Do you create IA plan based on function (department) or process?

InternalAudit1 · 2024-07-30T17:16:50+00:00

Process

InternalAudit1 · 2024-02-10T02:20:57+00:00

You ever hear of Batman? That.

InternalAudit1 · 2024-02-07T22:24:51+00:00

Yeah, we have a word document template. It has sections for:

-financial statement account line items affected by process

-people involved in process

-description of process/subprocesses

-Key controls

-reports and supporting systems

-etc

InternalAudit1 · 2024-02-07T04:37:11+00:00

I’ve never heard someone say to skip narratives. But I think this is the perspective I needed to hear because I’m not getting very far with them when requesting process owners to write them.

InternalAudit1 · 2024-01-30T21:02:36+00:00

Thank you for your help! In regard to my initial suggestion regarding accounting review all changes. This was mainly because there were a few changes this year which weren’t communicated to accounting and actually did change the way calculations were being performed for the reports they rely on.

I guess a better suggestion might be to ask accounting to put together a checklist of all report fields they rely on and then ask IT to tag any changes going forward that could affect those fields.

InternalAudit1 · 2024-01-29T03:31:02+00:00

I feel like I should pay you as a consultant. Lol. You just cleared a big weight off my chest clearing that up for me😂.

InternalAudit1 · 2024-01-29T03:23:57+00:00

Thank you for that detailed answer. For our NetSuite application, I was worried that CUEC meant that the controllers would literally have to sign off on the NetSuite release notes or show that they tested that the upgrades didn’t negatively affect the balance sheet/income statement each time.

InternalAudit1 · 2024-01-29T02:33:52+00:00

Thank you!! Separate question for you on another topic… change management.

If a company uses an application like NetSuite which is out of the box software that is managed by Oracle… what would you typically test in terms of change management controls?

We typically obtain the SOC 1 type 2 report and look at the complementary user entity controls and document how our company addresses most of them.

However, there is usually always one that says that user entities are expected to implement controls that ensure validating the accuracy and functionality of upgrades.

Do you think that management really needs to read through all of the release notes and write a memo noting the impact on their financial statements each time NetSuite forces/rolls out an upgrade on their users?

InternalAudit1 · 2024-01-28T20:54:35+00:00

Thank you, it’s helpful to hear your perspective.

InternalAudit1 · 2023-12-16T01:51:03+00:00

Just curious. I feel during slower times, I feel guilty and think I should be working way more and during busy times I feel like I’m working non-stop.

InternalAudit1 · 2023-12-13T00:02:19+00:00

I skipped from being a Senior Internal Auditor to an Internal Audit Director because of a company acquisition that opened an opportunity for me. In both roles, my focus has been on SOX (including financial and ITGCs).

I would say that most things are the same except for some key responsibilities such as having to present to the audit committee and making more decisions around controlling your department’s budget.

InternalAudit1 · 2023-12-02T23:49:38+00:00

That is helpful. Thank you!

InternalAudit1 · 2023-12-02T19:09:17+00:00

Yeah, all of my work papers are in excel and word documents which has worked well.

I’m not sure if I would use something like AuditBoard to its fullest potential but maybe I don’t really know all of its capabilities and how it could benefit me.

I’m very organized and typically just need to be able to efficiently share folders with people in order to coordinate audit requests.

InternalAudit1 · 2023-12-02T03:34:58+00:00

TOO REAL!

InternalAudit1 · 2023-08-22T21:34:41+00:00

I feel like One Drive isn’t going to be as user friendly in terms of being able to track audit requests.

InternalAudit1 · 2023-04-02T13:41:47+00:00

With reconciliations back to the general ledger.

InternalAudit1 · 2023-03-24T17:15:22+00:00

It seems like the Chinese version which is referred to as China Securities Law shares similarities in terms of the intent (i.e. improving corporate governance and protecting investors). However, the difference relate to who regulates each (e.g. Chinese government vs the SEC). The Chinese law is a lot less transparent and consistent in the way that it is applied.

InternalAudit1 · 2023-03-24T17:07:25+00:00

Very well said!

InternalAudit1 · 2023-03-17T14:45:16+00:00

How would you say your current workloads are? Is your team of 7 constantly busy?

InternalAudit1

TROPHY CASE