The Sindicatura approach
Transcription
The Sindicatura approach
EURORAI SEMINAR Public Sector Audit and Information Technologies Suzdal, 17th May 2013 Using IT Audit Tools : The Sindicatura approach Antonio Minguillón Roy Auditor Director del Gabinete Técnico ‐ Auditor and Director of the Technical Department (Unidad de Auditoría de Sistemas de Información – Information Systems Auditing Unit) Sindicatura de Cuentas de la Comunidad Valenciana Audit Office of the Autonomous Community of Valencia 1 I RAIs Technology Forum 2006 V RAIs Technology Forum 2013 23-24 may 2013 • • • • IT Audit CAATs IT systems accountability (F/S and contracts) IS Management 2 2005 Sindicatura de Cuentas ‐ I & II Strategic Plan eWorking Papers CAATs TeamMate ACL R10.2.2 w/o AX Audit Team 2013/2014 R10.3 + Modules IT Audit IT Audit Team (4 people) Methodology Methodology Unit Audit manual (based on ISAs) R10/AN ¿AX? + IC audits +Support +ISAs 3 i (m n ve r u i) s y RAIs using eWP Degree of use 4 5 i (m n ve r u i) s y Using CAATs Degree of use 6 Test of controls Substantive procedures 7 a) Massive data testing • Reconciling the F/S with the underlying accounting records, and later, to do a number of data extraction and sampling for audit teams • Recalculation of payroll and a number of test • Benford test • Data matching b) Tests of controls • SoD analysis • User and access conflicts, superusers,… 8 • To make the use of ACL by audit teams as independent as possible. • Continuous basic training for all auditors. • Advanced training for audit champions and IT Audit Team. • IT Audit Team supports audit teams in ACL matters (planning and executing test, scripts, obtaining data, etc), specially in complex environments. • To standardize the use of ACL >> User guides 9 Sindicatura Audit Manual (based on NIA’s) Guide on massive data testing using ACL Good planning and documentation of test 9 Present benefits 9 Future benefits 10 Recurring audits Non‐Recurring audits Time savings Expanding test types 11 Example of documentation of an ACL basic set of tests 12 • Develop guidelines of massive data testing, including scripts and standard documentation for the most common environments (SAP, MS Dynamics, Oracle, HRMIS, etc). • Consider costs and benefits of using AX, to make a decision about its implementation. • Collaboration among RAIs? 13 14 Each complex test has its own documentation Stand Source files ardize d Scripts Final File 15 Example i (m n y e v r )i su 17 Sindicatura Audit Manual (based on NIA’s) ITGC Audit guides Main processes audit guides 18 IT Audit: External collaboration 19 20