February 5, 2012

Posts Comments

You are here: Home / Archives for Information / Auditing

2010 Suggested Audit Guidelines for Internal Control Committees

January 25, 2010 By Leave a Comment

As many companies finalize their 2009 fiscal year-end reports, and set their budgets, policies and procedures in place for 2010, we would like to focus your attention on a set of suggested guidelines for both internal and external audit committees to review and implement in 2010.  While we can make the assumption that lessons will have been learned from the past year — it may still be necessary to integrate some of these listed guidelines into your organization’s 2010 strategic goal setting procedures.

For 2010, business risk assessment remains high on any organization’s planning agenda – as does compliance assessment and compliance risk management.  Security risk assessment and security risk management of both financial and operational issues closely follow ….

The following highlights of issues — that should be at the top of every audit and/or control committee in the coming year — are summarized from a report recently issued by KPMG U.K.  and are as follows:

  1. Regain control of the committee agenda and focus an eye on the company’s current and future key areas of risk.
  2. Understand the risks imposed by and stemming from the dramatic cost reductions from the prior year.
  3. Focus closely on all current and proposed financial and other narrative disclosure and communication requirements.
  4. Pay particular attention at specific current and new financial reporting developments impacting the company.
  5. Rethink the internal audit committee’s role in risk oversight and be ready to make changes when and wherever necessary.
  6. Focus internal audit’s activities only on key areas of risk and risk management.
  7. Prepare for the potential impact of key 2010 public policy initiatives on compliance, risk, and governance processes and how they impact the organization.
  8. Be extra vigilant since an economic crisis continues to put pressure on the funding and implementation of necessary compliance and anti-fraud programs.
  9. Allow upper management support of these committees to reduce the risk of misalignment between the organization’s strategic goals and daily operational achievements.
  10. Take a hard look at the committee’s composition, independence and leadership capabilities and make adjustments or changes to deliver a maximum level performance from that committee.

You can view some more information on the  issues raised above, by viewing EITHER a summary article on the continuitycentral.com website OR you can view the full report on the KPMG U.K. website.   Registration is necessary on the KPMG U.K. website.

Filed Under: Auditing Tagged With: , , , , ,

Impacts of an IT Compliance Audit

November 6, 2009 By Leave a Comment

One of our often cited reference website blogs is that of SearchCompliance.com.  Recently the topic of IT compliance auditing became a popular area of dialogue in the FAQ section of the SearchCompliance  site.  

We have received similar questions from our readers from time to time regarding the topic of auditing and as a result, would like to recommend that your organization’s IT department should read this blog posting for some insights into the topic of compliance auditing of IT.

Some of the questions addressed in this blog are: (1) What is a compliance audit? (2) How are compliance audits different? (3) What regulations require compliance audits? and (4) Who performs compliance audits?

Such IT audits as referenced in this blog, address many issues including the need for policy compliance, a compliance plan(s), compliance tool(s), compliance report(s), and compliance standards.  We hope that you will find this information valuable and worth passing along to your organization’s IT management responsible for maintaining alignment with your operations compliance requirements.

We hope you find this information helpful…..

Filed Under: Auditing Tagged With: , , , , , , ,

Auditing Business Continuity – Which Framework to Use?

August 24, 2009 By Leave a Comment

Sooner or later if your organization had a commitment to process improvement, you will need to audit your existing business continuity plans.  As it is a combination of audit and testing that absence a real disaster tells you whether you are on the right track.

Performing the Audit

When performing your 1st audit, where do you start?  You will need to settle on a framework.  If your plan was initially put together using a framework, that’s great, because that might be the best framework to use.   However, some organizations have additional requirements, they may not expressly be included in the framework chosen.  (Ex. FFIEC and NASD all have Business Continuity Requirements).

Once the framework is chosen, performing the audit needs to include both a document review against the framework requirements, as well as specific testing.  This testing may take the form of sample interviewing and performance of establish tasks.  It is important to also review any test/rehearsals that took place during the review period.

Business Continuity Technology – Documenting your Plan

There are many tools that are available to Business Continuity Planners.  Many of these tools assist a planner in the development and maintenance of their plan.   Prior to purchasing one of these planning tools, an organization should take stock of their business needs, the plan scope and the current and projected future size of the business.

Technology  Types

Ultimately the technology an organization settles on can be as simple as a series of Excel spreadsheets and Word documents, placed into a document management tool such as SharePoint, to a complex tool such as SunGard/Strohl’s LDRPS.  The important thing is to fit the Business Continuity Technology utilized to the needs of the organization and not the other way around.

Filed Under: Auditing Tagged With: , , , ,