Audit Planning

Mehr dazu

Records Management v2

von Michael Newell

Datatrans-inc.com

von DataTrans Solutions Inc

Central topic

von ldc x

Privacy v1

von Michael Newell

Audit Planning/Process

Action items

Ideas on how to carve out audits to be more manageable and more in-depth

What areas are too broad? What made you uncomfortable?

Justification to rotate through audit schedule

Leadership commitments

Ways to change committments

Justification

e.g. tiers

FFIEC governed areas

Are commitments definite?

SOX

"Need to do"

Joining Projects

Due diligence

Audit team members to become members of project teams outside audit deptartment

Aligning w/ Skillsets and Technical Knowledge

what falls under finance team scope?

Fin. team to start taking on more operational audit areas in 2012

e.g. vendor mgmt

Major Gaps?

Self-reporting of ERR compliance

Pick critical areas to cover on audits

Ensuring coverage of compensating controls w/in ERA

E.g. Password reqs

Platform-based work programs/audits

RXP

Mainframe

More detailed reviews

Evaluation of common processes

More like Remedy audit

Impact for locations

Accurate interdependency matrix

Risk Vision review

avoid missing areas

categorize

Application audits

ClearQuest

RMS

Endevor

Client contract risk

Central repository

no central handle on contract mgmt or compliance

Scoping

Ensure testing addresses risks

Include product overview during scoping call

Understand product before audit fieldwork

Value-add - including all areas

committment to org.

Understand and document why and what

Challenges w/ federal examiners

Potential risk

Leverage Call Program

Running ideas of what is going on within BU

ETG involvement

understanding per BU

Process-based

Ensuring ownership of functional areas

Vendor mgmt

Code Migration

e.g. Vendor Management or BCP

Sample across BUs

Limitations until initiatives are implemented