SlideShare a Scribd company logo

Right to Audit Clauses: What you need to know!

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

World class auditors know one of the best ways to fight the fraud risk is to be sure outsource agreements include a Right to Audit clause. Auditors feel good and sleep tight when their client tells them “of course we included the one we use all of the time”. The real test is when glitches and anomalies appear and management asks auditing to do a quick visit with the third party organization. The discussion will offer insights into: · Best practices audit clause language · Compliance, operational and/or financial audit · Plan in advance or surprise visit · Books and records · Location of audit · Who can or should conduct the audit · Impact of absence of a Service Level Agreement (SLA)

Business
1 of 27
Download to read offline
9/22/2017 1 Right To Audit Clauses: What You Need to Know! September 25, 2017 About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
9/22/2017 2 About AuditNet® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE per NASBA. • If you meet the NASBA criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • Please complete the evaluation questionnaire to help us continuously improve our Webinars.
9/22/2017 3 IMPORTANT INFORMATION REGARDING CPE! • SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions! • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC
9/22/2017 4 Today’s Agenda  Speaker’s experiences  Hypothetical Case Study  Contract Basics  Onboarding New Vendors  Service Level Agreements (SLA’s)  Sub-Subcontracting Allowed?  Right to Audit Clauses Right To Audit Clauses: What You Need to Know! “You can delegate responsibility but not accountability” Donald E Sparks, CIA, CISA, ARM Don@SmartCAATTs.com 407-756-0375
9/22/2017 5 Disclaimer I am not an attorney! This presentation contains general information only and is not a substitute for professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Just about every auditor knows that one of the best ways to fight the fraud risk is to be sure outsource agreements include a “Right-To- Audit” clause. Auditors feel good and sleep tight when their client tells them of course we included the one we use all of the time. The real test is when anomalies appear and management asks auditing to do a quick visit with the third party organization. The discussion will offer insights into: · The perfect audit clause language · Compliance, operational and/or financial audit · Planned in advance or surprise visit · Books and records · Location of audit · Who can/should conduct the audit · Impact of absence of a Service Level Agreement (SLA) Marketing
9/22/2017 6 My Goals Identify areas of “opportunity” for auditors to demonstrate innovative consulting auditing skills. The best opportunities are often overlooked because they are associated with “work”. One such often overlooked service is assisting the business meet its objectives when work is delegated to third parties (vendors) i.e., how can auditing get in front of the 8 ball before they are called upon to do a vendor audit? Things Change • Virtual workspace/office • Scattered locations • Paperless documents • Electronic payments • Company wants to focus on core processes • Cloud computing • SAAS
9/22/2017 7 Sources of Information Audits I have Conducted • Independent Insurance Agency Visits • Insurance Broker (surprise visit) • Third Party Administration Contract • Outside Legal Council • Public Adjustor Contract • Third Party IS application (focus of this presentation)
9/22/2017 8 Cloud/SAAS Model Design Develop TestAccept Host Cloud/SAAS Model Hypothetical Case Study How Does Auditing Get involved? • Request of the business unit • Internal Auditing Charter, approved by the board, requires contract review • Auditing has a seat on the technology committee • Auditing is included in all formal new vendor onboarding processes • Audit has access to the inventory of all contracts
9/22/2017 9 POLLING QUESTION #1 Where To Find Audit Right Terms • Back of purchase order • Property Management Agreement • Insurance policies (WC, inventory, etc) • Leasing Agreements • Distribution Agreement • Joint Development Agreements • Services (payroll, HR, pensions, etc) • Technology Development & Hosting Agreement
9/22/2017 10 Where to use • Many, but we will focus on outsourcing application system development • Not the only area – some others are inherent such as workers compensation policies. Premium is conditional until a final audit to determine the premium at policy end. Contract Sections Performance Protection Protection Scope Assignment Warranties Performance Service Levels (SLA’s) Right to Audit Liability/Damages Reports Compliance Indemnification Subcontract Third Parties Intellectual Property Rights (IP) Dispute Resolution Duration Confidentiality & Security Modification Fees Business Continuity & Contingency Termination Insurance
9/22/2017 11 POLLING QUESTION #2 What Is A Contract? “A legally enforceable agreement (promise or a set of promises)for the breach of which the law gives a remedy, or the performance of which the law in some way recognizes as a duty.” Separated by two parts: • Performance – Documents expectations and obligations of the parties and products/services to be provided • Protection – Provides remedies for the unexpected (i.e. breach)
9/22/2017 12 Project Scope Detailed description of product/services to be provided and assigns specific obligations of all parties (including any subcontractors/third parties) Service Levels (SLAs) Plain language documenting specific minimum service levels, standard maintenance periods, response times for product (usually software) or service issues or failures, additional support (help desk) needs and measurement periods. Best practice is to include as an attachment to the contract and use industry standards to develop service levels
9/22/2017 13 Service Levels (SLAs) Examples: • Service will be fully functional not less than 98% per day/month/quarter • Must report and cure all Severity 1 issues within 4 hours of company’s written/verbal notification. • Achieve and maintain a customer satisfaction rating of not less than 75% each calendar quarter Service Levels (SLAs) • Maintenance periods should be during customer’s off-peak hours • Notification requirements specific personnel & communication channel (email/telephone) • Requires vendor to self report issues/failures (Audit may should be considered) • Damages for failure to meet SLAs usually in form of a % credit of fees with right to terminate for repeated
9/22/2017 14 POLLING QUESTION #3 Subcontractors • Contract should specify whether parties are permitted to use subcontractors and the specific obligations they will perform. • Who has right to approve, remove or replace contractor? • Who is liable for subcontractor? Minimum qualification/background requirements? • Be sure that subcontractor use language does not conflict with the assignment clause.
9/22/2017 15 Subcontractors (pg2) Pitfalls:  Vendor has a lot of spending and thousands of invoices,  All of the invoices are one-liners from a subcontractor.  The vendor is a middle man who subcontracted all of the work  who are the real owners of key documentation  No timesheets, tracking module levels, payroll, or anything.  Your contracted vendor has SLA’s with the subcontractor but your involvement not mentioned  No reference to require the subcontractor to keep any documentation  there is nothing that resembles an audit clause in contract. POLLING QUESTION #4
9/22/2017 16 Fees • How calculated? (base payments, recurring services, activity charges, etc.) • Cost for product maintenance/upgrades • Responsibility for state and federal taxes • Right to dispute fees without penalty • Late payment penalties should be reasonable Right to Audit • Allows party (or third party agents) to audit company information/records to test internal controls or prove compliance with contract terms. • Watch for: – Overly broad property/information access language. – Who pays for cost of audit? (Under-reporting penalties)
9/22/2017 17 Why you should have right to audit clauses • Identification of risky business partners • Support compliance/regulations • Strengthen security and privacy controls • You cannot outsource your accountability A few regulations contain legal requirements, directly or implied, to perform business partner reviews: • Health Insurance Portability and Accountability Act (HIPAA) • Gramm Leach Bliley Act (GLBA) • Sarbanes Oxley (SOX) Act • Federal Trade Commission (FTC) Act • Fair and Accurate Credit Transactions Act (FACTA) • Internal Revenue Code (IRC) Section 7612 • U.S. state breach notice laws • European Union Data Protection Directive Some Contracts Require Audit Clause
9/22/2017 18 Right to audit myths Myths for “why” a right to audit clause is not needed: • Auditors are not lawyers (CEO, CFO, CO, etc.) • If you include a right to audit clause then you are obligated to actually perform an audit • The contract is for 6 or 7 months so done before needed • You should only include a right to audit clause within the contracts considered to be high risk • The right to audit option is a given or implied in our business • We have a Service Level Agreement (SLA) POLLING QUESTION #5
9/22/2017 19 Example Right To Audit Clause? • [Third Party] will keep accurate and complete records. The [Company] may audit [Third Party]’s records relating to its performance under this Agreement. • The process involves internal personnel (internal audit, compliance, legal, investigations, etc.) to take model audit clause language and evaluate the audit clause against the not signed contract terms. • ACFE version (eveything including the kitchen sink) What can trigger an audit? • Anomalies in standard performance reports • Clues from required service level agreement • End user observations • Customer input on complaint system • Other clients of the same third party
9/22/2017 20 Auditing Golden Opportunity Internal auditing should be a member of the team considering replacing or overhauling a significant system. This involvement should be from the outset as other business users inventory the pro’s and con’s of the current processes. Discussing what is or is not working will be an invaluable learning experience for auditing. Compliance • All parties should agree to comply with applicable laws (federal, state and local) and related guidance. • Be sure to include language that vendor will provide assistance/access as needed to company’s government regulators.
9/22/2017 21 Intellectual Property Rights • Ownership, rights to and permissible use of company data, equipment, software • Property rights should generally remain with the property owner or licensor except in cases where there is work product specifically developed for another party Business Continuity • Back-up and protection plan in case of disaster or other extraordinary event that prevents use of primary/standard systems. • Vendor should provide copy of plan. Updated and tested regularly and provide results.
9/22/2017 22 Inventory of Audit Rights • All organizations need to identify and document all the outsourced and contracted entities that possess or otherwise access their information, in all forms. After identifying them, make sure that they have appropriate controls in place, and then establish an oversight method so you can demonstrate due diligence. Then, in the event they have some type of security incident and/or a privacy breach, you will have documented evidence that you did all you could to ensure all hands secured the information appropriately, and you also will have limited your liability as much as possible. Issues To Consider • who is permitted to access which information • the permitted reasons for carrying out an audit • the frequency with which audits can occur • timescales and notice requirements • allocation of costs incurred by each of the parties in connection with the audit • Required obligation to maintain certain records
9/22/2017 23 Inventory • Does your organization maintain a complete inventory of all third parties that you rely on for key materials? • Does that inventory indicate what the SLA’s are (monitors)? • Can you easily obtain a list of contracts with a right to audit clause included? • Are you aware of clauses directed at your organization RFP DUE DILIGENCE & RISK ASSESSMENT VENDOR SELECTION CONTRACT REVIEW CONTRACT NEGOITIATION CONTRACT EXECUTION VENDOR MONITORING Onboarding Vendors
9/22/2017 24 Right to Audit Clause Pitfalls (Failures) • No clause in contract (good relationship) • Very few details Audit Rights in Contract • Mention of 'Reasonable Accounting System‘ • Honor privacy rights of other clients • Right to Determine How Funds were Used • Withdraw from Audit When Scope is Limited • Limiting Time for Audit • Level of vendor assistance • Record Retention requirements • Can vendor invoices pass pre and post audit tests • Access but no utilities • Copy (and retention) not allowed • Suitable work space or just stand • Who pays for audit expenses? Pitfalls(Failures) page 2 • No place to work • Include Subcontractors • Understand Vendor's Business, Products • Additional Warranties as Part of Contract (who owns finished product) • Conduct Regular Audits Before Fraud Occurs • Audit Methodology
9/22/2017 25 POLLING QUESTION #6 Dispute Resolution The audit is over and the vendor disagrees with every finding the audit team has identified. The findings are not definitive enough to file charges of outright fraud, but there are definitely improper billings. The vendor invokes the arbitration clause to hash out the audit issues.
9/22/2017 26 Dispute Resolution (pg 2) • Mediation/arbitration clauses – Be aware of who decision makers are and how selected – Jurisdiction and venue are important • Ensure continuation of products/services during any dispute period • Losing party responsible for costs/fees Questions? • Any Questions? Don’t be Shy! Page 52
9/22/2017 27 AuditNet® and cRisk Academy • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week Thank You! Page 54 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Donald E Sparks SmartCAATTs, LLC don@smartcaatts.com 1-407-756-0375

Recommended

Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreementsRichard Austin
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.pptEmmacuet
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays
 
IT Service Catalog: Build a Service Taxonomy in 4 Easy Steps
IT Service Catalog: Build a Service Taxonomy in 4 Easy StepsIT Service Catalog: Build a Service Taxonomy in 4 Easy Steps
IT Service Catalog: Build a Service Taxonomy in 4 Easy StepsEvergreen Systems
 
Certified Internal Auditor certification manual
Certified Internal Auditor certification manualCertified Internal Auditor certification manual
Certified Internal Auditor certification manualJoel C. Font
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
What is ISO20000
What is ISO20000What is ISO20000
What is ISO20000Ben Kalland
 

Recommended

Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreementsRichard Austin
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.pptEmmacuet
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays
 
IT Service Catalog: Build a Service Taxonomy in 4 Easy Steps
IT Service Catalog: Build a Service Taxonomy in 4 Easy StepsIT Service Catalog: Build a Service Taxonomy in 4 Easy Steps
IT Service Catalog: Build a Service Taxonomy in 4 Easy StepsEvergreen Systems
 
Certified Internal Auditor certification manual
Certified Internal Auditor certification manualCertified Internal Auditor certification manual
Certified Internal Auditor certification manualJoel C. Font
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
What is ISO20000
What is ISO20000What is ISO20000
What is ISO20000Ben Kalland
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021Hernan Huwyler, MBA CPA
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
NESA on Steroids
NESA on SteroidsNESA on Steroids
NESA on SteroidsPaladionNetworks01
 
2020 vrm expert reference guide
2020 vrm expert reference guide2020 vrm expert reference guide
2020 vrm expert reference guideAnkitKumar250429
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance OverviewSam Carr
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...asvary asvary
 
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttiviLa ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttiviMaurilio Savoldi
 
ISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsNimonik
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
Riflessioni su conformità e compliance e il processo di certificazione
Riflessioni su conformità e compliance e il processo di certificazioneRiflessioni su conformità e compliance e il processo di certificazione
Riflessioni su conformità e compliance e il processo di certificazioneUNI - Ente Italiano di Normazione
 
La nuova norma ISO 9001:2015
La nuova norma ISO 9001:2015La nuova norma ISO 9001:2015
La nuova norma ISO 9001:2015Geosolution Srl
 
What’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation ProcessesWhat’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation ProcessesInternational Federation of Accountants
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analyticsJim Kaplan CIA CFE
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork WebinarJim Kaplan CIA CFE
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and CountermeasuresJim Kaplan CIA CFE
 

More Related Content

What's hot

Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
2020 vrm expert reference guide
2020 vrm expert reference guide2020 vrm expert reference guide
2020 vrm expert reference guideAnkitKumar250429
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance OverviewSam Carr
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...asvary asvary
 
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttiviLa ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttiviMaurilio Savoldi
 
ISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsNimonik
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
Riflessioni su conformità e compliance e il processo di certificazione
Riflessioni su conformità e compliance e il processo di certificazioneRiflessioni su conformità e compliance e il processo di certificazione
Riflessioni su conformità e compliance e il processo di certificazioneUNI - Ente Italiano di Normazione
 
La nuova norma ISO 9001:2015
La nuova norma ISO 9001:2015La nuova norma ISO 9001:2015
La nuova norma ISO 9001:2015Geosolution Srl
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 

What's hot (13)

New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
NESA on Steroids
NESA on SteroidsNESA on Steroids
NESA on Steroids
 
2020 vrm expert reference guide
2020 vrm expert reference guide2020 vrm expert reference guide
2020 vrm expert reference guide
 
Corporate Compliance Overview
Corporate Compliance OverviewCorporate Compliance Overview
Corporate Compliance Overview
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...
 
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttiviLa ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
La ISO 37001: un impegno concreto per contrastare i fenomeni corruttivi
 
ISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsISO 37301 Compliance Management Systems
ISO 37301 Compliance Management Systems
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
 
Riflessioni su conformità e compliance e il processo di certificazione
Riflessioni su conformità e compliance e il processo di certificazioneRiflessioni su conformità e compliance e il processo di certificazione
Riflessioni su conformità e compliance e il processo di certificazione
 
La nuova norma ISO 9001:2015
La nuova norma ISO 9001:2015La nuova norma ISO 9001:2015
La nuova norma ISO 9001:2015
 
What’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation ProcessesWhat’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation Processes
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 

Similar to Right to Audit Clauses: What you need to know!

Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
Audit analytics and the agile auditor
Audit analytics and the agile auditorAudit analytics and the agile auditor
Audit analytics and the agile auditorJim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 

Similar to Right to Audit Clauses: What you need to know! (20)

Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & Culture
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork Webinar
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slides
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
 
Audit analytics and the agile auditor
Audit analytics and the agile auditorAudit analytics and the agile auditor
Audit analytics and the agile auditor
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 

More from Jim Kaplan CIA CFE

Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 

More from Jim Kaplan CIA CFE (20)

Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 

Recently uploaded

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 

Recently uploaded (20)

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 

Right to Audit Clauses: What you need to know!

  • 1. 9/22/2017 1 Right To Audit Clauses: What You Need to Know! September 25, 2017 About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
  • 2. 9/22/2017 2 About AuditNet® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,700 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE per NASBA. • If you meet the NASBA criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • Please complete the evaluation questionnaire to help us continuously improve our Webinars.
  • 3. 9/22/2017 3 IMPORTANT INFORMATION REGARDING CPE! • SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions! • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC
  • 4. 9/22/2017 4 Today’s Agenda  Speaker’s experiences  Hypothetical Case Study  Contract Basics  Onboarding New Vendors  Service Level Agreements (SLA’s)  Sub-Subcontracting Allowed?  Right to Audit Clauses Right To Audit Clauses: What You Need to Know! “You can delegate responsibility but not accountability” Donald E Sparks, CIA, CISA, ARM Don@SmartCAATTs.com 407-756-0375
  • 5. 9/22/2017 5 Disclaimer I am not an attorney! This presentation contains general information only and is not a substitute for professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Just about every auditor knows that one of the best ways to fight the fraud risk is to be sure outsource agreements include a “Right-To- Audit” clause. Auditors feel good and sleep tight when their client tells them of course we included the one we use all of the time. The real test is when anomalies appear and management asks auditing to do a quick visit with the third party organization. The discussion will offer insights into: · The perfect audit clause language · Compliance, operational and/or financial audit · Planned in advance or surprise visit · Books and records · Location of audit · Who can/should conduct the audit · Impact of absence of a Service Level Agreement (SLA) Marketing
  • 6. 9/22/2017 6 My Goals Identify areas of “opportunity” for auditors to demonstrate innovative consulting auditing skills. The best opportunities are often overlooked because they are associated with “work”. One such often overlooked service is assisting the business meet its objectives when work is delegated to third parties (vendors) i.e., how can auditing get in front of the 8 ball before they are called upon to do a vendor audit? Things Change • Virtual workspace/office • Scattered locations • Paperless documents • Electronic payments • Company wants to focus on core processes • Cloud computing • SAAS
  • 7. 9/22/2017 7 Sources of Information Audits I have Conducted • Independent Insurance Agency Visits • Insurance Broker (surprise visit) • Third Party Administration Contract • Outside Legal Council • Public Adjustor Contract • Third Party IS application (focus of this presentation)
  • 8. 9/22/2017 8 Cloud/SAAS Model Design Develop TestAccept Host Cloud/SAAS Model Hypothetical Case Study How Does Auditing Get involved? • Request of the business unit • Internal Auditing Charter, approved by the board, requires contract review • Auditing has a seat on the technology committee • Auditing is included in all formal new vendor onboarding processes • Audit has access to the inventory of all contracts
  • 9. 9/22/2017 9 POLLING QUESTION #1 Where To Find Audit Right Terms • Back of purchase order • Property Management Agreement • Insurance policies (WC, inventory, etc) • Leasing Agreements • Distribution Agreement • Joint Development Agreements • Services (payroll, HR, pensions, etc) • Technology Development & Hosting Agreement
  • 10. 9/22/2017 10 Where to use • Many, but we will focus on outsourcing application system development • Not the only area – some others are inherent such as workers compensation policies. Premium is conditional until a final audit to determine the premium at policy end. Contract Sections Performance Protection Protection Scope Assignment Warranties Performance Service Levels (SLA’s) Right to Audit Liability/Damages Reports Compliance Indemnification Subcontract Third Parties Intellectual Property Rights (IP) Dispute Resolution Duration Confidentiality & Security Modification Fees Business Continuity & Contingency Termination Insurance
  • 11. 9/22/2017 11 POLLING QUESTION #2 What Is A Contract? “A legally enforceable agreement (promise or a set of promises)for the breach of which the law gives a remedy, or the performance of which the law in some way recognizes as a duty.” Separated by two parts: • Performance – Documents expectations and obligations of the parties and products/services to be provided • Protection – Provides remedies for the unexpected (i.e. breach)
  • 12. 9/22/2017 12 Project Scope Detailed description of product/services to be provided and assigns specific obligations of all parties (including any subcontractors/third parties) Service Levels (SLAs) Plain language documenting specific minimum service levels, standard maintenance periods, response times for product (usually software) or service issues or failures, additional support (help desk) needs and measurement periods. Best practice is to include as an attachment to the contract and use industry standards to develop service levels
  • 13. 9/22/2017 13 Service Levels (SLAs) Examples: • Service will be fully functional not less than 98% per day/month/quarter • Must report and cure all Severity 1 issues within 4 hours of company’s written/verbal notification. • Achieve and maintain a customer satisfaction rating of not less than 75% each calendar quarter Service Levels (SLAs) • Maintenance periods should be during customer’s off-peak hours • Notification requirements specific personnel & communication channel (email/telephone) • Requires vendor to self report issues/failures (Audit may should be considered) • Damages for failure to meet SLAs usually in form of a % credit of fees with right to terminate for repeated
  • 14. 9/22/2017 14 POLLING QUESTION #3 Subcontractors • Contract should specify whether parties are permitted to use subcontractors and the specific obligations they will perform. • Who has right to approve, remove or replace contractor? • Who is liable for subcontractor? Minimum qualification/background requirements? • Be sure that subcontractor use language does not conflict with the assignment clause.
  • 15. 9/22/2017 15 Subcontractors (pg2) Pitfalls:  Vendor has a lot of spending and thousands of invoices,  All of the invoices are one-liners from a subcontractor.  The vendor is a middle man who subcontracted all of the work  who are the real owners of key documentation  No timesheets, tracking module levels, payroll, or anything.  Your contracted vendor has SLA’s with the subcontractor but your involvement not mentioned  No reference to require the subcontractor to keep any documentation  there is nothing that resembles an audit clause in contract. POLLING QUESTION #4
  • 16. 9/22/2017 16 Fees • How calculated? (base payments, recurring services, activity charges, etc.) • Cost for product maintenance/upgrades • Responsibility for state and federal taxes • Right to dispute fees without penalty • Late payment penalties should be reasonable Right to Audit • Allows party (or third party agents) to audit company information/records to test internal controls or prove compliance with contract terms. • Watch for: – Overly broad property/information access language. – Who pays for cost of audit? (Under-reporting penalties)
  • 17. 9/22/2017 17 Why you should have right to audit clauses • Identification of risky business partners • Support compliance/regulations • Strengthen security and privacy controls • You cannot outsource your accountability A few regulations contain legal requirements, directly or implied, to perform business partner reviews: • Health Insurance Portability and Accountability Act (HIPAA) • Gramm Leach Bliley Act (GLBA) • Sarbanes Oxley (SOX) Act • Federal Trade Commission (FTC) Act • Fair and Accurate Credit Transactions Act (FACTA) • Internal Revenue Code (IRC) Section 7612 • U.S. state breach notice laws • European Union Data Protection Directive Some Contracts Require Audit Clause
  • 18. 9/22/2017 18 Right to audit myths Myths for “why” a right to audit clause is not needed: • Auditors are not lawyers (CEO, CFO, CO, etc.) • If you include a right to audit clause then you are obligated to actually perform an audit • The contract is for 6 or 7 months so done before needed • You should only include a right to audit clause within the contracts considered to be high risk • The right to audit option is a given or implied in our business • We have a Service Level Agreement (SLA) POLLING QUESTION #5
  • 19. 9/22/2017 19 Example Right To Audit Clause? • [Third Party] will keep accurate and complete records. The [Company] may audit [Third Party]’s records relating to its performance under this Agreement. • The process involves internal personnel (internal audit, compliance, legal, investigations, etc.) to take model audit clause language and evaluate the audit clause against the not signed contract terms. • ACFE version (eveything including the kitchen sink) What can trigger an audit? • Anomalies in standard performance reports • Clues from required service level agreement • End user observations • Customer input on complaint system • Other clients of the same third party
  • 20. 9/22/2017 20 Auditing Golden Opportunity Internal auditing should be a member of the team considering replacing or overhauling a significant system. This involvement should be from the outset as other business users inventory the pro’s and con’s of the current processes. Discussing what is or is not working will be an invaluable learning experience for auditing. Compliance • All parties should agree to comply with applicable laws (federal, state and local) and related guidance. • Be sure to include language that vendor will provide assistance/access as needed to company’s government regulators.
  • 21. 9/22/2017 21 Intellectual Property Rights • Ownership, rights to and permissible use of company data, equipment, software • Property rights should generally remain with the property owner or licensor except in cases where there is work product specifically developed for another party Business Continuity • Back-up and protection plan in case of disaster or other extraordinary event that prevents use of primary/standard systems. • Vendor should provide copy of plan. Updated and tested regularly and provide results.
  • 22. 9/22/2017 22 Inventory of Audit Rights • All organizations need to identify and document all the outsourced and contracted entities that possess or otherwise access their information, in all forms. After identifying them, make sure that they have appropriate controls in place, and then establish an oversight method so you can demonstrate due diligence. Then, in the event they have some type of security incident and/or a privacy breach, you will have documented evidence that you did all you could to ensure all hands secured the information appropriately, and you also will have limited your liability as much as possible. Issues To Consider • who is permitted to access which information • the permitted reasons for carrying out an audit • the frequency with which audits can occur • timescales and notice requirements • allocation of costs incurred by each of the parties in connection with the audit • Required obligation to maintain certain records
  • 23. 9/22/2017 23 Inventory • Does your organization maintain a complete inventory of all third parties that you rely on for key materials? • Does that inventory indicate what the SLA’s are (monitors)? • Can you easily obtain a list of contracts with a right to audit clause included? • Are you aware of clauses directed at your organization RFP DUE DILIGENCE & RISK ASSESSMENT VENDOR SELECTION CONTRACT REVIEW CONTRACT NEGOITIATION CONTRACT EXECUTION VENDOR MONITORING Onboarding Vendors
  • 24. 9/22/2017 24 Right to Audit Clause Pitfalls (Failures) • No clause in contract (good relationship) • Very few details Audit Rights in Contract • Mention of 'Reasonable Accounting System‘ • Honor privacy rights of other clients • Right to Determine How Funds were Used • Withdraw from Audit When Scope is Limited • Limiting Time for Audit • Level of vendor assistance • Record Retention requirements • Can vendor invoices pass pre and post audit tests • Access but no utilities • Copy (and retention) not allowed • Suitable work space or just stand • Who pays for audit expenses? Pitfalls(Failures) page 2 • No place to work • Include Subcontractors • Understand Vendor's Business, Products • Additional Warranties as Part of Contract (who owns finished product) • Conduct Regular Audits Before Fraud Occurs • Audit Methodology
  • 25. 9/22/2017 25 POLLING QUESTION #6 Dispute Resolution The audit is over and the vendor disagrees with every finding the audit team has identified. The findings are not definitive enough to file charges of outright fraud, but there are definitely improper billings. The vendor invokes the arbitration clause to hash out the audit issues.
  • 26. 9/22/2017 26 Dispute Resolution (pg 2) • Mediation/arbitration clauses – Be aware of who decision makers are and how selected – Jurisdiction and venue are important • Ensure continuation of products/services during any dispute period • Losing party responsible for costs/fees Questions? • Any Questions? Don’t be Shy! Page 52
  • 27. 9/22/2017 27 AuditNet® and cRisk Academy • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week Thank You! Page 54 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Donald E Sparks SmartCAATTs, LLC don@smartcaatts.com 1-407-756-0375