Audit Planning
Effective audit planning involves breaking down audits into manageable segments while maintaining depth. It is crucial to rotate through the audit schedule to ensure comprehensive coverage and to identify areas that may feel too broad or uncomfortable.
開啟
Audit Planning/Process Action items Ideas on how to carve out
audits to be more manageable
and more in-depth What areas are too broad?
What made you uncomfortable? Justification to rotate
through audit schedule Leadership commitments Ways to change committments Justification e.g. tiers FFIEC governed areas Are commitments definite? SOX "Need to do" Joining Projects Due diligence Audit team members to
become members of
project teams outside
audit deptartment Aligning w/
Skillsets and Technical
Knowledge what falls under
finance team scope? Fin. team to start taking
on more operational
audit areas in 2012 e.g. vendor mgmt Major Gaps? Self-reporting of ERR compliance Pick critical areas
to cover on audits Ensuring coverage of
compensating controls w/in ERA E.g. Password reqs Platform-based
work programs/audits RXP Mainframe More detailed reviews Evaluation of common processes More like Remedy audit Impact for locations Accurate interdependency matrix Risk Vision review avoid missing areas categorize Application audits ClearQuest RMS Endevor Client contract risk Central repository no central handle on
contract mgmt or compliance Scoping Ensure testing addresses risks Include product overview
during scoping call Understand product
before audit fieldwork Value-add - including all areas committment to org. Understand and document why and what Challenges w/ federal examiners Potential risk Leverage Call
Program Running ideas of what is
going on within BU ETG involvement understanding per BU Process-based Ensuring ownership
of functional areas Vendor mgmt Code Migration e.g. Vendor Management or BCP Sample across BUs Limitations until initiatives
are implemented