External Audit Resources

The AuditNet® Virtual Audit Library provides links and useful information on a wide variety of audit related topics for auditors. The AuditNet® Virtual Audit Library (AVAL) is available to the global audit community. If you would like to contribute resources or suggest additions to the AVL please contact us. 

Every successful audit is based on sound planning and an atmosphere of constructive involvement and communication between the client and the auditor. I see quite a few audit organizations that include a Web-based explanation to their clients how the audit process works. The purpose of providing this page is for those audit organizations that have not explained to their clients how, in general, the audit process works. It also is designed to provide a resource for sharing tools and techniques for each of the distinct phases of the audit process. If you have tools or resources that you would like added to these pages please send them to editor@auditnet.org.

Audit Process

Although every audit project is unique, the audit process is similar for most engagements and normally consists of four stages: Planning (sometimes called Survey or Preliminary Review), Fieldwork, Audit Report, and Follow-up Review. Client involvement is critical at each stage of the audit process. As in any special project, an audit results in a certain amount of time being diverted from your department's usual routine. One of the key objectives is to minimize this time and avoid disrupting ongoing activities. Following is a sample flowchart of the process that you may find helpful: Internal Audit Process

Planning

During the planning portion of the audit, the auditor notifies the client of the audit, discusses the scope and objectives of the examination in a formal meeting with organization management, gathers information on important processes, evaluates existing controls, and plans the remaining audit steps.

Announcement Letter

The client is informed of the audit through an announcement or engagement letter from the Internal Audit Director. This letter communicates the scope and objectives of the audit, the auditors assigned to the project and other relevant information.

Initial Meeting

During this opening conference meeting, the client describes the unit or system to be reviewed, the organization, available resources (personnel, facilities, equipment, funds), and other relevant information. The internal auditor meets with the senior officer directly responsible for the unit under review and any staff members s/he wishes to include. It is important that the client identify issues or areas of special concern that should be addressed.

Preliminary Survey

In this phase the auditor gathers relevant information about the unit in order to obtain a general overview of operations. S/He talks with key personnel and reviews reports, files, and other sources of information.

Internal Control Review

The auditor will review the unit's internal control structure, a process which is usually time-consuming. In doing this, the auditor uses a variety of tools and techniques to gather and analyze information about the operation. The review of internal controls helps the auditor determine the areas of highest risk and design tests to be performed in the fieldwork section.

Audit Program

Preparation of the audit program concludes the preliminary review phase. This program outlines the fieldwork necessary to achieve the audit objectives.

Fieldwork

The fieldwork concentrates on transaction testing and informal communications. It is during this phase that the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a list of significant findings from which the auditor will prepare a draft of the audit report.

Transaction Testing

After completing the preliminary review, the auditor performs the procedures in the audit program. These procedures usually test the major internal controls and the accuracy and propriety of the transactions. Various techniques including sampling are used during the fieldwork phase.

Advice & Informal Communications

As the fieldwork progresses, the auditor discusses any significant findings with the client. Hopefully, the client can offer insights and work with the auditor to determine the best method of resolving the finding. Usually these communications are oral. However, in more complex situations, memos and/or e-mails are written in order to ensure full understanding by the client and the auditor. Our goal: No surprises.

Audit Summary

Upon completion of the fieldwork, the auditor summarizes the audit findings, conclusions, and recommendations necessary for the audit report discussion draft.

Working Papers

Working papers are a vital tool of the audit profession. They are the support of the audit opinion. They connect the client’s accounting records and financials to the auditor’s opinion. They are comprehensive and serve many functions.

Working Paper Documentation

Audit Report

 Our principal product is the final report in which we express our opinions, present the audit findings, and discuss recommendations for improvements. To facilitate communication and ensure that the recommendations presented in the final report are practical, Internal Audit discusses the rough draft with the client prior to issuing the final report. For an audit report template including an executive summary click here.

Discussion Draft

At the conclusion of fieldwork, the auditor drafts the report. Audit management thoroughly reviews the audit working papers and the discussion draft before it is presented to the client for comment. This discussion draft is prepared for the unit's operating management and is submitted for the client's review before the exit conference.

Exit Conference

When audit management has approved the discussion draft, Internal Audit meets with the unit's management team to discuss the findings, recommendations, and text of the draft. At this meeting, the client comments on the draft and the group works to reach an agreement on the audit findings.

Formal Draft

The auditor then prepares a formal draft, taking into account any revisions resulting from the exit conference and other discussions. When the changes have been reviewed by audit management and the client, the final report is issued.

Final Report

Internal Audit prints and distributes the final report to the unit's operating management, the unit's reporting supervisor, the Vice President for Administration, the University Chief Accountant, and other appropriate members of senior University management. This report is primarily for internal University management use. The approval of the Internal Audit Director is required for release of the report outside of the University.

Client Response

The client has the opportunity to respond to the audit findings prior to issuance of the final report which can be included or attached to our final report. However, if the client decides to respond after we issue the report, the first page of the final report is a letter requesting the client's written response to the report recommendations. In the response, the client should explain how report findings will be resolved and include an implementation timetable. In some cases, managers may choose to respond with a decision not to implement an audit recommendation and to accept the risks associated with an audit finding. The client should copy the response to all recipients of the final report if s/he decides not to have their response included/attached to Internal Audit's final report.

Client Comments

 Finally, as part of Internal Audit's self-evaluation program, we ask clients to comment on Internal Audit's performance. This feedback has proven to be very beneficial to us, and we have made changes in our procedures as a result of clients' suggestions.

Audit Follow-Up

Within approximately one year of the final report, Internal Audit will perform a follow-up review to verify the resolution of the report findings.

Follow-up Review

The client response letter is reviewed and the actions taken to resolve the audit report findings may be tested to ensure that the desired results were achieved. All unresolved findings will be discussed in the follow-up report.

Follow-up Report

The review will conclude with a follow-up report which lists the actions taken by the client to resolve the original report findings. Unresolved findings will also appear in the follow-up report and will include a brief description of the finding, the original audit recommendation, the client response, the current condition, and the continued exposure to Indiana University. A discussion draft of each report with unresolved findings is circulated to the client before the report is issued. The follow-up review results will be circulated to the original report recipients and other University officials as deemed appropriate.

Internal Audit Annual Report to the Board

In addition to the distribution discussed earlier, the contents of the audit report, client response, and follow-up report may also communicated to the Audit Committee of the Board as part of the Internal Audit Annual Report.

The Process: A Collaborative Effort

As pointed out, during each stage in the audit process--preliminary review, field work, audit reports, and follow-up--clients have the opportunity to participate. There is no doubt that the process works best when client management and Internal Audit have a solid working relationship based on clear and continuing communication. Many clients extend this working relationship beyond the particular audit. Once the audit department has worked with management on a project, we have an understanding of the unique characteristics of your unit's operations. As a result, we can help evaluate the feasibility of making further changes or modifications in your operations.

History of Audit Committees

Since 1940, the SEC has recognized that an audit committee could serve an important, and ultimately necessary, function in ensuring that a publicly traded company’s financial reporting is accurate. In the 1970s, the New York Stock Exchange (NYSE) required boards of directors of listed companies to appoint an audit committee; in the 1980s, the National Association of Securities Dealers (Nasdaq) and American Stock Exchange (AMEX) subsequently followed suit. In February 1999, audit committees received attention when a committee composed of individuals from the NYSE, Nasdaq, public companies, and CPA firms issued the Report and Recommendations of the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees. The report recognized that the audit committee has a crucial role in ensuring high-quality financial reporting. Shortly after the report was issued, the SEC and the stock exchanges issued rules and regulations imposing certain requirements of, and responsibilities on, audit committee members. Today, a myriad of practices and regulations dictate the composition, roles, and responsibilities of audit committees.

Standard Disclaimer for External Links

These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by AuditNet® of any of the products, services or opinions of the corporation or organization or individual AuditNet® bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. AuditNet® does not exercise any editorial control over the information you may find at these locations. Contact the external site for answers to questions regarding its content.

Please let us know if any of the links fail to work - seeing as the owners of the respective sites are obviously entitled to change the structure and content of their websites at any time, we are unable to guarantee that our links will always be up to date.

If you find broken links please let us know. We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!


AICPA Audit Committee Toolkit

Audit Committee Guide - from Wachtell, Lipton, Rosen & Katz

Audit Committee Resource Guide - from Deloitte & Touche USA

Audit Committee Toolkit - The creation of an effective audit committee is an important way to enhance organisational governance and oversight. A widely used framework for internal controls is the COSO Internal Control — Integrated Framework developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.

Governance Tools - intended to shorten your learning curve; to become a successful director; to effectively support your CEO or Executive Director. It gives you the risk management foundation to understand the true nature of your role as director. It supplies the whole context for governance. It's intended to give you the confidence you need to participate effectively. It applies to directors of for-profit and not-for-profit organizations.
 

IFRS Primer for Audit Committees - from the AICPA

Sample Audit Committee Charters\

Amazon: The Audit Committee Handbook

 Amazon: Audit Committees: Regulation and Practice

Audit reports issued by other organizations provide a number of benefits for the global audit community. Audit reports can:

  • Provide examples of different formats of reports

  • Represent a knowledge base of "hot" or timely issues that other organizations are finding and reporting on.

  • Demonstrate the wording for findings

  • Show examples of criteria used

  • Show recommendations that may work for your organization

  • Provide meta-information for obtaining and developing audit work programs


The Local Government Audit Quarterly, journal of the The National Association of Local Government Auditors, provides abstracts of audit reports issued by local jurisdictions across the U.S. These abstracts represent a powerful tool for local government auditors in identifying potential audit areas for planning purposes. Due to the popularity of that resource I decided to provide a page devoted to federal, state and local sites that contain audit reports. This resource is freely provided as a service to the government audit community.

Audit Reports

Federal

GAO Reports and Testimony
HUD OIG Audit Reports

International

Australian National Audit Office - Menu for Audit Reports
Canada Review Information Network - Main Menu
The Audit Office of New South Wales Australia Performance Audit Reports

Local

DuPage County, Illinois: Abstracts of Internal Audit Reports
Fairfax County Virginia Internal Audit Reports
King County Auditor Reports
Montgomery County, MD Inspector General 
Multnomah County, Oregon Auditor's Office Report Summaries
Orange County, Florida Audit List of Audit Reports
Portland, Oregon Audit Reports
Seattle City Auditor's Office Reports

State

Pennsylvania Auditor General
Digital Document Archive: Association of Inspectors General
Louisiana Legislative Auditor
Mississippi OSA - Audit Reports
NC State Auditor's Performance Audit Reports
North Dakata OSA - Reports
Virginia Auditor of Public Accounts Reports

AICPA standards and GAGAS require the following:

A record of the auditors' work should be retained in the form of working papers.

4.35 The additional working paper standard for financial statement audits is:

Working papers should contain sufficient information to enable an experienced auditor having no previous connection with the audit to ascertain from them the evidence that supports the auditors' significant conclusions and judgments.

This page was developed to provide auditors from around the world the opportunity to share what they consider to be project standard electronic audit work papers.  These electronic forms or worksheets are organized based on the phases of the audit or the specific function under review. They are in Microsoft Word,  Excel, or Adobe PDF Format. According to an e-mail received from an AuditNet user: 

I think it would be kind of neat to see what others are doing and for new auditors to have a few forms to pick from instead of reinventing the wheel.

This is what AuditNet truly is all about; auditors sharing ideas that promote the concept of Auditors Sharing Knowledge for Progress!

Standard Disclaimer for External Links

These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by AuditNet® of any of the products, services or opinions of the corporation or organization or individual AuditNet® bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. AuditNet® does not exercise any editorial control over the information you may find at these locations. Contact the external site for answers to questions regarding its content.

Please let us know if any of the links fail to work - seeing as the owners of the respective sites are obviously entitled to change the structure and content of their websites at any time, we are unable to guarantee that our links will always be up to date.

We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!

We welcome your comments and more importantly the worksheets that you use when conducting an audit. Please send them to editor@auditnet.org

Audit Procedures and Manuals

UN Audit Manual (available in the Audit Programs section)

UN Inspection and Evaluation Manual

UN Investigations Manual

University of Illinois Audit Manual

University System of Maryland Internal Audit Procedural Guidelines

Florida Office of Audit & Compliance Review

Wayne State University Forms

Information Request List
Self-Audit Questionnaire
Request for Management Input Form
Registration of External Auditors Form
Online Tips Form

Gaming Industry Audit Programs

Auditing in the Gaming Industry

Audit Techniques

Planning Phase (Available to Subscribers in the Audit Templates Section)

Audit Assignment Form

Engagement Letter

ICQ Template

Management Assistance Memo (Excel)

Pre Audit Self Assessment Questionnaire

Risk Evaluation Form (Word)

Planning Workpaper Index

Workpaper Cover Template

Survey Phase

Interview Form

Fieldwork Phase

Audit Point Sheet

Exit Conference

Findings Worksheet (Excel)  

Audit Comments

Reporting Phase

Checklist Know Your Reader

Summary of Audit Results and Potential Recommendations 

Quality Control Checklist Audit Reports

Writing Planning Worksheet 

Follow Up

Washington University -St. Louis

UNC Follow Up Process Audit Program

Quality Assurance/Project Evaluation

Audit Project Evaluation Form

QC Checklist Fieldwork

QC Checklist Follow-Up

QC Checklist Survey Phase

QA Review Checklist

Quality Assurance Review Forms

Industry Specific Workpapers

Trucking Operations Worksheet

Internal Control Questionnaires

  1. ACH ICQ (xls) 

  2. Deposit Accounts ICQ (xls)  

  3. Property and Casualty 

  4. Wire Room ICQ (Word) 

Control Self Assessment ICQ (Cadbury) 

Cashiering
Computer Application
Contract
Fuel Oil Inventory
Materials and Supplies Inventory
Working Fund Audit

This ICQ is from the University of Georgia, Internal Auditing Division

Other Tools

SAS Program for Detecting Duplicate Addresses

How to Control Your PC Use

In the not too distant past, many organizations viewed the data that they kept on individuals as business property, to be used as the organization determined appropriate. Today, many of the world’s leading markets have adopted regulations that restrict how and when organizations may use those data, and afford the subject individuals rights to access and correct those data. Nations have even adopted regulations that impact how an organization may use such data outside of that nation. Consumer awareness of privacy matters has also risen, creating marketing risks to organizations that are not concerned with data privacy.

From A Guide to Cross-Border Privacy Impact Assessment by Thomas J. Karol

Auditors have a role in privacy issues by understanding the implications as well as building privacy considerations in their audits. This purpose of this page is to provide auditors with links to privacy information. It should by no means be considered comprehensive. If you have links or information that you would like to share, please contact us.

  • Conducting a Privacy Audit from the Government of Alberta

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act (GLBA)

Fair Credit Reporting Act (FCRA)

  • FCRA  Federal Trade Commission rules

Children's Online Privacy Protection Act (COPPA)

Family Education Rights and Privacy Act (FERPA)

PRIVACY PROFESSIONAL ASSOCIATIONS

Simply defining the annual internal audit plan is easy. The annual internal audit plan (or just 'audit plan') is the list of audit engagements to be conducted in the coming year. But understanding the importance of the audit plan requires us to look at how the audit plan is developed.

Each year, the Chief Audit Executive - with the help of their leadership team - interviews senior managers, key employees throughoutt the organization, and members of the audit committee, which is the subcommittee of the Board of Directors that oversees the internal audit function. 

The purpose of these interviews is to identify the areas where these managers feel the organization faces the most risk. For example, maybe there are new regulations and managers are thinking about the compliance risk. Or, maybe managers worry that the organization isn't adequately protected against cybersecurity threats.

After these interviews, the audit leadership team will meet and analyze the results of their interviews. Before they select which of the identified risks will end up on their annual audit plan as engagements, they'll do their own assessment. This may include looking at data to gain more insight into some of the risk areas, conducting research to see how other organizations are managing the risk, and reaching out to colleagues to get their opinion about the risks. The interviews and the audit team's research are both important when generating the enterprise-wide risk assessment.

Web Resource Links

Audit planning is a process that identifies all business areas; assesses the risk of each using a standard methodology; and uses available audit and financial resources to determine which audits will be performed during a year. While the format for an audit plan may vary from organization to organization they all should include common elements. 

  1. Define the audit universe (by division, location, department, product etc.)
  2. Conduct a risk assessment
  3. Prioritize audits based on risk assessment
  4. Determine available resources to conduct the audits
  5. Prepare the audit plan for the defined period
  6. Assign resources for engagement planning

If you have examples of audit plans that your company or organization uses please share them with AuditNet. We will provide links to the online template or make Excel or Word versions available to subscribers.

Computer programs designed to assist in examining and testing clients' accounting records. Different audit software packages accomplish varying objectives. Some packages assist in gathering evidence, conducting analytical tests, sampling data, evaluating internal control, documenting the audit, scheduling the audit, printing exception reports (e.g., employee salary exceeding a prescribed limit), preparing audit reports, sending out confirmations and management letters.

Standard Disclaimer for External Links

These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by AuditNet® of any of the products, services or opinions of the corporation or organization or individual AuditNet® bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. AuditNet® does not exercise any editorial control over the information you may find at these locations. Contact the external site for answers to questions regarding its content.

Please let us know if any of the links fail to work - seeing as the owners of the respective sites are obviously entitled to change the structure and content of their websites at any time, we are unable to guarantee that our links will always be up to date.

We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!

Auditors and Technology

Workiva

Workiva, provider of the world’s leading connected reporting and compliance platform, is used by thousands of enterprises across 180 countries, including 75 percent of Fortune 500® companies, and by government agencies. Our customers have linked over five billion data elements to trust their data, reduce risk and save time. For more information about Workiva (NYSE:WK), please visit workiva.com

IDEA Audit Software Training

IDEA Audit Software Training - According to the PwC's most recent State of the Internal Audit Profession Study most CAE's acknowledge that data analytics technologies are important for strengthening audit coverage and gaining a better understanding of risk, yet less than one third of their departments use such tools regularly. An AuditNet® survey reinforced this fact that most auditors are using the technology on an "ad hoc basis". Despite the fact that the technology has been available for more than two decades it is still not standard practice for the majority of the profession.Auditor's and Technology

IDEA is one of the easiest to learn analytic tools for auditors, however learning a new technology on your own can be difficult. Learning on your own may take longer and you may not be using the software efficiently or effectively. We provide directions and short cuts from the convenience of your desktop. that help you quickly navigate through learning IDEA.This series is aimed primarily at auditors, both internal and external, who are beginning their career in Computer Auditing or who wish to understand how to use IDEA. The series builds rapidly to shorten the time period to productivity and effectiveness.

AuditNet® has joined forces with Richard Cascarino and Associates to bring you a structured learning curriculum for CaseWare IDEA. The courses are designed to build on skills developed from prior knowledge or training. Auditors can choose between the complete series or pick and choose specific course depending on both needs as well as budgetary financial constraints.

Sparta Systems - Sparta Systems’ global enterprise quality management solutions (EQMS) enable high-value organizations to safely and efficiently deliver products and services to market. Our TrackWise® Enterprise Quality Management Software, a trusted standard among highly regulated industries, is used to reduce risk and improve safety across the global enterprise.


Audit Applications Logo - Audit Applications is an online service automating and simplifying the audit confirmation process. Accounts receivable / payable confirmations are sent as emails and responses are automatically registered in our secure and intuitive system.
You can sign up for a free test account allowing you up to 3 confirmation rounds. Avoid fraud while saving time and money by automating your audit confirmation process: https://www.auditapplications.com/en

ACL   is an integrated system of software providing complete control over data access, management, analysis, and presentation. The site offers information about their products, trade shows, seminars and training schedules, as well as online support and the Audit Central page; A Guide to Web Audit Sites. For more info send email to webmaster@acl.com.

ADM PLUS for Windows Web site of Pleier Corporation  provides information about their audit automation software. There are links to newsletter, conference announcements and a full-featured 90 day Evaluation Version or a Production Version of ADM PLUS for Windows is available for downloading.

Arbutus - Arbutus can be used for a variety of audit and business intelligence (BI) applications. Audit software applications include audit analytics, continuous monitoring, fraud detection, and workgroup collaboration. BI applications include connecting desktops to mainframes for accessing legacy data, data migration and querying, and data analysis. From ad-hoc testing to automating data analysis for continuous analytics, Arbutus provides auditors, financial managers, and IT professionals with the capabilities they need to perform enterprise-wide testing of organizational data.

Audimation is a distributor of IDEA software. The site has links to information about the product, its uses, training, upcoming events and demo downloads.

Auditor Assistant is a teamwork-based audit system using Lotus Notes. The site includes a description of how the system works, requirements and a downloadable preview version of the program.

Audit Leverage department management software for internal auditors. Uses Microsoft Access for workpapers, risk assessment, staffing and scheduling, timekeeping, and more.

CaseWare CaseWare International is a producer of engagement and reporting software.

CASEWARE-IDEA - Data extraction and analysis software

Computer Security Assessments by SekChek Information Protection Services - site for automated host-computer security reviews covering all non-mainframe platforms. Site provides sample review reports for all major platforms, and downloadable “client” software explaining how security control settings are extracted without impacting target system.

CRA Wiz - CRA Wiz™ is a family of Windows™ based software tools for compliance professionals in the CRA and Fair Lending fields. The three tools are the Database Analyzer, the Geocoder, and the Mapper. All are Windows™ based and can be operated and purchased as an integrated system or independently of each other.

Horwath Software Services provide a variety of Audit Automation, Risk Management and Computer Security products together with strategic advice, systems development, implementation assistance, training, and support. They are specialists in providing software development, consulting, training and support software for Internal Audit, Risk Management Quality Control, Computer Security, Fraud Investigation and other similar departments.

InfoZoom -  is a visualization and data analysis solution for Internal Audit. The software is an in-memory solution that is based on MP3 compression technology. InfoZoom allows combining multiple data sets without the need for a database or scripting. This site provides YouTube videos and use cases for common analysis needed in Audit.

Key Server License Management Web site provides software license management solutions for organizations. Site includes articles about software licensing, product information and a free software audit tool that determines the status of Software License Compliance

MetricStream, Inc market leader in Enterprise-wide GRC and Quality Solutions for global corporations. MetricStream enterprise solutions are used by leading corporations in diverse industries. MetricStream Audit Management module is a comprehensive audit system designed to help companies manage a wide range of audit-related activities, data and processes. The audit management software provides the flexibility to support all types of audits, including internal audits, operational audits, IT audits, supplier audits and quality audits.

TeamMate Audit and Controls Management - TeamMate, a part of Wolters Kluwer, is the maker of the world’s leading internal audit management solution, TeamMate AM, and the breakthrough SOX and controls management solution, TeamMate CM.


Thomson Reuters Accelus - company, offers comprehensive governance, risk and compliance software solutions that enable organizations to streamline GRC compliance, reduce costs, measure, manage and mitigate risks, while providing visibility, oversight and assurance. The purpose-built software takes a holistic approach to GRC by providing functionality for audit, financial controls management, risk management, IT governance and compliance.

Patton & Patton Software Home page of the developers of Flow Charting software. Provides information about the company and it's products. There are links to flowcharting resource materials including application stories, helpful publications and sources, common symbol definitions, and sample charts and diagrams. E-mail support is available.

SGP International , a leading developer of departmental data reconciliation and custom designed data management solutions, now offers DataCheck, a data integrity assurance system.


WizRule is a data auditing and cleansing application that analyzes databases and shows inconsistencies in the data. There is a demo available for download on the site.

Workiva , provider of the world’s leading connected reporting and compliance platform, is used by thousands of enterprises across 180 countries, including 75 percent of Fortune 500® companies, and by government agencies. Our customers have linked over five billion data elements to trust their data, reduce risk and save time. For more information about Workiva (NYSE:WK), please visit workiva.com

ACM - Association for Computing Machinery - largest and oldest international scientific and educational computer society in the industry. ACM provides members with a forum for sharing knowledge on developments and achievements. There is a Special Interest Group (SIG) for Security, Audit and Control.

American Accounting Association The American Accounting Association promotes worldwide excellence in accounting education, research and practice

American College of Forensic Examiners This is a not-for-profit organization for professionals involved in forensic examinations and consultation. There are links to criminal justice sites and other forensic links that provide information about forensic accounting (Zeno's Forensic Page). Certain areas on this page are restricted to members.

American Health Information Management Association Web site provides background on the organization, searchable clinical and non-clinical library databases, online publications and articles and more.

American Institute of Certified Public Accountants The AICPA homepage includes general information, member matters, catalogs, conference notices, research links, a Newsflash of professional happenings and more.

American Payroll Association contains articles on payroll topics, information about the organization and more.

American Society of Military Comptrollers is the professional organization for military controllership (professions of financial management in the Department of Defense and Coast Guard). The site includes information about the organization, local chapters, membership, career opportunities, professional development and more. The links section provides access to many additional resources for DoD financial professionals.

Accounting & Financial Women's Alliance  site provides information about the organization, membership, scholarships, and a directory of Chapter presidents. This organization represents a good networking tool for auditors.

American Society for Quality (ASQ) - professional organization for persons employed or interested in the field of Quality Science. ASQC maintains a number of files including the AuditNet Resource List. Web site Quality Resources Online .


American Women's Society of Certified Public Accountants AWSCPA is the only organization devoted exclusively to the support and professional development of women CPAs.

Arab Society of Certified Accountants ASCA was established in London in 1984 as an Arab professional institution with an international character.

Arizona Society of Certified Public Accountants   site provides information about the Society, accounting information, links to other sites and the Newsledger.

Association of Certified Anti-Money Laundering Specialists is a membership organization that provides a platform for career development and professional networking for individuals and is a resource for financial institutions and related businesses to identify and locate specialists in the rapidly expanding money laundering prevention field.

Association of Certified Fraud Examiners Tampa Bay Web site provides information about the Association and Chapter, as well as links to fraud related resources, the Code of Ethics, Newsletter articles and more.

Association of Chartered Accountants in the U.S. Homepage of the Association of Chartered Accountants in the United States (ACAUS)

Association of Chartered Certified Accountants Professional body for Chartered Certified Accountants, Certified Accounting Technicians and holders of the Certified Diploma in Accounting and Finance (CDipAF)

Association of College and University Auditors (ACUA) Audit Exchange Library -ACUA has set up an Audit Exchange Library available for members. 

Association of Credit Union Internal Auditors International organization for Internal Auditors in the credit union industry. Site provides information about membership and more.

Association of Government Accountants The educational organization dedicated to the enhancement of public financial management. AGA serves the professional interests of financial managers, from local, state and federal governments, as well as public accounting firms

Association of Healthcare Internal Auditors Professional organization for healthcare internal auditors. Site provides information about AHIA, Code of Ethics, position papers, and a planned audit library. Association of Healthcare Internal Auditors (AHIA) is the only international organization dedicated to the advancement of the healthcare internal auditing profession. AHIA's mission is to promote cost containment, revenue enhancement, and increased productivity in healthcare institutions through internal auditing. AHIA seeks to strengthen healthcare internal auditing by providing for the continuing professional education needs of healthcare internal auditors, providing a forum for sharing information, experience and ideas, promoting the benefits of healthcare internal auditing to healthcare executives and trustees, and representing the profession to other organizations, government agencies and the public.

Association of Local Government Auditors Home Page for Local Government Auditors, the organization formed to bring together professional local government auditors. The site includes information about the organization, annual conferences, and excerpts from the Local Government Auditing Quarterly.

Association of Public Pension Fund Auditors, Inc. is an organization of whose members are responsible for internal auditing of public pension funds. The site provides information about the organization, conference schedules, audit programs, their listserve and more.

Bank Administration Institute provides information about BAI, links to emerging issues, and Certified Bank Auditor training material demo.

Beta Alpha Psi Professional accounting and business fraternity, Beta Alpha Psi recognizes academic excellence and complements members' formal education by providing interaction between students, faculty, and professionals

British Accounting and Finance Association The aims and objectives of the BAA are the advancement of knowledge and understanding of accounting through advancement of education, encouragement of research and promotion by means of conferences, discussion groups, teachers and practitioners

California State Association of County Auditors Web site provides a list of California counties and their auditors, a list of audits performed with contacts and links to other sites.

Canadian Institute of Chartered Accountants The CICA, together with the provincial and territorial institutes of chartered accountants, represents a membership of over 65,000 professional accountants and 8,500 students

Certified General Accountants Association of British Columbia Certified General Accountants—a vital part of Canada's business community

Certified General Accountants Association of Canada The Certified General Accountants Association of Canada is a national self-regulating association of more than 30,000 Certified General Accountants who work in Canada and elsewhere

Certified General Accountants Association of Ontario Mission is to ensure our members merit the confidence and trust of all who rely upon their professional knowledge, skills, judgment and integrity

Certified Management Accountants–Alberta The Certified Management Accountants of Alberta (CMAA) represents over 5800 CMAs in Alberta

Chartered Accountants of Canada Web homepage Canadian Institute of Chartered Accountants (CICA). The site will contain links to the provincial institutes. There are also links to accounting and consulting practices of accounting firms, national and international accounting organizations and activity areas including accounting and audit. While much of the site is under construction, there are excellent links to environmental accounting resources and activities.

Chartered Property Casualty Underwriters Society Web site of insurance professionals containing information for consumers covering areas such as insurance law, finance, ethics and management.

Chartered Accountants of British Columbia Mission is to protect and serve the public, members and students by providing exceptional education, regulation and member services programs so that chartered accountants may provide the highest quality of professional services

The Chartered Accountants of Canada  is the Web site for the Canadian Institute of Chartered Accountants (CICA). The Web site provides information about the organization, exposure drafts, conference information, an online version of CAmagazine, studies and standards, links to related sites and more.

Chartered Institute of Management Accountants Founded in 1919, the Institute now has more than 50,000 members in 130 countries and over 67,000 registered students

CharterNET - Web server for the Institute of Chartered Accountants in Ireland (ICAI). This site provides information about the ICAI services and online library of materials. There is also a description of the Business Network reaching out to Chartered Accountants working in industry, commerce and the services sector.

Community College Internal Auditors is an organization that promotes communication between Internal Auditors and College administrators. The site provides information about the organization, officer names and addresses and links to audit related sites.

Confederation of Asian and Pacific Accountants Web site for a professional organization provides information on projects, articles, publications, links to other CAPA bodies, an Accountant's Forum and more.

Construction Financial Management Association site provides information about the organizations, publications, a job bank and more.

Council of Higher Education Internal Auditors Web site provides information about the organization, newsletter, internal audit links and an email discussion list.

County Auditor's Association of Ohio professional organization Web site provides a directory of county auditors, a virtual tour, and fiscal responsibilities. 

CPA Associates International International association of independent certified and chartered accounting firms with 95 members worldwide

CPA Australia CPA Australia is the nation's largest professional body with more than 97,000 members in Australia and overseas.

CPASNET A consortium of accounting and business consulting firms who have pooled their resources to provide their clients with the local, national and international prospective needed to prosper

CPA Wire Home page of the California Society of CPAs. Provides information about the organization, meeting information, links to other State societies and more. For more information send message to 71141.1736@compuserve.com.

Credit Union Internal Auditors Association  Web site provide information about the CUIAA, a useful discussion forum and more.

European Accounting Association Home Page for the European Accounting Association, it contains up to date information relating to the Association, its publications and conferences

Federation of Tax Administrators provides information about the organization, publications, electronic commerce, and more.

Financial Accounting Foundation - The FAF site contains information on how to obtain Financial Accounting Standards and Government Accounting Standards as well as current press releases of both organizations.

Financial Management Association International Mission of the FMA is to broaden the common interests between academicians and practitioners, and to provide opportunities for professional interaction between and among academicians, practitioners and students

Financial Managers Society Web site for the only not-for-profit professional society dedicated to serving the technical and professional needs of bank, thrift and credit union financial officers. Site includes information about the organization, regulatory issues, employment opportunities and more.

Florida Institute of CPAs Web site provides legislative updates, job links, and other sites of interest to Florida CPA's.

Government Finance Officers Association GFOA is the professional association of state/provincial and local finance officers in the United States and Canada

Global Association of Risk Professionals is a diverse international association of over 15,000 professionals from a variety of backgrounds and organizations who share a common interest in the risk management field.

Group of 100 Web site for an association of senior accounting and finance executives representing major public companies and government owned enterprises in Australia includes commentary on relevant policies and issues.

Healthcare Financial Management Association professional association for financial professionals in the healthcare field. Provides information about the association, publications, special interest groups such as a CFO forum , professional certification programs and more.

Hong Kong Institute of Certified Public Accountants The Hong Kong Institute of Certified Public Accountants is the only statutory licensing body of accountants in Hong Kong responsible for regulation of the accountancy profession

Illinois CPA Society Home page of the state professional association representing Certified Public Accountants. Includes financial management information, articles from Insight Magazine, and links to accounting related resources. Some areas of this site are restricted to members.

Institute of Chartered Public Accountants of Singapore The Institute of Chartered Public Accountants of Singapore (ISCA) is the national organization of the accounting profession in Singapore

Institute of Chartered Accountants in England and Wales The Institute of Chartered Accountants in England and Wales (ICAEW) is the largest professional accountancy body in Europe

Institute of Chartered Accountants of India Institute of Chartered Accountants of India (ICAI) is the country's premier accounting body

Institute of Chartered Accountants of Pakistan Institute of Chartered Accountants of Pakistan (ICAP) was established on July 1, 1961 to regulate the profession of Chartered Accountancy

Institute of Cost & Management Accountants of Pakistan ICMAP is the sole provider of cost and management accounting education, training and professional certification in Pakistan

Institute of Financial Accountants Institute of Financial Accountants was established in 1916 and is the oldest body of non Chartered Accountants in the world.

Institute of Internal Auditors The Institute of Internal Auditors–United Kingdom (IIA-UK) is the primary body in the UK representing, promoting and developing the practice of internal auditing

Institute of Internal Auditors The world's leader in certification, education, research, and technological guidance for the profession, the Institute serves as the profession's watchdog and resource on significant auditing issues around the globe

Institute of Management Accountants The IMA is the leading professional organization devoted exclusively to management accounting and financial management.

International Federation of Accountants IFAC is an organization of national professional accountancy organizations that represent accountants employed in public practice, business and industry, the public sector, and education, as well as some specialized groups

Institute for Professionals in Taxation Web site for a professional organization dedicated to minimizing the cost of tax administration and compliance for ad valorem and sales and use taxes. Site provides information about the organization, employment opportunities, research links, reference materials and more.

Institute of Chartered Accountants of Ontario site provides information about the Institute, upcoming events and more.

Institute of Internal Auditors Inc. The IIA Homepage provides information about the Institute, its mission, programs and services. The site includes the Statement of Responsibilities of Internal Auditing, Standards for the Practice of Internal Auditing, Chapter information, membership options, products, seminars and conferences and periodicals and more. The periodicals area includes writers guidelines for submitting manuscripts and the editorial calendar for The Internal Auditor. 

IIA United Kingdom Site provides information about the organization from an international perspective. Includes links to publications, training, recruiting and more.

Institute of Management Accountants Homepage - This site provides comprehensive information on IMA program's and services. Includes Cases from Management Accounting Practice, Statement on Management Accounting 4-P, Practices and Techniques for implementing Activity-Based Costing, and more.

International Association of Financial Crimes Investigators is a NPO for individuals that share information about financial fraud, fraud investigation and fraud prevention methods in the financial payment industry.

International Organization of Supreme Audit Organizations This site provides downloadable files, in WordPerfect format, about the membership, statutes, auditing, and guidelines for internal control standards.

International Organization for Standardization (ISO) Online - ISO, the organization that developed standards for quality management, established an online support unit to provide facts on ISO 9000. The ISO 9000 Forum provides answers to various frequently asked questions as well as background information on the standard.

Maryland Association of Certified Public Accountants site includes information about the Association, a comprehensive listing of resources, and CPE opportunities.

National Association of Black Accountants A national organization with primary purpose of developing, encouraging and serving as a resource for greater participation by African Americans and other minorities in the accounting profession.

National Association of Construction Auditors is committed to being the global authority on construction project controls. They are the only organization offering two separate professional certifications for Construction Auditors and Construction Control Professionals.

National Association of State Boards of Accountancy (NASBA) NASBA serves as a forum for the nation's state boards of accountancy, which administer the Uniform CPA Examination, license certified public accountants, and regulate the practice of public accountancy in the United States

National Association of Tax Practitioners The National Association of Tax Practitioners (NATP), founded in 1979, is a nonprofit professional association dedicated to excellence in taxation

National Conference of CPA Practitioners An association of member firms in public practice owned 100% by CPA's

National Institute of Accountants — Australia — The National Institute of Accountants (NIA) is a professional organisation for accountants who are recognised for their practical, hands-on skills and broad understanding of the total business environment.

National Association of Credit Union Supervisory and Auditing Committees Web site of the organization that supports credit union auditing committee members.

The National Association of Enrolled Agents site provides information about the association and its members, how to find a tax advisor, tax links, tax news and Electronic Commerce resources.

National Association of State Budget Officers Web site for the professional organization for state finance officers. The site includes a list of available publications, links to budget related links, and more. The Budget Links page also includes sites related to performance measurement.

National Association of State Auditors, Comptrollers and Treasurers Web site for the organization which includes public financial management, treasury and audit reports. Provides links to State Auditors and Treasurers on the Web, State Comptroller and State Auditor Issues.

National Association of State Boards of Accountancy . This Web site provides information about the organization, a listing of individual state boards of accountancy, a national registry of CPE sponsors, and more. Some areas are restricted to members only.

National Society of Insurance Premium Auditors Web site includes background information, industry news, publications and more.

National Society of Public Accountants site provides information about the NSPA, a national organization representing local practicioners and small businesses. There is information about publications, course availability, membership and more.

New England Peer Review Maine, New Hampshire, Rhode Island and Vermont administrative cooperative for the American Institute of Certified Public Accountants Quality Review Program.

Quebec Institute of Chartered Accountants Mission is to enhance decision making and improve organizational performance through financial management, assurance and other specialized expertise

Rhode Island Society of CPAs Site of this professional society provides links to Internet resources and information about the organization.

Saudi Organization for Certified Public Accountants (SOCPA) Saudi Organization for Certified Public Accountants (SOCPA) is a professional organization established under Royal Decree and operates under the supervision of the Ministry of Commerce in order to promote the accounting and auditing profession

Spanish Association of Accounting and Business Administration AECA's members represent the professional, academic and research bodies in the Spanish accounting and business administration world

SANS Institute Online The System Administration, Networking and Security Institute is an education and research organization for system and network administrators and security professionals. They provide resources and tools for professionals in related fields. Their email newsletters are a valuable knowledge resource for IT auditors.

Texas Society of Certified Public Accountants site provides information about the organization including the CPA Yellow Pages, National Job Search, Government Resources and more.

The Institute of Chartered Accountants of New Zealand The Institute of Chartered Accountants of New Zealand is the only professional accounting organisation in the country.

The Institute of Chartered Accountants of Nigeria The Institute of Chartered Accountants of Nigeria (ICAN) is the only professional accountancy body in Nigeria

Utah Association of CPAs Home page of the Utah Association of CPAs. Provides links to local and national accounting firms, CPE events, a CPA referral service and more.

Verband der Certified Public Accountants in Deutschland e.V. German CPA Society

Virginia Local Government Auditors Association home page for the statewide organization dedicated to promoting the local government audit profession. Provides information about the organization and upcoming training.

AuditNet encourages the concept of auditors sharing knowledge or ASK. The following presentations are either available as links to external resources or are available on an exchange basis. If a presentation does not have a link then it is available in exchange for a contribution of an audit presentation. The presentation must be in Microsoft® PowerPoint format. The presentation must be original and you will be required to agree to it's use by AuditNet.

Audit Process

Internal Audit Report Writing

Control Self-Assessment

CSA Presentation

Fraud

Fraud and Internal Control for School Based Administrators

Governance

Issues and Challenges in Corporate Governance

IIA - Top 10 Global Impacts of SOX on Internal Auditing (April 2005) 

Information Technology

Conducting Your Own Data Life Cycle Audit

Risk Management

A Framework for Control: COSO's Five Components of Internal Control and Questions Too Important to Ignore

COSO's Internal Control Framework

COSO Control Framework

Applying COSO's Enterprise Risk Management-Integrated Framework (Sept. 2004)

Sarbanes-Oxley

Impact of Sarbanes-Oxley and Section 404

Lessons Learned from Sarbanes-Oxley: A Data Perspective

Sarbanes-Oxley and Accounts Payable Template - an excellent basis for an internal presentation on S-Ox and the payables function.

Audit reports issued by other organizations provide a number of benefits for the global audit community. Audit reports can:

  • Provide examples of different formats of reports

  • Represent a knowledge base of "hot" or timely issues that other organizations are finding and reporting on.

  • Demonstrate the wording for findings

  • Show examples of criteria used

  • Show recommendations that may work for your organization

  • Provide meta-information for obtaining and developing audit work programs


The Local Government Audit Quarterly, journal of the The National Association of Local Government Auditors, provides abstracts of audit reports issued by local jurisdictions across the U.S. These abstracts represent a powerful tool for local government auditors in identifying potential audit areas for planning purposes. Due to the popularity of that resource I decided to provide a page devoted to federal, state and local sites that contain audit reports. This resource is freely provided as a service to the government audit community.

Audit Reports

Federal

GAO Reports and Testimony
HUD OIG Audit Reports

International

Australian National Audit Office - Menu for Audit Reports
Canada Review Information Network - Main Menu
The Audit Office of New South Wales Australia Performance Audit Reports

Local

DuPage County, Illinois: Abstracts of Internal Audit Reports
Fairfax County Virginia Internal Audit Reports
King County Auditor Reports
Montgomery County, MD Inspector General 
Multnomah County, Oregon Auditor's Office Report Summaries
Orange County, Florida Audit List of Audit Reports
Portland, Oregon Audit Reports
Seattle City Auditor's Office Reports

State

Pennsylvania Auditor General
Digital Document Archive: Association of Inspectors General
Louisiana Legislative Auditor
Mississippi OSA - Audit Reports
NC State Auditor's Performance Audit Reports
North Dakata OSA - Reports
Virginia Auditor of Public Accounts Reports

The audit report communicates the results of the audit work. For that reason alone it is perhaps one of the most important parts of the audit process. It is important because it is what the department and senior management sees, and in some cases may be the only product of our work that management receives. If written and communicated well, it can act as a positive change agent prompting management to take corrective action.

Writing an effective audit report starts with a clear understanding of how the report will be used, viewed, acted upon by department management. Audit reports have three major objectives:

  • Inform: To make department management aware of a situation by communicating the results of our audit work.
  • Persuade: To convince department management that our comments are valid and worthwhile.
  • Results: To convince department managers to take appropriate action.

If you have tools or resources that would make this page an effective resource please send them to editor @ auditnet.org


 Additional Resources for Writing

Audit Report Writing Guide

Sample Audit Opinion for Business Entity  

Report Letter Sample Format

Writing

 Plain Language

The Grammar Slammer

OWL (Online Writing Lab--Purdue University

Daily Grammar

Capital Community College Foundation Guide to Grammar and Writing 

Englishclub.com

Reference Books

Chicago Manual of Style

Bartleby.com References

For Federal Government user

Government Printing Office Style Manual

AICPA standards and GAGAS require the following:

A record of the auditors' work should be retained in the form of working papers.

4.35 The additional working paper standard for financial statement audits is:

Working papers should contain sufficient information to enable an experienced auditor having no previous connection with the audit to ascertain from them the evidence that supports the auditors' significant conclusions and judgments.

This page was developed to provide auditors from around the world the opportunity to share what they consider to be project standard electronic audit work papers.  These electronic forms or worksheets are organized based on the phases of the audit or the specific function under review. They are in Microsoft Word,  Excel, or Adobe PDF Format. According to an e-mail received from an AuditNet user: 

I think it would be kind of neat to see what others are doing and for new auditors to have a few forms to pick from instead of reinventing the wheel.

This is what AuditNet truly is all about; auditors sharing ideas that promote the concept of Auditors Sharing Knowledge for Progress!

Standard Disclaimer for External Links

These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by AuditNet® of any of the products, services or opinions of the corporation or organization or individual AuditNet® bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. AuditNet® does not exercise any editorial control over the information you may find at these locations. Contact the external site for answers to questions regarding its content.

Please let us know if any of the links fail to work - seeing as the owners of the respective sites are obviously entitled to change the structure and content of their websites at any time, we are unable to guarantee that our links will always be up to date.

We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!

We welcome your comments and more importantly the worksheets that you use when conducting an audit. Please send them to editor@auditnet.org

Audit Procedures and Manuals

UN Audit Manual (available in the Audit Programs section)

UN Inspection and Evaluation Manual

UN Investigations Manual

University of Illinois Audit Manual

University System of Maryland Internal Audit Procedural Guidelines

Florida Office of Audit & Compliance Review

Wayne State University Forms

Information Request List
Self-Audit Questionnaire
Request for Management Input Form
Registration of External Auditors Form
Online Tips Form

Gaming Industry Audit Programs

Auditing in the Gaming Industry

Audit Techniques

Planning Phase (Available to Subscribers in the Audit Templates Section)

Audit Assignment Form

Engagement Letter

ICQ Template

Management Assistance Memo (Excel)

Pre Audit Self Assessment Questionnaire

Risk Evaluation Form (Word)

Planning Workpaper Index

Workpaper Cover Template

Survey Phase

Interview Form

Fieldwork Phase

Audit Point Sheet

Exit Conference

Findings Worksheet (Excel)  

Audit Comments

Reporting Phase

Checklist Know Your Reader

Summary of Audit Results and Potential Recommendations 

Quality Control Checklist Audit Reports

Writing Planning Worksheet 

Follow Up

Washington University -St. Louis

UNC Follow Up Process Audit Program

Quality Assurance/Project Evaluation

Audit Project Evaluation Form

QC Checklist Fieldwork

QC Checklist Follow-Up

QC Checklist Survey Phase

QA Review Checklist

Quality Assurance Review Forms

Industry Specific Workpapers

Trucking Operations Worksheet

Internal Control Questionnaires

  1. ACH ICQ (xls) 

  2. Deposit Accounts ICQ (xls)  

  3. Property and Casualty 

  4. Wire Room ICQ (Word) 

Control Self Assessment ICQ (Cadbury) 

Cashiering
Computer Application
Contract
Fuel Oil Inventory
Materials and Supplies Inventory
Working Fund Audit

This ICQ is from the University of Georgia, Internal Auditing Division

Other Tools

SAS Program for Detecting Duplicate Addresses

How to Control Your PC Use

The following posting appeared in the Audit-l discussion list in August 2003:

I am tasked with the compilation of a Balanced Score Card for the Internal Audit Function, with particular emphasis on strategic goals rather than operational goals. Is there anybody who can share info in this regard. I am particularly challenged by the "measurement indicators/ tools".

I offered to establish a page on balanced scorecard for internal auditors as a clearinghouse for information, articles tools and resources. If you have something you would like to share on this subject contact us.


What is it?

The balanced scorecard is a management system (not only a measurement system) that enables organizations to clarify their vision and strategy and translate them into action. It provides feedback around both the internal business processes and external outcomes in order to continuously improve strategic performance and results. When fully deployed, the balanced scorecard transforms strategic planning from an academic exercise into the nerve center of an enterprise. (Source: The Balanced Scorecard Institute)

Useful Links

Balanced Scorecard Institute

Measuring Internal Audit Effectiveness and Efficiency - IPPF Practice Guide

Balanced Scorecard from ToolsHero - This article explains the Balanced Scorecard, developed by Robert Kaplan and David Norton, in a practical way. After reading you will understand the basics of this powerful strategy and performance management tool.

Books

A Balanced Scorecard Framework for Internal Auditing Departments

Balanced Scorecards and Operational Dashboards with Microsoft Excel

Key Performance Indicators: Developing, Implementing, and Using Winning KPIs

The Balanced Scorecard: Translating Strategy into Action

The following resources focus on auditing bank operations or banking functions:

Standard Disclaimer for External Links

These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by AuditNet® of any of the products, services or opinions of the corporation or organization or individual AuditNet® bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. AuditNet® does not exercise any editorial control over the information you may find at these locations. Contact the external site for answers to questions regarding its content.

Please let us know if any of the links fail to work - seeing as the owners of the respective sites are obviously entitled to change the structure and content of their websites at any time, we are unable to guarantee that our links will always be up to date.

We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!

BANKING DISCUSSION FORUMS

Online Discussion Forum for Banking includes an audit forum for discussions of audit-related questions and issues.
Bankers Compliance Tools

AUDIT PROGRAMS, ICQ,CHECKLISTS (following is a listing of the audit programs. Most are now available but only to subscribers and must be accessed via the Audit Programs link on the site.)

  1. ACH ICQ (xls) 
  2. Authentication in an Electronic Banking Environment Electronic 
  1. Bank Items Processing Audit Program  
  2. Banking - FX Revaluation Questionnaire 
  3. Bank Risk Assessment Questionnaire 
  4. Conducting an eBanking Audit 
  5. Credit Card Administration Audit Program   
  6. Credit Card Security Audit Program 
  7. Deposit Accounts ICQ (xls)  
  8. Insider Lending ICQ  
  9. Information Technology General Work Program
  10. Loan Review - Authorization and Reporting  
  11. Loan Review - Data Integrity 
  12. Loan Review - Physical Safeguards  
  13. Risk Management Principles for Electronic Banking
  14. Safety deposit boxes  
  15. Questionnaire Wire Room ICQ (PDF)

FSA TIMES -IIA The following audit programs are available to IIA members and require logging in to the IIA site.

Deposit Operations
Derivative Risk Management

AUDIT GUIDES AND MANUAL

Internal Audit Manual for Small Banks
BSA Manual from the FRB
FDIC Electronic Banking Examination Procedures
FDIC DOS Manual of Exam Policies
FDIC Information Systems Examination Handbook
FDIC Resources for Bankers
FFIEC IS Examination Handbook
I.R.S. Guide for Auditing Commercial Banks
Trust Examination Manual

The true power of the Internet relies on sharing information and knowledge. In keeping with this power, the new credo for AuditNet® is ASK for Progress or Auditors Sharing Knowledge for Progress . Auditors are increasing their use of computer assisted audit tools and techniques.  This section of AuditNet® provides information and links to resources that will help new and seasoned auditors explore electronic solutions for audit and share experiences and knowledge with each other.

AuditNet Bookstore featuring 101 ACL Applications: A Toolkit for Today's Auditor, Payables Test Set for ACL, Payables Test Set for IDEA.

For those evaluating audit department software complete this Comparison Chart for Department Requirements   to help with your requirements and to make your decision. Here is a free tool for comparing data analytic audit software. 

Using ActiveData for Excel: A video library of 14 of ActiveData's most powerful features

VIDEO TUTORIALS:

Quickly analyze your data

Save time manipulating data within your worksheets

Perform powerful audit and fraud detection techniques

Manage your Excel workbooks and worksheets efficiently

Training Materials


 
ACL Resources

Virginia ACL User Group

IDEA Resources

PRESENTATIONS

CAATTs Training and Guides

Audit Techniques for Electronic Records from the I.R.S.

Principles of Computer Assisted Audit Techniques - an AuditNet® Monograph Series Guide  in cooperation with INTOSAI.

Computer Assisted Audit Techniques Guide to Downloading Data an AuditNet® Monograph Series Guide in cooperation with INTOSAI

Guidelines for Requesting Data from Computer Systems

Sample Data Request Letter perhaps the hardest part of using data extraction software is getting the data. Here is a sample letter from an AuditNet® user with tips on requesting data.

CAATTs Articles and Papers

Computer Assisted Audit Techniques Part 1

Computer Assisted Audit Techniques Part 2

Auditing Online Computer Systems

Benford's Law for Business Planning

Computer Assisted Audit Techniques

Frequently Avoided Questions About Computer Auditing from ISect Ltd

Practical Software Tools for Internal Controls

Preventing Errors and Fraud in Spreadsheets

Top Three Considerations When Automating Your Internal Control and Audit Activities

Transforming Microsoft Excel Into an Audit and Cash Recovery Engine

CAATTS Books and Other Publications

CAATTs Miscellaneous Resources

AuditTools Web site that promote the knowledge and use of computer assisted audit techniques & tools in the audit process.

CAATTs Software Vendors and Consultants

ACL - Data extraction and analysis software

Audimation -  the North American business partner for Caseware-IDEA provides software, training and support. 

TeamMate - electronic work paper package that has revolutionized the audit documentation process.

IDEA - Data extraction and analysis software


Professional Associations

The Institute of Internal Auditors 

ISACA The Information Systems Audit and Control Association bookstore includes a number of publications on Computer Assisted Audit Tools and Techniques.     

Construction Auditing (please come back soon as we are rebuilding this page)
Audit Programs

AuditNet Audit Work Programs

Industry Audit Guides - Construction 

Audit Policies on Construction Contracts

DCAA Contract Audit Manual

Best Practices

A Guide to Best Practices for Contract Administration

Resources for Construction Auditors

National Association of Construction Auditors

National Association of Construction Auditors (NACA) is committed to being the global authority on construction project controls. They are the only organization offering two separate professional certifications for Construction Auditors and Construction Control Professionals.

Construction Financial Management Association

National Contract Management Association

Construction Audit and Cost Control Institute

Training for Construction Auditing

RL Townsend and Associates

Control self-assessment (CSA) is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the organization's risk management and control processes. In its various formats, CSA can cover objectives, risks, controls and processes.

Standard Disclaimer for External Links

These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by AuditNet® of any of the products, services or opinions of the corporation or organization or individual AuditNet® bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. AuditNet® does not exercise any editorial control over the information you may find at these locations. Contact the external site for answers to questions regarding its content.

Please let us know if any of the links fail to work - seeing as the owners of the respective sites are obviously entitled to change the structure and content of their websites at any time, we are unable to guarantee that our links will always be up to date.

We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!

McKeever CCSA Study System  from the Pleier Corporation an excellent CD based study tool to pass the Certification in Control Self Assessment.

Protiviti KnowledgeLeader Internal Audit and Risk Management Community is a web-based internal auditing tool that will help you identify risks, develop best practices and add value to your organization. The site includes self-assessment tools, checklists, methodologies and templates. You may sign up online for a 30-day free trial.

CoActive Connection  Tongren and Associates Web site provides information on CoActive Audit, CoActive Control, CoActive Governance and CoActive Risk as well as a library of articles on the above principles.


Control Self-Assessment Center at the IIA provides comprehensive information and material on CSA including qualification, certification, conferences, seminars and educational products.


Control Self Assessment Questionnaire Examples:
Marquette
Solano County California
Maine State Comptroller
Google Search on CSA Questionnaires

Corporate Governance Web site covers issues related to management accountability within organizations. There are links to sample policies, library reference materials, forums and more.


Internal Control Guide Massachusetts's Comptroller General guide for state departments. Straight-forward format that could be adopted by other auditors in recommendations.


Internal Control from the State University of New York at Brockport provides information about their program. The site includes a definition, human resource internal controls, general and specific standards and more.


OptionFinder and OptionPower audience response systems are electronic meeting tools that get everyone involved and keep meetings on schedule while providing instant feedback anonymously. This keypad based group polling system is used by many organizations in the control self assessment process.

Information technology (IT) continues to change how organizations function, communicate, and conduct business with customers, allies, and agents. Directors, audit committees, management, and stakeholders increasingly expect their auditors to be proficient in the use of technology to develop a thorough understanding of the control environment. Internal audit response requires understanding future audit processes and continuous auditing techniques, such as better use of interrogation software and intelligent software agents that provide pattern-recognition models to identify risks. Impact on internal audit processes and methodologies will be revolutionary.

This section of AuditNet is devoted to providing resources, educate and encourage discussion on this technology topic for the benefit of the global audit community.

If you find broken links please let us know. We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!


Continuous Audit Defined



ARTICLES (Google Search Results)

  1. Adopting Continuous Auditing/Continuous Monitoring in Internal Audit - ISACA
  2. Continuous Auditing and Monitoring: What is the Difference by John Verver
  3. Continuous Auditing: Leveraging Technology by DeWayne L. Searcy and Jon B. Woodroof
  4. Recommendations for an Effective Continuous Audit Process
  5. Six Steps to a Continuous Audit Process - IIA Article

Publications

Global Technology Audit Guide (GTAG) 3: Continuous Auditing: Implications for Assurance Monitoring and Risk Assessment - An evolving regulatory environment, increased globalization of businesses, market pressure to improve operations, and rapidly changing business conditions are putting increased pressure on CAEs and their staff to provide more timely and ongoing assurance that controls are working effectively and risk is being mitigated.

Continuous auditing changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit testing of 100 percent of transactions. This guide focuses on assisting CAEs with identifying what must be done to make effective use of technology in support of continuous auditing and highlights areas that require further attention.

Continuous Auditing - A Strategic Approach to Implementation - CaseWare IDEA Research Report

Tools

Compliance 360 The Internal Audit software solution from Compliance 360 helps you easily tailor processes to fit your unique requirements as you automate critical tasks throughout your audit planning, audit fieldwork, audit reporting and follow-up processes.

What is corporate social responsibility? Corporate Social Responsibility (CSR) encompasses an organization’s commitment to behave in an economically and environmentally sustainable manner, while honoring the interests of direct stakeholders

What is corporate social responsibility auditing? The purpose of the Social Responsibility Audit is to validate corporate performance against generally accepted criteria and report to the stakeholders the extent to which the auditee organization “walks its talk”.

The above definitions are from the web site of Vasin, Heyn & Company



Business for Social Responsibility Business for Social Responsibility (BSR) is a global organization that helps member companies achieve success in ways that respect ethical values, people, communities and the environment.

Center for Ethical Business Cultures Assisting business leaders in creating ethical and profitable business cultures at the enterprise, community and global levels.

Ceres coalition of 54 investor, environmental, religious, labor and social justice groups.
 

Conference Board of Canada provides links to governance and corporate social responsibility.

Corporate Social Responsibility Audits Web site of Vasin, Heyn & Company provides articles that explains how they perform social audits.

Corporate Social Responsibility Newswire Service a specialized newswire service whose primary target market includes the media and financial professionals and investors who consider corporate responsibility policies and practices in their investment recommendations and decisions.

Earthwatch Institute international nonprofit organization which supports
scientific field research worldwide to improve our understanding and management
of the Earth.

GreenMoney educate and empower individuals and businesses to make informed financial decisions through aligning their corporate and financial principles.

Hispanic Assoc on Corporate Responsibility ensure that there is an equitable participation of the Hispanic community in corporate America.

Rocky Mountain Institute nonprofit research and educational foundation with a vision across boundaries. Its mission is to foster the efficient and sustainable use of resources as a path to global security.

Social Investment Forum offers comprehensive information, contacts & resources on socially responsible investing.

Social Venture Network 

World Business  Academy

AuditNet®, the global resource for auditors and accountants provides tools and templates for CPAs. 

If you would like to contribute resources or suggest additions to the AVL please contact us.  

Interested in adding a resource to the library?  Click here!

Surgent Surgent CPA Review – Best CPA Exam Review course prep for student seeking to study and pass the CPA Exam. Surgent utilizes A.S.A.P adaptive learning technology with real-time personalization to help students learn to pass the CPA Exam by studying less and focusing on what they don’t know.

AuditNet® offers audit program templates for auditors by direct subscriptions as well as through site license partners. We also offer special workpaper templates for CPAs that are now available through subscriptions. These workpaper templates are Excel formatted workbooks covering financial statement audits. If you would like to download these templates then you will need to purchase a Premium Subscription.

  1. Audit Program Template for Workpaper Organization and Indexing - workbook includes worksheets for correspondence and confirmation letters
  2. Audit Program Template for Preliminary and General Audit Procedures - major procedures and steps that should be performed in an audit engagement. 
  3. Audit Program Template for Substantive Tests - specified audit procedures to certain audit objectives relating to the assertions embodied in financial statements.  
  4. Audit Program Template for Control Testing - major procedures and steps that are typically in an audit engagement when the auditor decides to test internal controls. 
  5. CPA Audit Working Papers Manual - comprehensive Excel workbook with individual worksheets for planning, execution, completion and reporting phase of the audit. 

Websites - CPA Resources

CPA Services

Taxes

Small Business 

Financial Planning

Consulting 

Internal auditors regularly access organization information for audit purposes. Many organizations now maintain computerized data warehouses containing useful management and financial information for auditors. Auditors therefore need to understand both the concepts of data warehousing as well as data mining techniques. Data warehousing is a process for assembling and managing data from various sources for the purpose of gaining a single, detailed view of part or all of a business. Data mining is the use of automated tools to explore and analyze large amounts of data stored in those data warehouses. This page attempts to provide members of the AuditNet® community with resources for both data warehousing and data mining. If you have additional resources or tools to share contact us.


Data Mining 101: Tools and Techniques

Data Mining: Results and Challenges for Government Program
Audits and Investigations
 from GAO



Data Mining for Assurance from CA Magazine

Data Mining and the Auditor's Responsibility from AuditSoftware.net

Data Warehouse Control and Security

Data Warehouse Data Reliability Process Review (April 04) (Contribution Required)

Using Data Mining to Detect Insurance Fraud excellent white paper from SPSS

The internal auditor can play a critical role in disaster recovery/business continuity resumption planning within an organization. This page provides resources and articles on the subject that you can use for reviews and planning for audits in this area. If you have any resources including audit programs, internal control questionnaires, checklists or other documents please consider sharing them for the benefit of the global audit community. Send your documents as attachments to editor@auditnet.org

Thanks to Dan Swanson for his contributions to this page.


What Should Your Business Continuity Efforts Focus On?

EXECUTIVE GUIDE: DISASTER RECOVERY | SearchCIO.com

The devastating effects of hurricanes Katrina and Rita last fall made clear the importance of disaster recovery plans perhaps as well or better than any other events in recent history. This Executive Guide offers news, advice and other resources to help CIOs prepare their organizations for the worst.

Boardroom Briefing: Business Continuity and Disaster Recovery

The Center for Excellence in Emergency Preparedness (CEEP)

Two leading BCP and DR resource “portals”
The Business Continuity Institute (BCI) offers free documents online to help practitioners implement effective business continuity plans. The BCI 76-page Good Practice Guidelines was originally prepared in 2002 by a working group with numerous business continuity planning (BCP) experts; it was then rewritten to take into account numerous comments, new public standards and recent legislation.

Business Continuity and Auditing Business Continuity

FFIEC Business Continuity Planning Booklet

The IIA’s DR and BCP resource repository

Is Your Organization's Business Continuity Plan Effective? - Identifying key problem areas during audits of business continuity plans can enhance an organization's disaster recovery efforts and ensure the quick return of business activities and services.
Assessing the Effectiveness of a Contingency Plan for an Individual Business Unit

ISACA global Knowledge Network - Using the search facility (at the link provided) enter “business continuity”, “disaster recovery”, “emergency management”, etc, to obtain a variety of resources to help your efforts.

Generally Accepted Business Continuity Practices – includes information on:

  1. Project Initiation and Management
  2. Risk Evaluation and Control
  3. Business Impact Analysis
  4. Developing Business Continuity Strategies
  5. Emergency Response and Operations
  6. Developing Business Continuity
  7. Training and Awareness
  8. Maintaining and Exercising Business Continuity Plans
  9. Public Relations and Crisis Communications
  10. Coordination with Public
 

ISO 22301 Business Continuity Management - a resource for information, links, news, events, resources and discussion for those seeking information and guidance on ISO 22301 specifically, also business continuity and emergency management in general.

A Community Risk Register - Each local resilience forum area in the UK has to provide a public Community Risk Register. This document is one of only a few that is being reviewed by central government in the UK as a contender for best practice of the publication of generic risk assessments in a local area. It was very much a multi-agency effort with over 80 contributors from at least 20 agencies.

Computer Room Emergency - Only a Matter of Time

 The Internal Auditor's Role in Disaster Recovery - article from the American Association of State Compensation Insurance Funds.

Audit Programs, Internal Control Questionnaires and Checklists

  1. Backup Procedures and Disaster Recovery Audit Program

  2. Business Continuity Disaster Recovery Management 

  3. Disaster Recovery Plan
  4. Disaster Recovery - C ontingency Planning Audit Program
  5. Disaster Recovery - Contingency Planning ICQ
  6. Disaster Recovery Risk Evaluation (Word)(PDF)

Miscellaneous Resources Contributed by AuditNet Community Members

  1. Business Impact Analysis Survey from NC State
  2. Business Continuity Report Benchmark Study
  3. FEMA Emergency Management Guide
  4. Glossary of BCP Terms
  5. Incident Management Checklist
  6. Information Security Checklist
  7. NASD Notice Business Continuity Plans
  8. How to Create an Effective Business Continuity Plan

  Expressing an Opinion - R esources

1.  Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements - Frequently Asked Questions Regarding Section 404 Updated to reflect PCAOB Auditing Standard No. 2.
 
2. RIA's recent Practical Guide to Internal Control (publication) --

3. Is Sarbanes-Oxley Compromising Internal Audit?
Internal auditors at many companies have been so consumed by the legislation that traditional priorities are falling by the wayside. But some organizations are finding ways to balance the function's ongoing compliance responsibilities with a renewed focus on strategic and operational risks.

4. An interesting article - How Markets Punish Material Weaknesses

5. An article about the IIA opinions paper


 B     O ther leading "good governance" focused resources:

1. 20 Questions Directors Should Ask of Internal Audit

Note - A free PDF of the above report is available for IIA members at - http://www.theiia.org/iia/download.cfm?file=2927

2. Internal Audit's Impact on Audit Committee Effectiveness

During the month of February 2004, the Audit Director Roundtable conducted a survey of Internal Audit Directors and Audit Committee members. The survey intended to gain an understanding of changes in the relationship between the Internal Audit department and the Audit Committee in light of recent corporate governance regulations. Survey results indicate that Internal Audit maintains a disproportionate focus on reporting lower-value activities to the Audit Committee. Results demonstrate a performance gap between Internal Audit objectives and actions and an expectations gap between Internal Audit and the Audit Committee.


3. Audit Committee Effectiveness—What Works Best, 3rd Edition
Sponsored by The Institute of Internal Auditors Research Foundation and prepared by PricewaterhouseCoopers. Corporate financial reporting continues to be under intense scrutiny—placing audit committees firmly in the spotlight. Audit committees are finding their workload has expanded significantly. The issues they now face are more challenging than ever, as their responsibilities expand well beyond the complexities of financial reporting. Audit committees may oversee risk management and many monitor compliance with laws and regulations and codes of conduct. At the same time, committees must find the appropriate balance between overseeing and advising management, recognizing that the balance shifts over time. Adding to these challenges are concerns about personal liability, especially for committee chairs and financial experts.

This research report has been prepared to help audit committee members effectively and thoughtfully discharge their duties. It provides direction on how best to carry out their responsibilities by providing numerous examples of how leading audit committees are not just coping, but succeeding. In short, it is your guide to what works best.

4. Corporate Governance and the Board - What Works Best
Corporate Governance and the Board - What Works Best delivers exactly what its name suggests. Presenting the best ideals for the highest level of board effectiveness, this publication astutely guides board members in their role of enhancing shareholder value. A must-read for all directors, regardless of their organization' s size or industry, this practical resource is sure to become the board beacon for years to come.

5. Finally, other leading IIA guidance


 C  ) Some leading Internal Auditing resources:

1. Practical Considerations Regarding Internal Auditing Expressing an Opinion on Internal Control 

2. Internal Auditing's Role in Sections 302 and 404

3. COSO Internal Control Integrated Framework (ICIF)

4. The IIA research report "A Framework for Internal Auditing's Entity-Wide Opinion on Internal Control"

5. Key Controls: The Solution for Sarbanes-Oxley Internal Control Compliance

6. IIA Sarbanes and Governance resources resources are at:

7. COSO ERM resources

8. IIA bookstore items regarding risk and control

9. COSO Implementation Guide

10. Finally, Internal Audit's Role in Corporate Governance: Sarbanes-Oxley Compliance

It has been said that a picture is worth a thousand words. Heeding the words of that proverb many auditors use flowcharting as a means of documenting internal controls within their organizations. This section of AuditNet is provided to allow auditors to share resources and ideas on how to integrate this technique into the audit process. If you have resources or ideas to share for this standardized method of documenting operations, please contact us.

The Foreign Corrupt Practices Act of 1977 (15 U.S.C. §§ 78dd-1, et seq.) is a United States federal law known primarily for two of its main provisions, one that addresses accounting transparency requirements under the Securities Exchange Act of 1934, and another concerning bribery of foreign officials.

Generally, the U.S. Foreign Corrupt Practices Act of 1977 ("FCPA" or the "Act") prohibits U.S. companies, their subsidiaries, as well as their officers, directors, employees, and agents from bribing "foreign officials" and also requires U.S. companies that issue debt or equity to maintain internal accounting controls and to keep books and records that accurately reflect all transactions.

Both the anti-bribery and the record-keeping and internal accounting controls provisions apply to worldwide operations. The FCPA is enforced jointly by the Securities & Exchange Commission (SEC) and the U.S. Department of Justice (DOJ).

Auditors can play an important role in ensuring compliance with the provisions of FCPA. This page provides links to information, e-tools and more to help auditors gain the necessary knowledge to cover this risk to their employers.

In addition we have added audit programs for FCPA which are now available to subscribers.


Foreign Corrupt Practices Act - Department of Justice site with the statute and links to information, procedures and more.

Transparency International - USA Toolkit

Audit Programs, Checklists and Guides

Anti-Corruption Guide: Developing an Anti-Corruption Program for Reducing Fiduciary

Don't Get Bitten by the FCPA - Guide from ACL

The Foreign Corrupt Practices Act at Thirty-Five: A Practitioner’s Guide

Fraud Control: Self Audit Guide

Practical Guide to Corruption Prevention

Resource Guide to the FCPA U.S. Foreign Corrupt Practices Act - from the U.S. Securities and Exchange Commission

Role of Audit in Fighting  Corruption - UN Guide

U.N. Manual on Anti-Corruption Policy


Fraud Audit Programs in the AuditNet Inventory

Fraud Analytics Expenditures (July 2009)
Fraud Analytics Payroll (July 2009)
Fraud Analytics Purchasing and Billing (July 2009)
Fraud Analytics Skimming (July 2009)

Fraud Financial Performance Indicators (Sep 05)
Fraud Investigation Audit Procedures (April 2009)
Fraud Susceptibility Worksheet

Fraud Prevention Check-Up  - Are you vulnerable to fraud? Do you have adequate controls in place to prevent it? Test your company’s fraud health with this free training resource featuring a checklist and video.

FraudBlog.net - from Jennifer Ford-Smith a Knowledge feed resource.

ACFE Fraud Resource Center

AICPA Antifraud & Corporate Responsibility Center


Protiviti KnowledgeLeader for Internal Auditors is a customized source of internal audit resources, tools, methodologies, checklists and self-assessment surveys.  Sign up on-line for a free 30-day trial of this subscription-based Web site.

Association of Certified Forensic Investigators is a non-profit Canadian organization whose objective is to promote and foster a national forum and governing body for the affiliation of professionals who provide to the public, governments and employers, their expertise and services in the areas of fraud prevention, detection and investigation.


Coalition Against Insurance Fraud Web site for the independent, nonprofit organization of consumers, government agencies, and insurers addressing insurance fraud through public information and advocacy.

Counter Fraud & Security Management Service   oversees Counter fraud work in the NHS (National Health Service) including oversight & training of the Local Counter Fraud Specialists (LCFS's) employed at each NHS Trust.

Employment Screening Resources Employment Screening Resources (ESR) offers a wide range of Sarbanes-Oxley compliance services in the critical area of background check. 


Federal Sentencing Guideline Manual from the United States Sentencing Commission provides the most recent guidelines and policy statements on the guideline sentencing process.


Financial Action Task Force is an inter-governmental body dedicated to the development and promotion of policies to combat money laundering. The policies aim to prevent proceeds from being used in future criminal activities and from affecting legitimate economic activities. The site provides annual reports on money laundering, an evaluation of preventive measures, recommendations from members, and more.


Financial Scandals page provides links to sources of information on the subject. Includes general sources on corruption, bank scandals, insurance fraud, forensic accounting and more. Auditors may find the links to resources to finding people useful in conducting fraud audits.


Forensic Accounting and Litigation Support web site provides information about this field of business related investigations.


Fraud and Corruption Control Guidelines for Best Practices - a comprehensive guide from the Queensland Australia Audit Office. 

Fraud Detectives Consultant Network Web site includes a database of fraud consultants, newsletters, fraud news and articles, fraud tips and tales. There is also an email list (Knowledge Resource)


Guide to Fraud Risk Assessment - from New South Wales Australia

Handbook on Fraud Indicators for Contract Auditors is the DoD Inspector General guide on contract fraud.

Independent Commission Against Corruption exposes and minimizes corruption involving the New South Wales public sector through investigation, corruption prevention and education. Site features include background information on the Commission, publications, reports and more.

The Institute for Business and Professional Ethics Web site at DePaul University is devoted to the subject of ethical behavior. The site includes professional and ethics resources, an ethics calendar, Ethics Beat and more.

Insurance Fraud Bureau of Massachusetts is a unique and multifaceted investigative agency dedicated to the systematic elimination of fraudulent insurance transactions. Features include their quarterly publication; FocusFraud, and links to other law enforcement, crime prevention and research organizations.


Investigators Guide to Sources of Information GAO publication that provides a comprehensive list of resources useful in conducting investigations. Includes a chapter on an Investigators Guide to the Internet. Auditors will find the selected Internet sites for investigative reference worth reviewing. The guide is downloadable as a PDF file and requires the Adobe Acrobat reader (also available for download).

Investigators Toolbox is a meta-site of links to researcher resources such as companies, databases, and more. Great information resource for auditors

National Criminal Justice Reference Service (NCJRS) - The NCJRS established a web site containing various resources from the National Institute of Justice, the research and development agency of the U.S. Department of Justice. Includes updates from the Office of Justice and the Office of National Drug Control Policy. Also provides information about products and services sponsored by NCJRS. There is an email address to send questions, an electronic mailing list, and an ftp site containing software, full text publications, and other resources.


National Health Care Anti-Fraud Association is an organization composed of private health insurers and federal/state law enforcement officials dedicated to the detection, investigation, and prosecution of health care fraud.

Practical Guide to Corruption Prevention   Prepared by the Independent Commission Against Corruption is an excellent resource for developing a fraud and corruption program within organizations. Modules include risk assessment, ethics, cash handling, purchasing and more.

Procurement Fraud Toolkit  - The Procurement Fraud Toolkit is a collection of resources and information designed to help investigators, auditors, and analyst, in conducting fraud investigations, audits and inquiries


SekChek for Internal Auditors and Forensic Investigators is an automated computer security analysis tool/service which permits rapid and comprehensive snapshots of host system / domain security control settings. Snapshots can be compared with previous scans to identify subtle, suspect or intermittent changes to security controls, particularly when system audit trails may be unreliable. SekChek's independent and objective Analysis Reports are guaranteed to be turned around within 24 hours (or sooner by prior arrangement). In addition, security scans can be initiated both locally and remotely without any impact on target system/s. Originally developed in 1997, SekChek is designed, and continually enhanced, to analyze security settings of all major (non-mainframe) operating systems and platforms, including all versions of Windows, Unix, Netware and AS/400. Sample reports can be downloaded from SekChek Information Protection Services at www.sekchek.com

Taxpayers Against Fraud is a nonprofit public interest organization devoted to fighting fraud against the Federal Government. The site includes information about the False Claims Act, news releases, resources, health care information and more.


Veris Social Security Number Verification Services provide methods for validity checking Social Security Numbers for invalid, never issued and deceased. The services include stand-alone application programs and software libraries for a variety of computer systems, as well as a mail in processing service. SSN databases are obtained from the Social Security Administration and updated monthly.     

Companies in this industry operate gambling facilities or offer gaming activities, including casinos, casino resorts and hotels, bingo halls, lotteries, and off-track betting. Major companies include US-based casino operators Caesars Entertainment, Las Vegas Sands, and MGM Resorts, as well as Lottomatica (Italy), SJM Holdings (Hong Kong), Tatts Group (Australia), and William Hill (UK).

Competitive Landscape
Demand for gambling is driven by consumer income growth and state spending. The profitability of individual companies depends on efficient operations and effective marketing. Large operators have the financial resources to make significant investments in facilities and efficient computer operations; they may also enjoy cross-marketing opportunities. Small gambling facilities can thrive by catering to local residents, who may not be able to afford travel to such gambling centers as Las Vegas or Atlantic City. The industry is concentrated: the top 50 gaming companies hold about 60 percent of the market. The casino hotel market is even more concentrated, with the top 50 firms holding 90 percent of the market.

Products, Operations & Technology
Gaming operators mainly provide a place or a means to play games of chance, where the odds of winning favor the "house." Popular casino games are slot machines (slots); video poker; and table games such as roulette, baccarat, blackjack, and craps (dice). The house take on slot machines varies, depending upon the denomination of the slot machine, but generally runs between 5 and 10 percent. The take on most table games may be higher, from 15 to 30 percent. State lottery games are mainly numbers games. State lotteries often retain between 30 and 40 percent of all money bet, according to the National Conference of State Legislatures.This page includes resources for auditing in the gaming industry

Audit Resources

Auditing in the Gaming Industry - PowerPoint presentation

Auditing the Casino Floor: A Handbook for Auditing the Casino Cage Table Games and Slot Operations, 2nd Edition from the IIA

Audit Programs - there are audit programs in our inventory that are available to subscribers. Search on gambling, casinos, gaming etc.

Colorado Department of Revenue Gaming Division - downloadable documents for reporting and controlling casino gaming

Compliance Audit Manual - from the Lottery Gaming Commission of Malta

Gaming Audit and Accounting Guide from the AICPA

Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators

Internal Control Practices in Casino Gaming

LinkedIn Group for Casino Auditors

Appearancethe act of giving the idea or impression of being or doing something.

Application Acquisition Reviewan evaluation of an application system considered for acquisition, which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process.

Application Controlsthese relate to the transactions and standing data appertaining to each computer-based application system and are therefore specific to each such application. The objectives of application controls, which may be manual or programmed, are to ensure the completeness and accuracy of the records and the validity of the entries made therein resulting from both manual and programmed processing. Examples of application controls include data input validation, agreement of batch totals, encryption of data transmitted, etc.

Application Development Reviewan evaluation of an application system under development, which considers matters such as; appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is developed in compliance with the established systems development process.

Application Implementation Reviewan evaluation of any part of an implementation project (e.g. project management, test plans, user acceptance testing procedures, etc.).Application Software Tracing and Mappingspecialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions, and processing sequences. Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations, and code comparisons.

Applications Systeman integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities (e.g., general ledger, manufacturing resource planning, human resource management).

Application Upgrade Reviewan evaluation of any part of an upgrade project (e.g. project management, test plans, user acceptance testing procedures, etc.).

Attitudeway of thinking, behaving, feeling, etc.

Audit Accountabilityperformance measurement of service delivery including cost, timeliness and quality against agreed service levels.

Audit Authoritya statement of the position within the organization, including lines of reporting and the rights of access.

Audit Evidencethe Information Systems Auditor (IS Auditor) gathers information in the course of performing an IS audit. The information used by the IS Auditor to meet audit objectives is referred to as audit evidence (evidence).

Audit Expert Systemsexpert or decision support systems that can be used to assist IS Auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis, system software, and control objectives software packages.

Audit Programa series of steps to achieve an audit objective.

Audit Responsibilitythe roles, scope and objectives documented in the service level agreement between management and audit.

Audit Samplingthe application of audit procedures to less than 100% of the items within a population to obtain audit evidence about a particular characteristic of the population.

CAATs -(Computer Assisted Audit Techniques)any automated audit techniques, such as generalized audit software, utility software, test data, application software tracing and mapping, and audit expert systems.

Cadburythe Committee on the Financial Aspects of Corporate Governance, set up in May 1991 by the UK Financial Reporting Council, the London Stock Exchange and the UK accountancy profession, was chaired by Sir. Adrian Cadbury and produced a report on the subject commonly known, in the UK, as the Cadbury Report.

COBIT ™Control Objectives for Information and related Technology, the international set of IT control objectives published by ISACF, © 1998, 1996.

COCOCriteria Of Control, published by the Canadian Institute of Chartered Accountants in 1995.

Computer Assisted Audit Techniques see CAATsCorporate Governancethe system by which organizations are directed and controlled. Boards of directors are responsible for the governance of their organization. (Source: The Cadbury Report)

COSOthe Committee of Sponsoring Organizations of the Treadway Commission produced the "Internal Control - Integrated Framework" report in 1992, commonly known as the COSO Report.

Detailed IS Controlscontrols over the acquisition, implementation, delivery and support of IS systems and services. Examples include controls over the implementation of software packages, system security parameters, disaster recovery planning, data input validation, exception report production, locking of user accounts after invalid attempts to access them, etc. Application controls are a subset of detailed IS controls. Data input validation for example, is both a detailed IS control and an application control. Installing and accrediting systems (AI5) is a detailed IS control, but not an application control.

Due Carediligence which a person would exercise under a given set of circumstances.

Due Professional Carediligence which a person, who possesses a special skill, would exercise under a given set of circumstances.

Embedded Audit Moduleintegral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be real-time on-line, or may use store and forward methods. Also known as Integrated Test Facility or Continuous Auditing Module.

Errorcontrol deviations (compliance testing) or misstatements (substantive procedures).

General Controlscontrols, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all the applications. The objectives of general controls are to ensure the proper development and implementation of applications, and the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IS strategy and an IS security policy, the organization of IS staff to separate conflicting duties and planning for disaster prevention and recovery.

Generalized Audit Softwarea computer program or series of programs designed to perform certain automated functions. These functions include reading computer files, selecting data, manipulating data, sorting data, summarizing data, performing calculations, selecting samples, and printing reports or letters in a format specified by the IS Auditor. This technique includes software acquired or written for audit purposes and software embedded in production systems.

Independenceself-governance, freedom from conflict of interest and undue influence. The IS Auditor should be free to make his/her own decisions, not influenced by the organization being audited and its people (managers and employers).

Independent Appearancethe outward impression of being self-governing and free from conflict of interest and undue influence.

Independent Attitudeimpartial point of view which allows the auditor to act objectively and with fairness.

Internal Control"The policies, procedures, practices and organizational structures, designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected." (Source: COBIT Framework).

Irregularitiesintentional violations of established management policy or deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole.

Materialityan expression of the relative significance or importance of a particular matter in the context of the organization as a whole.

Objectivitythe ability to exercise judgment, express opinions and present recommendations with impartiality.

Outsourcinga formal agreement with a third party to perform an IS function for an organization.

Pervasive IS Controlsthose general controls which are designed to manage and monitor the IS environment and which therefore affect all IS-related activities. Examples include controls over IS processes defined in COBIT's Planning and Organization domain and Monitoring domain, e.g. "PO1 - Define a strategic plan", "M1 - Monitor the processes," etc. Pervasive IS controls are a subset of general controls, being those general controls which focus on the management and monitoring of IS.

Populationthe entire set of data from which a sample is selected and about which the IS Auditor wishes to draw conclusions.

Professional Competenceproven level of ability, often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards.

Project Teamgroup of people responsible for a project, whose terms of reference may include the development, acquisition, implementation or upgrade of an application system. The team members may include line management, operational line staff, external contractors and IS Auditors.

Reasonable Assurancea level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved.

Relevant Audit Evidenceaudit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.

Reliable Audit Evidenceaudit evidence is reliable if, in the IS Auditor's opinion, it is valid, factual, objective and supportable.

Sampling Riskthe probability that the IS Auditor has reached an incorrect conclusion because an audit sample rather than the whole population was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selection method, it can never be eliminated.

Service Level Agreement (SLA)defined minimum performance measures at or above which the service delivered is considered acceptable.

Service Providerthe organization providing the outsourced service.

Service Userthe organization using the outsourced service.

Sufficient Audit Evidenceaudit evidence is sufficient if it is adequate, convincing and would lead another IS Auditor to form the same conclusions.

Systems Acquisition Processthe procedures established to purchase application software, including evaluation of the supplier's financial stability, track record, resources and references from existing customers.

Systems Development Processan approach used to plan, design, develop, test and implement an application system or a major modification to an application system.

Test Datasimulated transactions that can be used to test processing logic, computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs) and Base Case System Evaluations (BCSEs).

Useful Audit Evidenceaudit evidence is useful if it assists the IS Auditors in meeting their audit objectives.

Utility Softwarecomputer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activity, test programs and system activities and operational procedures, evaluate data file activity, and analyze job accounting data.

What is the 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR came into effect across the EU on May 25, 2018.

AuditNet® provides links to GDPR resources for the global audit community. In addition AuditNet® has tools for subscribers to help with GDPR compliance and audit. If you have resources you would like to share send an email to info @ auditnet dot org

The following definitions come from Wikipedia

Governance, Risk Management, and Compliance or "GRC" is an increasingly recognized term that reflects a new way in which organizations can adopt an integrated approach to these three areas. However, this term is often positioned as a single business activity, when in fact, it includes multiple overlapping and related activities within an organization, e.g. internal audit, compliance programs like SOX, enterprise risk management (ERM), operational risk, incident management, etc.

Corporate Governance Assessment Tool - tool from the Irish Association of Non-Governmental Development Organizations.

Governance is the responsibility of senior executive management and focuses on creating organizational transparency by defining the mechanisms an organization uses to ensure that its constituents follow established processes and policies. A proper governance strategy implements systems to monitor and record current business activity, takes steps to ensure compliance with agreed policies, and provides for corrective action in cases where the rules have been ignored or misconstrued.

Risk Management is the process by which an organization sets the risk tolerance, identifies potential risks and prioritizes the tolerance for risk based on the organization’s business objectives. Risk Management leverages internal controls to manage and mitigate risk throughout the organization.

Compliance is the process that records and monitors the policies, procedures and controls needed to enable compliance with legislative or industry mandates as well as internal policies.

This section of AuditNet will provide tools, resources and information specifically on GRC.

BPS Resolver: GRC and Internal Audit Solutions For over a decade, BPS Resolver Inc.’s GRC Suite has provided organizations with Governance, Risk and Compliance software solutions that create efficiencies and make GRC programs more effective. 

1. Detecting Healthcare Vendor Fraud Using Data Analysis (DA-2) April 17 

What you will learn:

• Who are the most common dishonest healthcare providers —It’s not always clear!

• New fraud risks under Obamacare

• Case studies: Surprising ways that vendors rip off hospitals, clinics and other providers

• How insiders collude with vendors to embezzle funds, divert inventory and steal confidential medical data

• Red flags of healthcare billing schemes, sham vendor frauds, drug diversion schemes and other hugely costly scams

• Proven data analytics procedures for detecting indicators of healthcare fraud

Date: Wednesday, April 17, 2013

Time: 11:00 AM- 1:00 PM (Eastern, GMT -0500)

CPE: 2 Credits are available for registrants attending the seminar which are awarded based on a 50-minute hour.

Program Level / Prerequisites and Advance Preparation: Basic / None

Basic Delivery Method: Group Internet Based

Recommended Category: Specialized Knowledge and Applications

Cost: $99 Individual ... $300 Group Pricing

Please register for Detecting Healthcare Vendor Fraud Using Data Analysis on Apr 17, 2013 11:00 AM EDT at:

HCFA Hospital Audit Program

Health Benefits Administration 

Health Claims Audit Program  

Hospital Audit Program from the State of Iowa, Auditor of State

Pharmacy Regulation ICQ 

Pharmacy Review (pdf)

Managed Care Audit Program

Third Party Administrator Health Care Audit Program (pdf)

RESOURCES

American Association of Medical Audit Specialists

Compliance Program Guidance for Third-Party Medical Billing Companies

Preparing for an Internal Billing Audit

SekChek for Internal Auditors and Privacy Officers can complement HIPAA Compliance audits by confirming adequate security of the host system/s running Medical Patient applications. This automated computer security analysis tool/service details the key control measures in place to secure the operating system environment. In turn, these independent SekChek assessments can confirm whether the production environments can be relied upon to protect the Privacy of medical / patient databases and HIPAA-conforming audit trails against inadvertent, unauthorized or malicious access or changes. Originally developed in 1997, SekChek is designed, and continually enhanced, to analyze security settings of all major (non-mainframe) operating systems and platforms, including all versions of Windows, Unix, Netware and AS/400. Sample reports can be downloaded from SekChek Information Protection Services at www.sekchek.com

Layer Seven Security -Layer Seven Security specialize in SAP security. The company serves customers across the globe to protect SAP systems against internal and external threats and comply with industry and statutory reporting requirements. We fuse technical expertise with business acumen to deliver unparalleled implementation, consulting & audit services targeted at managing risks in contemporary SAP systems.

NIST Security Guides

Guide to NIST Information Security Documents

Guide for Assessing the Security Controls in Federal Information Systems

Guidelines on Cell Phone Forensics  provides general principles and technical information to aid organizations in developing appropriate policies and procedures for preserving, acquiring, and examining digital evidence found on cell phones, and for reporting the results. Cell phones are an emerging but rapidly growing area of computer forensics. The publication also explains the relationship between key aspects of cell phone technology and the operation and use of available forensic tools.

Cell Phone Forensics Cell Phone Forensic Tools: An Overview and Analysis Update, provides an overview of current forensic software tools designed for the acquisition, examination, and reporting of data residing on cellular handheld devices. It is a follow-on publication to NISTIR 7250, which originally reported on the topic, and includes several additional tools. The publication reviews the capabilities and limitations of each tool in detail through a scenario-based methodology.

Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.3 describes XCCDF, which is a standardized XML format that can be used to hold structured collections of security configuration rules for a set of target systems. The XCCDF specification is designed to provide automated testing and scoring that can support FISMA compliance and other efforts. NIST IR 7275 specifies the data model and Extensible Markup Language (XML) representation for version 1.1.3 of XCCDF; the previous revision of NIST IR 7275 addressed version 1.1 of XCCDF

Draft SP 800-44 version 2, Guidelines on Securing Public Web Servers

Draft SP 800-46 version 2, User's Guide to Securing External Devices for Telework and Remote Access


Prioritizing IT Controls for Effective, Measurable Security

Information Security Handbook: A Guide for Managers , October 2006 from NIST - This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program.

National Security Institute

N.I.S.T. Computer Security Institute

CSO Online - magazine for Chief Security Officers

Security Risk Management Guide from Microsoft

Articles on Security

From NII Consulting

MS Office Security SecurityFocus Infocus article, August 2006
This article discusses Microsoft Office's OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. The second part of this article then collates some forensic investigation avenues through different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation.

Dissecting NTFS Hidden Streams Forensic Focus article, July 2006
This article discusses Alternate Data Streams feature of the NTFS filesystem. It underlines the importance of this feature from a hacker's perspective and a forensic investigator's perspective.

Five Common Web Application Vulnerabilites SecurityFocus Infocus article, May 2006
This article looks at five common Web application attacks, primarily for PHP applications, and then presents a short case study of a vulnerable Website that was found using Google and was easily exploited.

Key Strategies for Implementing ISO 27001 The IIA's ITAudit article, February 2006
This article brings to light various strategies involved in implementing ISO 27001 - from identifying business objectives to preparing for the final audit.

Evading NIDS, revisited SecurityFocus Infocus article, December 2005
This article discusses IDS evasion techniques in addition to the frag3 preprocessor and fragment reassembly in a multihost environment.

SQL Server Security The IIA's ITAudit article, March 2005
This is the first part of a two-part article that discusses securing the SQL Server. It covers secured SQL Server installation from an IT Auditor's perspective.

Penetration Testing of IPSec VPNs SecurityFocus Infocus article, Feb 2005
This article discusses a methodology to assess the security posture of an organization's IPsec based VPN architecture. It discusses blackbox penetration testing of a VPN server, and then a full configuration and architecture review.

Metasploit Framework - 3 parts SecurityFocus Infocus article, 12th July 2004
This is a three part article that talks in-depth about the Metasploit Framework - installation, configuration, and development of custom exploits using the framework.

Common security vulnerabilities in e-commerce systems SecurityFocus Infocus article, 27th April 2004
This article discusses common attacks and vulnerabilities in e-commerce shopping cart systems, with reference to SecurityFocus vulnerability reports where relevant.

Auditing Oracle Security The IT Audit, Vol. 7, April 15, 2004
This article discusses various aspects of Oracle security that must be considered, including secured installation, initialization parameters, users and profiles, roles, object and system privileges, logging, listener security, etc.

Detection of SQL Injection and Cross-site Scripting Attacks SecurityFocus Infocus article, 18th March 2004
This article discusses techniques to detect SQL Injection and Cross Site Scripting (CSS) attacks against your web applications using regular expressions with the open-source IDS, Snort

Audit and Penetration testing links

Lotus Notes Security

  • A guide to developing secure Domino applications
  • The Domino Defense: Security in Lotus Notes and Internet
  • Lotus IT Central Security Zone
  • Lotus Notes and Domino Reduce the Risks of Virus Attacks
  • How to secure a Lotus Domino-Server connected to the Internet
  • Check out the security of your Lotus Domino-Server
  • undermining Lotus Notes
  • Lotus Notes Vulnerabilities
  • Falling Dominos FAQ 1.0
  • Locking Down a Lotus Domino Server
  • Lotus Notes and Domino Security: An Overview of Authentication and Access Control
  • Lotus Notes Audit
  • The Domino Defense: Security in Lotus Notes 4.5 and the Internet
  • Lotus Notes and Domino R5.0 Security Infrastructure Revealed
  • ID Password Recovery (IPR) is a tool for recovering passwords on Lotus Notes ID files. It does this by guessing passwords you supply in a dictionary file.
  • AppDetective™ for Lotus Domino is a network-based, penetration testing/vulnerability assessment scanner that locates and assesses the security strength of database and groupware applications within your network.
  • Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system.

Wireless Security

If you find broken links please let us know. We are constantly reviewing and updating these pages so please be patient. If you would like to be a SME for this page please contact us!

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

AuditNet® has joined forces with Richard Cascarino and Associates to bring you a structured learning curriculum for IT audit. The courses are designed to build on skills developed from prior knowledge or training. Auditors can choose between the complete series or pick and choose specific course depending on both needs as well as budgetary financial constraints.

We are making the Webinar recordings available to subscribers. 

Protiviti KnowledgeLeader Internal Audit Community is a web-based internal auditing tool that will help you identify risks, develop best practices and add value to your organization. We give you internal audit tools, checklists, and templates as well as news and updates on the latest business risks and controls.

CobIT which are the Control Objectives for Information Technology from ISACA are online. The Executive Summary, the framework and the Control Objectives are available for download in Adobe Acrobat (pdf) format.


COBIT Listserv (COBIT-List) created to facilitate discussion about COBIT among members, ISACA has created a COBIT listserv. By exchanging knowledge through the listserv, subscribers are sure to find answers to their questions and advice for improving implementation procedures. Subscribe to the COBIT listserv by sending an email message to join-COBIT-L@share.isaca.org SUBJECT: (leave blank) BODY OF MESSAGE: (leave blank). You will receive an acknowledgment and instructions on how to unsubscribe by email.

Central Indiana Chapter ISACA created a list for information systems auditors called CISACA-L. The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe send an email to majordomo@purdue.edu with SUBJECT: (leave blank)
BODY OF MESSAGE: SUBSCRIBE CISACA-L

Global Technology Audit Guides The IIA produced a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives.


IS Audit and Security Review Kits includes ready-to-use IS/IT audit program and security review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions organized to lead you through the audit or review. This is an excellent site for jumpstarting an IS security review or audit.

IS Audit and Assurance Standards -procedures for Information Systems Auditing from ISACA

Information Systems Auditing: Tools and Techniques

IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals  - from ISACA

IT & Information Governance Resources  - T2P bridges the gaps between IT governance and practice, technology and business, regulation and control, risk management and market pressures, and the knowledge of you and your peers.

Thanks to Vincent Fong for his suggestion to set up a page dedicated to auditors in the insurance industry.


I hope that you will help me to spread around the news in your coming newsletter to invite auditors/ practitioners in the insurance industry (life and general) to contribute towards common sharing and learning objectives. The auditable areas in insurance include Underwriting, Claims and Reinsurance which are more technical in nature. I hope that experienced auditors/ practitioners can contribute their ideas and share with the rest.
 

Vincent Fong


Networking for Insurance Auditors 

Insurance Internal Audit Group The Insurance Internal Audit Group (IIAG) is a unique and dedicated forum for heads of internal audit and their teams in the insurance industry and wider financial services organizations.

Audit Programs and Guides (You must be a registered user/subscriber to access these audit programs. They cannot be accessed from this page. Login and then scroll down the Premium Level 2 programs or if you are not a subscriber then scroll down the Basic Level 1 programs)

  1. Cover Notes Audit Program
  2. Insurance Claims Audit Program
  3. Insurance Audit Program (Aug 2007)
  4. Insurance Claims Audit Program (July 04)
  5. Insurance-Marine (Feb 09)
  6. Insurance (Risk Management) Audit Program
  7. Insurance-Surety Claims (Feb 09)
  8. Insurance-Surety (Feb 09)
  9. Insurance-Transportation Underwriting (Feb 09)
  10. Insurance Underwriting Premium Accounting Property (Oct 07)
  11. Insurance Underwriting
  12. Investments-Insurance (Oct 07)
  13. Licensing & Contracting (Insurance) Oct 05
  14. Reinsurance Ceded (Individual) Audit Program (May 04)
  15. Reinsurance Assumed (Individual) Audit Program (May 04)
  16. UNUM Reinsurance Treaty File Audit Program (May 04)
  17. Reinsurance Assumed Audit Program (May 04)
  18. Underwriting Procedures

The Internal Audit Charter establishes the departments position within the organization, authorizes the records that the auditor has access to, and defines the scope of internal auditing activities.  It is important because it represents the contract between the internal auditing department and the organization. The following resource provides links to Internal Auditing Department Charters.

If you would like to have your charter listed here, please send an email to the AuditNet Coordinator

Local Government Audit Charters

Capital Metropolitan Transportation Authority Audit Charter

Henrico County Audit Charter

Other Audit Department Charters

Google Search of Internal Audit Charters

SBP Bank Internal Audit Charter

George Mason University Internal Audit Charter

Murdoch University Australia Internal Audit Charter

University of California Riverside Internal Audit Management Charter

North Carolina Department of Transportation Internal Audit Charter

To those of us in the audit profession it seems intuitively obvious what internal controls are and the reason for having them. Unfortunately in many organizations internal auditors spend a great deal of time and effort explaining to others (including management) what constitutes internal controls, who is responsible for establishing controls and who evaluates those controls to determine if they are adequate and working as designed. This page should answer those questions and provide guidance on what can be done to communicate to management, boards and senior executives the concept of internal control.

What are Internal Controls?

In plain English, internal controls are like good old common sense practices. In your personal life, you exercise good internal control principles when you:

  • make travel plans 
  • store and lockup valuable personal belongings 
  • keep copies of your tax returns 
  • match credit card receipts to monthly statements 
  • save for a rainy day or retirement 
  • balance your checkbook 

More formally, internal control is broadly defined as a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations 
  • Reliability of financial reporting 
  • Compliance with applicable laws and regulations 

Internal controls are tools that help managers be effective and efficient while avoiding serious problems such as overspending, operational failures, and violations of law. Internal controls are the structure, policies, and procedures put in place to provide reasonable assurance that management meets its objectives and fulfills its responsibilities. Management meets its responsibilities for internal controls when:

  • Programs and functions achieve their intended results (effective) 
  • Resource use is consistent with the agency mission (efficient) 
  • Laws and regulations are followed (compliance) 
  • Accurate and timely information is prepared (reliable reporting) 

Effective internal control begins with written goals and objectives including:

  • Operational objectives 
  • Financial reporting objectives 
  • Compliance objectives 

The principles of effective internal control should ensure that:

  • Internal controls benefit rather than encumber management. 
  • Internal controls make sense within each organization’s unique operating environment. 
  • Internal controls are not stand-alone practices. They are woven into day-to-day responsibilities of managers. 
  • Internal structures and controls are cost effective. 

After assessing risk, management should develop and implement internal controls to help provide reasonable assurance that policies are in place, which: 

  • Provide accountability 
  • Encourage sound management practices 
  • Encourage proper resource management 
  • Facilitate preparation for auditors 

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) model is recognized throughout the world as a significant standard for discussing internal control. In addition to identifying three categories of control objectives, the COSO report addresses five interrelated components of internal control, including: establishing an appropriate control environment, assessing risk, implementing control activities, communicating information, and monitoring. Everyone in the work place has a role in making sure that internal controls are working. It is up to mangers to set them up and check that they are working, but unless every employee is aware of his/her responsibilities in the process, the internal control system will not be completely functional.

What is Effective Internal Control?

Everyone in the work place has a role in making sure that internal controls are working. It is up to mangers to set them up and check that they are working but unless all employees are aware of their responsibilities in the process, the internal control system will not function completely. Internal controls help to ensure that we are doing the right job in the right way to achieve effective, efficient operations in the work place in compliance with laws and regulations. Here is a five-step process to follow when developing and implementing effective internal controls in an organization:

  • Step 1: Establish an Appropriate Control Environment 
  • Step 2: Assess Risk 
  • Step 3: Implement Control Activities 
  • Step 4: Communicate Information 
  • Step 5: Monitor 

Step 1: Establish an Appropriate Control Environment

The core of any organization is its people – their individual attributes, including integrity, ethical values and competence – and the environment in which they operate. They are the engine that drives the organization and the foundation on which everything rests. Effectively controlled organizations set a positive "tone at the top" and strive to:

  • Train staff to understand and use appropriate management controls in all areas. 
  • Provide structure and process for implementing these controls. 

Step 2: Assess Risk

Management must be aware of and deal with the risks the organization faces. It must set objectives, integrated with other activities so that the organization is operating in concert. Management must also establish mechanisms to identify, analyze and manage the related risks.

  • Identify Potential Problems 
  • Review goals and objectives. 
  • Determine potential problem areas - for example, areas that receive complaints or have had problems in the past.
  • Areas that have undergone recent changes in staff or structure. 
  • Complex activities
  •  Determine severity of risks by asking both, Where do we face the greatest possible harm? What types of losses are most likely to occur? 
  • A moderate loss that is likely to occur presents as much danger as a more serious loss that is less likely to occur. 
  • Use this evaluation to prioritize your efforts. 

Identify and Analyze Cycles 

  • A cycle is a group of interrelated processes used to initiate and perform an activity. Event cycles can be programmatic or financial. Programs usually contain several event cycles. For example, a human services program might include the following five cycles: outreach, eligibility determination, record keeping, service delivery, and monitoring. 
  • The eligibility determination cycle might include interview, application form, verification, approval or denial, supervisory review, and initiate services or mail denial explanation. 
  • Determine cycles of likely problem areas. 
  • Prepare a written narrative or flow chart explaining how the cycle is supposed to be handled by describing each activity or transaction within the cycle. 
  • Describe in the narrative: Who is performing each step? What is involved in the step? Any resulting documentation, for example, reports. 
  • Review the information available in policy and procedure manuals. Also, use written materials such as organizational charts, job descriptions, reviews, checklists, department records, and reports. 
  • Supplement written sources through conversations with and observations of appropriate staff. 
  • Finally, "walk through" the process to be sure every item is understood. 

Step 3: Implement Control Activities

Control policies and procedures must be established and executed to help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the organization’s objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.

  • Review each cycle to determine whether existing controls are sufficient to avoid potential problems. 
  • Identify any outside policies or procedures in place to offset potential risks. 
  • If controls do not exist or appear ineffective, establish new controls. 
  • Identify any controls that are excessive or unnecessary and modify or eliminate them. 
  • Remember that a good control environment is the first step toward establishing effective controls. 

Step 4: Communicate Information

Control activities are surrounded by information and communication systems. These systems enable the organization’s people to capture and exchange the information needed to conduct, manage and control its operations.

  • Obtain external and internal information, and provide management with necessary reports on the organization’s performance relative to established objectives. 
  • Provide information to the right people in sufficient detail and on time to enable them to carry out their responsibilities efficiently and effectively. 
  • Develop or revise information systems based on a strategic plan, linked to the organization’s overall strategy, and responsive to achieving the entity-wide and activity-level objectives. 
  • Demonstrate support for developing necessary information systems by committing adequate human and financial resources. 

Step 5: Monitor

The entire process must be monitored, and modifications made as necessary. This way, the system can react dynamically, changing as conditions warrant. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures.
  • Schedule monitoring on a regular basis. 
  • Test controls at least annually to determine whether they continue to be adequate and are still functioning as intended. 
  • Use program monitors, auditors and reviewers as a resource in monitoring controls. 
  • Select a sample. Review all documentation. Visit outside sites, if appropriate. Supplement sample with special tests of sensitive items and problem areas. 
  • Always follow up to insure that any identified problems are corrected. 

Steps to Effective Internal Control

The internal control process has five components:
  1. Internal Control Environment
  2. Risk Assessment
  3. Internal Control Activities
  4. Information and Communication
  5. Monitoring

Internal Control Environment

Internal controls are likely to function well if management believes that those controls are important and communicates that view to employees at all levels. If management views controls as unrelated to achieving its objectives, or even worse, as an obstacle, this attitude will also be communicated. Despite policies to the contrary, employees will then view internal controls as "red tape" to be "cut through" to get the job done. An effective internal control environment:

  • Sets the tone of an organization influencing the control consciousness of its people
  • Is an intangible factor that is the foundation for all other components of internal control, providing discipline and structure
  • Describes "organizational culture"
  •  Includes a commitment to hire, train, and retain qualified staff 
  • Encompasses both technical competence and ethical commitment

Risk Assessment

A risk is anything that endangers the achievement of an objective. Always ask: What can go wrong? What assets do we need to protect? 

  • Risk assessment is the process used to identify, analyze, and manage the potential risks that could hinder or prevent an agency from achieving its objectives. 
  • Risk increases during a time of change, for example, turnover in personnel, rapid growth, or establishment of new services. 
  • Other potential high risk factors include complex programs or activities, cash receipts, direct third party beneficiaries, and prior problems. 

Internal Control Activities 

Organizations establish policies and procedures so that identified risks do not prevent the organization from reaching its objectives.

  • Clearly identified activities minimize risk and enhance effectiveness. 
  • Internal control activities are nothing more than the policies, procedures, and organizational structure of an entity. 
  • Controls can be either preventive, for example, requiring supervisory approval, or detective, for example, reconciling reports. 
  • Avoid excessive controls, which are as harmful as excessive risk and result in increased Bureaucracy and reduced productivity. 

Information and Communication

To be useful, information must be reliable and it must be communicated to those who need it. For example, supervisors must communicate duties and responsibilities to the employees that report to them and employees must be able to alert management to potential problems. 

  • Information must be communicated both within the organization and to those outside, for example, vendors, recipients, and other constituents 
  • Communication must be ongoing both within and between various levels and activities of the organization. 

Monitoring 

After implementing internal controls, organizations must monitor their effectiveness periodically to ensure that controls continue to be adequate and continue to function properly. Management must also revisit previously identified problems to ensure that they are corrected.

Web Resources

Internal Control Institute

This page provides links to Internal Audit resources and Internal Audit Departments on the Internet.

Protiviti KnowledgeLeader Internal Audit Community is a web-based internal auditing tool that will help you identify risks, develop best practices and add value to your organization. We give you internal audit tools, checklists, and templates as well as news and updates on the latest business risks and controls.


ANZUIAG is the Web site for the Australian & New Zealand Internal Audit Group at the University of South Australia. This page provides links to other Australian and New Zealand Universities.


Auburn University Internal Audit Department Home of of the Internal Audit Department. Provides information about the Department, Frequently Asked Questions, a Guide to Internal Controls, Ask-an-Auditor, the Fraud Hotline and more.


Auditmall Web site for VF Internal Audit: The internal audit department of VF Corporation, a Fortune 500 apparel company. Topics include our internal audit philosophy, internal controls, control self-assessment, employment opportunities, links to related sites and much more.


California Institute of Technology Internal Audit Department Web site provides information about the office, internal control descriptions, the audit process and more.


Certified Internal Auditor Page San Francisco State University page for the CIA certification and examination. Provides details about the certification and examiniation including California exam locations and dates.


Columbia University Internal Audit The Columbia University Web site has a section devoted to their Internal Audit Department.


Curtin University Internal Audit Department Web site includes their charter, mission, resources and links to other Internet locations.



David O'Regan is a writer on auditing and accounting subjects and his Web site includes links to articles.


Duke University Internal Audit Web site provides information about the office, a self assessment survey and more.

Emory University Office of Internal Audit Web site provides background information, staffing, mission and more.

Gallaudet University Management and Advisory Services Web site provides information about the office, audit programs and review kits, links to other resources and more.

Georgia Institute of Technology Internal Audit Department Web site of the University provides information about the office, policies and procedures, audit plan, model audit reports and more.


Harvard University Internal Audit site provides information about the Office, audit tools and techniques, policies and procedures, and publications on passwords and software copyright. The questionnaire for conducting a departmental review is a useful document that can be customized by other audit organizations.


Indiana University Internal Audit Web site provides information about the staff, organizational structure, information and publications and more.


Internal Audit in Edmonton is a Joint project of the IIA and ISACA with links to both Chapters from this one site.

Internal Audit Stakeholders is a database of Internal Audit professionals that have voluntarily listed their names, areas of interest, and e-mail addresses on the Internal Auditing World Wide Web site. This is a great resource for auditors looking for peer professional contacts. Look in the People Section.


Internal Auditing World Wide Web (IAWWW) Developed as a prototype demonstration project, the site functions as a warehouse of information and knowledge pertaining to the Internal Auditing profession and functions across associations, industries and countries. This is a premier source of information on the Internal Auditing profession. For more information send message to John Peterson.


Jefferson Laboratory Internal Audit Department Web site provides the Charter, Strategy, methodology, reports and workplans and more.

Majengo Software vendor of audit productivity solutions that will speed up audit work, cut costs and provide a new quality standard for audits. Demos available for download from their web site includes AUDITJOB which lets you recycle work papers from previous years and jobs and publish standard template forms, audit programs and check lists. INSIDE OUT - a trial balance processor, and HORSE'S MOUTH which automates work papers.


Murdoch University Audit and Review Section Web site their charter, how audit and review operates and more. 

Ohio State Internal Audit Web site provides their mission statement, services and types of audits, information about the staff and an organization chart.


Princeton Office of Internal Audit Site provides information about the office, their Charter, Objectives, audit guidelines, and links to other useful resources.

Purdue University Internal Audit Web site provides information about the office, a guide to Internal Controls, links to other resources and more.


RMIT Internal Audit Group is the Web site for the auditors of the Royal Melbourne Institute of Technology. The page includes information about the department, charter, FAQs, links to other audit sites and more.


Stanford University Internal Audit Department Web site provides information about the department, their audit program, an Audit Survival Guide for management, Internal Control factors, a Novell Network Security Self Assessment and more.

Syracuse University Internal Audit Department contains useful information for all audit departments. The site includes information on the department, policies, procedures and more. There is proactive information provided for the department's customers such as password suggestions, computer security improvement suggestions, self-assessment documents, brochures, videos and more. There is guidance for university departments on self audit for computers as well as administrative areas including cash handling, inventory tracking, revenue, budget, personnel and computing issues.


Texas A&M University System Internal Audit Department Web site provides information about the Office, Internal Controls, an overview of the audit process and more.

Thomas Jefferson University Internal Audit Department   Web site provides background about the organization, audit plan, internal control guidance and more.

UCAR Internal Auditing Web site for the University Corporation for Atmospheric Research provides information about the office, FAQs, a guide to internal controls, Ask-An Auditor, and more.


United Nations Office of Internal Oversight Services Web site for the internal audit function of this World Wide organization provides information about the office, mandate, mission statement, activities and reports.


University of Arizona Internal Audit Web site provides information about the office, links to policies and procedures, and related sites.


University of Buffalo Internal Audit Program Web site for an endorsed Internal Audit Program at the University. Site provides information about internal auditing, career opportunities, program course requirements, certification, student organizations, and more.


University of California, Berkeley Internal Audit Department   Web site provides info about the office, planning, process, controls and more.

University of Chicago Office of Internal Audit Site provides information about software piracy, internal control, the policy on information technology resources and a link to ACUA.


University of Iowa Internal Audit Department site provides audit plans, mission statement, department news and links to other University Internal Audit web pages.

University of Manitoba Internal Audit Web site provides information about the Office, FAQs, resources, review checklists and more.


University of Maryland, Internal Audit Office Site provides the IAO Charter, Procedural Guidelines, an Electronic Brochure, a link to an anonymous remailer, and more.

University of Missouri Internal Audit Web site provides information about the office and frequently asked questions.

University of New Hampshire Internal Audit Department Web site provides information about the department, policies and procedures, FAQ, flowcharts, previously issued reports, and an excellent list of common audit findings.

University of Notre Dame Audit and Advisory Services Web site describes the office, services, policies and procedures and more.


UNCW Internal Audit Web site of the University of North Carolina at Wilmingtion includes information about the department, their audit manual, an excellent set of forms for control self-assessment and more.


University of Rochester Office of University Audit Home page provides information about the office, a description of internal controls, links to other sites and more. There is a Top 10 List of Typical Audit Findings that auditors may find interesting.

UWS Nepean Internal Audit is the Web site for the University of Western Sydney Internal Audit Office. Includes their fraud control strategy, audit plan, the role of Internal Audit and links to related Internet sites.


UT System Audit Office is the Web site for the University of Texas System Audit Office. The site provides information about the office, the services they offer, various resources including audit programs and a participant's manual for a control self-assessment workshop.


Virginia Polytechnic Institute Internal Audit Department provides information about the office, policies and procedures, and an internal control guide for managers.

The following International sites contain content that focuses on resources and information other than the United States.

Accountancy Edition-Sift Web Search site for accounting professionals. The accountancy edition of Sift draws together a wide collection of relevant Internet resources for an accountant doing business in the UK. Includes access to accountancy news and company directories (ICC, Infocheck, Dun & Bradstreet and others), as well as a wide collection of financial, news and market research databases from DataStar. Maintains a set of links to other relevant web sites. Subscription service available.

Accountancy Edition-Sift Web Search site for accounting professionals. The accountancy edition of Sift draws together a wide collection of relevant Internet resources for an accountant doing business in the UK. Includes access to accountancy news and company directories (ICC, Infocheck, Dun & Bradstreet and others), as well as a wide collection of financial, news and market research databases from DataStar. Maintains a set of links to other relevant web sites. Subscription service available.

Deloitte Touche Tohmatsu TAXNET Deloitte Touche Tohmatsu Australian division is now on the World Wide Web. Site includes information about Deloitte, Tax Publications, career information, and more.

Ernst & Young E&Y Canada provides information about the firm's services and career opportunities. Includes news releases, tax briefs, links to the Department of Justice of Canada (french or english) and links to other business resources.-- E&Y England includes the complete publication of Cadbury Corporate Governance: Reporting on Internal Financial Control.

KPMG Australia includes tax information for Australia and links to other resources.

AccountingWEB    AccountingWEB is a virtual hub for UK accountancy professionals offering a range of community based areas and services including an online mall, breaking accountancy and world news, an accountants directory, a popular biweekly newswire, online references, jobs area, discussion area, Q&A, and a chat area.

AccountingWeb Newswire   is a free twice weekly digest of all the recent news and developments on the website sent to subscribers to AccountingWEB. It keeps you up to date with all the important events of relevance to the world of accountancy. To add or remove yourself from this mailing list point go the URL provided above. To subscribe to by e-mail, send a message to MAJORDOMO@SIFT.CO.UK and in the BODY of the message type: SUBSCRIBE ACCOUNTINGWEB-NEWSWIRE youre-mailaddress (Knowledge Assembly Resource)

ANZUIAG is the Web site for the Australian & New Zealand Internal Audit Group at the University of South Australia. This page provides links to other Australian and New Zealand Universities.

ANZ Internal Audit Group Mailing List  allows for the free exchange of ideas for internal auditors of Australian and New Zealand universities and other interested participants. The site provides information for subscribing to the ANZUIAG-L list. This list was previously called INTAUDIT-L).

Appraising Your Auditors is a report from the Institute of Chartered Accountants of Scotland. The report provides a framework for the review and appointment of auditors by listed companies.

Association of Chartered Certified Accountants Web site provides information about the organization, news, events, links to resources and more.

Association of International Accountants Web site of the international accountancy body based in the United Kingdom provides information about the organization, links to other standard setting bodies and more.

Auditor General of Canada - The Annual Reports of the the Auditor General of Canada are available on the Internet. The reports contain detailed information about the office and are organized based on the results of studies and audits completed. There is a searchable index built into the reports. There is also information about the office and publications and other materials.

Australian Computer Emergency Response Team AUSCERT is funded by the Australian Academic Research Network (AARNet) for its members. Located at The University of Queensland within the Prentice Centre, AUSCERT is a full member of the Forum of Incident Response and Security Teams (FIRST). AUSCERT maintains an anonymous FTP service at ftp://ftp.auscert.org.au/ This archive contains past SERT and AUSCERT Advisories, and other computer security information.

Australian National Audit Office Web site of Auditing for Australia provides audit reports, audit strategy, better practices guides and publications and more.

Benchmarking and Best Practices Web site for the Treasury Board of Canada provides benchmarking and best practice information useful for auditors.

Bermuda Auditor General Web site provides information about the office, mandate, publication, links and more.

Better Practice Guides from the Australian National Audit Office are reports on specific areas of interest to auditors along with best practice information. Includes guides for selecting suppliers, travel, effective control, performance information and more.

British Columbia, Office of the Auditor General site provides information about the office and the reports produced. Also includes links to other related sites.

CA-Xchange Web site that is described as a meeting place for Canadian Chartered Accountants and friends. There is information about the organization, links to other relevant sites and member only links.

Can-AccTech The Canada-Accounting Technology centre features a discussion list where Canadian accountants, financial professionals, accounting technology developers and resellers can swap ideas, problems and experiences in an open exchange of views.

Can-AccTech - discussion list where Canadian accountants and financial professionals can swap ideas, problems and experiences in an open, unmoderated exchange of views and comments. Can-AccTech discussion forum may lead to the development of further information sources and assistance in technology matters specifically geared to the needs of accountants and financial professionals. To join Can-AccTech, send an e-mail message to: listmanager@hookup.net and, in the e-mail message body state: subscribe can-acctech Jane Smith (substitute your name for Jane Smith). You'll receive, via return e-mail, an acknowledgement of your free subscription, along with information on how you can participate in Can-AccTech. If you have any questions about Can-AccTech, please e-mail the list owner, Richard Morochove, at . Richard Morochove

Central Organization for Control and Auditing Web site of the Supreme Audit Institution for the Republic of Yemen provides information about the organization and how they structure their work.

Certified General Accountants Association of British Columbia Site provides information about the Association, tax tips, links to accounting associations and more.

Certified General Accountants' Association of Canada provides information about the CGA structure, programs, publications and more.

CGA Magazine Web site of the monthly bilingual journal of the Certified General Accountants' Association of Canada. Professional journal with informative and timely articles on various accounting related subjects.

Chartered Accountants of Canada Canadian Institute of Chartered Accountants (CICA) Web site provides information about the organization, exposure drafts, conference information, an online version of CAmagazine, studies and standards, links to related sites and more.

Chartered Institute of Management Accountants - Provides information about the CIMA and describes management accounting. This is an information server for this association of United Kingdom financial professionals.

CharterNET - Web server for the Institute of Chartered Accountants in Ireland (ICAI). This site provides information about the ICAI services and online library of materials. There is also a description of the Business Network reaching out to Chartered Accountants working in industry, commerce and the services sector.

Chief Review Services Web site of the Canadian Department of National Defense independent review organization includes information about program evaluation, internal audit and review and their methodology, reports and more. Available in English and French.

Commission on Audit Web site for the Supreme State Audit Institution for the Philippines provides information about the organization, rules, regulations and more.

Commonwealth of Australia Department of Finance Provides information about the Australian Department of Finance including mission statement, organization structure and links to other organizations. There is also a link to the Commonwealth Budget which could assist auditors in reviewing budgets for their own organizations.

Compliance Audit Manual from the Forest Practices Board provides guidance on reports, audits, and more. (Industry Code 9200)

Confederation of Asian and Pacific Accountants Web site for a professional organization provides information on projects, articles, publications, links to other CAPA bodies, an Accountant's Forum and more.

Control, Risk and Governance from the Canadian Institute of Chartered Accountants provides an overview of the Criteria on Control, the exposure draft CoCo report, newsletters, publications and articles from the CA Magazine. Look under Studies and Standards in What's New July-September 1998. Great resource for auditors implementing CSA.

Corporate Review, Evaluation and Audit Web site of the Canadian Department of Fisheries and Oceans audit organization which access to their service standards and reports and links to other sites.

Corporate Credit Card Best Practice Guide from the Australian Government provides a policy, controls over card issues, operational controls and more.

CPA Australia Online site includes information about the Society, membership, regulations, professional development, services available through the Microsoft Network, and available information resources.

Curtin University Internal Audit Department Web site includes their charter, missision, resources and links to other Internet locations.

Deterring and Detecting Money Laundering is a guideline from the Office of the Superintendent of Financial Institutions (OSFI), the primary regulator of Canadian federal financial institutions and pension plans.

Edith Cowan University - Management Review and Audit ECU-MRA site includes information about the function and their audit plan. Also includes articles written by staff, and links to other Internet audit resources, e-mail discussion lists, and search tools.

European Accounting Association site contains information about the EAA, its publications, conferences and links to other resources.

European Court of Auditors Organization that monitors the European Unions finances and point out areas where management improvements are needed. Page provides all the details on organization and duties or this body.

European Federation of Accountants and Auditors Web site provides information about the organization, an index to issues and more.

European Spreadsheet Risks Interest Group Web site for an interest group for accountants and auditors interested in the growing problem of spreadsheet errors.

Fraud Control Strategies from the New South Wales Australia government is a self-audit guide for assessing best practice in fraud control strategies.

Group of 100 Web site for an association of senior accounting and finance executives representing major public companies and government owned enterprises in Australia includes commentary on relevant policies and issues.

Hong Kong Audit Department is one of the oldest departments in the Hong Kong Government. The site includes information about the office, types of audits performed, links to audit reports and more.

Horwath Software Services provide a variety of Audit Automation, Risk Management and Computer Security products together with strategic advice, systems development, implementation assistance, training, and support. They are specialists in providing software development, consulting, training and support software for Internal Audit, Risk Management Quality Control, Computer Security, Fraud Investigation and other similar departments.

ICAA The Institute of Chartered Accountants in Australia maintains a site on the Web and a site on CompuServe. There is general information about the Institute, membership, student news, and more.

ICAEW Summa Project Institute of Chartered Accountants of England and Wales Accounting Information Service, The ICAEW Summa Project is the site of the World Wide Web information server for accounting academics, students and professionals. The project is funded by a grant from research committee of the ICAEW. The WWW site is at the University of Exeter, Devon, UK. Provides access to a number of accounting, auditing, and finance related resources such as FINWeb, EDGAR, the Security and Exchange Commission's online database, the Financial Executive Journal, Global Network Navigator (source of information about Internet resources), and more.

Independent Commission Against Corruption exposes and minimises corruption involving the New South Wales public sector through investigation, corruption prevention and education. Site features include background information on the Commission, publications, reports and more.

ISACA London Chapter Web site provides information about the Chapter, certification, chapter meetings and links to audit resources.

ISACA Toronto Chapter The Toronto Chpater of ISACA includes a page of links to Audit Resources on the Internet including UseNet news groups.

IIA United Kingdom Site provides information about the organization from an international perspective. Includes links to publications, training, recruiting and more.

Internal Audit eBulletin , established by The ACCA, is available free of charge to any internal auditor and published three times a year. Provides up-to-date news, information and comment from and to internal auditors across the world. (Knowledge Assembly Resource)

International Federation of Accountants   Home page of the worldwide organization for the accountancy profession. Site provides information about the organization, standards, discussion papers and more.

International Group of Accounting Firms Worldwide organization of CPA's, CA's or their professional equivalents.

Ireland Comptroller and Auditor General Web site includes organization details, press releases, publications, and areas of interest/current projects.

IT-Audit German discussion and information about it-auditing and it-security (also SAP systems). Site contains discussion, links to related sites and more. (German language only).

Key Server License Management Web site provides software license management solutions for organizations. Site includes articles about software licensing, product information and a free software audit tool that determines the status of Software License Compliance

Korean Board of Audit and Inspection Web site for the agency that monitors the performance of Korean government operations. Information available includes a history of the organization, annual report, and links to other Korean sites.

Locating Canada's Incorporation Records Web site with contact information for national, provincial and territorial public records.

National Audit Office Home page for the independent public sector audit organization in the United Kingdom. This office reports on the economy, efficiency and effectiveness of departments and related parts of the government. The NAO publishes up to 50 value for money audits annually. A listing of the reports available is on the site as well as press notices that provide an abstract for each report. The Annual Report summarizes their work and results achieved.

Netherlands Court of Audit is the official audit organization for the Government. The site includes performance and regularity audit manuals, summaries of audit reports, the legal basis for the Office and more.

New South Wales Audit Office Site includes information about the office, roles and responsibilities, reports and publications and more.

New Zealand Controller and Auditor-General Office of the Controller and Auditor-General of New Zealand provides general information, recent reports, speeches and International affiliations.

Nijenrode Business Resources comprehensive list of business resources maintained by Nijenrode University in the Netherlands. Provides links to business resources on the Internet.

Nordic Accounting Network site is part of the International Accounting Network. Includes regional archives of information as well links to the other Network members.

Northern Ireland Audit Office provides information about the office and the types of audits performed.

Northern Territory Auditor-General's Office Web site provides information about the Office, and their reports.

Northampton County Controller Web site provides information about the organization and links to abstracts of the audit reports.

Nova Scotia Office of the Auditor General Provides information about the office and the services offered. Includes annual reports by the Auditor General.

Office of the Auditor General, Alberta, Canada Web site provides a report on Government Accountability and links to annual reports.

Office of the Auditor General, Newfoundland and Labrador Web site provides information about the office, entities subject to audit, reports and more.

Office of the Auditor General, New Brunswick Web site provides information about the office and their publications.

Office of the Provincial Auditor, Ontario, Canada Web site provides information about the office and links to audit reports by ministry and by program.

Office of the Provincial Auditor, Saskatchewan Web site provides information about the office, reports issued and more.

PC Profile provides PC and desktop coverage for issues related to PC usage and software management. The site has links to free tools, PC audit tools, articles and much more. (Product discounts available for AuditNet users).

Pentana Software developer Web site that provides audit automation products, including resource planning, automated checklists and more. The site provides free demonstration software to evaluate the product.

Performance Management Web site for the Organization for Economic Co-operation and Development (European Countries). The site identifies and explains key performance management issues, performance management publications, work methods, links to other sites and more.

PracticeWeb The PracticeWeb(TM) system provides UK accounting firms with a unique web site presence supported by a wide range of site content. The system is designed to enable firms to create or modify their own site, while sharing a vast library of reliable, regularly updated client resources.

Practical Guide to Corruption Prevention prepared by the Independent Commission Against Corruption is an excellent resource for developing a fraud and corruption program within organizations. Modules include risk assessment, ethics, cash handling, purchasing and more.

Principles of Corporate Governance is a document from the Organization for Economic Cooperation and Development.

Public Audit Forum Web site provides information about the forum, their publications and a schedule of work.

Queensland Audit Office Home Page includes information about the office and links to other sites.

RespondaNet is the Web site for the Americas' Accountability Anti-Corruption project. The site contains information in English and Spanish including Accountability, the quarterly newsletter, links to related sites, publications, event listings and more.

RMIT Internal Audit Group is the Web site for the auditors of the Royal Melbourne Institute of Technology. The page includes information about the department, charter, FAQs, links to other audit sites and more.

Saipan, Office of the Public Auditor Web site for the official auditor of the Commonwealth of the Northern Mariana Islands provides information about the office, reports issued, government ethics, links to other resources and more.

Sick Leave Management Audit Guide from the Treasury Board of Canada provides guidance for reviews in this area. Sections include a model for sick leave management, planning and performing the audit, and more.

Society of Management Accountants Home page for the organization that represents Canadian Certified Management Accountants. Site has information about the designation, a library including articles from current and past issues of CMA Magazine, member news and more.

South Australia Auditor General government Web site provides information about their office and the reports issued.

Southern African Institute of Government Auditors Web site provides information about the organization, publications, standards, guidelines, training information, a discussion forum and more.

Swedish School of Economics and Business Administration Swedish School of Economics and Business Administration in Helsinki, Finland Department of Accounting Web site which has tutorials and working papers. The Property of Audit Trail, by Anders Tallberg, analyzes the concept from the perspective of computer security and accounting systems. Includes links to accounting related sites.

Tasmanian Audit Office site includes information about the office, audit reports and links to other Australian audit sites.

United Nations Office of Internal Oversight Services Web site for the internal audit function of this World Wide organization provides information about the office, mandate, mission statement, activities and reports.

United Nations Panel of External Auditors is the official Web site for oversight of the organization, specialized agencies and the International Atomic Energy Agency. Links include objectives, common auditing standards, guidance and more.

UWS Nepean Internal Audit is the Web site for the University of Western Sydney Internal Audit Office. Includes their fraud control strategy, audit plan, the role of Internal Audit and links to related Internet sites.

Value for Money Audit Manual from the Office of the Auditor General of Canada provides standards, expected and common practices.

One of the core competencies of digital literacy is having information delivered directly to your desktops. These "knowledge resource feeds" or KRFs provide you with information that you consider relevant to help you meet your work goals and objectives. AuditNet researched the Internet for some of the "usual suspects" for KRFs relevant to auditors. 

Audit Reddit  Anything related to Auditing and Accounting - Standards - Regs - Methodology - IT Audit - Big 4 ... General Information Technology Controls Auditing (self.audit).

Accounting Reddit 

AICPA RSS Newsfeeds  Subscribe to AICPA's RSS (Really Simple Syndication) feeds to get news delivered to your desktop!
The content within each of these RSS feeds contains story headlines and brief descriptions. Each headline links directly to full story on AICPA.org. These feeds are available for use by anyone or Website provided that no content is published full-text or altered in any way.

Audit Committee e-Alerts from the AICPA

Corporate Responsibility Officer mailing list - CRO publishes a bi-monthly e-newsletter with current articles, events, and resources.

GAO Updates - GAO e-mail updates allow you to receive customized information about GAO publications.

Information Security Newsletter from IT Governance

Inside Big Data - Your source for machine learning,  ...distills news, strategies, products and services in the world of Big Data Analytics for data scientist, IT and business professionals. The website is maintained, written and edited by big data professionals with the help of readers and occasional guest contributors.

AuditNet® Internet Policy Resources for Internal Auditors (IPRIA) provides links to various Internet Use Policies (IUPs) that internal auditors need to make sure are being established within their organizations. This is a frequent question posed by auditors when beginning a review of Internet use within their organizations. It is time we provided a link to organizations that have established policies so that we can learn from them what we need to do to bring other organizations up to speed.


Due to the dynamic nature of the World Wide Web and the fact that sites revamp and update their directories we have elected to just post a link to a Google search page for each category. If you have specific policies you would like to share send them to us and we will add them to our inventory

 INTERNET EMAIL POLICIES

Google Search on E-mail use policies with links


INTERNET SECURITY POLICIES

Google Search on Internet Security Policies with links


INTERNET USE POLICIES

Google Search on Internet use policies with links

Advanced Technology Program (ATP) Audit Guidelines are provided by the Office of Inspector General, U.S. Department of Commerce. The ATP is a cost-sharing program between government and industry to pursue high-risk, enabling technologies with significant commercial and economic potential.


Audit Guide 2015 from the California Department of Education sets forth the requirements and background information for the auditor of child development, child and adult care food programs, national school lunch program, school breakfast program, summer food program, donated food commodity program, and adult basic education program administered by private and public agencies. This guide also summarizes and references all audit manuals, hand books and audit guides of the CDD, NSD, AEU and County Welfare Departments.

Audit Guide For Audit Committees of Small Non-Profit Organizations from the Virginia Society of CPAs provides assistance for the audit committees of small NPOs to perform a limited review of their organizations' financial statements.

Audit Guidance Web site from the Defense Contract Audit Agency provides various manuals and guides for government contract auditors.

Audit Manual from the City of Tampa Internal Audit Department. 

Audit Manual from the UT Systems Audit Office includes details on organizational structure, office policies and procedures and sample documents.


Audit Process Handbook The DHHS OIG Audit Process Handbook in pdf format was developed to give auditors tools to conduct audits and prepare reports. It lays out a systematic approach designed to keep the audit focused, involve all team members throughout the process and facilitate report preparation.


Audit Programs from the UT Systems Audit Office includes programs and questionnaires for Internal Controls, information technology, payroll and more.


The Audit Report Writing Guide from the Public Service Commission of Canada provides guidelines for the design, style and content of the reports they publish. This document is an excellent resource for audit organizations developing their own guide.

Audit Techniques Guide I.R.S. market segment specialization program provides audit guides uses by examiners for 11 different industries. Good reference material for auditors reviewing, air charters, architects, tobacco industry and more.


Auditing the Human Resources Function Audit program provided by a Human Resource Consulting Firm outlines the basic approach as well as information that should be included to cover a regulatory compliance review.


Best Practices Procurement Manual Federal Transit Administration provides recipients of Federal Transit Administration (FTA) funds suggested procedures, methods, and examples for conducting third party procurements to assist them in meeting FTA standards.

Better Practice Guides from the Australian National Audit Office are reports on specific areas of interest to auditors along with best practice information. Includes guides for selecting suppliers, travel, effective control, performance information and more. (look in the Publications section)


Building and Auditing a Trusted Network Environment with Netware 4.x Online Guide from Novell includes a security overview, security basics, and audit guidelines for Novell networks using Netware 4.x.

Business Tools Web site from CCH that provides a comprehensive list of ready-to-use templates, checklists and model business documents. You never know when one of these documents may come in handy!


Check Fraud: A Guide to Avoiding Losses Office of the Comptroller of the Currency provides guidance on a major organizational issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check cashing guidelines) and more.


Corporate Credit Card Best Practice Guide from the Australian Government provides a policy, controls over card issues, operational controls and more.


Cost Estimating Handbook is an excellent resource tool for auditors and accountants. The Handbook provides statistical techniques and development guidelines for cost estimation, acceptance criteria for cost estimation, guidelines for auditing and analyzing a cost estimation relationship, elements of good estimating practice and more.

Cost Principles - Procedures for Developing Cost Allocation Plans is an implementation guide for OMB Circular A-87.


Data Collection and Analysis Site Web site from Deakin University in Australia provides a comprehensive guide on the scientific process of collecting and analyzing data. Particularly useful chapters for auditors on surveys, sampling and techniques.


EDI Implementation Guide from the Australian Government provides control audit and security issues, implementation plans, standards and more.

Effective Control Guide    from the Australian National Audit Office covers the control issues and provides a control framework for a government organization. 


Environmental Auditing Program provides information from the Minnesota Pollution Control Agency including audit checklists for above ground tanks, underground tanks, spills and more.

Environmental Finance Financial Tools Guidebook EPA reference guidebook of more than 250 tools for financing environmental programs. Great reference tool for auditors reviewing environmental programs and their respective financing.


FDIC Bank Examination Manual The table of contents of this Federal Deposit Insurance Corporation Compliance manual links the auditor with files in Adobe Acrobat format. This could be a useful resource for bank auditors.

FDIC Information Systems Handbook This is the Interagency guide for regulatory examiners for examining information systems operations in financial institutions and service bureaus. The Handbook includes an overview of IS concepts, practices, IS controls, and sample audit programs. This is a valuable resource for IS auditors. The files are in Adobe Acrobat format.


Financial Management Reference Guide provides an example of an accounting financial management guide for libraries.

Framework for Internal Control Systems in Banking Organisations   from the Bank for International Settlements is available for download from their Web site.

Full Cost Initiative Implementation Guide developed by NASA provides a comprehensive accounting and management approach to costing services.


GAO Federal Information Systems Control Audit Manual from GAO provides guidelines for auditing information systems.

GAO General Policies/Procedures and Communications Manual provides guidance on their methodologies including sampling, workpapers, reporting and more.


Guide to Cost Based Decision Making from the Texas State Auditor's Office, is designed to assist management in developing more comprehensive cost accounting information to enhance the ability of decisionmakers to identify, analyze, and control the causes of costs, as well as establish links between cost information and program efficiency and effectiveness.


Handbook on Fraud Indicators for Contract Auditors is the DoD Inspector General guide on contract fraud.

H.U.D. Audit Guides provides a link to their consolidated audit guide.


Internal Audit Manual is the DoD IG Internal Audit Manual.


Internal Control State University of New York at Brockport provides information about their program. The site includes a definition, human resource internal controls, general and specific standards and more.


Internal Controls Commonwealth of Massachusetts provides information describing what they are as well as an Internal Control Guide for Departments.


Internal Control and Financial Management Manual Connecticut's Accountability Directive issued jointly by the Office of the State Comptroller, Office of Policy and Administration and the Auditor of Public Accounts.


Internal Control Guide draft from the ICAEW provides internal control guidance for directors of listed companies incorporated in the United Kingdom.


Internal Control Guide Massachusett's Comptroller General guide for state departments. Straight-forward format that could be adopted by other auditors in recommendations.

Internal Review Guide from the U.S. Army provides details of the process used in conducting audits of their operations. Excellent example of a comprehensive audit program targeted toward meeting customer needs.


Internet Security Policy Guide NIST Special Publication series is designed to assist organizations create an Internet-specific information security policy.

Kelley Blue Book provides vehicle values for new and used cars and motorcycles. Good industry standard resource for auditors looking at inventory valuation guidelines for fleet vehicles.


Legal Services Corporation Audit Guide provides guidance to auditors and recipients of LSC grants.

Local Church Audit Guide prepared by the United Methodist Church provides guidance for church audits.

Michigan School Auditing Manual provides guidance on financial audits to school districts and their CPA's.

Performance Management Guide Excellent publication from the UC San Diego on managing employee performance. Auditors reviewing the human resource department for their organization can use this guide as a model for setting up an employee performance management system.


Performance Management System Audit Guide Australian Queensland Audit Office provides an audit approach, methodology, audit considerations, criteria and more.


Performance Measurement Guide Texas State Auditor's Office provides information about setting up a performance measurement system and detail on how agencies can establish adequate internal controls in measurement systems in order to assist them in reporting accurate information.


Practical Guide to Corruption Prevention Prepared by the Independent Commission Against Corruption is an excellent resource for developing a fraud and corruption program within organizations. Modules include risk assessment, ethics, cash handling, purchasing and more.


Pupil Accounting Manual from the Michigan Department of Education provides guidance on pupil membership requirements and count procedures.

Pupil Auditing Manual from the Michigan Department of Education provides guidance to ISD auditors on pupil auditing standards.

QS-9000 Auditor's Checklist

Risk Management Audit Guide Treasury Board of Canada provides review guidance for auditors including risk identification, compensation, volunteers and more.


Sampling and Surveying Handbook Air University provides guidelines for planning, organizing and conducting surveys. The site includes guidance on selecting a sample size with a corresponding free program available for download.

Security Policies provided by the SANS Institute include templates for computer usage guidelines, acceptable use statements, special access policy, incident handling and more.

Sick Leave Management Audit Guide Treasury Board of Canada provides guidance for reviews in this area. Sections include a model for sick leave management, planning and performing the audit, and more.


Social Security Death Index Freely accessible database of the Social Security Administration records of deceased individuals. Handy tool for audits of organization retirees.


Software Management Policy Manual State of Connecticut provides their policy statements, agency resposibilities, and software use policies. This excellent resource is a model for combating organizational software piracy.

Subrecipient Audit Guide The purpose of this manual is to implement the City of Philadelphia's audit requirements for organizations and their independent auditors in preparing for and performing audits of organizations that receive financial assistance awards from the City.

System Implementation Review Checklist from the University of Manitoba provides a comprehensive approach for a review of this area.

Training Function Audit Guide from the Treasury Board of Canada provides information for reviews in the staff training area.

U.S. Army Internal Review Audit Guides

U.S.D.A. Audit Guide for Audits of Child and Adult Care Food Program Institutions.

Users Guide for the Uniform Bank Performance Report Guide from the Federal Financial Institutions Examination Council for an analytical tool created for bank supervisory, examination and management purposes.

Value for Money Audit Manual from the Office of the Auditor General of Canada provides standards, expected and common practices.

VassarStats Statistical Computation Web site provides a comprehensive collection of statistical calculators for many procedures along with examples of key concepts. There is also a table covering the platforms/browsers necessary to run some simulations.


Windows NT Security Guidelines from Trusted Systems Services provide guidelines for securely configuring the Windows NT operating system. The 110 page guidelines were the result of a 1-year project for the National Security Agency (NSA) Research Organization.


Worker's Compensation Fraud Manual The California Department of Insurance produced Fighting Worker's Compensation Fraud: A Training Series for the Industry. The manual is well organized and provides an overview of the problem, definition of terms, depositions, guidelines for subpoenaing records, premium fraud, legal obligations and more.  

Internal Revenue Service Audit Technique Guides

Audit Techniques Guides (ATGs)

These Audit Techniques Guides (ATGs) help IRS examiners during audits by providing insight into issues and accounting methods unique to specific industries. While ATGs are designed to provide guidance for IRS employees, they’re also useful to small business owners and tax professionals who prepare returns.

ATGs explain industry-specific examination techniques and include common, as well as, unique industry issues, business practices and terminology. Guidance is also provided on the examination of income, interview techniques and evaluation of evidence. So they may be helpful for business and tax planning purposes. To find out more about how these guides may be helpful to you, watch this short video.

Audit Techniques Guides are available here in Adobe PDF, or as Web pages, or both. The PDF versions must be viewed with the Acrobat Reader.

NOTE: These guides are current through the publication date. Since changes may have occurred after the publication date that would affect the accuracy of these documents, no guarantees are made concerning the technical accuracy after the publication date.


A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


Aerospace Industry
Publication Date: 01/2005
The Service has prepared a comprehensive audit techniques guide to assist examiners in evaluating research credit in the aerospace industry. The guide focuses on the particular unique aspects of the industry and provides examiners tools and tests to utilize in evaluating and auditing research credit.


Air Transportation  (PDF - 1.85MB)
Publication Date: 04/2008
Overview of excise tax paid for transportation of persons or property by air.


Architects and Landscape Architects  (PDF - 378.27KB)
Publication Date:
 08/2011
This audit technique guide (ATG) has been developed to provide guidance to taxpayers as well as to revenue agents and tax compliance officers conducting examinations in the architect and landscape architect service industries.


Art Galleries - Audit Technique Guide  (PDF - 461KB)
Publication Date: 01/2012
This Audit Technique Guide (ATG) has been developed to provide guidance to taxpayers as well as to revenue agents and tax compliance officers conducting examinations of Art Galleries.


Attorneys Audit Technique Guide  (PDF - 525.34KB)
Publication Date: 03/2011
The Attorneys Audit Techniques Guide is intended to provide guidance to the examiner who is auditing a taxpayer who is an attorney or an attorney firm and to provide tax related guidance to taxpayers and other professionals in this industry.


Business Consultants  (PDF - 700KB)
Publication Date: 07/2011
The Business Consultants ATG now includes an income section that addresses the shifting or the assignment of income issue and the substance versus form issue an examiner may encounter when conducting an examination.


Capitalization v Repairs
Publication Date: 11/2010
The ATG provides techniques for reviewing and examining capitalization v repairs issues.


Cash Intensive Businesses
Publication Date: 04/2010
Businesses that have substantial cash transactions are included in the consolidated Cash Intensive Businesses Audit Techniques Guide. Some of these businesses include bail bonds, beauty shops,car washes, check cashing establishments, coin operated amusements, laundromats, scrap metal, some convenience stores and Taxicabs. Guidance is also provided on examination of income, interview techniques, and evaluation of evidence.


Child Care Provider  (PDF - 220KB)
Publication Date: 3/30/2009
This Audit Techniques Guide will provide information on tax related issues pertaining to the child care providers industry. It provides guidance on accounting for income and deductions. Intended audiences are taxpayers, tax professionals and IRS examiners.


AUDITNET® MONOGRAPHS & GUIDES

 Monographs and Guides The monograph series grew out of my desire to establish an online electronic communication network for auditors. Before online services, bulletin boards and the Internet many auditors were operating without the benefits of peer collaboration and information sharing on a major scale. The Internet, founded on the principle of sharing and communication, changed the interaction model between auditors. Auditors can now post messages in online discussion forums, upload and download audit work programs, checklists, surveys, questionnaires and other audit related material in warp speed. Small one-person audit shops can now leverage the Internet and communicate with others and feel like they are not paddling upstream with one oar when it comes to having access to audit resources. My vision of an online information communication network for auditors became a reality with AuditNet® as the foundation.
The AuditNet® Monograph Series or AMS provides auditors with guidance on different aspects of the audit process and other relevant topics to help them do their jobs. New auditors will seek these guides to learn some basics of auditing while experienced auditors will use them as a review. Each guide focuses on a specific subject. The guides are available to subscribers in the audit templates area. If you are a subscriber and cannot find any of the following please send an email to info@auditnet.org. We are constantly adding new titles to this list.


  1. Auditing CICS – A Beginner’s Guide (Sep 2009)
  2. AuditNet Guide to Annual Audit Planning 
  3. Auditor’s Guide to Audit Programs, Questionnaires, Checklists and Control Matrices (Feb 09)
  4. AuditNet® Guide to Audit Report and Finding Rating Systems (May 2009)
  5. AuditNet Guide to Audit Risk Assessment Methodology 
  6. AuditNet Guide to Audit Working Papers
  7. AuditNet® Guide to Audit Report Writing (Feb 09) 
  8. Auditor's Guide to Documenting Controls (Jan 07)
  9. AuditNet Guide to Internal Audit Charters
  10. AuditNet® Guide to Planning & Conducting an Audit (September 2013)
  11. AuditNet Guide to Preparing Audit Programs
  12. AuditNet's Guide to Flowcharting
  13. AuditNet Guide to Fraud and Waste Indicators (August 2010)
  14. AuditNet Guide to Fraud Detection and Prevention Best Practices (August 2010)
  15. AuditNet Guide to Setting up a New Audit Activity (April 2009)
  16. AuditNet Guide to Writing Audit Reports 
  17. AuditNet Internal Audit Manual Template (Feb 09)
  18. AuditNet Internal Audit Manual Template
  19. AuditNet Principles of Computer Assisted Audit Techniques - an AuditNet® Monograph Series Guide in cooperation with INTOSAI.
  20. AuditNet Computer Assisted Audit Techniques Guide to Downloading Data an AuditNet® Monograph Series Guide in cooperation with INTOSAI
  21. Guide to Using International Standards on Auditing Small and Medium Sized Entities
  22. Guide to NIST Information Security Documents
  23. Information Integrity: The Next Frontier for Internal Auditors
  24. Information Technology Audit General Principles-Monograph
  25. AuditNet New Auditor Orientation Guide (Jan 07)
  26. AuditNet Guide to Sampling for Auditors  includes (Statistical Sampling Tool )
  27. Is Your IP Leaking?
  28. Software Compliance Auditing: Is Your Number Up?
  29. Software Compliance Auditing: As An Auditor,
  30. You Don’t Stand a Ghost of a Chance - Or, Do You?”
  31. Software Licensing Compliance
  32. Software Compliance & Your Organization: Looking for a Career Change
  33. Preparing, Documenting, and Referencing Spreadsheets
  34. Writing Essentials Toolkit for Auditors (October 2010) PDF version

New Auditor Training Guide

Audit Programs

  1. Data Center Server Environment-Government (March 2009)
  2. Electronic Fund Transfers-Government (March 2009)

 Follow-Up Audit Reports

City of Toronto Follow Up Report

San Jose Auditor's Office Follow Up Report

Risk Assessment Audit Program from the Office of the City Auditor, City & County of Honolulu (thanks Maria).

Service Level Agreement-Retail (Nov 07)

School Activity Funds: An Accident Waiting to Happen Washington Post Article November 9, 2007

APPFA Public Pension Risk Guide

Performance Measures and Key Performance Indicators for Auditors


Survey of 100 Largest School District Internal Auditing

I conducted this survey while I was working at one of the largest school districts in the U.S. I will continue to conduct this survey on an annual or biannual basis if there is enough interest.

2005 Survey of 100 Largest School District Internal Auditing Summary of Results 

Comparison of Current Survey to Previous 

Letter to Respondents with Results of Survey 

Survey Questionnaire 

Survey of 50 Largest Local Government Internal Auditing

2004 Survey of Local Government Internal Auditing 



Oracle User ID Form *** Oracle User ID Request from Gary Martin, Henrico County Internal Audit

Electronic Working Papers (contributed by John Middleton and Bill Miller from Johnson County Kansas Audit Services Department) June 2005

  1. Electronic Workpaper System
a. Overview
b. Organization and Management of the Audit
c. Master Index File Spreadsheet 
d. Electronic Workpaper Manual 
e. Independence Statement
f. Quality Control Questionnaire for Planning
g. Manager Certification of Workpapers
h. Referencing Certification
i. Quality Control Questionnaire Performance Audit
Audit Planning & Risk Assessments  

Denver's Risk Assessment and Audit Plan

Risk Assessment Template (SAS 112) A comprehensive risk analysis template with links to AICPA guidance

Audit Programs

The following audit programs were sent in by local government auditors.

  1. Accounts Payable and Purchasing Audit Program Whatcom County (Word) (pdf) 
  2. Capital Assets Accountability -Government (Sep 2008)
  3. Departmental Applications Testing -Government (Sep 2008)
  4. Data Collection Questionnaire-Gov (May 07)
  5. Fire Expenditures Audit -Government (Sep 2008)
  6. Grants Management Checklist -Government (Sep 2008)
  7. HIPAA Security Rule Compliance Survey (Feb 06)
  8. Internal Control Review of Selected Monetary Receipts-Government (Sep 2008)
  9. Post Implementation Review of Cashier System -Government (Sep 2008)
  10. Privacy Protection -Government (Sep 2008)
  11. Project Lifesaver and Community Partners Inc -Government (Sep 2008)

The following audit programs from the Round Rock ISD are available to subscribers

  1. Accounts Payable
  2. Athletics
  3. Attendance Accounting
  4. Campus Audit - Centralized
  5. Campus Audit - Decentralized
  6. Cash Operations
  7. Construction
  8. Criminal History Background Checks
  9. Disaster Management & Recovery
  10. Discretionary Grant Compliance
  11. Dropout-Leaver Records
  12. Energy Management
  13. Fixed Assets
  14. Food Services
  15. Human Resources
  16. Long-term Debt
  17. Maintenance Operations
  18. Payroll
  19. PEIMS
  20. Print Shop and Graphic Arts
  21. Program Evaluation
  22. Purchasing
  23. Risk Management
  24. SAS 99
  25. Tax Office Operations
  26. Textbooks
  27. Travel
Charters

Audit Committee Charter Sample also includes the Internal Audit Charter

Customer Satisfaction Surveys

  1. Audit Client Survey and Cover Memo SURA-Jefferson LAB Internal Audit 

  2. Audit Quality Assurance Letter & Questionnaire from Denver Auditor's Office 

  3. Post-Audit Review Survey Treasury Department of Western Australia

And more:

  • Customer Survey Example #1

  • Customer Survey Example #2

  • Customer Survey Example #3

  • Customer Survey Example #4

  • Customer Survey Example #5

  • Customer Survey Example #6

Training

Audit Committee Awareness and Training (Appendix 3 is the terms of reference for the audit committee) from Bill Cook Edmonton, Alberta, Canada

Fraud and Internal Control for School Based Administrators 

Best Practice Surveys and Benchmarking

Right to Audit Clause Survey  - thanks to Bill Cook for compiling the results of his survey including the language provided by the participants. This should help other local governments developing a right to audit clause.


Sample RFPs

Audit RFP - Richmond, VA 

 IT PeopleSoft RFP - Frederick County, MD


Miscellaneous

Building Permit Process – Calgary, Alberta Canada 

Position Descriptions

  • Audit Position Descriptions  
  • Assistant Auditor 
  • Auditor 
  • Clerk 
  • Director 
  • Internal Auditor 
  • Internal Auditor 
  • Manager 
  • Staff Auditor 
  • Senior Internal Auditor 
  • Senior Auditor  

Coal Procurement Audit Program

Gas Production Audit Program

Oil Refinery Audit Program

Oil and Gas Industry - ( 5/96 494K )
Provides information on basic operations and common terminology. Includes reference to royalty owners and an introduction to financial products.

Articles

 Sarbanes-Oxley and Implications for Nonprofits


Blogs

 NFP Blog for Auditors and Accountants

Resources

AAA Government and Nonprofit Section Web site provides information about the organization, research papers and teaching material.

Audit Guide For Audit Committees of Small Non-Profit Organizations from the Virginia Society of CPAs provides assistance for the audit committees of small NPOs to perform a limited review of their organizations' financial statements.

Basic Guide for Non-Profit Financial Management Web site provides all the basics including audits of non-profit financial management practices.

Checklist to Assess Financial Activities in Nonprofit Organizations

Church Internal Audit Program from the Missionary Society of Connecticut.

Controlling the Audit Process from CPAs for the Public Interest 

Independent Sector - leadership forum for charities, foundations, and corporate giving programs committed to advancing the common good in America and around the world. Includes a section on accountability.



Internal Financial Controls for Charities provides guidance for non-profit organizations with basic controls, controls over receipts, expenditures, purchases and assets.

Local Church Audit Guide prepared by the United Methodist Church provides guidance for church audits.

Parish Control Checklist - from the Diocese of Springfield, Illinois.

Parish Internal Control Procedures  from the Diocese of Springfield, Illinois.

PPC'S E-Workpapers™ for Nonprofit Organization Audits

From the Virginia Society of CPAs

  • Responsibility and Liability of Board Members of Nonprofit Organizations
  • Income Tax Issues Affecting Small Nonprofit Organizations
  • Budgeting: A Guide for Small Nonprofit Organizations
  • Audit Guide For Audit Committees of Small Nonprofit Organizations

Center for Accountability and Performance   is the American Society for Public Administration web site that aims to improve the practice of public service by helping PA professionals acquire the knowledge, technical skills and resources necessary to successfully manage for results. CAP achieves its mission through education, training, advocacy, technical assistance, resource sharing, and research into best practices in Performance Management.

Protiviti KnowledgeLeader Internal Audit Community is a web-based internal auditing tool that will help you identify risks, develop best practices and add value to your organization. We give you internal audit tools, checklists, and templates as well as news and updates on the latest business risks and controls.

Measure.net Web site dedicated to improving corporate performance measurement systems provides an Idea Exchange, a Resource Center and information about performance measurement audits.

Municipal Performance Measurement Program - initiative designed to provide taxpayers with useful information on service delivery and municipalities with a tool to improve those services over time. The site provides information about the program, a handbook/guide for municipalities and more.

Performance Assessment Guide Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide for Developing Performance Measures, a Guide For Measuring Customer Satisfaction, Quality and Productivity Self Assessment Questionnaires and more.

Performance Based Management Guide General Services Administrations provides eight steps to develop and use information technology performance measures effectively.

Performance Institute private think tank that serves as the nation’s leading authority and repository on performance-based management practices for government agencies. Their mission is to identify, study and disseminate the leading management innovations pioneered by ‘best-in-class’ public-sector organizations.

Performance Measures Discussion Forums provides un-moderated discussion forums on government performance measurement issues.

Performance Measurement Handbook of Tools and Techniques is an excellent resource for auditors involved in performance measurement. The Handbook is available in html format or may be downloaded in pdf format for printing.


Performance Measurement Resources is a set of free resources to help you with performance measurement problems. There are articles, links and sample performance measures for various job categories.


Reporting Performance Information - The purpose of this special report is to provide guidelines to state and local governments to enhance the production of external SEA reports through use of sixteen suggested criteria. These criteria were developed by studying state and local governments currently using SEA measures and studying the work of other national and international organizations. Each criterion includes the purpose, a description, the rationale for such a criterion, and several examples from existing SEA reports.

SekChek for Internal Auditors and IT Security Policy Champions measures the progress of IT Security Policy Implementations. This automated computer security analysis tool/service can compare host system / domain security control settings against an organization's benchmark of desired Security Standards. Intended mainly for companies with many systems in multiple locations (departments, regions or countries), SekChek provides graphical reports showing how well security controls across the various systems meet or deviate from the benchmarked standards. Ideal for companies wishing to transition "ownership" of computer security from IT Security technicians to system Owners (User Management). Originally developed in 1997, SekChek is designed, and continually enhanced, to analyze security settings of all major (non-mainframe) operating systems and platforms, including all versions of Windows, Unix, Netware and AS/400. Sample reports can be downloaded from SekChek Information Protection Services at www.sekchek.com

Auditors evaluate compliance with organizational policies and procedures. Sometimes policies or procedures for areas reviewed are not available.  The Internet can be a valuable source of information for auditors reviewing existing policies and procedures or those looking for a basis of comparison to see what others are doing. Check out the following links to Internet websites with policies and procedures. If there is a policy or procedure or area that you would like to see posted here contact us.

ACCOUNTING AND FINANCE AUDIT

ELECTRONIC RECORDS MANAGEMENT EMAIL
ETHICS GENERAL POLICY AND PROCEDURES 
FIXED ASSETS FRAUD
INFORMATION PRIVACY INFORMATION SYSTEMS
INTERNAL AUDIT PERSONNEL/HUMAN RESOURCES
PETTY CASH/IMPREST FUNDS PURCHASING
TIME AND ATTENDANCE REPORTING TRAVEL AND ENTERTAINMENT
INTERNAL CONTROL GUIDELINES  

ACCOUNTING AND FINANCE

Illinois Institute of Technology Accounting Manual

Kansas State University Accounts Receivable Policy and Procedure

Massachusetts Office of the State Comptroller Policy Memos

AUDIT

GAO Policy and Guidance Materials

ELECTRONIC RECORDS MANAGEMENT

Commonwealth of Australia

Utah State Archives and Records Service  

Saskatchewan Council of Archives - Electronic Records Policy and Procedures

EMAIL

UF Policy on E-Mail as Public Records 

ETHICS

Boeing Corporation Ethics and Business Conduct

FIXED ASSETS

DoD Financial Management Regulations

FRAUD

Tufts University Fraud Prevention Procedures

GENERAL POLICY AND PROCEDURE MANUALS

Free Sample Policy and Procedure Manuals

INFORMATION PRIVACY

INFORMATION SYSTEMS

University of Kentucky

INTERNAL AUDIT

AuditNet Internal Audit Manual Template

INTERNAL CONTROL GUIDELINES

Princeton University Internal Audit



PERSONNEL/HUMAN RESOURCES

Princeton University 

PETTY CASH/IMPREST FUNDS

Petty Cash Policy Pace University

PURCHASING

Purchasing Policy Examples

TIME AND ATTENDANCE REPORTING

University of Texas Health Science Center

TRAVEL AND ENTERTAINMENT

Northwestern University 

The retail industry includes many different types of operations. This section of AuditNet® provides resources and tools for auditors in the retail industry segment. If you have resources you would like to add to this section, please send them to AuditNet

The following programs are available to Basic level subscribers but must be accessed from the audit programs page.

  1. Benchmark Retail Operations

  2. Branch Audit Program 

  3. Branch Retail Operations Risk Assessment UK
  4. Branch Security Audit
  5. Branch Warehouse (Distribution) 
  6. Payroll Audit Program - Retail Store
  7. Retail Cash Office Audit

  8. Retail Operations Audit Program
  9. Retail Store Audit Program
  10. Retail Store Operations
  11. Warehouse Audit Program

The following audit programs are available to Premium Subscribers. Access is provided in the Premium Level 2 section. Subscribers cannot access the documents from this page.

  1. Retail-Business Process Management (Apr 08)

  2. Retail-ERP Systems (Apr 08)

  3. Retail-Competency Management Human Resources (Dec 07)

  4. Retail-Complaint Handling (Mar 08)

  5. Retail-Contract Life Cycle Management (Nov 07)

  6. Retail-Corporate Card-Retail (Nov 07)

  7. Retail-Corporate Performance Management Financial Controls (Dec 07)

  8. Retail-Credit & Collection Financial Controls (Dec 07)

  9. Retail-Financial Controls Working Capital Management (Apr 08)

  10. Retail-HR Benefits Management (Apr 08)

  11. Retail-HR Employee Performance Management (Apr 08)

  12. Retail-HR Incentive Compensation Management (Apr 08)

  13. Retail-HR Workforce Management (Apr 08)

  14. Retail-Order to Receipt POS System (Apr 08)

  15. Retail-Order to Receipt Customer Management (Mar 08)

  16. Retail-Order to Receipt Submit Tender Offer for Store Development (Jan 08)

  17. Retail-Order to Receipt Revenue Contract Lifecycle Management (Jan 08)

  18. Retail-Order to Receipt Sales Performance Management (Jan 08)

  19. Retail-Order to Receipt Contactless Payment System (Jan 08)

  20. Retail-Procure to Pay Accounts Payable Management (Jan 08)

  21. Retail-Procure to Pay Vendor Selection (Apr 08)

  22. Retail-Procurement to Payment Cycle Transportation Management (Dec 07)

  23. Retail-Procurement to Payment Inbound Logistics Control (Dec 07)

  24. Retail-Procurement to Payment Invoice Reconciliation and Payment Control (Dec 07)

  25. Retail-Risk Management (Apr 08)

  26. Retail-Sales Order to Receipt Cycle (Dec 07)

  27. Retail-Service Level Agreement (Nov 07)

  28. Retail-Spend Management Review (Nov 07)

  29. Retail-Succession  Planning Human Resources (Dec 07)

  30. Retail-Supply Chain Finance Financial Controls (Dec 07)

  31. Retail-Talent Acquisition and Retention Human Resources (Dec 07)

  32. Retail-Tender Procedures (Nov 07)

  33. Retail-Warehouse Inventory Management (Mar 08)

  34. Retail-Warehouse Labor Management (Mar 08)

  35. Retail-Warehouse Management (Mar 08)

  36. Contract labor management-Retail (June 2009)

  37. Customer loyalty-Retail (June 2009)

  38. Managing Performance-Retail (June 2009)

  39. Marketing Control-Retail (June 2009)

  40. Sales Performance Management-Retail (June 2009)

Risk based Internal Audit (RBIA) is an internal methodology which is primarily focused on the inherent risk involved in the activities or system and provide assurance that risk is being managed by the management within the defined risk appetite level. It is the risk management framework of the management and seeks at every stage to reinforce the responsibility of management and BOD (Board of Directors) for managing risk.

Risk based internal audit is conducted by internal audit department to help the risk management function of the company by providing assurance about the risk mitigation. RBIA allows internal audit to provide assurance to the board that risk management processes are managing risks effectively, in relation to the risk appetite.

C Risk Logo  Improving your knowledge, skills and competency in risk assessments by Jason Mefford, Co-Founder, cRisk Academy - As auditors, we must develop the necessary knowledge, skill and competencies to make us effective auditors. We owe it to ourselves, and to our organizations. These concepts are discussed about over, and over again throughout the IIA standards and other materials. We gain these through various means, but one of the most important is through individual training.  Read the article now!

A sample simple risk assessment methodology including criteria

Internal Auditing: A Risk Based Approach (Resources from David M. Griffiths)

Book: Introduction to RBIA

Risk based internal auditing - an introduction download pdf file(612 KB file)

Excel spreadsheets to use with the above download (256 KB)

Book: Implementation of risk based internal auditing

Risk based internal Auditing - Three Views on Implementation download pdf (444 MB)

Excel spreadsheets to use with the above download (542 KB)

Manual: RBIA manual

The manual download pdf (1.4 MB) or download the Word file (1MB)

Excel spreadsheet to use with the above download (56 KB)

Database: Microsoft Access database of risks, controls and assurance.

Database: Risk and Audit Universe

Example download Excel spreadsheet (190 KB)

Database: Audit database

Expense purchases audit download Excel database (130KB)


Resources on Risk Assessment & Risk Management

Compliance Executive an online news and feature portal focusing on the areas of corporate governance, risk and compliance and reaches 45,000 senior level financial and legal executives throughout the US.

Operational Risk Information Community - information community resource center and forum for operational risk management and measurement professionals.

RISK TV Risk Television is an Internet Television Network devoted exclusively to risk management research.

Articles on Risk Assessment

  1. Auditing in the New Millennium
  2. Risk Assessment When Auditing E-commerce Activities
  3. Risk Assessment Do's and Don'ts
  4. Risk Assessment Tools-A Primer
  5. Risk Assessment Conduit for Internal Audit
  6. Risk Assessment by Internal Auditors Using Past Research on Bankruptcy

Best Practices

  1. Best Practices in Risk Management: Private and Public Sectors Internationally
  2. Integrated Risk Management Framework - from the Treasury Board of Canada
  3. Risk Management Best Practices, Case Studies, and Related information - Version 1 CD from Pleier and Associates.
  4. Risk Survey by KPMG Canada profiles risk management practices in Canada's leading organizations. The business leaders were identified from Canada's top 500 companies as ranked by The Financial Post. Government leaders were selected from the federal civil service. A total of 101 interviews were completed.
  5. Information Security Risk Assessment: Practices of Leading Organization is a GAO document on the subject. 

Books

 

Handbook of Integrated Risk Management for E-Business: Measuring, Modeling and Managing Risk By: Abderrahim Labbi

Guides

Review Guide to an Audit of Risk Management www.tbs-sct.gc.ca/Pubs_pol/dcgpubs/TB_H4/RISK1E.html

Guide to Fraud Risk Assessment

Risk Assessment Standards Toolkit

Risk Frameworks

  1. Firm Risk Assessment Framework from the UK Financial Services Authority
  2. Risk Assessment Models


Web Sites

  1. City of San Jose Office of the City Auditor Risk Assessment Library provides a risk procedure for city departments.
  2. KnowledgeLeader  Internal Audit and Risk Management Community is a subscription-based website that provides, tools, resources and best practices to help internal auditors save time, manage risk, and add value.
  3. Yale University www.yale.edu/auditing/balancing_risks.htm
  4. Tampa Internal Audit Departmental Risk Analyses - links to local government risk analysis worksheets -
  5. Risk Assessment Measurement - ISACA standard
  6. Use of Risk Assessment in Audit Planning - ISACA
  7. Understanding Internal Controls - www.ucop.edu/ctlacct/under-ic.pdf is a guide from the University of California Financial Management Controls and Accountability which includes a section on Risk Assessment

Risk Reports

Sample Risk Methodologies

  1. Audit Survey of the Joint Architect of the Capitol www.house.gov/IG/95aoc27/report.htm
  2. Indiana University Self Assessment Tool wwwdb.ucs.indiana.edu/internalauditing/Scripts/login.cfm log in anonymously for an example of the tool available through the audit department.  
  3. Jefferson Lab Risk Assessment Criteria www.jlab.org/div_dept/audit/strategy.html
  4. Risk Based Methodology for Colleges and Universities amas.ucsd.edu/Documents/D%20-%20Quantitative%20Risk%20Model%202000.pdf from the Risk Based Audit Work Group.

Software (links available from AuditNet)

  1. AuditLeverage www.auditleverage.com from IAD Solutions
  2. CCH TeamMate
  3. AutoAudit from Paisley Consulting www.paisleyconsulting.com
  4. Galileo www.GalileoOnTheWeb.com
  5. Magique Risk Management System www.horwathsoftware.co.uk/Magique
  6. Pentana www.pentana.com
  7. Rank It Risk Assessment Tool demo available from AuditNet
  8. @Risk www.palisade.com Trial version

Tools

  1. IT Risk Assessment Template (Excel) from the AuditNet inventory
  2. Risk Factors - Criteria used to identify the relative significance of and likelihood that
    conditions/events may occur that could adversely affect the organization.
  3. Risk Matrix (Risk Matrix 2.20) - Risk Matrix is an automated tool, developed by Mitre Corporation with the federal government to facilitate the structured approach for identifying risk and assessing its potential program impact. The matrix and users guide are available from the auditnet site at www.auditnet.org.
  4. Self Examination for your Internal Audit Department provides "A" Test for Corporate Governance and "A" Test for Risk Assessment & Audit Planning .

Training

  1. Audit Services is a training consultant that offers a seminar on risk assessment. 
  2. MIS Training Institute www.misti.com
  3. Risk Management for Internal Auditors and Business Managers audittrends.com/Seminars8.htm

Statistical sampling has become an integral part of the auditor's tool kit. The Internet offers substantial guidance and tools on the subject of sampling. This AuditNet® page pulls together a cross-section of those resources. If you find other sampling tools, methodologies or plans to this page contact us.

How to Use Sampling AuditNet® Monograph Series 

A Practical Guide to Sampling from the UK National Audit Office

Audit Sampling Training and Development Course from the Office of the Comptroller - State of Texas

Sampling Methodologies from the Comptroller of the Currency provides an excellent guide to methods, plans and procedures.

Sampling Plans Web site for a software vendor provides a tutorial on sampling, a best practices area, software area and discussion forum area.

Statistical Sampling for Auditors - RAT-STATS is the package of statistical software tools used by the Office of Audit Services in the Department of Health and Human Services.  It was designed to assist auditors in performing random samples and evaluating the results.  This site includes the manual and a self extracting file for the program.

Books

There are many auditors working for organizations that use SAP, an enterprise resource planning (ERP) system. Enterprise Resource Planning or ERP is an industry term for integrated, multi-module application software packages that are designed to serve and support multiple business functions. The purpose of the SAP AuditNet page is to provide a clearinghouse of information and an opportunity to share resources to facilitate audits of SAP. If you have resources including audit programs, checklists, internal control questionnaires (ICQ) or anything else that will help other auditors please send them to editor@auditnet.org

ERP GENERAL (SAP, BaaN, Oracle, PeopleSoft) 

ITtoolbox a knowledge network and support environment for the IT industry containing a section on ERP with links to SAP, BaaN, Oracle, PeopleSoft and more.

Audit and Security Strategies for PeopleSoft Implementation

Layer Seven Security  -Layer Seven Security specialize in SAP security. The company serves customers across the globe to protect SAP systems against internal and external threats and comply with industry and statutory reporting requirements. We fuse technical expertise with business acumen to deliver unparalleled implementation, consulting & audit services targeted at managing risks in contemporary SAP systems.

The following documents were shared by Larry Hanson ISACA-LA Chapter) and are available to subscribers from the audit programs section of AuditNet.

BaaN Business Process Controls

BaaN Security

ERP Systems: Audit and Control Risks

Introduction to ERP: Overview of ERP Systems

PeopleSoft Business Process Controls

PeopleSoft Security

SAP Business Process Controls and AIS

AUDIT PROGRAMS

  1. Oracle Application Audit

  2. Oracle Database Auditing

  3. Oracle DB Technical Audit Program  

  4. Oracle Financials Security Checklist

  5. Oracle Infrastructure Audit

  6. Oracle Inventory Audit

  7. Oracle Security Guide

  8. PeopleSoft Audit Review
  9. PeopleSoft Audit Program 

  10. PeopleSoft Audit Release 7.X 

  11. SAP Accounts Payable Audit Program
  12. SAP Audit Info. Approach 
  13. SAP Audit Program (Word)
  14. SAP Audit Program 

  15. SAP Fixed Assets
  16. SAP-HR Audit Program
  17. SAP Materials Management
  18. SAP Process Controls Audit Program

  19. SAP Security 

  20. SAP Systems Parameters Review
  21. SAP Transaction Codes

AUDIT GUIDES

  1. Auditing SAP R/3

  2. Auditing SAP Basis

  3. Auditing in an SAP Environment presentation by Phil Moulton

  4. SAP R3 Auditing Manual 

  5. SAP R3 Auditing Guidelines

  6. Introduction to the SAP/R3 System Focusing on Audit Aspects

BEST PRACTICES

Better Practice Guide - Security and Control for SAP R/3  from the Australian National Audit Office.

CHECKLISTS & ICQs

  1. Oracle Audit Checklist

SAP PRESENTATIONS

Auditing in an SAP Environment   Phil Moulton

Fraud Auditing in an SAP Environment  Phil Moulton

REPORTS

SECURITY

SAP Security Administration SANS Institute Information Security Reading Room

TRANSACTION CODES 

SAP Transaction Codes

SAP Transaction Codes with Report and Description


General SAP R/3 Security Administration

Topic File Description
Designing Roles Security Design Concepts A presentation on responsibility of Security provided by Pandya, Snehal , nice system risk matrix.
Designing Roles Authorization Design A presentation provided by Pandya, Snehal  on role design.
Upgrade SAP Security Upgrade White Paper Upgrading to Role Based Profiles
SOD Segregation of Duties Matrix This was written by SAP and is based on transactions level authorizations
Business Warehouse bwauthconcepts_JUDI_1204.pdf Business Warehouse Security Overview
Business Warehouse Training Document for Learning BW Security I am writing this document as I have time.
Gary Morris
HR Structural Authorizations Structural Authorizations Step By Step HR Security Doc by Norm and Carl provided by Amy Sue Lambermont.  Thanks Amy!
Security Setup System Parameters System Parameters related to security
Training Ids Creating Users Script Step by Step Guide to setting up Training IDs and setting same password, Woo Hoo!!
RBE Using the RBE Tool for Security A document from Larry Justice on How to use the RBE tool for Security
Controls Configurable Controls.ppt A ppt on configurable controls
ESS Security for ESS.ppt a ppt on Security for Employee Self Service and Manager's Desktop
R/3 Security Overview SAP Audit Information foundational R/3 security information
R/3 Security Overview SAP Security  
Security Tools Toolstocontrolrisk.ppt A PPT on tools to mitigate Risks in R/3
Security Administration UserSecurityDelta.ppt A ppt on User & Security Administration for e-Procurement at Delta Air Lines
Security Administration Authorizations made easy 45A/B The Authorization Made Easy Guide for 45A/B
Workplace DWorkplacesecurity.ppt A ppt on Workplace Security
  SAP_System_Parameters.pdf  
Workplace WorkplaceSSO.ppt A ppt on Workplace Single Sign On
User Buffers auth/new_buffering Info on auth/new_buffering
Authorization Objects User Administration Authorizations Critical Authorization Objects that control User administration access
Third Party Tools BindviewSAPControl overview.ppt Overview of the Bindview Control product
Third Party Tools bv_sap_sample_reports.ppt Sample Bindview Control Reports
Third Party Tools bv-ControlSAPds1.pdf Bindview Information
Third Party Tools bvcvsSAP.doc Bindview Information
Third Party Tools SAPCaseStudy.pdf Bindview Information
CUA CentralUserAdmin.ppt A ppt on Central User Administration
CUA Quick run through of how to setup A quick list of  how to setup CUA
CUA Central User Administration A ppt on Central User Administration management
CUA Delta Central User Admin.ppt A ppt of Central User Administration at Delta Airlines
CUA personeldevcua.pdf A pdf by P.M.V. Subba Rao
RBE STEPS TO GENERATE RBE EXTRACT FILE Document on using the RBE tool to analyze transaction usage.
Security Audit Logs Format of Security Audit Log Files  
Security Audit Logs SECAUDLOGONLINE_EN.pdf SAP Manual on Security Audit Logs
Security Audit Logs sec_audit_log_param.txt Setup Security Audit Logs
SAP Security Guide Ver 3 secguide.zip (unzip and use index as starting page) The Official SAP Security Guide Version 3
Security Audit Logs Security Audit Logging with SM19 All the steps needed to setup Security Audit Logging
Security Audit Logs Security Audit Log Filters SM19 SM19 Enabling Dynamic Filters for Security Audit Logs Example
Security Audit Logs Analyzing Security Audit Logs SM20 Analyzing Security Audit Logs Examples
Security Audit Logs sap_note_135210_secAudLog.txt Why the Security Audit Logs lose their Settings when system reboots
Tips Resetting SAP* ABAP Code for resetting SAP* password across all clients
SAP Security Guide Ver 3 sapsecurityguidever3.pdf  
SAP Security Guide Ver 2 securtyguidever2vol3checklists.pdf SAP Security Checklists
Security Administration business_user_adm_mysap.pdf  
Workplace Roles workplace.ppt  
CRM CRM_AUTH_20C.pdf
All Activities tact.xls Table TACT
Security Adminsitration Users_and_Roles_620.pdf  
Designing Roles Security Naming Convention  
Secure OS SECUREOSSEN.pdf  
Security Overview System Security Overview.ppt  

SAP PRODUCT VENDORS

Realtime North America - vendor of BioLock, SAP certified biometric identity management system.

SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) 70, titled “Reports on the Processing of Transactions by Service Organizations”. SAS 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report. Service organizations are typically entities that provide outsourcing services that impact the control environment of their customers. Examples of service organizations are insurance and medical claims processors, trust companies, hosted data centers, application service providers (ASPs), managed security providers, credit processing organizations and clearinghouses.

There are two types of service auditor reports. A Type 1 service auditor’s report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type 2 service auditor’s report includes the information contained in a Type 1 service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review.

from SAS 70 Solutions.com


RESOURCES

DESCRIPTION

www.cpa2biz.com

Website where customers can purchase a copy of the SAS 70 standard, current SAS 70 audit guide (which includes a complete copy of the standard), and related SAS 70 materials.

Glossary of Terms

A complete list of the most commonly used SAS 70 audit terms.

FREQUENTLY ASKED QUESTIONS (FAQs)

An collection of the most commonly asked questions regarding SAS 70 audits.

SAMPLE DOCUMENTS

VENDOR

 

Vendor Interview Questionnaire

SAS 70 Audit Request for Proposal Tool

SAMPLE DOCUMENTS

TYPE 1

SAS 70 Audit Request for Proposal Tool

Sample Type 1 SAS 70 audit opinion letter

Type 1 Opinion Letter Demonstrating the Inclusive method

Type 1 Opinion Letter Demonstrating the Carve Out Method

Sample Type 1 SAS 70 audit management representation letter

SAMPLE DOCUMENTS

TYPE 2

Sample Type 2 SAS 70 audit opinion letter

Type 2 Opinion Letter Demonstrating the Inclusive method

Type 2 Opinion Letter Demonstrating the Carve Out Method

Sample Type 2 SAS 70 audit management representation letter

QUALIFIED OPINION EXAMPLES

 

Fairness of presentation

Suitability of Design

Operating Effectiveness

INDUSTRY LEADING VENDORS

SAS 70 Solutions

Deloitte & Touche

Ernst & Young

KPMG

PriceWaterhouseCoopers

MISCELLANEOUS WEBSITE LINKS

A SAS 70 Auditor’s Response to the Critics

White paper exposing common errors and misconceptions regarding SAS 70 audits.

www.sas70.com

Website maintained by an Ernst & Young partner that is designed to provide SAS 70 background information and garner sales leads.

http://www.polarcove.com

Article containing SAS 70 overview and planning information.

www.CSOonline.com

CSO.com article regarding SAS 70 audits.

SAS70 Solutions firm specializing SAS 70 audit services provides resources and tools for auditors.

SAS 70 Article from the security officers perspective

SAS 70 Articles and Whitepapers

SAS 70 Overview and Planning Guide

Audit Documents

  1. SAS 70 Evaluation Checklist (Apr 06)

  2. SAS 70 Evaluation Guidance (Apr 06)

  3. SAS-70 Review (Oct 05)

  4. SAS 70 Type 1 Fraud Assessment Template (July 05)

  5. SAS 70 Type 2 Fraud Assessment Template (July 05)

  6. SAS 70 Type 2 Internal Control Evaluation Checklist PDF

  7. SAS 70 Type 2 Internal Control Evaluation Checklist Excel 

from Jim Kaplan, Certified Software Manager        

The Internet and computer technology have spawned a whole new generation of audit-related issues. Before organizations began investing in computer technology, intellectual property and copyright were not significant areas of concern for auditors. But now, because of the legal liability and potential "bad press" that can result from software copyright violations, auditing for compliance with software-license agreements is a critical part of audit plans. Corporate Governance issues and aiming for compliance with ISO17799 and ISO 27001 also means that auditors need to be MORE vigilant in software compliance and licensing issues. Having unauthorized copies of software loaded on your computers is not only foolish but it is also risky business. This page is developed to provide a central resource for auditors and software managers to make sure they have information needed to control software piracy and minimize the risk of lawsuits and adverse publicity towards their organization.

Software Piracy is far more widespread than the industry "statistics" will tell you. In many cases most don't believe the numbers that regularly pop up in "industry surveys". You can ignore the issues or you can be proactive and do some simple things to ease your pain and reduce your risk. Not sure whether you are affected, then read the key feature articles at this site!

Failure to take heed of the issues surrounding software piracy can bring about a significant set of legal costs and penalties. A good example of the scale of penalty costs that can be worn if you are caught with illegal software can be located at Don't let Anton In! which deals with the issues faced with anti-piracy "police" raids at your front doorstep!  This page also sets out the penalties that apply. As these keep changing (increasing) then keep an eye on your local jurisdiction for updates on the changes.

Audit Software VENDORS and consultants

PC Profile provides PC and desktop coverage for issues related to PC usage and software management. The site has links to significant amounts of pragmatic advice and practical steps to aid auditors in overcoming the issues faced. They also provide software tools, articles and much more.  The audit software covers servers, desktops, notebooks and also can be used via servers, floppy disk and via e-mail. One of the key issues many overlook relates to establishing Proof Of Purchase in cases of mounting a defense see how you can establish "Proof Of Purchase" Records

NEWS >>>  Microsoft has started a program recently in UK that has wide reaching implications for smaller and medium sized organizations, that auditors need to be aware of to minimize risk. More details can be seen here

  • Name and Shame a list of organizations that have paid the price for not being vigilant with software audits
  • PSSSST do you want some free software?  This is the conversation you need to stamp out in your office!
  • Vista will also present some unexpected challenges at some sites and so will the Update Now feature

Software Policy Warning Message is a simple way of getting the message to the desktop!

Frequently Asked Audit Questions some typical questions auditors wish to know about software licensing

KeyAudit is a free Software Audit Tool that determines the status of Software License Compliance. Downloads available for Windows and Mac.

Key Server License Management Web site provides software license management solutions for organizations. Site includes articles about software licensing, product information and a free software audit tool that determines the status of Software License Compliance

Articles on Anti-Piracy Software Compliance Auditing

AuditNet® Exclusives: 

Using Illegal Software is a BIG RISK - you know this already, BUT DID YOU KNOW THAT ....................?
If a software vendor eg; Microsoft, Autocad, Oracle, Novell etc has reasonable grounds for believing that illegal software, (which also can include sounds, films, videos, games, images, fonts) being used on your systems and that evidence may be destroyed if notice is given, then the software vendor may apply to a Court of Law for an Anton Pillar Order. Click here for the rest of the story!

If you been fighting a losing battle about having a budget for audit software tools and need to convince management, accountants and directors, then you need to read this article and make a comparison between what "could have been avoided" versus what needed to be budgeted. It might just tip the scales in your favor as you strive to achieve software compliance using software audit tools. 

See No Budget for Audit Software 

One of the hardest tasks to manage in the computing department for any organization is licenses for software. Understanding that the software that you have installed is ONLY covered by a "license to use" is a hard concept to grasp. This article covers licenses issues for Windows based desktop and> server based platforms. http://www.auditnet.org/articles/softwarelicenses.htm

File Sharing is a new risk that may have allowed software and files to be slipped Under Your Nose!

Have You Been Napstered? focuses on issues created by the Napster wave and still lingers on with "wannabe" startups after Napster was closed down!

License Compliance and Audit Articles from PCProfile
  • Who Is Responsible?  examines the key culprit in terms of why we have piracy
  • Who Else Is Responsible? this article then looks at how this has spread to other sectors
  • Get Your Reward Here - auditors need to be on the look out for the risks faced by this key issue.
  • Grand Theft Software USA "ups the ante" on rewards and brings business to account
  • Risky Business  provides access to an Excel template for a small fee that will calculate the scale of costs you can be up for and need to AVOID if caught with illegal software!
  • Ways to detect illegal copies can be identified here.
  • Frequently Asked Questions About Software Compliance
  • It's time to RAZE The Jolly Roger ....and declare war on software pirates!
  • A New OUTLOOK on PC Software Compliance Auditing
  • Check Your Post Box
  • Busted - Anti_Piracy news you need to hear!
  • Your PC Isn't a Patch on what it used to be!
  • Getting caught with illegal software will cost you!
  • Will your PC survive the Year 2000 bug if you have illegal software?
  • Microsoft Aust offers $AUD 5,000 reward for "dob-in-a-pirate"!
  • Software Copyright & You
  • 16 Steps to Software Compliance
  • Accountants
  • No Frills No Fuss Software Compliance Policy
  • CD Writer increases risk of illegal software
THE PENALTIES THAT APPLY ARE:
In USA from http://www.bsa.org/usa/

Piracy and the Law

Many businesses, both large and small, face serious legal risks because of software piracy. Under the law, a company can be held liable for its employees' actions. If an employee is installing unauthorized software copies on company computers or acquiring illegal software through the Internet, the company can be sued for copyright infringement. This is true even if the company's management was unaware of the employee's actions.

If the copyright owner brings a civil action against you, the owner can seek to stop you from using its software immediately and can also request monetary damages. The copyright owner may then choose between actual damages, which includes the amount it has lost because of your infringement as well as any profits attributable to the infringement, and statutory damages, which can be as much as $US150,000 for each program copied. In addition, the government can criminally prosecute you for copyright infringement.

If convicted, you can be fined up to $US 250,000, or sentenced to jail for up to five years, or both.

In Canada  from here.

What Are the Penalties for Pirating Software?
Software theft is a serious crime. If you or your company is caught with illegal software, you may be fined and prosecuted to the full extent of the law. In fact, you may be liable under both civil and criminal law.

If the copyright owner brings a civil action against you, the owner can seek to stop you from using its software immediately and can also request monetary damages and an accounting of profits derived from the copyright infringement. The copyright owner may then choose between actual damages, which includes the amount it has lost because of your infringement, and statutory damages, which can be as much as $20,000* for each individual program copied. In addition, the government can criminally prosecute you for copyright infringement. If convicted, you can be fined up to $1 million, or sentenced to jail for up to five years, or both.

In UK from here

What are the Penalties?

In criminal courts:

potentially, imprisonment for up to ten years, substantial late fees, and/or confiscation of assets.

In the civil courts:

  • injunctions to stop any further use of the software and to delete or hand over illegal copies (punishable with imprisonment if breached) ;

  • payment of damages or the profits made from illegal use or distribution to compensate the copyright holder;

  • payment of the costs of the case (which can be substantial)

Courts can grant orders to enter and search premises, and to seize illegal copies and the computers on which they are loaded.

Audit Programs, MANUALS, & gUIDES
Sample Guidelines from other audit organizations
University of North Texas: Guidelines for software licensing compliance

Other Articles

  • Whose Software Is It Anyway?
Industry Associations

and for Other major Countries;

If you have an article, policy, audit program or link to add to this page contact us.

from Jim Kaplan, Certified Software Manager

Information technology has significantly impacted internal auditors both in what we audit as well as tools we use on a daily basis. One of the first business applications developed for the personal computer was the spreadsheet. Lotus 1-2-3 spreadsheets were commonly used by auditors in the mid-1980's replacing columnar pads.  Spreadsheets have been standard tools for auditors since the early days of personal computers. This resource page is devoted to both using spreadsheets in auditing as well as auditing spreadsheets. We will provide articles on the subject, sample templates, spreadsheet based accounting and audit tools and numerous resources for ensuring the validity of your spreadsheets. If you have any resources or tools to add to this page, contact us.

Using ActiveData for Excel: A video library of 14 of ActiveData's most powerful features

VIDEO TUTORIALS:

Quickly analyze your data

Save time manipulating data within your worksheets

Perform powerful audit and fraud detection techniques

Manage your Excel workbooks and worksheets efficiently

Training Materials


CAATTs Training and Guides

Preparing, Documenting, and Referencing Spreadsheets 

Excel Spreadsheets Shared by Auditors

  1. Accounts Payable General Ledger Spreadsheet

  2. Audit Satisfaction Survey Spreadsheet

  3. Controls Test Spreadsheet

  4. Data Warehouse Risk Analysis Spreadsheet

  5. E-commerce questionnaire spreadsheet

  6. FLSA Audit Program Spreadsheet

  7. Help Desk Metrics Spreadsheet

  8. Human Resources Audit Spreadsheet

  9. IT Risk Assessment Spreadsheet

  10. Mass Transit Advertising Revenue Audit Program Spreadsheet

  11. Pharmacy Review Spreadsheet

  12. Post Balance Sheet Events Spreadsheet

  13. Risk Model (Stock) Spreadsheet

  14. Statistical Sampling Spreadsheet

  15. Timesheet for Tracking Audit Hours Spreadsheet

  16. Travel Audit Program Spreadsheet

  17. Trucking Operations Review Spreadsheet


Spreadsheet auditing Tools

Spreadsheet Studio is a collection of advanced audit and review tools for Excel spreadsheets.

Spreadsheet Detective auditing program, that also includes links to other sites.

Spreadsheet Selector Object Library www.addix.com provides the ability to extract data and formulas from Excel spreadsheets without the need to open the spreadsheets using Excel. 


Other spreadsheet resources

Excel-Easy site focuses on writing clear and concise tutorials (Introduction, Basics, Functions, Data Analysis and VBA) on how to use Excel

Add Business Rules ARulesXL turns Microsoft Excel into a powerful tool for delivering business rule applications that combine decision support with computational analysis.

Miricle Solutions - Web site that provides solutions for addressing spreadsheet errors. Includes articles, tools and more for internal auditors.

Spreadsheet123.com is a business website that offers spreadsheet and template solutions to business owners. There are hotel management related spreadsheets useful for auditors.   

dslimited Excel add-in specialists provide links to spreadsheet products and services.

European Spreadsheet Risks Interest Group  A discussion group has been set up under yahoogroups.com: http://www.yahoogroups.com/group/eusprig 

Excel-L mail list is a high volume email discussion forum on using MS Excel. To subscribe, send an email to LISTSERV@PEACH.EASE.LSOFT.COM and put the following in the body of mail (no subject line needed): 
    SUBSCRIBE EXCEL-L Firstname Lastname

Excel for Accountants is a site dedicated to helping accountants make profitable use of Excel.

Getting the OOPS! Out of Spreadsheets How to use built-in audit tools to minimize mistakes. 

The New Guidelines for Writing Spreadsheets

Microsoft Excel Training & Tutoring, Add-ins, Templates & Software - large site housing countless amounts of free content for Microsoft Excel and business related software.

spreadsheetstyle.com is John Raffensperger's commercial auditing site which includes a free ReferenceBrowser add-in and a set of links with ratings of content and style that is a excellent portal to tutorials, advanced tips and tricks, free downloads and add-ins, education and research. 

Spreadsheet Modelling Best Practice 100-page document (PDF) on spreadsheet style (look in the Downloads section). 

Spreadsheet Modelling Institute of Chartered Accountants in Ireland Factsheet Series on IT 

Spreadsheets for Accountants - PowerPoint presentation 

Spreadsheet Research page Ray Panko’s (University of Hawaii) page is a primary resource about error rates in spreadsheets both from lab research and field studies. 

Spreadsheet Studio is a collection of advanced audit and review tools for Excel spreadsheets.

Systems Modelling Ltd. Spreadsheet Resources


Spreadsheet Tools 

The following spreadsheets were created in Microsoft Excel. The spreadsheets came from various web sites or contributions from other auditors and all are free to use. Although they are not copy protected that does not mean that they are not copyrighted.  Please be advised of the following:

  • The spreadsheets are designed to work with Windows.
  • Download the xls files by right clicking your mouse and then choose to save the target file to your hard drive.
  • Download ZIP files by left clicking your mouse. You need to have Winzip installed to unzip the file.

If you have questions about the following spreadsheets, please contact adamodar@stern.nyu.edu

  1. Capital Budgeting Analysis (xls) - Basic program for doing capital budgeting analysis with inclusion of opportunity costs, working capital requirements, etc.
  2. Rating Calculation (xls) - Estimates a rating and cost of debt based on the coverage of debt by an organization.
  3. LBO Valuation (xls) - Analyzes the value of equity in a leverage buyout (LBO).
  4. Synergy (xls) - Estimates the value of synergy in a merger and acquisition.
  5. Valuation Models (xls) - Rough calculation for choosing the correct valuation model.
  6. Risk Premium (xls) - Calculates the implied risk premium in a market. (uses macro's).
  7. FCFE Valuation 1 (xls) - Free Cash Flow to Equity (FCFE) Valuation Model for organizations with stable growth rates.
  8. FCFE Valuation 2 (xls) - Free Cash Flow to Equity (FCFE) Valuation Model for organizations with two periods of growth, high growth initially and then stable growth.
  9. FCFE Valuation 3 (xls) - Free Cash Flow to Equity (FCFE) Valuation Model for organizations with three stages of growth, high growth initially, decline in growth, and then stable growth.
  10. FCFF Valuation 1 (xls) - Free Cash Flow to Firm (FCFF) Valuation Model for organizations with stable growth rates.
  11. FCFF Valuation 2 (xls) - Free Cash Flow to Firm (FCFF) Valuation Model for organizations with two periods of growth, high growth initially and then stable growth.

If you have questions about the following spreadsheets, please contact back@olin.wustl.edu

  1. Time Value (xls) - Introduction to time value concepts, such as present value, internal rate of return, etc.
  2. Lease or Buy a Car (xls) - Basic spreadsheet for deciding to buy or lease a car.
  3. NPV & IRR (xls) - Explains Internal Rate of Return, compares projects, etc.
  4. Real Rates (xls) - Demonstrates inflation and real rates of return.
  5. Template (xls) - Template spreadsheet for project evaluation & capital budgeting.
  6. Free Cash Flow (xls) - Cash flow worksheets - subsidized and unsubsidized.
  7. Capital Structure (xls) - Spreadsheet for calculating optimal capital structures using different percents of debt.
  8. WACC (xls) - Calculation of Weighted Average Cost of Capital using beta's for equity.
  9. Statements (xls) - Generate a set of financial statements using two input sheets - operational data and financial data.

The following spreadsheets are from various other sites.

  1. Bond Valuation (zip) - Calculates the value or price of a 25 year bond with semi-annual interest payments.
  2. Buyout (zip) - Analyzes the effects of combining two companies.
  3. Cash Flow Valuation (zip) - Walks through a valuation of cash flows under three models- capital cash flows, equity cash flows, and free cash flows.
  4. Financial Projections (zip) - Spreadsheet model for generating projected financials along with valuation based on WACC.
  5. Leverage (zip) - Shows the effects on Net Income from using debt (leverage).
  6. Ratio Calculator (zip) - Calculates a standard set of ratios based on input of financial data.
  7. Stock Value (zip) - Calculates expected return on stock and value based on no growth, growth, and variable growth.
  8. CFROI (xls) - Simplified Cash Flow Return on Investment Model from HOLT Associates.
  9. Financial Charting (zip) - Add on tool for Excel 97, consists of 6 files.
  10. Risk Analysis (exe) - Analysis and simulation add on for excel, self extracting exe file.
  11. Black Scholes Option Pricing (zip) - Excel add on for the pricing of options.
  12. Cash Flow Matrix - Basic cash flow model.
  13. BFAT - Business Financial Analysis Template for start-up businesses from Small Business Technology Center.
  14. Forex (zip) - Foreign market exchange simulation for Excel
  15. Hamlin (zip) - Financial function add-on's for Excel
  16. Tanly (zip) - Suite of technical analysis models for Excel
  17. Financial History Pivot Table - Microsoft Financials
  18. Income Statement What If Analysis - Microsoft Financials
  19. Exl-Plan Super (zip) - Generates financial projections including ratio analysis. Uses excel templates with numerous menu options.
  20. SLG Ratio Master (exe) - Excel workbook for creating 25 key performance ratios.
  21. DCF - Menu driven Excel program for Discounted Cash Flow Analysis; from the book Analysis for Financial Management by Robert C. Higgins.
  22. History - Menu driven Excel program for Historical Financial Statements; from the book Analysis for Financial Management by Robert C. Higgins.
  23. Proforma - Menu driven Excel program for Pro-forma Financial Statements; from the book Analysis for Financial Management by Robert C. Higgins.
  24. Business Valuation Model (zip) - Set of tabbed worksheets for generating forecast / valuation outputs. Includes instruction sheet. Bizpep
  25. LBO Model - Excel model for leveraged buy-outs - John P. Burns
  26. Comparable Companies - Excel valuation model comparing companies - John P. Burns
  27. Combination Model - Excel valuation model for combining companies - John P. Burns
  28. Balanced Scorecard - Set of templates for building a balanced scorecard.
  29. Present Value Tables (rtf) - Set of present value tables written in rich text format, compatible with most word processors. Includes examples of how to use present value tables.

Additional Spreadsheet Articles/Resources

Is this Spreadsheet a Tax Evader? An article by Ray Butler on UK Customs audit of VAT return spreadsheets (look in the Downloads section).

Back to top

Download tick marks:  Download Dr. Lehman's personal.xls file and library of tick marks.

Make Your Mark in Spreadsheets: Document files with comments and tick marks Electronic comments and explanations can be attached easily to complex spreadsheets to help in the audit and review of financial statements. Journal of Accountancy Article - January 2001  

JaxWorks Small Business Spreadsheet Factory is an excellent resource with free spreadsheets for business analysis. I highly recommend auditors bookmark this site! 

Targeting Spreadsheet Data Excel’s AutoFilter feature can gather together widely dispersed data in a spreadsheet so you don’t have to manually search through the entire file. The tool can save you hours of work. Journal of Accountancy Article-June 2002  

From time to time, The CPA Journal presents software reviews, spreadsheet templates, supplemental material and other information helpful to computer users. Click on the filename to retrieve the file.   

Assessment of Analysts' Target Prices | (article) 
Spreadsheet: rimodel.xls [23K] 

Netting Property Transactions at Year-end: An Update to the Worksheet Approach for Capital Gain Rate Differentials | (article)  
Supplemental Case Study: cgrd_cs.htm  

Customized Tables for Tests of Controls | (article)
Filename: controls.xls [310K]  

A Spreadsheet Template for Installment Loam Amortization Tables | (article)
Filename: loanamor.xls [108K]  

New Jersey Electronic Funds Transfer Program: Sample Pro Forma Worksheet
Filename: eft_temp.doc | eft_temp.rtf

A Spreadsheet Program for Bond Discount and Premium Amortization
Filename: bondamor.htm  

AuditAid: A tool for computerized audit sampling
Filename: auditaid.htm  

New Competent Authority Procedures
Filename: ref.htm  

Accounting: Valuing Stock Options: A Revised Spreadsheet Template
Filename: SFAS123.WKS                    

In 1994 Pacific Bell Auditing Services published their Standards for Business Controls in a 2 volume set. The first volume covered general business processes while the second volume covered information technology processes.  Each volume provides standards for all the business processes, their associated risks and examples of control activities. I have attempted to contact Pacific Bell Internal Audit but apparently Pacific Bell is now SBC and there is no contact information available.  Both of these documents are available to AuditNet® subscribers or in exchange for the contribution of 5 original audit work programs not currently in the inventory.


Volume 1 General Business Processes

Volume 2 Information Technology Processes

A comprehensive service level agreement is an essential requirement for the provision or receipt of any important service. It quite simply defines the parameters for the delivery of that service, for the benefit of both parties.

The quality of the agreement is therefore a matter of substantial importance. It must be complete, comprehensive and accurate in its coverage. Importantly, both parties must UNDERSTAND the contents and their obligations described within.

An AuditNet user asked me the following question so I decided to pass it on to the AuditNet lists

Do you have examples of service plans and service agreements for Internal Audit departments?

As I was not familiar with service level agreements or SLAs for internal audit I asked him to explain. The following was his response:

As part of adopting a new "culture" in our organizations, we are preparing business and service plans. As Internal Audit provides a "service" to the enterprise, the service agreement is between us and our major customer/clients. It is somewhat of a "contract" of what we will do. The service plan is a general outline of the department as a whole. It may include a SWOT analysis, balanced scorecard, KPI's etc. The plan is like a brochure or "resume" of the department.

So my question for the group is does anyone use SLA's for your internal audit group and if so could you provide an example for the benefit of others. I would be willing to create a page on AuditNet devoted to SLA's both for internal audit and other departments if there is enough interest.

Apparently there was enough interest as the following are responses received followed by examples of service agreements from AuditNet list subscribers. Thanks to all who responded and even more thanks to those that shared their service agreements for the benefit of all.

This section of AuditNet provides resources and information about SLA's both from the perspective of the auditors review as well as establishing them for an audit department. If you have audit programs, sample SLA's or other information or resources you would like to share please contact us.


As noted below, SLA's are used between a department and its major customers/clients.  As internal audit our primary customer is the Audit Committee.  We provide an upfront plan to the audit committee which identifies areas of risk and our audit plan to cover those areas.  We then provide updates to this during the year.  Our KPI's are measured in a few ways, first is the number of deliverables by audit unit (i.e., the number of audit reports issued), the number of issues by business unit and by severity (type 1, type 2, etc), a summary of the audits with needs improvement or unsatisfactory ratings, and we have the responsible officer of the units we audit fill out a survey about the value we've added to them.  The last item is something we put together where we list out what we feel was the value added and we provide them with an estimate of what it would have cost them to have the service from outside (basically we take $100 x hours spent) and then they rank us 1-4 on how strongly they agree/disagree we provided that much value.

We call our process a Partnership Agreement between audit and the entities we audit. Likewise, functions that provide a service to audit, i.e. IT have a partnership agreement with us. The attachment is the template we use. For brevity sake, selected division managers meet with the Auditor and discuss their perception of our SWOT and what their basic expectations are from audit.  The group agrees upon 5 expectations that they will grade us on during the year. If expectations include greater audit coverage, then this group understands that additional staffing will cause their shared resources costs to go up. All parties sign off on the agreement. The grading is a small factor in my annual bonus. The thing gained through this process is the open dialogue on expectations from audit. I hope this is of some help.

In our organization each Audit Planning Memorandum spells out the Scope, Objectives, Deliverables, Approach etc. It also includes the budgeted ours, cost and is signed by Auditor and Auditee. That is seen as an SLA for each audit done.

Very good question, we do not currently have a SP or SA but I would be very interested in learning more and viewing an example.  I think it could be a very good vehicle to (among other things) reiterate that the responsibility for controls rests with management, and how we plan to assist them in achieving their goals via testing and internal consulting.  Very timely with SOX coming up.

As we are a public sector organization we use SLA's as a basis for provision of services with our clients as contracts would not be legally binding.

Isn't there already sufficient documentation in the standards and application guides of the institute of internal auditors? See website www.theiia.org for more info. If I understand this well, a Service Level Agreement is about the same as what has to be in the Audit Charter and the Audit Plan.


Service Level Agreement Resources for Internal Auditors

The SLA Toolkit

"Service efforts and accomplishments information - including both financial and non-financial performance measures - is an essential aspect of the measurement of governmental performance and is necessary for assessing accountability and making informed decisions."

GASB

The Sloan Foundation has awarded a grant to the Association of Government Accountants (AGA) to undertake a program for reviewing state and local governments' performance reports, provide the governments with recommendations for improving the reports, and identify the truly excellent reports for special recognition. Review guidelines, based on the Governmental Accounting Standards Board's (GASB) suggested criteria for performance reports, have been developed to help persons conduct the reviews.

This page is devoted to resources for auditors working for government entities that are considering production of a Service Efforts and Accomplishments reporting mechanism. 


Service Efforts and Accomplishments Reports - GASB research report.
Municipal Performance Measurement Program - initiative designed to provide taxpayers with useful information on service delivery and municipalities with a tool to improve those services over time. The site provides information about the program, a handbook/guide for municipalities and more.

Municipal Research & Services Center of Washington

Reporting Performance Information - The purpose of this special report is to provide guidelines to state and local governments to enhance the production of external SEA reports through use of sixteen suggested criteria. These criteria were developed by studying state and local governments currently using SEA measures and studying the work of other national and international organizations. Each criterion includes the purpose, a description, the rationale for such a criterion, and several examples from existing SEA reports.



SAMPLE SEA REPORTS

Clark County, WA

Kansas City, MO

Multnomah County, Oregon (Feasibility Study)

Palo Alto, CA

Portland, OR

Prince William County, VA

San Diego, CA

Shreveport, LA

Shoreline Annual Police Service Efforts and Accomplishments Report (Adobe Acrobat Document 2.4 MB), Contracted Service with King County

Snohomish County Sheriff Annual Report (Adobe Acrobat Document 3.22 MB)

Tukwila Police Department 2002 Annual Report (Adobe Acrobat Document160 KB) 

In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on a whole new meaning. The passage of the Sarbanes-Oxley Act and actions by the U. S. Securities and Exchange Commission imposed new requirements on auditors, corporate boards and management. This section of AuditNet ® provides tools and resources for internal auditors to acquaint themselves with the new rules and share guidance and best practices for partnering with audit committees. Internal auditors now have a unique opportunity to work together with audit committees to help in the corporate governance mandate.  If you have resources or links you would added to this page please contact us.

Sarbanes-Oxley Books
Sarbanes-Oxley Software Solutions


SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners from the IIA

Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting

Sarbanes-Oxley 404 Implementation Costs - Report from A.R.C. Morgan

SARBANES-OXLEY IN THE NEWS

ComputerWorld Sarbanes-Oxley Coverage

Bloomberg S-Ox Coverage


UPDATED LAWS & REGULATIONS

For current US audit committee rules and the SEC (US Securities and Exchange Commission)

SEC Grants One-Year Extension for SOX Compliance - Affects Non-Accelerated Filers 

Certification of Disclosure in Companies' Quarterly and Annual Reports

Sarbanes-Oxley Act of 2002

Sarbanes-Oxley FAQ from the SEC


INTERNAL CONTROL EVALUATIONS PRESENTATIONS & GUIDES

Note: Presentations without a hyperlink are available on a one for one exchange.


ARTICLES

Auditing into an ISO9001:2000 Quality Management System by Dexter Hansen

Planning an IT Audit for Sarbanes-Oxley Compliance by Michelle Johnston

Executing an IT Audit for Sarbanes-Oxley Compliance by Michelle Johnston

Internal controls and the Sarbanes-Oxley Act by Matthew Leitch

Integrating Sarbanes-Oxley Act Internal Controls

Making Sense of Sarbanes-Oxley Tools by Richard Lanza from Internal Auditor (February 2004)

The New Importance of Materiality Journal of Accountancy May 2005

Ten Threats to Compliance


AUDIT PROGRAMS & QUESTIONNAIRES

Integrating Sarbanes-Oxley Act Internal Controls Auditing into an ISO9001:2000 Quality Management System

IT Control Objectives for Sarbanes-Oxley from the IT Governance Institute

Management Discussion & Analysis Checklist (GAAP)

Sarbanes-Oxley 404 Network Security (Sep 04)

Sarbanes-Oxley Implementation Checklist

SekChek for SOX and PCAOB compliance testing of General IS Security Controls. A tool for automated host-computer security reviews of non-mainframe platforms, including Unix, Windows, Novell & AS/400.

User Access Controls Work Program (SOX) (May 04)


The following audit programs are available to subscribers by logging in and access is provided on the Subscriber Audit Programs page (not from this page). If you are a non-subscriber you may receive these programs by contributing material (one for one) that you have permission to share with other auditors or organizations. If you are unable to share consider subscribing to annual access to the AuditNet® audit programs. Annual audit program subscription provide subscribers with access to all audit programs (including those below) that require a contribution. After paying the subscription fee you will receive a confirmation email (to the address you use for your PayPal account) with instructions on how to access the audit programs.  If that email is not your business address you will need to contact us and indicate where you want your confirmation sent. Annual subscribers to the audit programs service will also receive a copy of The Auditor's Guide to Internet Resources, 2nd Edition ($50 value). If you are interested in a corporate subscription to the Audit Programs Database providing multiple users with access then click here!

Please note that the following programs are available to Subscribers or Enterprise site license authorized users (excludes Basic level)  from the templates section of the site.  YOU CANNOT DOWNLOAD THE AUDIT PROGRAMS FROM THIS PAGE!

  1. COSO Testing Template (Oct 05)
  2. SOX Entity Level Control Matrix (Dec 08) Sarbanes Oxley Audit Review-Portuguese (Mar 07)
  3. Sarbanes Oxley Governance Risk-Portuguese (Mar 07)
  4. Sarbanes Oxley Audit Review-Portuguese (Mar 07)
  5. Sarbanes Oxley Governance Risk-Portuguese (Mar 07)
  6. Sarbanes-Oxley 404 - IT Audit - Log Security Activity - Checklist
  7. Sarbanes-Oxley 404 - IT Audit - Malicious Software - Checklist
  8. Sarbanes-Oxley 404 - IT Audit - Segregation of Duties - Checklist
  9. Sarbanes-Oxley 404 - IT Audit - User Access - Checklist
  10. Sarbanes-Oxley 404 AP and Procurement
  11. Sarbanes-Oxley 404 Management Assessment of Internal Controls
  12. Sarbanes-Oxley 404 Network Security (Sep 04)
  13. Sarbanes-Oxley 404 Process Level Workbook (Aug 04)
  14. Sarbanes-Oxley 404 Sales & Accounts Receivable Transaction Walkthrough
  15. Sarbanes-Oxley 404 Sales and Accounts Receivable
  16. Sarbanes-Oxley Act Guide
  17. Sarbanes-Oxley Audit Committee Checklist
  18. Sarbanes-Oxley Calculating Payroll Control Matrix
  19. Sarbanes-Oxley CFO & Controllers Checklist
  20. Sarbanes-Oxley Claims Testing-Workers Comp Insurance
  21. Sarbanes-Oxley Cobit Selection
  22. Sarbanes-Oxley Consumer Commercial Control Matrix-Banking
  23. Sarbanes-Oxley Control Matrix Personnel & Payroll Cycle (Aug 04)
  24. Sarbanes-Oxley Control Matrix Purchases & Payments Cycle (Aug 04)
  25. Sarbanes-Oxley Control Matrix Revenue & Cash Collections Cycle (Aug 04)
  26. Sarbanes-Oxley Corporate Tax Control Matrix
  27. Sarbanes-Oxley Coverage Matrix (Aug 04)
  28. Sarbanes-Oxley Discussion Item Matrix (Aug 04)
  29. Sarbanes-Oxley End User and Entity Level Control Narrative (June 05)
  30. Sarbanes-Oxley End User Computing (June 05)
  31. Sarbanes-Oxley Financial Reporting
  32. Sarbanes-Oxley Financial Reporting Risks and Controls (Aug 04)
  33. Sarbanes-Oxley Fixed Assets Risks and Controls (Aug 04)
  34. Sarbanes-Oxley General Entity Wide Controls
  35. Sarbanes-Oxley Generic Stand Alone Application General Control Review (August 04)
  36. Sarbanes-Oxley Generic Testing Template (Oct 05)
  37. Sarbanes-Oxley Guidebook for the Templates (Dec 08) (The following templates are licensed for use by AuditNet® subscribers)
  38. Sarbanes-Oxley Hiring Personnel Control Matrix
  39. Sarbanes-Oxley HR and Payroll Risks and Controls (Aug 04)
  40. Sarbanes-Oxley HR Risk Assessment
  41. Sarbanes-Oxley Implications Backdating Stock Options and Executive Compensation (Dec 2010)
  42. Sarbanes-Oxley IT Management Audit Program & ICQ (82 pages)
  43. Sarbanes-Oxley Journal Entry Testing (January 2012)
  44. Sarbanes-Oxley Risk Matrix
  45. Sarbanes-Oxley Sampling & Isolated Incidents Checklist (May 2010)
  46. Sarbanes-Oxley SAP Inventory Cycle ICQ
  47. Sarbanes-Oxley Section 404 Application Baseline Audit Program (Jan 2005)
  48. Sarbanes-Oxley Segregation of Duties Matrix Personnel & Payroll Cycle (Aug 04)
  49. Sarbanes-Oxley Segregation of Duties Matrix Revenue & Cash Collections Cycle (Aug 04)
  50. Sarbanes-Oxley Spreadsheet Inventory Survey (June 05)
  51. Sarbanes-Oxley -Spreadsheets §404 control evaluation considerations (June 05)
  52. Sarbanes-Oxley Template Financial Reporting Control Matrix (Dec 08)
  53. Sarbanes-Oxley Template Fixed Asset Control Matrix (Dec 08)
  54. Sarbanes-Oxley Template Inventory Control Matrix (Dec 08)
  55. Sarbanes-Oxley Template IT Control Matrix (Dec 08)
  56. Sarbanes-Oxley Template Payroll and Human Resources Control Matrix (Dec 08)
  57. Sarbanes-Oxley Template Purchasing and Payables Control Matrix (Dec 08)
  58. Sarbanes-Oxley Template Revenue and Receivables Control Matrix (Dec 08
  59. Sarbanes-Oxley Template Treasury Control Matrix (Dec 08)
  60. Sarbanes-Oxley Timeline (Aug 04)
  61. S-Ox 404 Audit Committee Checklist (Aug 05)
  62. S-Ox 404 Expense Cycle Questionnaire (Oct 04)
  63. S-Ox 404 IT General Controls Matrix
  64. S-Ox 404 Revenue Cycle Questionnaire (Oct 04)
  65. S-Ox Based Risk Program - Hotel Industry (Mar 05)
  66. S-Ox Code of Ethics Example (Feb 05)
  67. SOX Compliance Auditing Checklist (Oct 2008)
  68. S-Ox Control Exception and Deficiency Evaluation Worksheet (Apr 05)
  69. S-Ox Debt Cycle Test of Controls (SOx)
  70. S-Ox Employee Benefits Controls (Feb 2011)
  71. SOX Entity Level Control Matrix
  72. S-Ox Expenditure Cycle Risks and Controls Matrix (Manufacturing concern/SAP environment/SOX) (April 04)
  73. S-Ox Exposure Calculations (Dec 2010)
  74. S-Ox Financial Reporting Test of Controls
  75. S-Ox Framework for Evaluating Exceptions (Feb 05)
  76. S-Ox ICQ Accounts Payable (Sep 04)
  77. S-Ox ICQ Accounts Receivable
  78. S-Ox ICQ Cash Disbursements - Treasury (Sep 04)
  79. S-Ox ICQ Credit & Collection
  80. S-Ox Internal Control Sales (Oct 04)
  81. S-Ox Inventory Management and Risk Controls (Jan 2005)
  82. S-Ox IT Audit Program (Apr 05)
  83. S-Ox IT Section 404 Anti-Fraud Tool (March 2011)
  84. S-Ox Mapping Financial Statements to Controls Template (Jan 2005)
  85. S-Ox Process Documentation Form (July 05)
  86. S-Ox Process Owners Representation Letter (Feb 06)
  87. S-Ox Revenue and Risk Controls (Jan 2005)
  88. S-Ox Revenue Process Audit Program (Jan 2005)
  89. S-Ox Spreading Testing (Mar 05)
  90. S-Ox Staff Internal Control Q&A
  91. S-Ox Supply Chain Audit Tool (Feb 2011)
  92. S-Ox Testing Template
  93. S-Ox Treasury and Risk Controls (Jan 2005)
  94. S-Ox Treasury Test Plan (Oct 04)
  95. S-Ox Wire Transfers (Oct 04)
  96. Standards for Business Controls Vol. 1 General Business Processes
  97. Standards for Business Controls Vol. 2 IT Processes
  98. Whistleblower Vendor Program Review (Sep 06)

DISCUSSION FORUMS

Sox First Management & Compliance - blog devoted to Sarbanes-Oxley

Sarbanes-Oxley Act Forum - an interactive community portal

Sarbanes-Oxley Discussion Forum - The purpose of this Listserv is to provide a vehicle in which individuals can provide information, ask questions, and hopefully provide some sharing of knowledge as it pertains to the issues and challenges of Sarbanes-Oxley compliance.

Send the following email message:
TO: join-SARBANES-OXLEY@share.isaca.org
SUBJECT:   (leave blank)
BODY OF MESSAGE: (leave blank) 

You will receive an acknowledgment email which requires an email confirmation before you become a list member. By joining the listserv you agree to abide by its terms and conditions. After your confirmation to join is received, a welcome message will be issued containing listserv guidelines, web site location of archived messages,  and additional important information.


WEB SITE RESOURCES

404 Institute KPMG established an open forum for the exchange of ideas and a venue for the development of research and leading practices related to; meeting the requirements of section 404 of the Sarbanes-Oxley Act of 2002, effectively leveraging current and future investments in internal controls, and enhancing the overall integrity of the financial reporting process.

Audit Committee Charters Web site of the Financial Executives Institute provides links to sample charters for audit committees.

CBIZ Internal Audit Services   Sarbanes-Oxley Services page offers articles, tools, surveys, internal control considerations and more.

Center for Corporate Governance from Deloitte (registration required)

Committee on Sponsoring Organizations (COSO) a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls and corporate governance.

Corporate governance links (From the Institute of Chartered Accountants in England and Wales (ICAEW)) ICAEW published the final guidance on the implementation of the internal control requirements of the Combined Code on Corporate Governance, and 'Implementing Turnbull: A Boardroom Briefing'.

Internal Controls Summaries Library from Ernst & Young

IT Governance UK site that provides links to IT governance, risk management,
compliance and information security information.

Public Company Accounting Oversight Board provides a central resource to access CPA registration filings and research standards and regulations mandated by Sarbanes-Oxley

Sarbanes-Oxley Information Center from CFO Direct

Sarbanes-Oxley, corporate governance, and audit committee resources -from KnowledgeLeader

SOX Expert: Solving SOX, Creating Value SOX Expert is a cost effective, comprehensive Sarbanes Oxley compliance and Internal Audit software solution that will enable companies to streamline their GRC program while ensuring the highest degree of risk mitigation. Based on the Microsoft Excel platform, SOX Expert is easy to understand, implement and use. Free software demo available on the website.

Sarbanes-Oxley Information from Reckenen Accountants and Consultants


AUDIT COMMITTEE TOOLS & RESOURCES

Audit Committees and Governance from the IIA

Audit Committee Charter from the UK IIA

Audit Committee Institute Web site from KPMG provides information for corporate audit committees including newsletters, publications, surveys and other resources.

Audit Committee Performance Self Assessment Survey  

Audit Committee Evaluation of Internal Audit is a questionnaire for audit committee members.

Corporate Governance Reform Initiatives and the Profession of Internal Auditing


AUDIT COMMITTEE CHARTERS AND CORPORATE POLICIES

Automatic Data Processing

ING

CPAArmy - CPA Study Material and practice questions to help students pass the CPA exam

e-Auditor -knowledge & training web site on effective Internal Audit relevant to India

Guide To Passing the CPA Exam  - Provides information about how to register, study for, and pass the CPA Exam. Learn about individual state requirements to become a Certified Public Accountant and get started by filling out your application.

Becker CPA Review site provides details about their CPA review course. There is an excellent description of careers in accounting and pay scales that would be useful for students exploring accounting related positions.


Bisk Publishing Company Site for the provider of educational materials for auditors and accountants. Site search engine available to locate information.


CCH Incorporated Site for the publisher of tax, accounting and auditing materials.

Corporate Compliance Seminars Continuing professional education (CPE) training for internal auditors, risk management personnel, cyber risk management and CPA’s on the best practices for auditing, risk management, internal controls, assurance services and other accounting and information technology related topics.


CPA Exam Home Page site sponsored by Accounting Institute Seminars provides information about changes in the CPA exam, the exam structure, applying to take the exam and answers to recent exams. This is a good resource for auditors planning for the CPA exam. They also include a schedule of upcoming AIS seminars for candidates.


CPENet a non-profit, on-line continuing education service designed by a group of certified financial professionals, all of whom have been active as practitioners and trainers for many years. CPENet originates from our concern that outsourcing, downsizing and slashed training budgets are making high quality CPE more and more difficult for CPA's, CIA's, CISA's, CMA's, CFE's and CGFM's to obtain. The purpose of CPENet is to reduce the cost to the individual professional of high quality, continuing professional education. CPENet is a National Association of State Boards of Accountancy (NASBA)continuing education sponsor (#95-000739-97).

CPE-Tracker Web site for Continuing Education tracking and resources for professionals provides various services for auditors and accountants. Services include searching for CPE, tracking, CPE requirements, CPE providers and more.


Gleim Publications, Inc. Publisher of accounting and auditing examination preparation material.


Government Audit Training Institute (GATI) -  a division of the USDA Graduate School, provides quality, cost-effective training for federal, state, and local government auditors.


Graduate School USDA provides information about courses offered by the organization including the Government Audit Training Institute (GATI).


MicroMash Accounting Reviews provides information about their review courses for the CIA, CPA, CMA, CISA, CFM and more. They offer tutors, indicators (practice exams) and downloadable demos of their programs.


MIS Training Institute MISTI  Web site contains information on seminar offerings and links to other Internet sites. The MISTI curriculum includes courses in modern internal audit, and information systems audit and security. They also offer a variety of products and services including topical conferences, video training, publications, and more. The e-mail address for MISTI is mis@misti.com

World Training Institute Web site for CPE training in taxation, telecommunications industries, internal controls, COSO and communication skills.

The transportation industry includes many different types of operations. This section of AuditNet® provides resources and tools for auditors in the transportation industry segment. If you have resources you would like to add to this section, please send them to the editor @ auditnet.org

There are a large number of auditors who conduct audits of field operations, branch offices, or remote sites.  The Internet is a valuable place to tap into resources for the auditor on the go. I have compiled a list of sites that AuditNet® users can refer to when making business or pleasure travel plans. If you have favorite sites that should be added to the following travel-related Internet resources please send them to info@auditnet.org

Maps and Directions

Here are several sites that may help you find directions to where you want to go. Mapquest also provides you with other information such as restaurants etc. This is one site that no auditor on the road should be without.  Remember to verify the directions provided as they sometimes may take you the long way! Google Maps

MapQuest  MapBlast DeLorme's CyberRouter

Weather

As my daughter used to say: "Daddy, what's the degrees today?" Auditors on the road need to know what the weather will be like on site or when returning home. The following sites will provide you with all your weather needs.   Too bad they can't be 100% right!

CNN Weather

USA Today Weather

National Weather Service

Weather Channel

Intellicast

Hotels and Lodging

If you lived here, you would be home now! Auditors on the road need a good place to stay.  Checking the hotels Web site before arriving gives you not only the location of the hotel but also the amenities including fitness center, whether they have a hair dryer, or ironing board and iron. Good things to know that help when you are packing your bags for the overnight trip.

Check out the comprehensive Airport Hotel Guide for information on airports, hotels, attractions and other useful information for over 70 airport cities.

Airlines

Getting there is half the fun! Here are links to the major domestic and regional airlines. Check out their Web sites for information on frequent flier and rewards programs.

Domestic - National

AirTran Alaska America West American
Continental
Delta National
Northwest Southwest TWA The Coast
United American Airlines  Vanguard

Domestic - Regional

American Eagle Atlantic Southeast Comair Eastwind
Midway Midwest Express ProAir
Reno Air SkyWest United Express


International

Restaurants

Despite information to the contrary auditors need to eat too! Go to the city where the audit site is located and check out their links to restaurants or check the following sites for reviews, recommendations etc.  AuditNet® is not responsible for bad meals or bad service, but if your experience was positive we take full responsibility :-)

Zagat Dining Surveys National Restaurant Guide City Search

Car Rentals

Remember: they can't all be number 1! If you are going to be at a location for an extended period of time you will need a set of wheels.  Check out the following sites for the best deals.   Always ask for group affiliated discounts such as the IIA, AICPA, ISACA, AARP etc.

Rental Car Reviews from ConsumerAffairs.com

City Specific Information

Atlanta Austin Boston Cleveland
Chicago Dallas/Ft. Worth Denver Detroit
Houston Las Vegas Los Angeles Miami
Minn/St Paul New York City Orlando Philadelphia
Phoenix Pittsburgh Salt Lake City San Diego
San Francisco Seattle St. Louis Washington DC
London, England

Newspapers

All the news that's fit to print! Auditors on the road may like to keep in touch with news back home or at the audit site.  The following links to newspapers on the Net is an easy way to stay informed.

American Journalism Review Links to Newspapers

CNN

USA Today  

NY Times

Washington Post

Foreign Travel Information

Check out the following sites for helpful information on foreign travel.

American Express Helpful information from AMX
Berlitz Language instruction and much more
Centers for Disease Control CDC Home Travel Information
E.D.I.T Official List of World's Bank Holidays
The Embassy Page Embassies, Consulates & Other Links
Exchange Rates Foreign currencies and currency Exchange Rates
Foreign Languages for Travelers  Language translation services
International Currency Exch Foreign Currency Exchange
U.S. State Dept Travel Warnings  Check here before traveling abroad

Other Useful Sites for the Traveling Auditor

1stNewYorkHotels.com New York hotel directory

Addresses.com is the world's largest email address directory. Addresses.com's email address
directory is larger than all US phonebooks combined. The directory includes
international email addresses as well as American.

Airport Hotel Shop Compare airport hotel prices at 24 UK airports including Gatwick, Heathrow and Manchester.

Amtrak For those auditors that don't want to fly leave the driving to them. Check out the National railroad for opportunities to reach that remote audit location.

Anywho.com Great site for checking out phone numbers, addresses and maps for individuals and businesses.  The reverse lookup is handy too for audit purposes.

AT&T "800" Toll-Free Directory Great for looking up toll free numbers.

E-Savers Looking for last minute travel bargains?  Subscribe to the U.S. Airways E-Saver weekly newsletter delivered directly to your email inbox.

Excite Travel    Also, Fare Alert E-Mails and save itinerary for future completion of transactions

Federal Express Need to send or receive a package while on the road?

Fodor's Information on travel destinations.

International Airport Guide - Guide to services at over 100 international airports.

Kinko's Company offers copying and other business services

Last Minute.com is a UK site with bargains on air travel, hotels, restaurants and entertainment. This site was recommended by an AuditNet user.

Metro Traffic Control Information on potential travel problems in major U.S. cities.

NetSAAver - American Airlines offers an email newsletter with bargain airfares and travel offers. Look for information about this service on their home page.

New York hotels by Discount Hotels Locator - discount hotels with just a few clicks of your mouse.

New York Hotels Search for accommodation in New York, from luxury hotels to budget accommodations. Discounts for New York, lodging and hotel rooms available for business or leisure travelers.

  Seat Guru - source for airplane seating, in-flight amenities and airline information.

State Department Travel Publications Travel advisorisies, tips and more from the U.S. Department of State.

Super Shuttle Not always the quickest way to get to the audit site but definitely the most cost effective.

Travel Hotels-USA - link to hotels in the U.S. and around the world.

Travelocity - reserve flights, rental cars, hotels, etc.

United States Postal Service The right place to look for zip codes and other postal related information.

World Stay Hotels - Booking hotels across the world couldn't be easier with Instant Confirmed Online Bookings, city guides, nearest major airports and an up to date weather forecast for all major cities. All available in English, French, Spanish, Dutch and Italian!

  • The Sarbanes-Oxley Act of 2002 provides protection to employees of public companies who come forward with information about actual or potential corporate fraud involving their employer. Section 806 of the Act provides significantly enhanced protection under federal laws to “whistleblowers,” such as Sherron Watkins of Enron and Cynthia Cooper of Worldcom.

    Section 301 of the Act requires public company Audit Committees to establish procedures for handling whistle-blowing complaints - the confidential, anonymous submission by company employees regarding questionable accounting or auditing matters.

    This section of AuditNet® is devoted to providing auditors resources and information for their organizations that they can share with the Board of Directors, Audit Committee and Senior Executive Management. If you have resources or tools that you would like to add to this page contact AuditNet®.

    National Whistleblower Center

    Qui Tam Online Network

    Building Effective Whistleblowing Programs IIA Northern Virginia Presentation February 5, 2004

    Whistleblower Provisions of the Sarbanes-Oxley Act-Some Practical Considerations

    Whistleblower Procedures

    Whistleblower Procedure Example

    Whistleblower Procedures TRX



    Sample Whistleblower Policies

    Union Planters Corporation

    Sample Whistleblower Policy 

    Examples of Fraud and Whistleblower Hotlines

    HHS Office of Inspector General

    Santa Cruz County

    Whistleblower Audit Programs

    We will be adding audit programs for evaluating Whistleblower and Hotline reporting. These will be available to Premium subscribers.

What is XBRL? XBRL stands for Extensible Business Reporting Language.  XBRL is an open standard that uses Extensible Markup Language (XML)-based data tags to describe financial statements for both public and private companies.

Once XBRL tags are applied to data within financial reports, the data can be quickly shared, published, consumed, and reported without the need to re-key data.

XBRL has the potential to benefit all members of the business reporting supply chain.

XBRL is a freely available electronic language for financial reporting. It is an XML-based framework that provides the financial community a standards-based method to prepare, publish in a variety of formats, reliably extract and automatically exchange financial statements of publicly held companies and the information they contain.

This page provides links to XBRL sites and resources in order for you to keep up to date with this important issue and its impact on the financial audit  community. 


XBRL Home Page

XBRL Educational Resource Center

Articles