How to Audit By Demetrius Fluker

-

Business Information Security Officer's Point of View and Internal Auditing Best practices

Internal Audit (IA) professionals serve a high profile set of stakeholders that

include senior management, the board of directors, and external auditors. These

stakeholders expect that IA not only demonstrate a broad and deep knowledge of

the organization and the risks that it faces, but also that IA teams remain dynamic

and flexible in the face of changing business conditions, coordinate effectively with

other risk and assurance functions, and remain independent and objective while

demonstrating a high level of professional proficiency. Internal auditors also have a

requirement to work offline on a laptop.


Manage your complete audit lifecycle on one platform, from audit planning to execution and wrap-up.

  1. Govern audit-related activities, such as reporting to management and the audit committee.
  2. Integrate with other risk and control functions.
  3. Use a consistent, standards-driven, risk-based audit approach to drive greater efficiency in the execution of the audit plan.
  4. Perform risk-based prioritization of your audit universe.
  5. Manage resource scheduling and staffing on engagements.
  6. Perform audit engagements and audit testing, manage workpapers, and create audit reports.
  7. Track findings, remediation plans, and exception requests.
  8. Improve the efficiency of your audit department.
  9. Complete better-scoped, risk-based audits more effectively, increase reliance of work by regulators and external auditors, and decrease external audit fees.

Here are the parts of a Audit Solution that you will need to perform the audit:

  1. Audit Entity application
  2. Audit Plan application
  3. IA Engagement and Assessment Results application
  4. Plan Entity application
  5. Audit Engagements sub solution
  6. Audit Engagement application
  7. Audit Program Library application
  8. Audit Workpaper application
  9. Staffing Management sub solution
  10. Expense Reports application
  11. Contacts application
  12. Base Availability application
  13. Timesheet Task application
  14. Training application
  15. Degrees and Certifications application
  16. Schedule Management sub solution
  17. Appointment application
  18. Quality Management sub solution
  19. Internal Audit Customer Survey questionnaire
  20. Internal Audit Department Annual Review application
  21. Internal Audit Quality Assurance Review Checklist questionnaire
  22. Question Library application
Planning your Audit:

The Audit Planning sub-solution allows you to capture all audit entities that could be
the subject of audit scrutiny, risk assess them, and determine their inclusion in a
subsequent audit plan covering a given time period, such as a quarter or year.

Define your Audit Entity: 

The Audit Entity application provides a single, centralized location to capture
details about each area that could be the subject of audit scrutiny, such as business
processes, organizational units (such as department), specific topics (such as a
regulation such as FFIEC), IT infrastructure and applications, or other individual
areas.

Capture Historical Data: 

The IA Engagement and Assessment Results application captures historical audit
engagement and risk assessment results for the Audit Entity for purposes of
maintaining integrity, reporting, and comparing historical information.

Create a plan entity:

Once an Audit Entity is identified as a target for an audit engagement, based on
factors such as risk (from the audit entity risk assessment), regulatory scrutiny, or
strategic value, the entity is included in an Audit Plan. The Plan Entity application
allows you to associate an Audit Entity with an Audit Engagement by creating an
individual plan entity that can be edited and updated as necessary.

Create your Audit Plan: 

The Audit Plan application allows you to create and manage Audit Plan records.
The Audit Plan record includes a plan name, description, and estimated start and
end date. To include items in the plan, you associate records from the Plan Entity
application. The Plan Entity record creates a link between previously defined Audit
Entity records and the Audit Plan record. The Audit Plan enables you to capture and
track other information for the Audit Plan, such as plan hours and expenses. 

Manage Audit Engagement: 

Audit Engagement application serves as Internal Audit's mechanism for
creating, managing, tracking, and reporting on individual audit engagements. The
application allows users to determine the audit engagement’s scope, schedule and
staff resources for the audit, create and manage workpapers, perform audit testing,
document findings and draft the audit report.

Create a Program library:

The Audit Program Library application provides a repository to create and house
audit programs and related audit procedures for use on multiple audit engagements.
When you select audit programs with corresponding audit procedures,
make copies of the audit programs and procedures for audit engagements and
creates workpapers for documenting testing and results.

Create Audit Workpapers: 

Audit Workpaper application provides a method for documenting testing using
the steps outlined in audit programs and related procedures for a specific audit
engagement. The Audit Workpaper application is designed to mirror the Audit
Program Library, in that you can create project-specific versions of standard audit
programs and procedures and use them to document your testing. This approach
allows audit department management to maintain consistency of audit procedures
across engagements by leveraging the Audit Program Library while enabling
auditors to customize or add procedures to fit the needs of the engagement on which
they are working.

Manage the Staff:

The Staffing Management sub solution allows you to manage IA team member
availability and schedules (including internal and external resources, track staff
credentials), schedule audit engagements and team resources, report on staffing and
scheduling gaps and monitor utilization.

Perform Quality Management:

The Quality Management sub solution allows you to establish a quality assurance
and improvement program designed to evaluate internal audit's conformance with
the Definition of Internal Auditing and the Standards.

Maintain your question Library: 

The Question Library application supports your audit management program. The
application documents assessment questions linked to authoritative sources, control
standards and risks. You can use these questions as often as you like in any type of
assessment.

Through the Question Library application, you can:
  1. Import your existing questions, use pre-loaded question packs from the Content Library, or enter questions manually through the application's web-based interface.
  2. Assign questions to categories and apply filter properties that you can later use to create question display rules.
  3. Assign correct answers, numeric answer values and question weighting.
  4. Link questions to authoritative sources and control standards in the Policy Management solution.
  5. Link questions to statements of risk in the Risk Management solution.

By Demetrius Fluker 

Comments

Post a Comment

Popular posts from this blog

Afterbreach: The Architect of Innovation by Demetrius Fluker

-
Image
Lead Product Manager Chapter 1: The Visionary’s Burden In the bustling heart of Afterbreach, a company renowned for its cutting-edge cybersecurity solutions, Nina Avelar stood at the helm of one of its most ambitious initiatives yet. As a Product Manager, Nina’s role was more than just overseeing a product's development; she was the architect of a vision that would redefine cybersecurity in the healthcare sector. The stakes were high—lives depended on the security of the digital systems her team would build. Nina began her day in the strategic planning room, a sleek space filled with interactive screens and data streams. Here, she met with senior leaders and business partners, each bringing their perspectives on the market’s evolving needs. The healthcare industry was at a crossroads, with increasing digitalization making it both more efficient and more vulnerable. Nina's task was to develop a comprehensive product strategy that not only addressed these challenges but als...
Read more

Common Encryption Standards by Demetrius Fluker

-
Image
   TOP Encryption Standards:  1. Advanced Encryption Standard (AES) Details : AES is a symmetric encryption algorithm widely used for securing data. It supports key lengths of 128, 192, and 256 bits. Use Cases : Commonly used for data encryption across a variety of applications, including file encryption, VPNs, SSL/TLS, and wireless security (WPA2). Strength : Known for its security and speed. AES-256 is considered very secure for sensitive data protection. 2. RSA (Rivest-Shamir-Adleman) Details : RSA is an asymmetric encryption algorithm used primarily for secure data transmission. It relies on the difficulty of factoring large prime numbers. Use Cases : Frequently used in digital signatures, SSL/TLS certificates, and secure email protocols (like PGP). Strength : RSA with key lengths of 2048 or 4096 bits is considered secure, though it is slower than symmetric encryption algorithms like AES. 3. Elliptic Curve Cryptography (ECC) Details : ECC is a public key encryption te...
Read more

My Proof of concept for Datacenter Security

-
 Creating a proof of concept (POC) for datacenter security involves demonstrating how specific security measures or systems can protect a datacenter from potential threats. Here's a structured approach to developing a POC for datacenter security: 1. Define the Objective: Goal: Demonstrate the effectiveness of security measures to protect the datacenter's physical and virtual infrastructure. Scope: Focus on specific aspects such as physical access control, network security, data protection, and incident response. 2. Identify Key Security Areas: Physical Security: Access control systems (e.g., biometric scanners, RFID cards). Surveillance systems (CCTV, motion detectors). Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS). Network segmentation and monitoring. Data Security: Encryption (data at rest and in transit). Backup and disaster recovery solutions. Incident Response: Real-time monitoring and alerting. Response protocols for security breaches. 3....
Read more