The Sindicatura approach

Transcription

The Sindicatura approach
EURORAI SEMINAR Public Sector Audit and Information Technologies
Suzdal, 17th May 2013
Using IT Audit Tools :
The Sindicatura approach
Antonio Minguillón Roy
Auditor Director del Gabinete Técnico ‐ Auditor and Director of the Technical Department (Unidad de Auditoría de Sistemas de Información – Information Systems Auditing Unit)
Sindicatura de Cuentas de la Comunidad Valenciana
Audit Office of the Autonomous Community of Valencia
1
I RAIs Technology Forum
2006
V RAIs Technology Forum
2013
23-24 may 2013
•
•
•
•
IT Audit
CAATs
IT systems accountability (F/S and contracts)
IS Management
2
2005
Sindicatura de Cuentas ‐ I & II Strategic Plan
eWorking Papers
CAATs
TeamMate
ACL
R10.2.2
w/o AX
Audit Team
2013/2014
R10.3
+ Modules
IT Audit
IT Audit Team
(4 people)
Methodology
Methodology Unit
Audit manual
(based on ISAs)
R10/AN
¿AX?
+ IC audits
+Support
+ISAs
3
i
(m
n
ve
r
u
i) s
y
RAIs using eWP
Degree of use
4
5
i
(m
n
ve
r
u
i) s
y
Using CAATs
Degree of use
6
Test of
controls
Substantive
procedures
7
a) Massive data testing
• Reconciling the F/S with the underlying accounting records, and later, to do a number of data extraction and sampling for audit teams
• Recalculation of payroll and a number of test
• Benford test
• Data matching
b) Tests of controls
• SoD analysis
• User and access conflicts, superusers,…
8
• To make the use of ACL by audit teams as independent as possible.
• Continuous basic training for all auditors.
• Advanced training for audit champions and IT Audit Team.
• IT Audit Team supports audit teams in ACL matters (planning and executing test, scripts, obtaining data, etc), specially in complex environments.
• To standardize the use of ACL >> User guides
9
Sindicatura Audit Manual (based on NIA’s)
Guide on massive data testing using ACL
Good planning and documentation of test
9 Present benefits
9 Future benefits 10
Recurring audits
Non‐Recurring audits
Time savings
Expanding test types
11
Example of documentation of an ACL basic set of tests
12
• Develop guidelines of massive data testing, including scripts and standard documentation for the most common environments (SAP, MS Dynamics, Oracle, HRMIS, etc).
• Consider costs and benefits of using AX, to make a decision about its implementation.
• Collaboration among RAIs?
13
14
Each complex test has its own documentation
Stand
Source files
ardize
d
Scripts
Final File
15
Example
i
(m
n
y
e
v
r
)i su
17
Sindicatura Audit Manual (based on NIA’s)
ITGC Audit guides
Main processes audit guides
18
IT Audit: External collaboration
19
20