Hot Issue and Related Poll
To help internal audit departments manage ongoing challenges, a panel of experts convened for the May 2008, IIA webcast, “The Art of Assessing IT Controls.” The webcast participants shared their views on this topic in a three part article series. Part two of this series focuses on why GAIT inroads are slow in coming, the importance of taking a top-down approach, and how to keep the big picture in sight.
This week’s poll question asks: "Does your internal audit function use a top-down approach when assessing IT General Controls?"
Previous Poll Results
See the results from last week's poll, "Does your internal audit function use GAIT when assessing IT General Controls?"
Compliance Week
The SEC has provided new guidance on how companies can best use corporate Websites to distribute information – specifically on the agency’s reviews when Website postings do or do not satisfy Regulation Fair Disclosure. The guidance is more principles-based, however, and will require companies to use more judgment. Companies are now being told they can analyze their situation and decide how the guidance applies to them. This article discusses the details on the SEC guidance.
Taylor & Francis Article
Wouldn’t it be great if effective and sustainable information security practices could be achieved merely by executive mandate? Or better yet, if security threats had an end date like Y2K? Whether we like it or not, information security challenges are here to stay. Using technology and products certainly helps to reduce risk. But to effectively prepare for, prevent, and respond to security threats, IT must integrate sustainable information security practices into the processes used to develop and maintain business-critical systems.
Newsletter
Successfully guiding a corporation through competitive markets can be a complicated venture in the best of times. But when tight credit and high costs erode an organization’s revenues and customer base, once routine issues can become urgent and problematic. In today’s economy, even well-run organizations can face significant challenges to their fiscal health. This article is the first in a series designed to address some of the issues that corporate directors face as they steer their companies through the “zone of insolvency.”
Sample
This interview template can assist with capturing information related to a process being reviewed by internal audit. The specific information tracked in this document includes identifying key personnel, relevant IT applications, relevant risks, controls currently in place, and related control gaps.
Guide
As technology becomes more integral to the organization’s operations and activities, a major challenge for internal auditors is how to best approach a company-wide assessment of IT risks and controls within the scope of their overall assurance and consulting services. As pointed out in this GTAG, auditors need to understand the organization’s IT environment; the applications and computer operations that are part of the IT infrastructure; how IT applications and operations are managed; and how IT applications and operations link back to the organization.
Participation Request
The purpose of this annual survey is to provide benchmarks where internal auditors can measure their knowledge and skills, and identify gaps to be addressed. The survey is available online through August 29th. The report will be available in the spring of 2009.
KnowledgeLeader News
A recent study presents a new framework for records managers to assess risks in two dimensions - risk probability and risk impact - and offers guidance for risk treatment measures. Traditionally, assessing risks applicable to records management has not been perceived as a priority for managers. These risks can vary, ranging from minor human error or system failure to more systemic problems and major natural disasters that can lead to heavy loss and even corporate failure. Source: Information Management Journal
Featured External Link
With chief operating officer (COO) positions becoming rarer all the time, companies are relying on CFOs for a lot more than keeping score. CFOs are gaining a higher profile in their organizations as a result, along with, apparently, more compensation. But the downside is more pressure — more hours in the day required to accomplish more tasks, and more blame when profits fail to meet expectations or just fail altogether. Source: CFO.com
Featured CPE Course
This course is offered at a discount through KnowledgeLeader’s partnership with MicroMash. The completed course is worth 7 CPE credits and is designed to enhance your understanding of:
- Regulations Over Assessments of Internal Control
- Using AS2 and COSO to Evaluate Internal Control
- Identifying Account/Transaction/Process Level Controls
- Identifying Company Level Controls
- Assessing the Control Environment
- Testing and Evaluating Process Controls
- Communications and Reports
To view the full list of CPE courses, please visit KnowledgeLeader’s Standards & Trainings Page and follow the MicroMash Online CPE Courses link.
Did You Know?
KnowledgeLeader features a continuously expanding list of sample internal audit work programs for many types of audits. These samples can be downloaded and reviewed for comparison and instruction. KnowledgeLeader users are encouraged to contribute.
CCH Tax and Accounting - Accounting Research Manager Updates
- Accounting Changes -- Interpretive Publication Added
- Subsequent Events -- FASB to Discuss Subsequent Events and Going Concern
- Internal Controls -- 2008 Edition of Interpretive Publication on Information Technology Audits Added
From the Archive
A fundamental element of internal control is the segregation of certain key duties, in order to ensure that no-one is in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. This questionnaire can be used to determine the adequacy of segregation of duties among those responsible for inventory.
Top 5 Pages on KnowledgeLeader
The following links will take you to the five most popular pages from the week of August 11, 2008.