Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 9
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 10
• Handling data subject access requests (DSARs).
• The roles of controllers and processors, and the relationships between them.
• Transferring personal data outside the EU and the mechanisms for compliance.
• How to become GDPR compliant using a compliance gap assessment
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
Internal audit is a profession that struggles against the stereotypes of our past. When we explore our current processes and methodologies, one area that needs attention is executing the audit plan. If our focus is setting a plan in motion and tracking to completion each year, then we are not able to react to changes in our organizations. Financial services organizations face additional challenges in trying to balance emerging risks with the requirements of the regulatory authorities. By embracing the concept of agile auditing, we will be able to adjust more quickly and act as a more relevant partner to our organizations.
Learning Objectives
• Understand the concept of agile auditing
• Identify areas for applying agile techniques
• Discuss a strategy for successfully implementing agile audit
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Learning about outliers and how to detect them in transactions of all types.
Learning Objectives: This webinar will explain the significance of outliers when testing transactions, whether they are vendor invoices, GL postings, or travel & entertainment expenses. Examples using Arbutus Analyzer will demonstrate the best analytics for identifying outliers.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 10
• Handling data subject access requests (DSARs).
• The roles of controllers and processors, and the relationships between them.
• Transferring personal data outside the EU and the mechanisms for compliance.
• How to become GDPR compliant using a compliance gap assessment
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
Join this webinar for an introduction to the Touchstone Research for Internal Audit, an unprecedented, global research of internal audit, from Wolters Kluwer TeamMate. This session will review study approach and scope, key initial findings, a look at benchmarking, and a preview of future insights. Find out what nearly 1,000 internal audit and controls professionals have to say across about the current and future state of internal audit.
Learning Objectives:
Learn the objective of the Touchstone Research for Internal Audit
Understand how the Touchstone Maturity Model can benefit Internal Audit teams
Learn why the Touchstone Research Benchmarks for Internal Audit can be a planning tool
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
It has been said that the definition of crazy is doing the same thing over and over again and expecting a different result. If your audit analytics program is still not meeting your expectations, you are going to have to do something different to change that outcome. The biggest hurdle organizations need to overcome is getting auditors to think differently about what analytics is. Excel might not be the ultimate analytics tool for your organization but attend this webinar to see how you can use it as a catalyst for change throughout the audit team.
Learning Objectives
Learn non-technical skills auditors need to perform audit analytics
Learn commonly used Excel functions that can be applied to audit analytics
Learn how to get auditors started down a path of thinking about analytics vs automatically pulling samples
Internal audit is a profession that struggles against the stereotypes of our past. When we explore our current processes and methodologies, one area that needs attention is executing the audit plan. If our focus is setting a plan in motion and tracking to completion each year, then we are not able to react to changes in our organizations. Financial services organizations face additional challenges in trying to balance emerging risks with the requirements of the regulatory authorities. By embracing the concept of agile auditing, we will be able to adjust more quickly and act as a more relevant partner to our organizations.
Learning Objectives
• Understand the concept of agile auditing
• Identify areas for applying agile techniques
• Discuss a strategy for successfully implementing agile audit
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Learning about outliers and how to detect them in transactions of all types.
Learning Objectives: This webinar will explain the significance of outliers when testing transactions, whether they are vendor invoices, GL postings, or travel & entertainment expenses. Examples using Arbutus Analyzer will demonstrate the best analytics for identifying outliers.
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
Webinar Overview - A look at duplicates testing and the inherent value of fuzzy data matching.
Identifying fuzzy duplicates has never been easier. Arbutus Analyzer’s versatile functionality enables even new users to detect possible duplicate payments, vendors sharing similar addresses among themselves or with your organization’s employees, and counter parties who may be on government watch lists. Our webinar includes nine different scenarios with detailed descriptions of the tests and their results.
You'll learn about:
• Identifying possible risks
• How to deploy Analyzer commands and functions
Key Presenter:
Michael Kano, ACDA, Data Analytics Consultant, Arbutus Analytics
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
This document provides an agenda and overview of a webinar on lessons learned from the General Data Protection Regulation (GDPR) and applying the GDPR's data protection principles. The webinar agenda includes discussing common data security failures, managing personal data breaches, and the seven data protection principles. It also provides background on the webinar presenter and introduces the company hosting the webinar, AuditNet.
Controls that are designed to mitigate the risk of fraud are not perfect. Enterprise software such as Oracle and SAP may have built-in controls, but they are limited in scope to the data and processes that the software "touches". The most successful fraudsters know how to exploit interfaces between different processes and systems. Furthermore, the typical fraud case persists for 14 months prior to detection*.
Deploying data analytics for continuous testing can overcome many of the limitations of traditional fraud detection. Timely and appropriate detection will help organizations mitigate the impact of frauds. Robust fraud detection systems will also act as powerful deterrents.
*ACFE Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse
Learning Objectives
In this session we will raise awareness of the various types of frauds and how they can be detected using automated data analysis techniques.
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
A recent survey report, Fraud in the Wake of COVID-19: Benchmark Report, prepared by the ACFE, explains that recent events have opened the door to increased pressure, reasonings and opportunities that can lead to occupational fraud. Across all classes of fraud schemes 68% of survey respondents reported increases in fraudulent activity as of May 2020 and 93%o reported they expect an increase in fraud over the next 12 months.
To guide auditors in running detective controls, join Mark Nigrini, West Virginia University Professor and author, and Jeffrey Sorensen, Industry Strategist, for an exclusive review of the fingerprints of fraud numbers. This two-person team will review seven categories of fraud numbers and will demonstrate how to identify these types of numbers using audit software.
In this informative and engaging presentation, attendees will:
● Learn the seven categories of fraud numbers
● Understand which categories are linked to specific types of schemes
● Optimize the steps needed to run the tests
● Interpret the results to identify audit targets
● Apply a second layer of steps to reduce the number of false positives
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 8
• The security of personal data.
• An organizational risk management framework.
• Legal requirements for a DPIA.
• How to conduct a DPIA with a DPIA tool.
Today's fast-paced and evolving business environment requires internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”?
Our research has found an approach that builds on three dimensions of effectiveness that must be addressed to be highly effective:
• Meeting stakeholder expectations
• Operating core processes
• Conforming to internal audit standards and applicable regulatory requirements
Learning Objectives
In this session, participants will:
• Discuss the need for and importance of strategic planning within the internal audit function
• Explore the 3 dimensions that contribute to a highly effective internal audit function
• Populate a framework to understand how processes and expectations are aligned and where changes need to occur
• Develop an initial strategic vision based on an understanding of stakeholder expectations
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
The internal auditor has a unique and challenging role when it comes to improving the governance processes of their organization. Exercising objective judgment and maintaining professional integrity are essential roles of the internal auditor; however these roles may become undermined when strong political or cultural pressures are at play. This webinar will help internal auditors prepare for and successfully navigate through these pressures should they be encountered.
Learning Objectives:
• Understand how the IIA Code of Ethics applies to Internal Auditors
• Apply “IIA Standard 2110 – Governance” as a key resource
• Assess ethics in light of internal audit independence
• Gain insight to how organizational culture affects ethical behavior
• Evaluate independence and objectivity using a framework
Who will benefit:
Corporate Directors
Corporate Officers
Fraud & Forensic professionals
Audit professionals
Risk professionals
Compliance professionals
Legal professionals
Ethics professionals
Governance professionals
Finance and Accounting Professionals
This document summarizes a webinar about using exploratory data analytics to focus an agile audit plan on emerging risks. It discusses dispelling common myths about data analytics and using an example of analyzing employee data to identify potential issues with gender and race pay disparities. The webinar promotes using analytics to enable control owners to conduct ongoing monitoring and shifting the audit's focus to confirming controls are appropriately designed and issues are addressed.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
With more organizations exploring the concept of Combined Assurance, there have been many questions about how this relates to GRC. In this presentation, we will explore both concepts and discuss the differences between Combined Assurance and GRC so that you can consider and explore options that are most suited to the needs of your audit department and your organization as a whole.
Learning Objectives:
Understand the concepts behind Combined Assurance and GRC
Discuss pros and cons for both Combined Assurance and GRC
The fieldwork phase is the heart of the audit process. Everything auditors do in the planning phase drives them to do the right things in fieldwork. Everything auditors do in the reporting phase relates to what was found in fieldwork. Everything auditors do in the follow-up phase relates to the issues identified in fieldwork. This webinar will focus on the testing for control effectiveness. This includes capturing the best audit evidence and documenting quality work in the workpapers. This helps ensure that any competent third party person can re-perform the work and come to the same conclusion.
This webinar is for auditors who want to understand the key elements of the fieldwork phase of the audit process.
The learning objectives include the following:
- Learn about internal control terminology
- Learn about testing techniques and workpaper quality
- Learn about audit evidence
- Learn about workpaper documentation guidelines
Learn about Issues & Recommendations (I&Rs)
Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger and revenue audit areas as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
Artificial Intelligence (AI) is found in just about every industry today, and accounting and auditing are no exception. Auditors that aren’t already exploring the vast potential of AI-powered applications in their audit program will soon find these tools are the industry standard and will be left in the dust if they don’t adapt and adopt.
To learn how to easily use AI apps in audit today, join us as we welcome Deniz Appelbaum, Assistant Professor at Montclair State University, for this exclusive presentation. With deep experience in audit analytics, Big Data, blockchain, audit automation, and fraud detection, Appelbaum brings considerable practical experience with audit technology to the audit profession.
In this presentation, she will help guests:
● Gain a basic introductory understanding of AI in audit.
● Understand how AP applications can be used in the context of auditing.
● Learn how to use AI apps in an audit for specific, achievable, measurable results.
World class auditors know one of the best ways to fight the fraud risk is to be sure outsource agreements include a Right to Audit clause. Auditors feel good and sleep tight when their client tells them “of course we included the one we use all of the time”. The real test is when glitches and anomalies appear and management asks auditing to do a quick visit with the third party organization.
The discussion will offer insights into:
· Best practices audit clause language
· Compliance, operational and/or financial audit
· Plan in advance or surprise visit
· Books and records
· Location of audit
· Who can or should conduct the audit
· Impact of absence of a Service Level Agreement (SLA)
As stated in the Institute of Internal Auditors IPPF, “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk (2120.A2)”.
How is your auditing function meeting this professional expectation? The time to test fraud controls is before you have a fraud. Testing fraud controls is more commonly referred to as an “anti-fraud” assessment and is typically conducted by auditors as a consulting service. How long has it been since a comprehensive review was conducted at your organization? Once completed, as the company changes over time, sections of the first review should be updated.
This webinar will cover:
· How strong are your controls?
· Are you looking for fraud or is fraud looking for you?
· The time to detect directly impacts the chances of recovery
· Shell Vendors uncovered made the headlines in 2016
· Looking for signs of complacency in the workplace
· A robust organizational COSO based framework that organizes your work from cradle to grave
· Working paper and check list recommendations
· Actual audit report sample (with author identification removed)
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 5
• Certification against GDPR
• The powers of supervisory authorities
• Lead supervisory authorities
• The role of the European Data Protection Board (EDPB)
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Forensic and Investigative Audit Reporting
• Types of reporting
• Management
• Board/Audit committee
• Disciplinary action
• Litigation support
• Criminal process
• Follow up and remedial action
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
Implementing and Auditing GDPR Series (1 of 10)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 1 of 10
• Bands of penalties and range of awards for breaches
• Lawfulness of processing and consent
• The six data protection principles
This document provides an overview of data protection impact assessments (DPIAs) and the role of the data protection officer (DPO) under the General Data Protection Regulation (GDPR). It discusses when DPIAs are required, the DPIA process, how to identify and assess risks, select controls, and ensure continuous monitoring. It also outlines the DPO requirements, including the need for independence and expertise. The DPO is responsible for enabling compliance and fostering a data protection culture.
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
Webinar Overview - A look at duplicates testing and the inherent value of fuzzy data matching.
Identifying fuzzy duplicates has never been easier. Arbutus Analyzer’s versatile functionality enables even new users to detect possible duplicate payments, vendors sharing similar addresses among themselves or with your organization’s employees, and counter parties who may be on government watch lists. Our webinar includes nine different scenarios with detailed descriptions of the tests and their results.
You'll learn about:
• Identifying possible risks
• How to deploy Analyzer commands and functions
Key Presenter:
Michael Kano, ACDA, Data Analytics Consultant, Arbutus Analytics
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
This document provides an agenda and overview of a webinar on lessons learned from the General Data Protection Regulation (GDPR) and applying the GDPR's data protection principles. The webinar agenda includes discussing common data security failures, managing personal data breaches, and the seven data protection principles. It also provides background on the webinar presenter and introduces the company hosting the webinar, AuditNet.
Controls that are designed to mitigate the risk of fraud are not perfect. Enterprise software such as Oracle and SAP may have built-in controls, but they are limited in scope to the data and processes that the software "touches". The most successful fraudsters know how to exploit interfaces between different processes and systems. Furthermore, the typical fraud case persists for 14 months prior to detection*.
Deploying data analytics for continuous testing can overcome many of the limitations of traditional fraud detection. Timely and appropriate detection will help organizations mitigate the impact of frauds. Robust fraud detection systems will also act as powerful deterrents.
*ACFE Report to the Nations: 2020 Global Study on Occupational Fraud and Abuse
Learning Objectives
In this session we will raise awareness of the various types of frauds and how they can be detected using automated data analysis techniques.
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
Webinar contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, Objectivity and diligence
Conflicts of Interest
Reporting of Material Facts
Corporate Codes of Conduct
Corporate Social Responsibility
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
A recent survey report, Fraud in the Wake of COVID-19: Benchmark Report, prepared by the ACFE, explains that recent events have opened the door to increased pressure, reasonings and opportunities that can lead to occupational fraud. Across all classes of fraud schemes 68% of survey respondents reported increases in fraudulent activity as of May 2020 and 93%o reported they expect an increase in fraud over the next 12 months.
To guide auditors in running detective controls, join Mark Nigrini, West Virginia University Professor and author, and Jeffrey Sorensen, Industry Strategist, for an exclusive review of the fingerprints of fraud numbers. This two-person team will review seven categories of fraud numbers and will demonstrate how to identify these types of numbers using audit software.
In this informative and engaging presentation, attendees will:
● Learn the seven categories of fraud numbers
● Understand which categories are linked to specific types of schemes
● Optimize the steps needed to run the tests
● Interpret the results to identify audit targets
● Apply a second layer of steps to reduce the number of false positives
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 8
• The security of personal data.
• An organizational risk management framework.
• Legal requirements for a DPIA.
• How to conduct a DPIA with a DPIA tool.
Today's fast-paced and evolving business environment requires internal audit to consider its capabilities and needs to ensure appropriate strategic planning. How can CAEs develop strategic plans that result in their stakeholders viewing the audit function as “highly effective”?
Our research has found an approach that builds on three dimensions of effectiveness that must be addressed to be highly effective:
• Meeting stakeholder expectations
• Operating core processes
• Conforming to internal audit standards and applicable regulatory requirements
Learning Objectives
In this session, participants will:
• Discuss the need for and importance of strategic planning within the internal audit function
• Explore the 3 dimensions that contribute to a highly effective internal audit function
• Populate a framework to understand how processes and expectations are aligned and where changes need to occur
• Develop an initial strategic vision based on an understanding of stakeholder expectations
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
The internal auditor has a unique and challenging role when it comes to improving the governance processes of their organization. Exercising objective judgment and maintaining professional integrity are essential roles of the internal auditor; however these roles may become undermined when strong political or cultural pressures are at play. This webinar will help internal auditors prepare for and successfully navigate through these pressures should they be encountered.
Learning Objectives:
• Understand how the IIA Code of Ethics applies to Internal Auditors
• Apply “IIA Standard 2110 – Governance” as a key resource
• Assess ethics in light of internal audit independence
• Gain insight to how organizational culture affects ethical behavior
• Evaluate independence and objectivity using a framework
Who will benefit:
Corporate Directors
Corporate Officers
Fraud & Forensic professionals
Audit professionals
Risk professionals
Compliance professionals
Legal professionals
Ethics professionals
Governance professionals
Finance and Accounting Professionals
This document summarizes a webinar about using exploratory data analytics to focus an agile audit plan on emerging risks. It discusses dispelling common myths about data analytics and using an example of analyzing employee data to identify potential issues with gender and race pay disparities. The webinar promotes using analytics to enable control owners to conduct ongoing monitoring and shifting the audit's focus to confirming controls are appropriately designed and issues are addressed.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
With more organizations exploring the concept of Combined Assurance, there have been many questions about how this relates to GRC. In this presentation, we will explore both concepts and discuss the differences between Combined Assurance and GRC so that you can consider and explore options that are most suited to the needs of your audit department and your organization as a whole.
Learning Objectives:
Understand the concepts behind Combined Assurance and GRC
Discuss pros and cons for both Combined Assurance and GRC
The fieldwork phase is the heart of the audit process. Everything auditors do in the planning phase drives them to do the right things in fieldwork. Everything auditors do in the reporting phase relates to what was found in fieldwork. Everything auditors do in the follow-up phase relates to the issues identified in fieldwork. This webinar will focus on the testing for control effectiveness. This includes capturing the best audit evidence and documenting quality work in the workpapers. This helps ensure that any competent third party person can re-perform the work and come to the same conclusion.
This webinar is for auditors who want to understand the key elements of the fieldwork phase of the audit process.
The learning objectives include the following:
- Learn about internal control terminology
- Learn about testing techniques and workpaper quality
- Learn about audit evidence
- Learn about workpaper documentation guidelines
Learn about Issues & Recommendations (I&Rs)
Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger and revenue audit areas as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
Artificial Intelligence (AI) is found in just about every industry today, and accounting and auditing are no exception. Auditors that aren’t already exploring the vast potential of AI-powered applications in their audit program will soon find these tools are the industry standard and will be left in the dust if they don’t adapt and adopt.
To learn how to easily use AI apps in audit today, join us as we welcome Deniz Appelbaum, Assistant Professor at Montclair State University, for this exclusive presentation. With deep experience in audit analytics, Big Data, blockchain, audit automation, and fraud detection, Appelbaum brings considerable practical experience with audit technology to the audit profession.
In this presentation, she will help guests:
● Gain a basic introductory understanding of AI in audit.
● Understand how AP applications can be used in the context of auditing.
● Learn how to use AI apps in an audit for specific, achievable, measurable results.
World class auditors know one of the best ways to fight the fraud risk is to be sure outsource agreements include a Right to Audit clause. Auditors feel good and sleep tight when their client tells them “of course we included the one we use all of the time”. The real test is when glitches and anomalies appear and management asks auditing to do a quick visit with the third party organization.
The discussion will offer insights into:
· Best practices audit clause language
· Compliance, operational and/or financial audit
· Plan in advance or surprise visit
· Books and records
· Location of audit
· Who can or should conduct the audit
· Impact of absence of a Service Level Agreement (SLA)
As stated in the Institute of Internal Auditors IPPF, “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk (2120.A2)”.
How is your auditing function meeting this professional expectation? The time to test fraud controls is before you have a fraud. Testing fraud controls is more commonly referred to as an “anti-fraud” assessment and is typically conducted by auditors as a consulting service. How long has it been since a comprehensive review was conducted at your organization? Once completed, as the company changes over time, sections of the first review should be updated.
This webinar will cover:
· How strong are your controls?
· Are you looking for fraud or is fraud looking for you?
· The time to detect directly impacts the chances of recovery
· Shell Vendors uncovered made the headlines in 2016
· Looking for signs of complacency in the workplace
· A robust organizational COSO based framework that organizes your work from cradle to grave
· Working paper and check list recommendations
· Actual audit report sample (with author identification removed)
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 5
• Certification against GDPR
• The powers of supervisory authorities
• Lead supervisory authorities
• The role of the European Data Protection Board (EDPB)
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Forensic and Investigative Audit Reporting
• Types of reporting
• Management
• Board/Audit committee
• Disciplinary action
• Litigation support
• Criminal process
• Follow up and remedial action
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
Implementing and Auditing GDPR Series (1 of 10)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 1 of 10
• Bands of penalties and range of awards for breaches
• Lawfulness of processing and consent
• The six data protection principles
This document provides an overview of data protection impact assessments (DPIAs) and the role of the data protection officer (DPO) under the General Data Protection Regulation (GDPR). It discusses when DPIAs are required, the DPIA process, how to identify and assess risks, select controls, and ensure continuous monitoring. It also outlines the DPO requirements, including the need for independence and expertise. The DPO is responsible for enabling compliance and fostering a data protection culture.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 2 of 10
• Special categories of personal data
• The rights of data subjects, including data access requests
• Controllers and processors
Internal auditors regularly access organization information for audit purposes. Many organizations now maintain computerized data warehouses containing useful management and financial information. Audit professionals therefore need to understand both the concepts of data warehousing as well as data mining techniques.
Data warehousing is a process for assembling and managing data from various sources for the purpose of gaining a single, detailed view of part or all of a business.
Data mining is the use of automated tools to explore and analyze large amounts of data stored in those data warehouses.
Print reports represent a valuable source of unstructured data which can be useful for internal auditors. Using print reports for data mining will be the main area covered in this Webinar.
Objectives
1. Identify the difference between data analysis and data mining Understand the importance between structured and unstructured data
2. Learn tips and best practices for data mining print reports
3. Understand how excel and IDEA handle importing different PDF formats
4. How to use templates to make future imports a one button task
From time-to-time internal auditors are faced with situations which call for them to make an ethical decision. In addition, they may, in the middle of auditing, come across circumstances which themselves appear to be violations of a corporate
code-of-conduct.
Several laws now specifically state that internal auditors, in terms of the act, will be bound by the IIA Code of Ethics.
This webinar explores the IIA Code of Ethics as it applies to everyday situations the auditor may encounter.
The module is designed to provide the participants with an in-depth knowledge of:
Ethics theory
The IIA Code of Ethics
Applicable areas within Internal Audit
Reporting of material facts
Corporate Codes of Conduct
Auditing Corporate Ethics
MODULE CONTENTS
Module contents will include:
Classes of Ethics
The role of business
Employee ethics
Honesty, objectivity and diligence
Conflicts of interest
Reporting of material facts
Corporate Codes of Conduct
Corporate Social Responsibility
IT Fraud Series: IT Fraud and Countermeasures - July 20, 2017
Description
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session IT Fraud and Countermeasures
• Investigating by computer
• Document collection and analysis
• Interviewing skills
• Documenting evidence
• Testifying as a witness
The Future of Auditing and Fraud Detection – Re-imagining the art and science of auditing and fraud detection is coming to the forefront of risk management functions. What was seen as a “nice to have” a few years ago has become a “must have” as digital transformation and data surrounds all aspects of the organization.
Specific learning objectives include:
o See how analytics can maximize the annual audit plan and better ensure focus is placed on top organizational risks.
o Establish a framework to using analytics and automation across the entire audit lifecycle.
o Use the general ledger as a case study to provide a digital road map for analytics for detecting fraud (and errors) within the organization.
o Define the top company areas for data integration from structured, unstructured and external data sources.
o Highlight culturally what audit and fraud detection functions must do to embrace continuous embedded analytic reviews.
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 1 of 10
This Webinar focuses on Cyber Defense
• Threats/Threat actors/Common Cyber Attack methods
• Attacks and vulnerabilities exposed
• Layered protection measures against Cyber threats
• Firewalls and levels of protection they provide
• Traffic profiling and monitoring for inbound and outbound traffic
• Intrusion Detection
• Incidences of Compromises
• Penetration testing regimes and vulnerability testing
• NIST Vulnerability Checklist
• The Security Content Automation Protocol (SCAP)
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
Sampling has existed as a standard for controls testing since controls testing began. We’ve developed algorithms to tell us how many samples we should pull and how many errors we can have and still pass the control. We’ve even developed algorithms to tell us how many more samples we can test if the control didn’t pass the first time.
If your goal is simply to do the minimum to pass a SOX audit, then these behaviors should probably continue. If your goals also include really improving the operations of the organization to make it stronger then a more holistic approach is needed, such as analysis on 100% of the population, rather than a small sample.
Most controls analytics do not require a degree in data science, but they do require the controls team begin changing its behaviors. Join us to understand what it takes to begin this change, it’s not as challenging as you might think.
Learning Objectives
Understanding the advantages of analytics vs sampling
How to Identify controls where analytics can be applied
Real life examples of controls and their associated analytics
How to effect a change
A Retrospective in Analytic Auditing and What’s Ahead
Description
The speaker will outline salient best practices in establishing an analytic program based on lessons learned looking back on the past two and a half decades. Specific learning objectives include:
o Review key dates in the last two decade’s timing that led to the advancement of audit data analytic programs.
o Highlight lessons learned over the years through case study examples.
o Outline the effective culture around the analytics program to serve as its foundation.
o Learn to apply analytics across the entire lifecycle from risk assessment, to planning, fieldwork, and reporting.
o Present analytic best practices being deployed by top performing organizations.
This document provides an overview of Dun & Bradstreet's Compliance capabilities and solutions. It discusses how regulatory compliance is largely about managing data related to customers, suppliers, and third parties. It notes the increasing complexity of the global regulatory landscape. The document then outlines the high costs organizations face due to bad data, such as duplicate suppliers and poor quality customer data. It introduces D&B's tools and datasets that help organizations reduce costs, mitigate risk, and ensure regulatory compliance through features like entity resolution, ownership data, screening against watchlists, and monitoring capabilities. In summary, the document promotes D&B's compliance solutions for managing third-party risk, customer due diligence, and overall regulatory compliance through leveraging its global datasets
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
Webinar Description: In my years leading data analytics projects and teams, I have come across several different structures for the integration of DA. Some were at large multinational corporations and others were at small- and medium-sized organizations, including government bodies. Today, we'll look at four different models for the management of data analytics in Internal Audit departments. The key characteristics of each model will be described, as well as the strengths and weaknesses.
Participant Outcomes: By the end of this session, participants will be able to identify the model which best fits their organization.
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, mandating that data about consumers be protected against a breach. If your IBM i system contains data for consumers from the state of California, the time to prepare is now.
In this webinar featuring well-known IBM i encryption expert Patrick Townsend, we share information that will help you prepare for CCPA compliance, including:
• Consumer rights granted by CCPA
• Hardening systems to prevent a breach
• Obscuring data to prevent exposure
• How Syncsort can help
CCPA is almost here. View this webinar on-demand and get started down the path to compliance!
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Data Analytics
• Probability theory in Data Analysis
• Types of Evidence
• Population Analysis
• Correlations and Regressions
• Fraud Detection using Data Analysis
• Data analysis and Continuous Monitoring
• Continuous Auditing
• Financial Analysis
Many auditors often forget the fundamentals of internal auditing. This webinar will focus on areas of internal auditing that every auditor should know. This includes understanding Audit’s role in the organization, IIA standards, internal control, and the key components of the audit process.
This webinar is for auditors who want to understand the key components of the audit process including characteristics of successful auditors.
The learning objectives include the following:
Learn about the IIA Professional Practices Framework
Learn about the framework of internal control as defined by the Committee of Sponsoring Organizations (COSO)
Learn about the basic elements of the audit process
Selecting the right Computer Assisted Audit Tool may appear to be a huge undertaking; however, following a systematic approach eases the burden. The right approach minimizes the risk of selecting a product that might not fit into your organization, which could impair your function as it sits underutilized or on the shelf. While point and click visual style tools are settling into the market, many auditors rely on the legacy step-by-step software tools such as ACL, IDEA, Excel and “add-on” tools.
Many chief auditors pursue opportunities to increase the frequency and intensity of interactions with management and realize nothing gets attention faster than finding previously undetected anomalies in company data. Finding the right issues quickly and timely improves the value of audit and can assist audit in winning more work.
Attending this webinar you will learn:
· Identify analysis and financial constraints
· Scoping and defining audit strategic objectives
· Reviewing selection field based on Technical needs
· Building a short/long term on-boarding roadmap
· Realize the lost opportunity of not including all auditors (no auditor left behind)
The CCPA has a big impact on the digital ecosystem, putting guidelines on personal information collection and post-data-acquisition data usage by businesses. CCPA compliance deadline commenced January 2020 and it’s critical to know how this will impact your business in order to avoid violations. If you haven’t started redoing your privacy policy, that’s your next step now that California residents have more control over what happens to their personal information that companies collect. We had a live Q&A session where we address your most burning questions and unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
Webinar Series Overview: In today’s world, fraud investigations have become an everyday part of corporate life and the auditor must gain expertise in this area.
The 8 part series will cover the tasks of the fraud auditor, Forensic techniques and tools and the abilities required of the fraud auditor, the type and nature of common frauds, investigating fraud, computer fraud and control, white collar crime, the auditor in court.
This session Fraud Auditing Creative Techniques
• Auditing Techniques
• Auditing method 1- 'Tiger Team Test"
• Auditing method 2- "Application of Benford's Theorem"
• Auditing method 3- "Use of Barium test"
• Auditing method 4- " Use of Birbal tricks and traps"
• Auditing method 5- "Application of inverse logic"
• Auditing method 6- "Use of Space-time dimension in data evaluation"
This document advertises an upcoming hedge fund compliance conference that will take place on October 6-7, 2016 in New York City. The conference will feature presentations from regulators at the SEC and FBI, as well as hedge fund compliance professionals. Topics will include regulatory priorities and examinations, cybersecurity, conflicts of interest, and insider trading. Attendees can earn CLE/ethics credits. A pre-conference workshop on October 6th will focus on preparing for and undergoing an SEC exam.
Similar to Implementing and Auditing GDPR Series (9 of 10) (20)
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...my Pandit
Dive into the steadfast world of the Taurus Zodiac Sign. Discover the grounded, stable, and logical nature of Taurus individuals, and explore their key personality traits, important dates, and horoscope insights. Learn how the determination and patience of the Taurus sign make them the rock-steady achievers and anchors of the zodiac.
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
1. Richard Cascarino CISM,
CIA, ACFE, CRMA
General Data
Protection Regulation
(GDPR) Webinar 9
Data Mapping and
Data Rights
2. About Jim Kaplan, CIA, CFE
President and Founder of AuditNet®,
the global resource for auditors
(available on iOS, Android and
Windows devices)
Auditor, Web Site Guru,
Internet for Auditors Pioneer
IIA Bradford Cadmus Memorial Award
Recipient
Local Government Auditor’s Lifetime
Award
Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
Page 2
3. ABOUT AUDITNET® LLC
• AuditNet®, the global resource for auditors, serves the global audit
community as the primary resource for Web-based auditing content. As the first online
audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the
use of audit technology.
• Available on the Web, iPad, iPhone, Windows and Android devices and
features:
• Over 3,100 Reusable Templates, Audit Programs, Questionnaires, and
Control Matrices
• Webinars focusing on fraud, data analytics, IT audit, and internal audit
with free CPE for subscribers and site license users.
• Audit guides, manuals, and books on audit basics and using audit
technology
• LinkedIn Networking Groups
• Monthly Newsletters with Expert Guest Columnists
• Surveys on timely topics for internal auditors
Introductions
Page 3
4. HOUSEKEEPING
This webinar and its material are the property of AuditNet® and its Webinar partners.
Unauthorized usage or recording of this webinar or any of its material is strictly forbidden.
• If you logged in with another individual’s confirmation email you will not receive
CPE as the confirmation login is linked to a specific individual
• This Webinar is not eligible for viewing in a group setting. You must be logged in with
your unique join link.
• We are recording the webinar and you will be provided access to that recording after
the webinar. Downloading or otherwise duplicating the webinar recording is expressly
prohibited.
• If you meet the criteria for earning CPE, you will receive a link via email to download
your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is
important to white list this address. It is from this email that your CPE credit will be sent.
There may be a processing fee to have your CPE credit regenerated if you did not
receive the first mailing.
• Submit questions via the chat box on your screen and we will answer them either during
or at the conclusion.
• You must answer the survey questions after the Webinar or before downloading your
certificate.
5. IMPORTANT INFORMATION
REGARDING CPE!
• ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive
an email with the link to download your CPE certificate. The official email for CPE will be
issued via cpe@email.cpe.io and it is important to white list this address. It is from this email
that your CPE credit will be sent. There may be a processing fee to have your CPE credit
regenerated after the initial distribution.
• We cannot manually generate a CPE certificate as these are handled by our 3rd party provider.
We highly recommend that you work with your IT department to identify and correct any email
delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in
your email system or a firewall that will redirect or not allow delivery of this email from
Gensend.io
• You must opt-in for our mailing list. If you indicate, you do not want to receive our emails
your registration will be cancelled, and you will not be able to attend the Webinar.
• We are not responsible for any connection, audio or other computer related issues. You must
have pop-ups enabled on you computer otherwise you will not be able to answer the polling
questions which occur approximately every 20 minutes. We suggest that if you have any
pressing issues to see to that you do so immediately after a polling question.
6. The views expressed by the presenters do not necessarily represent the views,
positions, or opinions of AuditNet® LLC. These materials, and the oral presentation
accompanying them, are for educational purposes only and do not constitute
accounting or legal advice or create an accountant-client relationship.
While AuditNet® makes every effort to ensure information is accurate and complete,
AuditNet® makes no representations, guarantees, or warranties as to the accuracy or
completeness of the information provided via this presentation. AuditNet® specifically
disclaims all liability for any claims or damages that may result from the information
contained in this presentation, including any websites maintained by third parties and
linked to the AuditNet® website.
Any mention of commercial products is for information only; it does not imply
recommendation or endorsement by AuditNet® LLC
7. ABOUT RICHARD CASCARINO,
MBA, CIA, CISM, CFE, CRMA
• Principal of Richard Cascarino &
Associates based in Colorado USA
• Over 28 years experience in IT audit
training and consultancy
• Past President of the Institute of
Internal Auditors in South Africa
• Member of ISACA
• Member of Association of Certified
Fraud Examiners
• Author of Data Analytics for Internal
Auditors
7
8. TODAY’S AGENDA
Page 8
• Ending Privacy Shield
• California Act
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
9. WHAT WAS PRIVACY SHIELD
Framework governing the flow of data
between the EU and the US for
commercial purposes.
Companies self-certify to the US
Department of Commerce.
Adhere to 23 principles laying out the
requirements for the use and treatment of
personal data received from the EU
10. WHAT WAS PRIVACY SHIELD
Deemed to provide “adequate” privacy
protection to personal data transferred
outside of EU.
Was relied upon by over 5,000 European
and US companies to conduct over $7
trillion in commercial transactions
11. WHAT WAS PRIVACY SHIELD
for its lax handling of personal data of
users
Transference of personal data by
Facebook, Ireland to Facebook Inc. in the
USA, on the strength of the Standard
Contractual Clauses (SCC), was
challenged by Mr. Schrems (Schrems II)
USA allows the unbridled collection of data,
deemed inconsistent with the legal
framework of the EU
Privacy Shield removed by EU July 16
2020
12. PRIVACY SHIELD CANCELLATION
Took immediate effect with no grace period
Indicated probable greater scrutiny for
alternate data transfer mechanisms like
standard contractual clauses (SCCs) and
binding corporate rules (BCRs)
Currently valid in principle
Enforceable data subject rights and
effective remedies required
13. PRIVACY SHIELD CANCELLATION
Consideration of local laws governing
access by public authorities in third country
required
Many companies now uncertain over how
to conduct business involving transatlantic
data transfers
DPAs must suspend/prohibit transfers if
SCCs are not/cannot be complied with and
required level of protection cannot be
ensured by other means
14. STILL UNCERTAIN
When will Commission release new SCCs?
Will they make any difference?
Would existing adequacy decisions (e.g.
Israel, Canada (PIPEDA), etc.) withstand
challenge?
Impact of BREXIT?
Can EU-US transfers be based on SCCs?
Can EU-US transfers be based on BCRs?
15. NOW NEEDED
Transfer adequacy assessment must be
conducted to determine whether
appropriate safeguards can be ensured,
If appropriate safeguards cannot be
ensured when transferring the data,
companies must suspend or end the
transfer
16. NOW NEEDED
Where transfers are deemed necessary for
important reasons of public interest, the
EDPB emphasizes the need for an
important public interest, as opposed to
only focusing on the nature of the
transferring organization
Companies must analyze agreements to
identify the range of data privacy and
security obligations addressed in the terms
17. CALIFORNIA LEGISLATION
California Consumer Privacy Act Ma
State statute intended to enhance privacy
rights and consumer protection for residents
of California
Took effect on January 1, 2020
Six Statutory rights:
18. STATUTORY RIGHTS
1.To be provided with information on what personal information is
collected about them and the purposes for which that personal
information is used.
2. To be provided with information on what personal information is sold or
disclosed for a business purpose and to whom.
3. To opt out of the sale of their personal information to third parties (or in
the case of minors under age 16, to require an opt in before the sale of
their personal information).
4. To request the deletion of their personal information.
5. Not to be subject to discrimination for exercising any of the above
rights, including being denied goods or services or being charged a
different price, or being subjected to a lower level of quality, of such
goods or services.
6. To seek statutory damages of $100 to $750 for breaches of
unencrypted personal information that arise as a result of a business’
violation of its duty to implement and maintain reasonable
security procedures.
19. APPLIES TO
For profit business entities in CA that:
Gross revenue of 25 million dollar or more
Receives or share more then 50,000
consumers, households, or devices
More than 50% of revenue from the sale of PHI
Exception for HIPAA, CMIA ( California Medical
Information Act), GLBA (Gramm Leach Bliley Act
) statues
20. REQUIREMENTS
Business required to post details on website or
other public means how they’re using or not using
consumer data for rolling 12 months and opt out
instructions
Businesses will have to develop processes and
procedures to accommodate all consumer rights
including data mapping / access reports
21. REQUIREMENTS
Requirements for businesses to reasonably
safeguard consumer data
Significant damage implications for business if fail
to comply (enforced by CA AG)
Consumers have a private right of action but it’s
limited ($100 to $750 per violation)
Fines for business $7500 per violation
22. GDPR AND CCPA
CCPA GDPR
Broad right of access to personal Article 15 addresses fields, but not
information (Sec 100, 110, 130) timeframe
Right to data portability for Only applies if access request is electronic
access to personal responded to information (Sec 100)
electronically, narrower than Article 20
Right to delete personal Very similar to but arguably broader than
information (Sec 105) Article 17, which sets greater limits on its
application
Right to receive an accounting Closest right under GDPR is right of
disclosures (“sale” or “for access under Article 15
business purposes”) of personal
information (Sec 115, 130)*
Right to object to sale of personal Narrower and more specific than Article
information (Sec 120) 21
Right to opt-in for sale of minors’ Narrower and more specific than Article 8
personal information or to authorize
sale after exercising the right to
object (Sec 120)
23. DATA MAPPING
GDPR requires organizations need to map their
data flows to assess privacy risks
Data flow map forms part of Article 30
documentation
An essential first step in completing a DPIA (data
protection impact assessment)
24. DPIA
Article 35: Data protection impact assessment
Controller must seek the advice of the data
protection officer.
Required in situations involving:
Automated processing
Profiling
Creation of legal effects
Significantly affecting the natural person
Processing of large-scale categories of sensitive data
Data that relates to criminal offences or convictions
Monitoring on a large scale
Conduct a post-implementation review when risk
profile changes
25. DPIA,DPO, PRIVACY BY DESIGN
AND DEFAULT
Data Protection Impact Assessment (DPIA)
Is there a
high risk
for the
individual
Assessment of
risks for
individuals
Identification
of the
mitigation
measures
If Remains
consult the
DPA
Data Protection Officer (DPO)
Advises company and its staff on GDPR obligations.
Monitors compliance with GDPR and internal privacy policies (assignment of
responsibilities; awareness-raising; trainings; audits).
Provides advice on DPIA and monitors its performance.
Cooperates with DPAs and acts as a contact point (in case of DPA
consultation).
26. DATA PROTECTION IMPACT
ASSESSMENT PROCESS
1. Description of
Envisaged
Processing
2. Assessment
of Necessity and
Proportionality
3. Measures
Envisaged to
Demonstrate
Compliance
4. Assessment
of the Risks to
Rights and
Freedoms
5. Measures
Envisaged to
Address the
Risks
6.
Documentation
7. Monitoring &
Review
27. DATA MAPPING
The ICO staged approach to an effective
DPIA:
1.Required when there is a change in processing
of personally identifiable information (PII)
2.Determine the information flows throughout the
organization in order to make a proper
assessment of the privacy risks
3.Identify the risks related to privacy and
processing, including the necessity and
proportionality of the change in processing
4.Identify possible privacy solutions to address the
risks that have been identified
28. DATA MAPPING
5.Assess how the data protection principles have
been applied throughout the organization
6.Sign-off and record the DPIA, including details of
which privacy solutions are too be implemented
7.Integrate the result of the DPIA back into the
project plan
8.Conduct a post-implementation review where
risk profile of PII data has changed
29. INFORMATION FLOW
Walk through the information lifecycle to
identify unforeseen or unintended uses of the
data
Ensure the people who will be using the
information are consulted on the practical
implications
Consider the potential future uses of the
information collected, even if it is not
immediately necessary
30. DETERMINE
Workflow inputs and outputs:
How is personal data collected (e.g. form, online, call
center, other)?
Who is accountable for personal data?
What is the location of the systems/filing systems
containing the data?
Who has access to the information?
Is the information disclosed/shared with anyone (e.g
suppliers, third parties)?
Does the system interface with, or transfer information to,
other systems?
32. RIGHTS OF DATA SUBJECTS
Four basic rights:
Subject's right to access to information.
Right of correction, technically known as the
right to rectification
Right to be forgotten (erasure)
Rights in the scope of consent (if that's the
legal ground for processing)
33. INDIVIDUAL’S RIGHTS
Existing rights:
1. Notice right (transparency requirement).
2. Right of access.
3. Right to rectification.
4. Right to restriction.
5. Right to object.
6. Right to erasure (“right to be forgotten”).
7. Right not to be subject to automated decision-making.
34. ENHANCED PERSONAL PRIVACY
RIGHTS
The General Data Protection
Regulation (GDPR) imposes new rules
on organizations that offer goods and
services to people in the European
Union (EU), or that collect and analyze
data tied to EU residents, no matter
where they are located.
Right to data portability
Data breach notification
requirements.
35. ENHANCED PERSONAL PRIVACY
RIGHTS
Right to be informed
Right to erasure
Right to data portability
Right to restriction
Right to rectification
Right of access
Including additional processing details
Right to object
Right to prevent automated processing, including
profiling
36. SECURITY AND DATA BREACH
NOTIFICATIONS
Controller Notification of
data breach
Processor
Notification of
data breach
DPA Data subjects
Within
72hrs
if “high risk”
without undue delay
37. SUBJECT ACCESS
REQUESTS
Under Data Protection, a person has always had the
right to request access to all of the information held
about them
This is called a Subject Access Request (SAR)
Subject Access Requests must be completed within
one month free of charge
Holding an accurate inventory of information will be a
key enabler for completing SAR efficiently
Data has to be provided in a standard format
The person must also be informed of further
information, including the relevant Retention Periods
for the data held and their right to have inaccuracies
corrected
38. DATA SUBJECT ACCESS
REQUEST
By submitting a DSAR (data subject access request) to an organization,
individuals are entitled to receive:
Confirmation that their personal information is being processed;
Access to that information;
The organization’s lawful basis for processing;
The names or categories of any third parties that the information has
been shared with;
The estimated period for which the personal data will be stored (or, if
this hasn’t yet been decided, the criteria used to determine that
period);
Any relevant information about how the personal data was obtained;
and
Information about automated decision-making, including profiling,
and the reasoning for and potential consequences of the automation.
39. HANDLING ACCESS RIGHT
REQUESTS
AKA:
Verifiable Consumer Requests
Verify and Authenticate all Requestors Identities
Collect, Manage and Review Internal Data to Fulfill
Subject Access Requests
Track, Review and Approve Subject Access Request
Forms
Ticket and Assign Subject Access Requests
Encrypt and Securely Deliver Information
40. ACCESS REQUEST
CHALLENGES
Compliance with applicable laws/regulations
Intake and log requests by type (i.e., access, deletion, etc.)
Verify identity of individual requestors
Assess which requests must be responded to
Identify requestors’ data within company systems
Effectively collaborate with stakeholders to respond to requests
Track requests to ensure timeframes met
Communicate resolution of requests to individuals
Automate processes to ensure accuracy and timeliness
Maintain an audit trail to demonstrate compliance
Report on processes and outcomes
41. LAWFUL BASIS FOR
PROCESSING: CONSENT
Consent must be
freely given,
specific,
informed and
unambiguous
Consent is revocable at any time (but not retroactively!)
Cannot be combined with another basis for processing
Minors (<16; member countries may set lower limit) cannot consent
Processor/Controller must be able to demonstrate consent was
obtained
Official guidance on consent can be found at:
http://ec.europa.eu/newsroom/article29/item-
detail.cfm?item_id=623051
42. GIVING AND WITHDRAWING
CONSENT
Consent requires clear affirmative action
“Consent should be given by a clear affirmative act…
such as by a written statement, including by
electronic means, or an oral statement.”
Under the GDPR you may share information
without consent if, in your judgement, there is
a lawful reason to do so, such as where safety
may be at risk
43. WITHDRAWAL
Article 7(3) of the GDPR prescribes that the controller
must ensure that consent can be withdrawn by the
data subject as easy as giving consent and at any
given time
The GDPR does not say that giving and withdrawing
consent must always be done through the same action
When consent is obtained via electronic means
through only one mouse-click, swipe, or keystroke,
data subjects must, in practice, be able to withdraw
that consent equally as easily
Withdrawal of consent must be possible free of charge
or without lowering service levels
44. WHEN WITHDRAWN
All data processing operations that were based on
consent and took place before the withdrawal of
consent - and in accordance with the GDPR - remain
lawful, however, the controller must stop the
processing actions concerned
Controllers have an obligation to delete data that was
processed on the basis of consent once that consent
is withdrawn
Withdrawal of consent does not mean a controller
must erase data that are processed for a purpose that
is based on the performance of the contract with the
data subject
46. AUDITNET® AND CRISK
ACADEMY
• If you would like forever
access to this webinar
recording
• If you are watching the
recording, and would like
to obtain CPE credit for
this webinar
• Previous AuditNet®
webinars are also
available on-demand for
CPE credit
http://criskacademy.com
http://ondemand.criskacademy.com
Use coupon code: 50OFF for a
discount on this webinar for one week
47. THANK YOU!
Page 47
Jim Kaplan
AuditNet® LLC
1-800-385-1625
Email:info@auditnet.org
www.auditnet.org
Follow Me on Twitter for Special Offers - @auditnet
Join my LinkedIn Group –
https://www.linkedin.com/groups/44252/
Like my Facebook business page
https://www.facebook.com/pg/AuditNetLLC
Richard Cascarino & Associates
Cell: +1 970 819 7963
Tel +1 303 747 6087 (Skype Worldwide)
Tel: +1 970 367 5429
eMail: rcasc@rcascarino.com
Web: http://www.rcascarino.com
Skype: Richard.Cascarino