AUDIT2020 Danny M. Goldberg, Founder THE STANDARD IN

AUDIT2020 Danny M. Goldberg, Founder THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT INTRODUCTION THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Danny M. Goldberg FOUNDER, GOLDSRD (

WWW.GOLDSRD.COM) FORMER DIRECTOR OF CORPORATE AUDIT/SOX AT DR PEPPER SNAPPLE GROUP FORMER CAE - TYLER TECHNOLOGIES PUBLISHED AUTHOR (BOOK/ARTICLES)

TEXAS A&M UNIVERSITY 97/98 CHAIRMAN OF THE LEADERSHIP COUNCIL OF THE AMERICAN LUNG ASSOCIATION - NORTH TEXAS CALENDAR YEAR 2012 SERVED ON THE AUDIT COMMITTEE OF THE DALLAS INDEPENDENT SCHOOL DISTRICT (CY 2008) CURRENT DALLAS AND FORT

WORTH IIA PROGRAMS COCHAIR FORT WORTH IIA BOARD MEMBER IIA NORTH AMERICA LEARNING COMMITTEE MEMBER (2014-15) CERTIFICATIONS: CPA SINCE 2000 CIA SINCE 2008 CISA SINCE 2008 CGEIT - SINCE 2009 CRISC - SINCE 2011 CRMA SINCE 2011 CCSA SINCE 2007 CGMA SINCE 2012 THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT

People-Centric Skills Published August 2014 (Wiley Publications) Over 3,500 copies sold Amazon Rating Coauthored with Manny Rosenfeld Chief Audit Executive with four global F500 Cos. and a global Financial Services organization. First book specific to internal audit communications and personal interactions This is not a reference book! Story book format Character development

Fictional Internal Audit Department Fictional Professional Coach/Trainer Situational THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT PROFESSIONAL DEVELOPMENT: NATIONALLY-RECOGNIZED LEADER IN AUDIT AND PEOPLE-CENTRIC SKILLS TRAINING INSTITUTE OF INTERNAL AUDITORS (IIA) REGISTRY OF CPE PROVIDERS (ONLY SIX FIRMS IN NORTH AMERICA!) OVER 200 FULL-DAY COURSES ON AUDIT, IT AUDIT, ACCOUNTING, FINANCE, PERSONAL DEVELOPMENT AND PEOPLE-CENTRIC SKILLS REGISTERED WITH NASBA TO OFFER CPES FOR ALL COURSES IN COURSE CATALOG (LIVE AND WEB-BASED) INTERACTIVE AND EDUCATIONAL COURSES FOR ALL LEVELS EXECUTIVE RECRUITING: UNIQUE APPROACH TO FILLING POSITIONS,

INCLUDING PERSONALITY ASSESSMENT FOR CANDIDATE AND ORGANIZATION EXPANSIVE NETWORK OF QUALIFIED CANDIDATES ACTIVELY LOOKING STAFF AUGMENTATION: MARKET LEADER IN LOCATING COST-EFFECTIVE, RECOGNIZED RESOURCES IN ACCOUNTING, FINANCE, AUDIT AND IT ALL REQUESTS FILLED WITHIN 72 HOURS GoldSRD Snapshot THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT

Topical Agenda Risk Assessment/Messaging Emerging Marketing Internal Audit Transparency of Audit Approach Audit Planning BLAH! BLAH! BLAH! WHAT IS THE ULTIMATE GOAL OF INTERNAL AUDIT? BLAH! BLAH! THE STANDARD IN STAFFING, RECRUITING AND

PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT What is Internal Audit? Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. SOURCE: IIA International Professional Practices Framework, e.g. the Red Book EMERGING RISKS

THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Identifying Emerging Risks Industry Trends (what is in the news) ERM predicting changes over 5+ years Change to ERM -> Change ARM & Audit Plan Integrate Emerging Risk Reviews into the Strategic Planning Process Identify All Assumptions and Carry Out

Disciplined Assumption Testing Challenge Conventional thought Processes and Expectations WHAT DO COMPANIES DO WITH EMERGING RISKS? THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Emerging Risk What to do? Inform Board/Audit Committee Look for Guidance Balance review of emerging risks versus high risks Understand what is being done

currently to manage risks; look to Board/Audit Committee is this enough? AUDIT TRANSPARENCY THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Audit Transparency Do You Share Your Risk Assessment with Your Auditees? Do You Post Your Audit Plan for the Year? Do You Give Your Auditees Your Workprogram During Planning? How transparent can you be at your

organization? MARKETING INTERNAL AUDIT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Internal Assessment What is the perception of IA in your organization? Are new employees, including temporary, given orientation about governance, risk management, compliance (GRC) and its relevance to their roles? Does internal audit tell its story at new employee orientation? At all-hands meetings?

At initial meetings of all engagements? Is the Internal Audit brand comparable to Walmart or Ford? THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Some Marketing Approaches New employee orientations Management and executive development training

Staff profiles on web or in brochure Description of services on web or in brochure Web page with push communications eNewsletter Lunch and learn for non-audit staff Debrief management after audit committee meetings Presentation decks for all occasions THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Three Pillars of Marketing IA Consistent Messaging Continuous Education

Define Internal Auditing Focus on Objectives Marketing Plan Marketing Sheet Outreach w/ new managers Periodic outreach w/manager (take the pulse) Intranet Site

Alleviate the Fear Focus on Value Brown Bag Lunches Newsletters Email with Issues/Findings Do Not Use Independence as an Excuse Transparency Try to Help Try Not to Hide Anything Walk Auditees through ARA Post the Audit Plan Give Auditees

Audit Work program (Path to Success) ENGAGEMENT PLANNING THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT GROUP DISCUSSION DOES YOUR PLANNING PROCESS MIRROR THE PREVIOUS SLIDE? IF NO, WHAT ARE THE DIFFERENCES? DISCUSS IN GROUPS WHAT CAN BE DONE BETTER/DIFFERENTLY. THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND

PROFESSIONAL DEVELOPMENT Preliminary Risk Analysis Key to an effective PRA is understanding the goals and objectives of an audit: Objective of an audit is not to perform the audit How can we narrow the focus of the audit to the greatest risks? Objective of the audit starts at the audit risk assessment and audit plan level: Why was it identified as a risk? Why was it deemed important enough to appear in the audit plan?

Auditors must be able to understand the objective of an audit and then hypothesize possible outcomes of the audit PRELIMINARY ENGAGEMENT-LEVEL RISK ASSESSMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Quick Key Indicators Preliminary Analytical Procedures Compare to balances for one or more comparable periods Compare to anticipated results (budget and forecasts) Evaluate relationships to other current-year balances for

conformity with predictable patterns Compare with similar industry information Study relationships with relevant nonfinancial information Flux Analysis Business Objectives Key Performance Indicators ENGAGEMENT LEVEL RISK ASSESSMENTS MY THEORY RISK IS MUCH SIMPLER TO IDENTIFY THAN YOU THINK. BY ASKING SIMPLE YES/NO QUESTIONS (NOT PROCESS SPECIFIC, APPLY TO ANY INDUSTRY/ANY COMPANY), WE CAN DETERMINE (AT LEAST AT A HIGH LEVEL) IF THIS AUDIT WILL BE MUCH MORE CHALLENGING THAN INITIALLY BUDGETED FOR. THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT

THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Initial Business Process Owner Interview You are interviewing the business process owner in a process that you audit every two years. You can ask up Yes/No questions to the process owner to get a preliminary determination of risk make a list of those questions. THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Yes/No Questions

Do you have policies/procedures and are they updated? Significant change to people/process/systems? Do you periodically review access to your systems? Have you experienced significant

downtime? Are there any known issues for the system? Any other audits that have occurred and results? Any audit on the horizon? Change in integration/flow of data? Has the system demand change? Do you receive/review/understand SOC reports? Any changes in external environment? What have you done? Change in third parties/vendors? Do you escrow a copy of the source code of the system of record? Is the system of record off the shelf or internally developed? If off the shelf, has the system been

customized? If off the shelf, is the system currently in regards to updates and upgrades? When you run a report from the system, are you confident in the accuracy of the report? Has the audit log been turned off for any key systems? Are there ways (in your opinion) to utilize the system to make the process more efficient/effective? Have there been any data breaches over the period under review? Any pending litigation? Any new regulations/compliance standards? Are you meeting your business objectives? Any significant losses (shrink, fraud, financial)? Do you have any systems/databases not managed by IT?

GROUP DISCUSSION WHAT OTHER FIELDWORK TOPICS/QUESTIONS WOULD YOU LIKE TO DISCUSS? WHAT DOES YOUR DEPARTMENT DO BEST? WHAT COULD THEY DO BETTER? THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Testing Strategy AUDIT AUDIT TEST TEST TYPE

TYPE SAMPLE SAMPLE SIZE SIZE RISK Employ a strict risk-based testing strategy Direct correlation (Risk: Sample Size); (Risk: Type of Audit Test) THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Types of Audit Tests

Design only (no control testing) Interviews only (must corroborate) Procedural review (not representative) IT testing (analyze files, screens, procedures, logs, and audit trails) Tests of controls (criteria) Substantive tests CAATs AUDIT SAMPLING THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT

Two Decision Points Sample Size Sample Selection THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Sample Size Statistical Non-Statistical Semi-Statistical THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Control Rating Guidance Nature of the control (e.g., preventive or detective; manual,

automated, or hybrid; etc.) Importance of the control (e.g., is the control critical to mitigate the risk?; are there compensating controls? etc.) Risk of failure of the control (consider changes in volume or nature of transactions; changes in design; changes in key personnel; level of reliance on other controls; control complexity) Knowledge of past control deficiencies in design or operation Control Attributes & Effect on Ratings HIGHLY AUTOMATED Low

High HIGHLY MANUAL CRITICAL TO COMPENSATING MITIGATE RISK CONTROL PROCESS OWNER NO CHANGES PROCESS NUMEROUS CHANGES COMPLEXITY SYSTEM OF RECORD NONE/LOW PREVIOUS CONTROLREGULATORY/ IMPACT HIGH IMPACT DEFICIENCIES

THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Sample Size Based on the frequency of the control along with the control rating, the following minimum sample sizes have been developed (Auditor judgment may be used to increase sample sizes) Frequency of Control Activity Annual Quarterly Monthly Weekly Daily or Manually Recurring (population 250) Manually Recurring (population 250) Control Rating based

Sample Size Low Medium High 1 1 1 2 2 3 2 3 4 5 8 10 25 40 60

10%* 15%* 25%* THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Sampling Techniques Random Sampling: Testing items are selected using a random number generator, allowing each item an equal chance of being selected (or selected multiple times). Judgmental Sampling: Testing items are selected based on the auditors professional judgment and knowledge of the population, auditable unit, or other pertinent factors (e.g., all items over a specific dollar threshold, a certain transaction type, or within a certain date range) Haphazard Sampling: Testing items are selected without any conscious bias from the auditor. Should be used when the population cannot or is not organized in a manner to allow for a

judgmental or random sample (i.e., selecting from a file drawer) Stratified Sampling: Testing items are selected using a combination of random and judgmental (reviewing population of similar characteristics and randomly sampling remainder) THE STANDARD IN STAFFING, RECRUITING AND PROFESSIONAL DEVELOPMENT Gold Nuggets Continuously look to improve Just because we have always done it this way.. Define what value is

Recently Viewed Presentations

  • Programming and Problem Solving with C++, 2/e

    Programming and Problem Solving with C++, 2/e

    Abstract Data Type (ADT) a data type whose properties (domain and operations) are specified (what) independently of any particular implementation (how)
  • MMIS Modularity - Medicaid Directors

    MMIS Modularity - Medicaid Directors

    In 2012, in recognition it was an agency priority to improve access to timely, complete, and accurate Medicaid and CHIP data, CMS created MACBIS. Effectively managing the implementation of the Affordable Care Act and the state Medicaid and CHIP programs...
  • Humanities - henry.k12.ky.us

    Humanities - henry.k12.ky.us

    Humanities. Wednesday - Introduction to the Renaissance PowerPoint . Thursday - Sub - reading activity. Friday - Finish Renaissance notes - Renaissance visual arts and music examples. Monday and Tuesday - Romeo and Juliet. Wednesday - Library to type rough...
  • Fotos para la historia

    Fotos para la historia

    Fotos de variados tipos, que por alguna razón pueden considerarse históricas
  • Capacity Planning Testing for SharePoint 2007

    Capacity Planning Testing for SharePoint 2007

    Depending on test, you may want to stop the timer and admin service, as well as profile imports and crawls. Enabled BLOB and/or output cache, if appropriate. Use a time-based expiration for object cache. All pages should be published; nothing...
  • Unit 1 Safety Issues - Cengage

    Unit 1 Safety Issues - Cengage

    Apparatus and equipment have evolved over a period of many years. ... Turnout coat. Pants. Gloves. Boots. Extras in pockets. Learning Objective 7. Types of Personal Protective Equipment. ... Unit 1 Safety Issues Last modified by:
  • Adidas Ag

    Adidas Ag

    ADIDAS AG Gliederung Das Unternehmen Unternehmensleitung / Mitarbeiter Finanzzahlen des Adidas Konzerns Aktienkurs Standorte Promotion Partnerschaften Die Bedeutung der „ drei Streifen „ Marken Adidas Artikel Ziele für die Zukunft Quellenangaben Das Unternehmen Erfinder : Adolf Dassler Unternehmensform: Aktiengesellschaft Gründung:...
  • Economics - Tamaqua Area School District

    Economics - Tamaqua Area School District

    Johnson believed that the rebels had been backed by Communist supporters. He sent thousands of marines to the Dominican Republic, tipping the balance against the rebels and installing a new provisional government. It turned out that the rebels had not...