Continuous Monitoring and Gaining External Audit Reliance - PowerPoint PPT Presentation
Title:
Continuous Monitoring and Gaining External Audit Reliance
Description:
Continuous Monitoring and Gaining External Audit Reliance The Opportunity Post SOX organizations are inclined to establish key groups to govern risk and measure ... – PowerPoint PPT presentation
Number of Views:49
Avg rating:3.0/5.0
Title: Continuous Monitoring and Gaining External Audit Reliance
1
Continuous Monitoring and Gaining External Audit
Reliance
2
The Opportunity
- Post SOX organizations are inclined to establish
key groups to govern risk and measure compliance
across the company, who with the external auditor
form an interdependent compliance community - Assess risk
- Assure internal controls
- Committed to operational excellence, solid
metrics for measuring the process and continuous
improvement. - We believe that with some additional focus and
prioritization, that these organizations can move
to a continuous monitoring approach and create a
better control environment with much less
investment and expense than todays environment. - Continuous Monitoring will allow for far fewer
audits and more risk coverage.
3
The Approach
- Build toward a common compliance strategy
- Model and measure in aligned segments
- Link monitoring activity to assertions and
objectives - Use audit engagements to determine specifications
- Collect persuasive detail through the monitoring
applications - Establish a solid methodology to accompany the
metrics to reach a conclusion
4
Model and Measure in Aligned Segments
Compliance Community
Continuous Control Monitoring Tools and
Methodology
Financial Process Risks
Application Risks
IT Operations Risks
GAIT Principles
ITIL Processes
Transaction Processing
- Change Management
- Security
- Availability
- Release Config Mgt
- Identity Management
- Incident Management
- Configurable Controls
- Exception Data
Accepted Assurance Frameworks
5
Link Monitoring Activity to Assertions and
Management Objectives
Assertion Completeness
Assertion Existence / Occurrence
Assertion Valuation / Measurement
Financial Processes
Applications Databases
Operating Systems
GAIT Principles
Control Objectives
ITIL Processes
- Accuracy
- Authorization
- Completeness
- Change Management
- Security
- Operations
- Release Config
- Identity
- Incident Handling
6
(No Transcript)
7
SAP_ALL Comparison Across Similar Applications
(June 2008 Sept 2008)
Investigate
8
SAP_ALL Comparison Across Similar Applications
(June 2008 Sept 2008)
Investigate
9
SAP_ALL Details for APL September 2008
Recommended
CrystalGraphics Presentations
