur
• Develop an initial strategic vision based on an understanding of stakeholder expectations
Selecting the right Computer Assisted Audit Tool may appear to be a huge undertaking; however, following a systematic approach eases the burden. The right approach minimizes the risk of selecting a product that might not fit into your organization, which could impair your function as it sits underutilized or on the shelf. While point and click visual style tools are settling into the market, many auditors rely on the legacy step-by-step software tools such as ACL, IDEA, Excel and “add-on” tools.
Many chief auditors pursue opportunities to increase the frequency and intensity of interactions with management and realize nothing gets attention faster than finding previously undetected anomalies in company data. Finding the right issues quickly and timely improves the value of audit and can assist audit in winning more work.
Attending this webinar you will learn:
· Identify analysis and financial constraints
· Scoping and defining audit strategic objectives
· Reviewing selection field based on Technical needs
· Building a short/long term on-boarding roadmap
· Realize the lost opportunity of not including all auditors (no auditor left behind)
Visualizing data has become one of the hottest trends in analytics not only because it works to more quickly identifying anomalies but in also explaining the results to management. In this case study focused webinar, you’ll learn how to translate unwieldy files of financial data into a single compact scattergraph, pie chart, or overlay—and then “sample with pictures” by picking out the key items that merit sampling and follow-up.
Specific learning objectives include:
o Understand graph types and their different analytical strengths from an audit perspective
o Learn best practices in dahsboarding results through a review of a variety of example dashboard templates
o Be able to score records based on various audit reports to improve your effectiveness and reduce false positives in your samples
o See how to quickly turn a visualization exercise into a sampling approach by sampling multiple categories to identify highest-risk items.
o Use auto-formatting and dynamic data-grabbing tools so new data can create new graphs each audit period, at the touch of a button
o Integrate statistics into your visualizations to extract the most exceptional sample units
Controls that are designed to mitigate the risk of fraud are not perfect. Enterprise software such as Oracle and SAP may have built-in controls, but they are limited in scope to the data and processes that the software "touches". The most successful fraudsters know how to exploit interfaces between different processes and systems. Furthermore, the typical fraud case persists for 14 months prior to detection*.
Deploying data analytics for continuous testing can overcome many of the limitations of traditional fraud detection. Timely and appropriate detection will help organizations mitigate the impact of frauds. Robust fraud detection systems will also act as powerful deterrents.
*ACFE Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse
Learning Objectives
In this session we will raise awareness of the various types of frauds and how they can be detected using automated data analysis techniques.
Internal auditors regularly access organization information for audit purposes. Many organizations now maintain computerized data warehouses containing useful management and financial information. Audit professionals therefore need to understand both the concepts of data warehousing as well as data mining techniques.
Data warehousing is a process for assembling and managing data from various sources for the purpose of gaining a single, detailed view of part or all of a business.
Data mining is the use of automated tools to explore and analyze large amounts of data stored in those data warehouses.
Print reports represent a valuable source of unstructured data which can be useful for internal auditors. Using print reports for data mining will be the main area covered in this Webinar.
Objectives
1. Identify the difference between data analysis and data mining Understand the importance between structured and unstructured data
2. Learn tips and best practices for data mining print reports
3. Understand how excel and IDEA handle importing different PDF formats
4. How to use templates to make future imports a one button task
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 4
• How to perform a data protection impact assessment (DPIA)
• The role of the data protection officer (DPO)
• Transferring personal data outside the EU
Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger and revenue audit areas as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
How ERM and audit work together, a combined assurance approach Jim Kaplan CIA CFE
Internal audit is a profession that provides assurance that objectives are being met for the organizations that it serves. However, it is not the only assurance provider and often organizations are fatigued by different departments requesting the same information and reporting the same results. Enterprise Risk Management is an assurance provider that Internal Audit can leverage off of to reduce audit fatigue and increases the chances that an organization's objectives will be met.
Learning Objectives
Understand the roles of Enterprise Risk Management & Internal Audit
Understand the concept of Combined Assurance
Understand a strategy of reliance
The fieldwork phase is the heart of the audit process. Everything auditors do in the planning phase drives them to do the right things in fieldwork. Everything auditors do in the reporting phase relates to what was found in fieldwork. Everything auditors do in the follow-up phase relates to the issues identified in fieldwork. This webinar will focus on the testing for control effectiveness. This includes capturing the best audit evidence and documenting quality work in the workpapers. This helps ensure that any competent third party person can re-perform the work and come to the same conclusion.
This webinar is for auditors who want to understand the key elements of the fieldwork phase of the audit process.
The learning objectives include the following:
- Learn about internal control terminology
- Learn about testing techniques and workpaper quality
- Learn about audit evidence
- Learn about workpaper documentation guidelines
Learn about Issues & Recommendations (I&Rs)
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
Webinar Overview - A look at duplicates testing and the inherent value of fuzzy data matching.
Identifying fuzzy duplicates has never been easier. Arbutus Analyzer’s versatile functionality enables even new users to detect possible duplicate payments, vendors sharing similar addresses among themselves or with your organization’s employees, and counter parties who may be on government watch lists. Our webinar includes nine different scenarios with detailed descriptions of the tests and their results.
You'll learn about:
• Identifying possible risks
• How to deploy Analyzer commands and functions
Key Presenter:
Michael Kano, ACDA, Data Analytics Consultant, Arbutus Analytics
Many auditors often forget the fundamentals of internal auditing. This webinar will focus on areas of internal auditing that every auditor should know. This includes understanding Audit’s role in the organization, IIA standards, internal control, and the key components of the audit process.
This webinar is for auditors who want to understand the key components of the audit process including characteristics of successful auditors.
The learning objectives include the following:
Learn about the IIA Professional Practices Framework
Learn about the framework of internal control as defined by the Committee of Sponsoring Organizations (COSO)
Learn about the basic elements of the audit process
The use of robotic process automation (RPA is the rave but where can you best apply resources to maximize this powerful audit assistance. Specific learning objectives include:
o Identify the top opportunities for robotic process automation in audit processes.
o See where you can become a “citizen programmer”, building the bots alongside your business processes.
o Walk through case studies of applied audit-focused RPA
o Consider the limitations and benefits of RPA into a total cost of ownership exercise.
World class auditors know one of the best ways to fight the fraud risk is to be sure outsource agreements include a Right to Audit clause. Auditors feel good and sleep tight when their client tells them “of course we included the one we use all of the time”. The real test is when glitches and anomalies appear and management asks auditing to do a quick visit with the third party organization.
The discussion will offer insights into:
· Best practices audit clause language
· Compliance, operational and/or financial audit
· Plan in advance or surprise visit
· Books and records
· Location of audit
· Who can or should conduct the audit
· Impact of absence of a Service Level Agreement (SLA)
As stated in the Institute of Internal Auditors IPPF, “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk (2120.A2)”.
How is your auditing function meeting this professional expectation? The time to test fraud controls is before you have a fraud. Testing fraud controls is more commonly referred to as an “anti-fraud” assessment and is typically conducted by auditors as a consulting service. How long has it been since a comprehensive review was conducted at your organization? Once completed, as the company changes over time, sections of the first review should be updated.
This webinar will cover:
· How strong are your controls?
· Are you looking for fraud or is fraud looking for you?
· The time to detect directly impacts the chances of recovery
· Shell Vendors uncovered made the headlines in 2016
· Looking for signs of complacency in the workplace
· A robust organizational COSO based framework that organizes your work from cradle to grave
· Working paper and check list recommendations
· Actual audit report sample (with author identification removed)
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
The internal auditor has a unique and challenging role when it comes to improving the governance processes of their organization. Exercising objective judgment and maintaining professional integrity are essential roles of the internal auditor; however these roles may become undermined when strong political or cultural pressures are at play. This webinar will help internal auditors prepare for and successfully navigate through these pressures should they be encountered.
Learning Objectives:
• Understand how the IIA Code of Ethics applies to Internal Auditors
• Apply “IIA Standard 2110 – Governance” as a key resource
• Assess ethics in light of internal audit independence
• Gain insight to how organizational culture affects ethical behavior
• Evaluate independence and objectivity using a framework
Who will benefit:
Corporate Directors
Corporate Officers
Fraud & Forensic professionals
Audit professionals
Risk professionals
Compliance professionals
Legal professionals
Ethics professionals
Governance professionals
Finance and Accounting Professionals
We currently have 5 distinct generations in the workplace, including in internal audit and compliance departments. A recent Deloitte survey predicts that Millennials will make up 75% of the global workforce in the next few years, which includes our audit staff. From a management perspective, we need to blend the realities of the work we do with the challenges of working in a multigenerational staff.
This presentation will highlight the challenges faced by audit management when incorporating multiple generations into a department, and focus on approaches we can take to ensure each group has a successful integration into our multigenerational team.
• Establish a baseline understanding of differing generational skills
• Identify the skill gaps and training needs for generational inclusion
• List changes that may be necessary within our departments.
Effective General Ledger and Journal Entry Fraud Detection Using Data AnalyticsFraudBusters
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
White-Collar Crime Fighter Newsletter Subscribe Now at No Cost!
FraudResourceNet has made the premier Anti-Fraud newsletter, White-Collar Crime Fighter freely available to all. All this is required is to complete the registration form with your work email address!
The widely read newsletter, White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Every two months you'll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies to put to work immediately to protect your organization.
When it comes to fraud, knowledge of the countless schemes, how they work and red flags to look for will help keep you, your organization and your clients safe.
At FraudResourceNet we understand this and take great pride in providing our FREE White Collar Crime Fighter newsletter -- filled with exclusive articles and tips to provide the knowledge you need.
Make sure you stay informed. Sign up for White Collar Crime Fighter newsletter and we’ll keep you up-to-date on special promos, training opportunities, and other news and offers from FraudResourceNet!
Signing up is easy and FREE. If you have not already subscribed to our newsletter, please sign up to get started!
Sign up for the White Collar Crime Fighter Newsletter (a $99 value ... now completely FREE)
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 1 of 10
This Webinar focuses on Cyber Defense
• Threats/Threat actors/Common Cyber Attack methods
• Attacks and vulnerabilities exposed
• Layered protection measures against Cyber threats
• Firewalls and levels of protection they provide
• Traffic profiling and monitoring for inbound and outbound traffic
• Intrusion Detection
• Incidences of Compromises
• Penetration testing regimes and vulnerability testing
• NIST Vulnerability Checklist
• The Security Content Automation Protocol (SCAP)
Similar to How analytics should be used in controls testing instead of sampling (20)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 9
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
A recent survey report, Fraud in the Wake of COVID-19: Benchmark Report, prepared by the ACFE, explains that recent events have opened the door to increased pressure, reasonings and opportunities that can lead to occupational fraud. Across all classes of fraud schemes 68% of survey respondents reported increases in fraudulent activity as of May 2020 and 93%o reported they expect an increase in fraud over the next 12 months.
To guide auditors in running detective controls, join Mark Nigrini, West Virginia University Professor and author, and Jeffrey Sorensen, Industry Strategist, for an exclusive review of the fingerprints of fraud numbers. This two-person team will review seven categories of fraud numbers and will demonstrate how to identify these types of numbers using audit software.
In this informative and engaging presentation, attendees will:
● Learn the seven categories of fraud numbers
● Understand which categories are linked to specific types of schemes
● Optimize the steps needed to run the tests
● Interpret the results to identify audit targets
● Apply a second layer of steps to reduce the number of false positives
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 2 of 10
• Special categories of personal data
• The rights of data subjects, including data access requests
• Controllers and processors
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
Implementing and Auditing GDPR Series (1 of 10)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 1 of 10
• Bands of penalties and range of awards for breaches
• Lawfulness of processing and consent
• The six data protection principles
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Use Cases : Duplicate Testing & Segregation of Duties
Learning Objectives / Key Takeaways:
Learn how ATCO evolved its Internal Audit practice through embedding Data Analytics within our Audit Shop.
Identify how data-driven auditing can save time and increase audit assurance, coverage and quality.
See specific examples of how Analyzer was used to detect duplicate payments and assess Segregation of Duties.
Understand the benefits of creating procedures/scripts, to automate testing.
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
The affect of service quality and online reviews on customer loyalty in the E...
How analytics should be used in controls testing instead of sampling
1. 20-4-2020
1
How analytics should be used
in controls testing instead of
sampling
Ken Petersen
April 2020
RSA Archer
About Jim Kaplan, CIA, CFE
President and Founder of AuditNet®,
the global resource for auditors
(available on iOS, Android and
Windows devices)
Auditor, Web Site Guru,
Internet for Auditors Pioneer
IIA Bradford Cadmus Memorial
Award Recipient
Local Government Auditor’s Lifetime
Award
Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
1
2
2. 20-4-2020
2
About AuditNet® LLC
• AuditNet®, the global resource for auditors, serves the global audit
community as the primary resource for Web-based auditing content. As the first online
audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the
use of audit technology.
• Available on the Web, iPad, iPhone, Windows and Android devices and
features:
• Over 3,000 Reusable Templates, Audit Programs, Questionnaires, and
Control Matrices
• Webinars focusing on fraud, data analytics, IT audit, and internal audit
with free CPE for subscribers and site license users.
• Audit guides, manuals, and books on audit basics and using audit
technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Surveys on timely topics for internal auditors
Introductions
HOUSEKEEPING
This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized
usage or recording of this webinar or any of its material is strictly forbidden.
If you logged in with another individual’s confirmation email you will not receive CPE as the
confirmation login is linked to a specific individual
This Webinar is not eligible for viewing in a group setting. You must be logged in with your
unique join link.
We are recording the webinar and you will be provided access to that recording after the
webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.
If you meet the criteria for earning CPE you will receive a link via email to download your
certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to
white list this address. It is from this email that your CPE credit will be sent. There may be a
processing fee to have your CPE credit regenerated if you did not receive the first mailing.
Submit questions via the chat box on your screen and we will answer them either during or at
the conclusion.
You must answer the survey questions after the Webinar or before downloading your certificate.
3
4
3. 20-4-2020
3
IMPORTANT INFORMATION
REGARDING CPE!
ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an
email with the link to download your CPE certificate. The official email for CPE will be issued via
NoReply@gensend.io and it is important to white list this address. It is from this email that your
CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the
initial distribution.
We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We
highly recommend that you work with your IT department to identify and correct any email delivery
issues prior to attending the Webinar. Issues would include blocks or spam filters in your email
system or a firewall that will redirect or not allow delivery of this email from Gensend.io
You must opt in for our mailing list. If you indicate you do not want to receive our emails your
registration will be cancelled and you will not be able to attend the Webinar.
We are not responsible for any connection, audio or other computer related issues. You must have
pop-ups enabled on you computer otherwise you will not be able to answer the polling questions
which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see
to that you do so immediately after a polling question.
The views expressed by the presenters do not necessarily represent the views, positions, or
opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them,
are for educational purposes only and do not constitute accounting or legal advice or create an
accountant-client relationship.
While AuditNet® makes every effort to ensure information is accurate and complete,
AuditNet® makes no representations, guarantees, or warranties as to the accuracy or
completeness of the information provided via this presentation. AuditNet® specifically
disclaims all liability for any claims or damages that may result from the information contained
in this presentation, including any websites maintained by third parties and linked to the
AuditNet® website.
Any mention of commercial products is for information only; it does not imply
recommendation or endorsement by AuditNet® LLC
5
6
4. 20-4-2020
4
Ken Petersen
• Currently Product Manager of TeamMate
Analytics
• 25+ years developing and implementing
systems
• In the Governance, Risk & Compliance
space since 2002
• BSBA from Ohio State, MBA from University
of Dayton, PMP certified
• ken.petersen@wolterskluwer.com
How analytics should be used in controls testing instead of sampling 7
Learning Objectives
In this Webinar, attendees will:
Understand the advantages of analytics vs sampling
Learn how to identify controls where analytics can be applied
See real life examples of controls and their associated analytics
Learn how to effect a change
8How analytics should be used in controls testing instead of sampling
7
8
5. 20-4-2020
5
POLLING QUESTION 1
Why Perform Analytics?
1) The Standards say so
2) COVID-19 - You do not have to be on site, in person, to do analytics
On a Gartner Internal Audit webinar in March 2020 with over 1000
CAE’s, the topic was remote work as an internal auditor – what’s
working and what’s not working.
A huge percentage of attendees (58%) stated that a lack of a data
analytics program means they cannot work right now – they are too
dependent on being present in the office.
3) Finding money
4) Increased assurance and reduced risk
10How analytics should be used in controls testing instead of sampling
9
10
6. 20-4-2020
6
Analytics Advantages
Sampling contains risks
Sample is not representative of the population as a whole
Efficiency
The risk of incorrect acceptance is the risk that the sample supports the conclusion that the
recorded account balance is not materially misstated when it is materially misstated.
The risk of incorrect rejection is the risk that the sample supports the conclusion that the recorded
account balance is materially misstated when it is not materially misstated.
Effectiveness
The risk of assessing control risk too low is the risk that the assessed level of control risk based on
the sample is less than the true operating effectiveness of the control.
The risk of assessing control risk too high is the risk that the assessed level of control risk based on
the sample is greater than the true operating effectiveness of the control.
Most fraud cannot be identified with sampling, many controls are intended to,
among other things, prevent fraud
Provides deeper insight into the operations of the organization
11How analytics should be used in controls testing instead of sampling
Demonstration
12How analytics should be used in controls testing instead of sampling
11
12
7. 20-4-2020
7
Controls conducive to analytics
Look for the word “Sample” in the testing procedure
Your organization may use other key words, “Data”, “Transactions”
Won’t apply to data that is not electronic
May not be appropriate for reviewing documentation
May not be appropriate for data that are not transactions, e.g. monthly
balance sheets
May not apply for the entire scope of the control
Level 2
Can document review be converted to data analysis?
13How analytics should be used in controls testing instead of sampling
POLLING QUESTION 2
13
14
8. 20-4-2020
8
Demonstration
15How analytics should be used in controls testing instead of sampling
How do we change
The individual must recognize a need for a change
The desire to change needs to be stronger than the perceived and real
difficulty of changing
16How analytics should be used in controls testing instead of sampling
15
16
9. 20-4-2020
9
Our auditors can’t do analytics
17
Requires database skills
Requires programming skills
How analytics should be used in controls testing instead of sampling
0
1
2
3
4
5
6
7
8
9
10
0 1 2 3 4 5 6 7 8 9 10
Desiretochange
Difficulty of changing (perceived /real)
When change occurs
How do we change
18
Change
No Change
How analytics should be used in controls testing instead of sampling
17
18
10. 20-4-2020
10
How do we change
Change can have a chain reaction
Change can be temporary or lasting
Other factors and people can influence our desire to change and difficulty
of change
The desire to change and the difficulty of change can change over time
Change can have side effects, good and bad
Our documentation improved because of analytics
Employee satisfaction increased when they started doing analytics
19How analytics should be used in controls testing instead of sampling
POLLING QUESTION 3
19
20