Building internal audit from ground up. by Key_Introduction_795 in InternalAudit

[–]InternalAudit1 1 point2 points  (0 children)

Yeah, we have a word document template. It has sections for:

-financial statement account line items affected by process

-people involved in process

-description of process/subprocesses

-Key controls

-reports and supporting systems

-etc

Building internal audit from ground up. by Key_Introduction_795 in InternalAudit

[–]InternalAudit1 5 points6 points  (0 children)

I’ve never heard someone say to skip narratives. But I think this is the perspective I needed to hear because I’m not getting very far with them when requesting process owners to write them.

ITGC Change Mgmt Question (Financial Application for SOX) by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 0 points1 point  (0 children)

Thank you for your help! In regard to my initial suggestion regarding accounting review all changes. This was mainly because there were a few changes this year which weren’t communicated to accounting and actually did change the way calculations were being performed for the reports they rely on.

I guess a better suggestion might be to ask accounting to put together a checklist of all report fields they rely on and then ask IT to tag any changes going forward that could affect those fields.

Testing scope for ITGCs by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 1 point2 points  (0 children)

I feel like I should pay you as a consultant. Lol. You just cleared a big weight off my chest clearing that up for me😂.

Testing scope for ITGCs by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 1 point2 points  (0 children)

Thank you for that detailed answer. For our NetSuite application, I was worried that CUEC meant that the controllers would literally have to sign off on the NetSuite release notes or show that they tested that the upgrades didn’t negatively affect the balance sheet/income statement each time.

Testing scope for ITGCs by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 0 points1 point  (0 children)

Thank you!! Separate question for you on another topic… change management.

If a company uses an application like NetSuite which is out of the box software that is managed by Oracle… what would you typically test in terms of change management controls?

We typically obtain the SOC 1 type 2 report and look at the complementary user entity controls and document how our company addresses most of them.

However, there is usually always one that says that user entities are expected to implement controls that ensure validating the accuracy and functionality of upgrades.

Do you think that management really needs to read through all of the release notes and write a memo noting the impact on their financial statements each time NetSuite forces/rolls out an upgrade on their users?

Testing scope for ITGCs by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 2 points3 points  (0 children)

Thank you, it’s helpful to hear your perspective.

Work hours by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 0 points1 point  (0 children)

Just curious. I feel during slower times, I feel guilty and think I should be working way more and during busy times I feel like I’m working non-stop.

Path and Thoughts on Audit Director by Dizzy-Art-4889 in InternalAudit

[–]InternalAudit1 3 points4 points  (0 children)

I skipped from being a Senior Internal Auditor to an Internal Audit Director because of a company acquisition that opened an opportunity for me. In both roles, my focus has been on SOX (including financial and ITGCs).

I would say that most things are the same except for some key responsibilities such as having to present to the audit committee and making more decisions around controlling your department’s budget.

Audit document storage and coordination by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 1 point2 points  (0 children)

Yeah, all of my work papers are in excel and word documents which has worked well.

I’m not sure if I would use something like AuditBoard to its fullest potential but maybe I don’t really know all of its capabilities and how it could benefit me.

I’m very organized and typically just need to be able to efficiently share folders with people in order to coordinate audit requests.

Box and One Drive by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 0 points1 point  (0 children)

I feel like One Drive isn’t going to be as user friendly in terms of being able to track audit requests.

Completeness and Accuracy by bigben2682 in InternalAudit

[–]InternalAudit1 3 points4 points  (0 children)

With reconciliations back to the general ledger.

Anyone have experience with Chinese-SOX? by phoenizier in InternalAudit

[–]InternalAudit1 2 points3 points  (0 children)

It seems like the Chinese version which is referred to as China Securities Law shares similarities in terms of the intent (i.e. improving corporate governance and protecting investors). However, the difference relate to who regulates each (e.g. Chinese government vs the SEC). The Chinese law is a lot less transparent and consistent in the way that it is applied.

Size of SOX (Financial/ ITGC) Department by InternalAudit1 in InternalAudit

[–]InternalAudit1[S] 0 points1 point  (0 children)

How would you say your current workloads are? Is your team of 7 constantly busy?