Date post: | 22-Jan-2015 |
Category: |
Technology |
Upload: | joe-oringel |
View: | 400 times |
Download: | 0 times |
2. Opening thoughts on Continuous Auditing
GRC thought leadership, practically applied 2008 Visual Risk IQ and Vonya Global - All Rights Reserved 3. What does Wall Street guidance look like? How are economic conditions affecting you?
4. The IIAs GTAG was published in 2005 Where are we now? Level-setting / Review of Industry Guidance
Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved 5. Relationship between Continuous Auditing, Monitoring, and Assurance
Level-setting / Review of Industry Guidance
6. Evolution from CAATS to CA to CM CAATs Continuous Auditing Continuous Monitoring
Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Level-setting / Review of Industry Guidance Internal Audit Business 7. Continuous Auditing is a hot topic for todaysAudit leader - but what is Continuous? Continuous auditing and continuous monitoring become right time when the timing and frequency of evaluation matches business requirements. What frequency is right for your revenue transactions?Supply chain? ** Source:2006 State of the Internal Auditing ProfessionCopyrightPricewaterhouseCoopers LLP2006 Continuous auditing / continuous monitoring programs Todays continuous auditing frequency Market View of Continuous Auditing Visual Risk IQ is a leader in Continuous Auditing and Monitoring 2007 Visual Risk IQ, LLC, All Rights Reserved 8. What is continual risk assessment and how does it relate to continuous auditing?
Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Continual risk assessment 9. Implementing continuous auditing across an internal audit methodology is not just about technology Enterprise Audit Projects The audit process Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Technology Technology 10. its about a model that acknowledges the impact of People, Audit Process and Governance also. Enterprise Audit Projects The audit process Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved People Technology Governance Audit process People Technology Governance Audit process 11. A basic continuous auditing maturity model The audit process a maturity model approach Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Basic practices Level 2 practices Better practices Continuous auditing People Staff has some basic data literacy.Knows how to ask IT for information. Some IT- and data-specific specialists are accessible, either in-house or as consultants Audit staff and leaders are IT- and data-literate.Little distinction between IT audit and financial / operational audit people No need for ad hoc data acquisition - CA and CCM systems are well-integrated into finance and operations Technology Basic data capture and analysis using MS-Office or ERP Query tools.Heavy reliance on Corporate IT Some re-usable scripts exists and are used on-demand for relevant audit projects Scripts are stored, scheduled, and run at appropriate intervals Continuous auditing and monitoring technologies contribute to all audit steps Governance Business is reactive to requests from Internal Audit and usually helps in a timely way.Audit can access data directlyIT consults with IA prior to making system changes that are known to affect IA.Data driven early warning / risk alerts include both business and controls / audit implications.Audit methodology Risk assessments are conducted annually Risk assessments are conducted more frequently than annually Risk assessments consider objective and subjective data.Gaps between objective and subjective assessments are highlightedRisk alerts are embedded into the IA methodology and drive specific responses real-time 12. Moving up the curve can rarely donein large steps The audit process a maturity model approach Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Basic practices Level 2 practices Better practices Continuous auditing People Staff has some basic data literacy.Knows how to ask IT for information. Some IT- and data-specific specialists are accessible, either in-house or as consultants Audit staff and leaders are IT- and data-literate.Little distinction between IT audit and financial / operational audit people No need for ad hoc data acquisition - CA and CCM systems are well-integrated into finance and operations Technology Basic data capture and analysis using MS-Office or ERP Query tools.Heavy reliance on Corporate IT Some re-usable scripts exists and are used on-demand for relevant audit projects Scripts are stored, scheduled, and run at appropriate intervals Continuous auditing and monitoring technologies contribute to all audit steps Governance Business is reactive to requests from Internal Audit and usually helps in a timely way.Audit can access data directlyIT consults with IA prior to making system changes that are known to affect IA.Data driven early warning / risk alerts include both business and controls / audit implications.Audit methodology Risk assessments are conducted annually Risk assessments are conducted more frequently than annually Risk assessments consider objective and subjective data.Gaps between objective and subjective assessments are highlightedRisk alerts are embedded into the IA methodology and drive specific responses real-time 13. Risk assessment should be the newcenterpiece for the audit process Enterprise Audit Projects Risk Assessment Planning & Scoping Execution Planning & Scoping Execution Planning Planning & Scoping Execution Reporting Reporting Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Continual risk assessment 14. Visual reporting can help with Continual Risk Assessment and Continuous Controls Monitoring Corporate Data Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Continual risk assessment 15. Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Continual risk assessmentWhat are other leading companies doing? 16. What are other leading companies doing? Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Continual risk assessment 17. Presentation to the Triad Chapter of the IIAVisual Risk IQ is a leader in Continuous Auditing and Monitoring 2007 Visual Risk IQ, LLC, All Rights Reserved Regularly updated outlier dashboards canserve as a key top-level report for CRA / CCM Continual risk assessment 18. Another Client Example Individualized per division with drill-down capability Continual risk assessment 19. Another Client Example, continued turning data into meaningful information. Continual risk assessment 20. A good continuous controls monitoring platform The Platform Data Locker Reasoning & Analytics Engine Risk and Performance Checks Platform Data & Logs Visual Reporting / User Interface Systems of Record Workflow Engine Extract & Mapping Rules Workflow & Platform Configuration Extract, Map & Load Common Data Models Knowledge Maintenance Interface What does this look like at best in class companies? Visual Risk IQ is a leader in Continuous Auditing and Monitoring 2007 Visual Risk IQ, LLC, All Rights Reserved 21. What can we do on Monday?
Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved Takeaways 22. Joe Oringel(704) 752-6403 [email_address] Don Sparks 713-327-1877 [email_address] www.visualriskiq.com www.audimation.com Thank you!For more information or discussion, please contact Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved 23. Visual Risk IQ Points of distinction
Visual Risk IQ GRC thought leadership, practically applied 2008 Visual Risk IQ, LLC, All Rights Reserved