Tools

The following tools were published on KnowledgeLeader this week:

Employee Stock Option Termination Policy

Use the procedures and guidelines in this policy to handle stock options when an employee's employment is terminated. This policy ensures that terminated employees are aware of their rights and obligations regarding vested and unvested stock options. It mandates that terminated employees must exercise any vested options within 30 days, or they will be automatically canceled. 

Process 4.4.1.1 - Manage IT Infrastructure: Data Governance Risk and Control Matrix (RCM)

A successful risk management strategy requires a strong internal control environment. The risk control matrix (RCM) format emphasizes that strong and risk-oriented internal control environments are often optimized with automated/manual controls, depending on the situation. This document outlines risks and controls common to the 4.4.1.1 Manage IT Infrastructure process in a risk control matrix (RCM) format.

Virtual Private Network (VPN) Administration Audit Work Program

Access our thorough VPN administration audit work program for assessing documentation, logging, monitoring and user pool in VPN administration, which can be used to review documentation, network diagrams and policies governing VPN use to identify external access points and associated risks. The program includes verifying the approval process for VPN access, ensuring that it follows documented policies and procedures, and examining logging activities to confirm that event logging is appropriate, and retention periods are sufficient.

Physician Credentialing Audit Work Program

The objective of this sample audit work program is to analyze and evaluate the current hospital credentialing process and identify the key controls governing the process. The document outlines detailed steps for planning, fieldwork and reporting phases of the audit. It includes objectives such as reviewing departmental policies and procedures, interviewing key personnel, identifying risks, and evaluating the effectiveness of existing controls. 

IT General Controls Audit Work Program

This tool contains four sample work programs that provide best-practice steps an organization should consider when evaluating its IT general controls environment. Sample 1 of this tool focuses on evaluating the design of the IT general controls (ITGC) environment within your organization. The objective is to assess how well the infrastructure, applications, policies and procedures support the organization’s operations. This evaluation involves identifying ITGCs through discussions with key IT personnel and reviewing relevant policies and documents. 

Disaster Recovery Audit Work Program

Organizations perform disaster recovery risk assessments to identify threats and risks that could make them vulnerable to business interruptions. By walking through various disaster scenarios, organizations can pinpoint their greatest business threats, as well as identify their control gaps, which increase the impact of threats. By doing this, the business continuity team can prioritize risks and spend time only on threats and risks that are most likely to occur and/or have the potential to severely impact the organization.

Publications 

KnowledgeLeader has also published several publications this week.

2024 Initial Public Offerings Annual Summary

Initial public offerings (IPOs) rebounded slightly after experiencing a five year low in 2023. There were 238 new listings during 2024, which together raised $38.9 billion. Compared to 2023, total IPOs increased by 45% while total proceeds increased 63%. In this article, Audit Analytics further examines the 2024 IPO market and auditor market share insights. 

The Evolution of Internal Audit in Anti-Corruption Activities: Leveraging Data Analytics and IT Technology

Internal audit has emerged as a pivotal function in organizations’ fight against corruption, with technological innovations dramatically expanding its capabilities to detect, prevent and mitigate corrupt practices. By leveraging data analytics and advanced IT technologies, organizations can now implement more proactive, comprehensive and effective strategies to mitigate corruption risks. This article explores the transformative role of internal audit in anti-corruption efforts, emphasizing how technological advancements, particularly data analytics and IT tools, have redefined traditional practices.

EU Omnibus Proposals May Substantially Scale Down CSRD Reporting Obligations

On February 26, 2025, the European Commission released a package of proposals (omnibus package) aimed at significantly scaling down several sustainability regulations in Europe that are either in effect already or about to take effect. This is a fulfilment of commission President Ursula von der Leyen’s vow last year to reduce reporting burden for businesses by 25% (35% for small and medium entities, or SMEs). These are proposals, not a final regulatory decision. In this Flash Report, we discuss how companies can stay tuned to developments as they prepare for compliance in the near term.

Recommended Resources 

This list of recommended resources from the web may be of interest to you. Click each link to learn more. 

  1. How Finance Can Get Started With Gen AI
  2. SEC Seeks Pause in Litigation Over Climate Disclosure Rule
  3. Harness the Power of AI Across GENERATIONS

 

0 Comments

Topics

Read More