Chapter 6 — Internet Resources for Auditors
Transcription
Chapter 6 — Internet Resources for Auditors
The Auditor’s Guide to Internet Resources, 2nd Edition by Jim Kaplan, CIA The Institute of Internal Auditors Disclosure Copyright © 2000 by The Institute of Internal Auditors, 249 Maitland Avenue, Altamonte Springs, Florida 32701-4201. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means — electronic, mechanical, photocopying, recording, or otherwise — without prior written permission of the publisher. The IIA publishes this document for informational and educational purposes. This document is intended to provide information, but is not a substitute for legal or accounting advice. The IIA does not provide such advice and makes no warranty as to any legal or accounting results through its publication of this document. When legal or accounting issues arise, professional assistance should be sought and retained. Neither the publisher nor the author makes any claims as to the results that may be obtained through the use of AuditNet or the AuditNet Resource List or any of the sites referenced therein. Neither publisher nor author will be held liable for any results, or lack thereof, obtained by the use of any links, or any third-party charges, or for any hardware, software, or other problems that may occur as a result of using links. AuditNet is subject to change or discontinuation without notice at the discretion of the publisher and the author through its publication of this document. ISBN 0-89413-430-2 99218 02/00 First Printing _________________________________________________________________ Dedication Dedicated to Robbie Kaplan, my wife the author and life soulmate, who provided the inspiration and encouragement once again to update the book. Thanks also to my daughters, Samantha and Julie, who understood how important this project was and allowed me time on the computer and the Internet. Contents 3 _________________________________________________________________ Contents v Contents About the Author ........................................................................................................................ xi Preface ..................................................................................................................................... xiii Acknowledgments ................................................................................................................... xvii Introduction .............................................................................................................................. xix Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors .................... 1 So Where Did the Internet Come From? .............................................................................. 1 Definition of the Internet ...................................................................................................... 1 The Impact of the Internet on the Auditing Profession......................................................... 3 Internet Competency Skills for Auditors .............................................................................. 3 What Auditing-Related Things Can I Do On the Internet? ................................................ 17 Learning to Cyberspeak ...................................................................................................... 18 Interview: John K. Peterson, Founder, Internal Auditing World Wide Web ...................... 18 Continuing Internet Education ............................................................................................ 22 Chapter 2 — Making the Right Connection ......................................................................... 23 Internet Connection Options ............................................................................................... 23 Direct Connections ....................................................................................................... 23 Dial-Up Connections .................................................................................................... 24 Deciding on an Option ........................................................................................................ 27 Interview: Carolyn Newman, President, Audimation Services Inc. ................................... 27 Continuing Internet Education ............................................................................................ 31 Chapter 3 — Internet Services and Tools for Auditors ....................................................... 33 Internet Addressing ............................................................................................................. 33 Domain Naming System (DNS) .......................................................................................... 34 Electronic Mail ................................................................................................................... 35 Mailing Lists................................................................................................................. 35 Subscribing to Electronic Mailing Lists ....................................................................... 37 Unsubscribing to Electronic Mailing Lists................................................................... 38 Posting (Sending) Messages and Responses to the List ............................................... 38 List Netiquette .............................................................................................................. 39 Usenet Newsgroups ............................................................................................................ 40 File Transfer Protocol (FTP) ............................................................................................... 41 What is Auditors Sharing Audit Programs or ASAP? ................................................. 42 Sample FTP Session for the Auditors Sharing Audit Programs FTP Site ................... 43 FTP Tips ....................................................................................................................... 43 Archie .................................................................................................................................. 43 vi The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Telnet ................................................................................................................................... 44 A Sample Telnet Session to CapAccess (The National Capital Area Public Access Network) ......................................................................................... 44 Client-Server Model ............................................................................................................ 44 Gopher .......................................................................................................................... 45 Veronica ........................................................................................................................ 46 WAIS ............................................................................................................................ 46 World Wide Web .......................................................................................................... 47 Concluding Remarks ........................................................................................................... 49 Interview: Ben Heald, Editor, AccountingWeb UK ............................................................ 49 Continuing Internet Education ............................................................................................ 53 Chapter 4 — The Auditor’s Great Internet Search ............................................................. 55 Introduction to Searching .................................................................................................... 55 How Search Engines Work ................................................................................................. 57 How Web Pages are Developed .......................................................................................... 57 Search Tool Selection ......................................................................................................... 58 Using Site-Specific Search Engines ............................................................................. 59 Finding New Ways for Productive Searching .............................................................. 60 Strategies for Searching ...................................................................................................... 60 The Sherlock Strategy .................................................................................................. 60 The Subject-Oriented Indexes or Directory Strategy ................................................... 61 The Search Engine Strategy ......................................................................................... 61 Offline Search Utilities ....................................................................................................... 62 Research Techniques for Auditors ...................................................................................... 62 The Professional Auditor Search Strategy (PASS) ...................................................... 62 Phase 1 — Identifying the Objective (the Audit Issue) ......................................... 62 Phase 2 — Developing the Audit Search ............................................................... 63 Phase 3 — Choosing Where to Search .................................................................. 63 Search Techniques and Search Queries .............................................................................. 67 Phase 4 — Evaluating the Results of the Search ................................................... 68 Interview: Robert D. Randolph, Communications/Marketing Specialist, Arthur Andersen KnowledgeSpace .............................................................................. 70 Continuing Internet Education ............................................................................................ 74 Chapter 5 — Look Who’s Talking! Discussion Group Resources ...................................... 75 Tips for Using Mailing Lists ............................................................................................... 76 Auditing and Accounting-Related Mailing Lists ................................................................ 76 Audit Discussion Groups .................................................................................................... 77 Business-Related Discussion Groups ................................................................................. 79 Government Finance-Related Discussion Groups .............................................................. 79 FinanceNet Mailing Lists .................................................................................................... 79 _________________________________________________________________ Contents vii Jobs and Career Discussion Groups .................................................................................... 90 Privacy Discussion Groups ................................................................................................. 90 Security Discussion Groups ................................................................................................ 90 Tax and Accounting Discussion Groups ............................................................................. 96 Anet Mailing Lists .............................................................................................................. 98 Usenet News Discussion Groups for Auditors ................................................................. 103 Usenet Newsgroups for Auditors ...................................................................................... 105 FinanceNet Discussion Groups ......................................................................................... 109 Instructions for Posting to FinanceNet Newsgroups via E-Mail ................................ 109 How to Post Messages to These Newsgroups via E-Mail .......................................... 109 Tax Usenet Groups ............................................................................................................ 111 Interview: Harald Will, President, ACL Services Ltd. ..................................................... 112 Chapter 6 — Internet Resources for Auditors ................................................................... 117 Auditing Resources ........................................................................................................... 118 Audit Guides, Manuals, and Checklists ..................................................................... 118 Audit Programs ........................................................................................................... 128 Government Auditing ................................................................................................. 131 Internal Auditing ........................................................................................................ 147 College and University Auditing ................................................................................ 151 Information Systems Auditing ................................................................................... 156 Business Resources ........................................................................................................... 158 Control Self-Assessment Resources ................................................................................. 160 Disaster Recovery and Business Continuity Planning ...................................................... 163 Discussion Lists ................................................................................................................ 164 Employment-Related Resources ....................................................................................... 165 Finance Resources ............................................................................................................ 166 Government Resources ..................................................................................................... 168 Human Resources ............................................................................................................. 173 Information Security Resources ........................................................................................ 173 Investigations, Fraud, and Privacy Resources .................................................................. 178 Journals — Accounting, Auditing, and Finance Publications .......................................... 181 Performance Measurement Resources .............................................................................. 183 Professional Associations ................................................................................................. 185 Quality, BPR, and TQM Resources .................................................................................. 194 Risk Management and Assessment Resources ................................................................. 196 Software Resources (Accounting, Auditing, and Security) .............................................. 197 Accounting and Tax Resources ......................................................................................... 199 Training — Continuing Professional Education ............................................................... 202 Vendor and Consultant Resources .................................................................................... 204 Interview: Charles Lawver, President, CPENet ................................................................ 205 viii The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool ........... 211 Marketing the Audit Function ........................................................................................... 211 Professional Organizations on the Internet ....................................................................... 212 Where are the Auditors? ................................................................................................... 212 CPE Options for Auditors on the Internet......................................................................... 213 Using the Internet to Find Audit Jobs ............................................................................... 215 Practical Applications from Auditors on the Internet ....................................................... 216 The Internet: A Tool for Practical Auditors — Slemo Warigon ................................ 216 Using the Internet as an Audit Tool at Edith Cowan University — Tony Lazzara ................................................................................................... 218 The Internet as an Audit Tool — Raymond M. Cochran ........................................... 220 The Internet as an Audit Tool — Dyan G. Hudson, CISA ......................................... 221 Electronic Mail — The Cheap and Cheerful Way to Surf the ‘Net — Denis Kelly ..................................................................................................... 222 Use of the Internet as an Audit Tool — Bradley Carroll ........................................... 224 Internet Usage to Assist an Audit Consulting Project — David A. Crowell ............. 225 Utilizing the Internet to Assist in a Business Process Reengineering — Richard B. Lanza ............................................................................................ 226 An Auditor’s Use of the Internet — Lost in Cyberspace — George Valente ............ 228 Heard From the ‘Net! ........................................................................................................ 229 Interview: Michael Awad, President, IAD Solutions ........................................................ 238 Continuing Internet Education .......................................................................................... 243 Chapter 8 — Troubleshooting Internet Error Messages (or What Do Those Error Messages Mean?) ...................................................................... 245 Dealing With Common Internet Error Messages .............................................................. 245 Numerical Error Messages ................................................................................................ 245 400 – Bad Request ...................................................................................................... 245 401 – Unauthorized or Authorization Required ......................................................... 246 403 – Forbidden or Connection Refused by Host ...................................................... 246 404 – File Not Found .................................................................................................. 247 500 – Server Error ...................................................................................................... 247 501 – Not Implemented .............................................................................................. 248 502 – Service Temporarily Overloaded ...................................................................... 248 503 – Gateway Timeout or Service Unavailable ........................................................ 248 Non-Numerical Error Messages........................................................................................ 249 Connection Refused by Host ...................................................................................... 249 Failed DNS Lookup .................................................................................................... 249 File Contains No Data or Document Contains No Data ............................................ 250 No Helper Application Defined ................................................................................. 250 Host or Site Unavailable ............................................................................................. 252 Unable to Connect to <Web Address> ....................................................................... 252 _________________________________________________________________ Contents ix The Requested URL Was Not Found ......................................................................... 253 Can’t Parse HTTP ...................................................................................................... 253 Network Connection Was Refused by the Server ...................................................... 254 NNTP Server Error ..................................................................................................... 254 Permission Denied ...................................................................................................... 254 Unable to Connect to <FTP Site> .............................................................................. 255 Too Many Connections — Try Again Later ............................................................... 255 Too Many Users ......................................................................................................... 256 Unable to Locate Host or Server ................................................................................ 256 Viewer Not Found ...................................................................................................... 256 You Can’t Log On as an Anonymous User ................................................................ 257 Not Found ................................................................................................................... 257 Ten Tips For Troubleshooting Internet Error Messages ................................................... 258 Interview: Alan McCafferty, Founder and President, OPTIMUM Technology ............... 259 Appendices Appendix A — Auditor’s Internet Glossary ..................................................................... 263 Appendix B — The AuditNet Resource List (KARL) ..................................................... 271 Appendix C — Sample Audit Programs ........................................................................... 365 Appendix D — Digital Literacy Problem-Solving Approach for Auditors ...................... 381 __________________________________________________________ About the Author xi About the Author Jim Kaplan, CIA, is the internal auditor for the Fairfax County Public Schools, the 12th largest school district in the country. He earned a Master of Science in Accounting from the American University in Washington, DC, and a Bachelor of Arts in Economics from the State University of New York College at Geneseo. He is a member of The Institute of Internal Auditors (IIA), the National Association of Local Government Auditors (NALGA), and the International Computer Security Association. From 1989 to 1995 he served as a contributing editor for Internal Auditor, the professional journal of The IIA. His column, “Computers and Auditing” (formerly “PC Exchange”), covered how auditors used computers. His writing was featured in the Internet Bulletin for CPAs by Kent Information Services and Internal Auditing Alert by Research Institute of America. Mr. Kaplan developed an interest in electronic communications for audit professionals in the early 1990s through the use of bulletin boards and online commercial information services such as America Online and CompuServe. His conceptual model of an AuditNet and his articles on electronic resources for auditors raised professional auditor awareness of electronic communications for audit productivity. As founder of AuditNet, he developed a home page on the World Wide Web that links auditors around the world with audit-related resources. In September 1998, AuditNet became part of The IIA’s family of Web resources and moved to its own domain at http://www.AuditNet.org sponsored by The Institute of Internal Auditors. To promote the concept of AuditNet, Mr. Kaplan has spoken at IIA and AICPA conferences, IIA chapters, state CPA societies, fraud conferences, and intergovernmental audit forum meetings. As a writer, educator, lecturer, and dedicated local government auditor, he has promoted and encouraged the use of technology for audit productivity. A Note on Links to Internet Sites and Staying Current As many readers are probably aware, Web sites appear (and disappear) every day. My challenge as the author of The Auditor’s Guide to Internet Resources is to offer you a method of keeping current on new audit resources and developments. My mission is to provide you with a book that increases in value as technology leaps forward. Fortunately, the World Wide Web makes this possible. At the AuditNet Web site, sponsored by The Institute of Internal Auditors, you will find a regularly updated copy of Kaplan’s AuditNet Resource List (KARL) including active links to Internet audit resources. The AuditNet site provides resources and tools that will help you keep up to date with the online world for auditors. AuditNet is made available at no charge to you as a valued reader of The Auditor’s Guide to Internet Resources. xii The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ To Access the AuditNet Resource List: 1. Go to the AuditNet Web page at: www.auditnet.org 2. Click on the AuditNet links 3. Select the format desired (alphabetical, by subject, or other formats) Please send feedback, including information about new or nonworking Web sites and other resources, by e-mail to [email protected]. __________________________________________________________________ Preface xiii Preface I have overheard conversations where people talked about an event that changed their lives. That event took place for me in 1989 when I installed my first modem on my computer and started connecting to bulletin board systems. I downloaded files, participated in electronic discussion groups, searched databases of information, and began to see how connectivity could benefit the internal auditing profession. The next step in my divine enlightenment came when I signed up to test a new online service called America Online. I was no longer confined to dialing local bbs’s. I could communicate with individuals across the U.S., read newspapers and magazines online, tap into remote databases, and have access to literally thousands of files. At this point it was as if a light turned on in my brain and I saw this could become a truly valuable tool for internal auditors and accountants. While I have never thought of myself as a visionary, I look back on an article I wrote in 1993 for Internal Auditor, the professional journal of The Institute of Internal Auditors. I wrote about how auditors using computers are only a touch away from the answers to most questions and access to unlimited amounts of information resources. Audit planning could include researching databases for background information. I recommended establishing a worldwide online audit information network. That network, which I subsequently called AuditNet, would function to connect internal auditors globally to resources such as audit reports, audit programs, and more. Electronic (e-mail) discussion groups would exist where auditors could share global auditing and accounting issues and concerns. Auditors and accountants could earn continuing professional education from the office or home at a low per unit cost, as there would be no travel expense incurred. I provided my e-mail address at the end of the article. To my knowledge, this was the first time any professional auditor included an e-mail address for feedback on an article in a professional journal. As I began receiving letters and e-mail from internal auditors around the world in response to that article, I began to feel that my concept of an electronic communication network for auditors and other financial professionals could actually work. As I look back, that article was written prior to my connecting to the explosion of interest in the global information network known as the Internet. The Internet transformed my concept of AuditNet into a reality. What began as a concept of how internal auditors could use the Internet and online communications has turned into an audit revolution. I have included a Chronology of Key Events in the History of the Internet for Internal Auditing at the end of this preface to give readers a perspective of the time frame in this relatively new resource for auditors. As the internal auditing profession moves into the next millennium, the impact of technology is redefining the role of auditing professionals and the work they perform. During the exploration phase by internal auditing departments, the Internet was viewed as a “passing fancy” — a novelty and a productivity inhibitor. The Internet has now matured into a mega-information resource that internal auditors are increasingly relying on to cope with the rapid pace of technological change. xiv The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ The Internet is recognized by businesses, government, and educational institutions as a force that is shaping the future of how we communicate. Continuous learning and digital literacy are important criteria for internal auditing professionals looking to survive in a new technology-driven environment. If you do not embrace and use the changes that are taking place, you will soon find the changes embracing and overtaking you. When I began developing AuditNet, I firmly believed that if I built it, auditing professionals would come. The initial concept of a clearinghouse of resources whet internal auditors’ appetites, and they are coming back for more. The Internet will continue to provide internal auditors with answers to many questions. Building on The IIA’s theme of “Progress Through Sharing,” the Internet has expanded the concept to one of “Electronic Progress Through Sharing.” New to the Second Edition · · · · · · Interviews with selected providers of Internet goods and services via the Internet. More than 100% increase in the Web resources for internal auditors. New discussion group resources for PeopleSoft, Year 2000, RACF, and COBIT. Audit programs, audit guides, internal control questionnaires, and audit manuals organized under separate subject listings. New section covering digital literacy for internal auditors, including a Competency Checklist and Content Evaluation Worksheet. Sample audit programs, e-mail policies, and customer satisfaction surveys. __________________________________________________________________ Preface xv Chronology of Key Events in the History of the Internet for Internal Auditing August 1993 July 1994 August 1994 August 1994 September 1994 February 1995 June 1995 July 1995 November 1995 February 1996 April 1997 August 1998 September 1998 “In My Opinion” column of Internal Auditor prints article by Jim Kaplan recommending establishment of an online information network for auditors. Birth of the Internal Auditing World Wide Web site conceived by John Peterson at Dartmouth Hitchcock Medical Center. Developed as a prototype demonstration project, the site functions as a warehouse of information and knowledge pertaining to the internal auditing profession and functions across associations, industries, and countries. (7/1) IIA publishes an article with e-mail addresses provided by internal auditors from around the world. Jim Kaplan distributes the first e-mail issue of the AuditNet Resource List to internal auditors who shared their e-mail addresses. Alt.business.internal-audit — Internal audit Usenet newsgroup formed for discussion of internal auditing-related subjects. AuditNet Resource List begins distribution through accounting and auditing listservs (discussion groups). The AuditNet Resource List Hypertext version created by John Mayer, a student at the University of North Florida, is posted to the University of North Florida Web site. The Web version of the ARL becomes a major tool for internal auditors connecting to the Internet. (6/15) Auditors Sharing Audit Programs (ASAP) FTP site created at the University of North Florida by John Mayer founded on an idea that Jim Kaplan conceived when observing repeated requests for audit programs on audit discussion groups. Audit programs contributed by internal auditors from around the world were posted in the spirit of “Electronic Progress Through Sharing.” IIA provides Web information through the Rutgers Accounting Web. AuditNet Web site established on America Online. The AuditNet Resource List and ASAP move to the newly created site established for the benefit of the online audit community. IIA moves its Web site to its own domain at www.theiia.org. IIA launches ITAudit.org site to focus on Information Technology Auditing. AuditNet moves to its own domain at www.auditnet.org sponsored by The IIA. _________________________________________________________ Acknowledgments xvii Acknowledgments The Internet is a technological breeding ground for new ideas and information sharing. A book like this would not have been possible without the cooperation and assistance of the global Internet auditing community. The constant advice, counsel, and encouragement I received from the domestic and international auditing community made AuditNet, and this book, a true realization of the “Electronic Progress Through Sharing” concept. Thanks also to the dedicated staff of The Institute of Internal Auditors for supporting the idea that if we built it, they would come! _____________________________________________________________ Introduction xix Introduction While there have been many books written about the Internet, none have provided specific information for audit usage. The Auditor’s Guide to Internet Resources, 2nd Edition, provides basic information about the Internet written from an internal auditor’s perspective. It gives an overview of the basic Internet competency skills auditors need to become digitally literate, options for accessing the Internet, useful tools and services for audit professionals on the Internet, and a comprehensive list of available resources. It provides specific real-life examples of how auditors use the Internet for audit-related work. What this book will not do is go into detailed technical discussion of the mechanics of how the Internet works. It will also not address Internet-related issues such as privacy and security considerations of connecting to the global network. While these subjects are truly important, there are many books currently available that provide comprehensive coverage. The breadth of resources available for internal auditors is constantly growing. Due to the dynamic nature of information on the Internet, there will be resources included in this book that have changed or are no longer available after this book goes to press. There will also be new resources that will replace those that have become obsolete. The most up-to-date listing of audit and accounting resources is available on the Internet at the AuditNet Home Page (http://www/auditnet.org). Kaplan’s AuditNet Resource List (KARL), the source of the resources in this book, is the only list available via e-mail as well as through a Web home page. The most recent version of KARL available at the time of writing this update is included as Appendix B. Remember, the most current version of KARL is available at the AuditNet Web Site or by sending an e-mail to [email protected]. How to Use This Book The book should be used as a desktop reference guide. It is written as much as possible in plain English so that you can easily understand what is needed to connect to the Internet, the options for connecting, and where to go for helpful information. Each chapter stands alone and is organized so that more experienced professionals can go directly to a chapter to locate a site or find information needed immediately. The book is divided into eight chapters as follows: Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors. This chapter explains where the Internet came from as well as its importance to and impact on the internal auditing profession. Auditors who have experience using the Internet and online services should read this chapter. Everyone, regardless of their Internet skill level, should read the Internet Competency Skills section. While most auditors are audit literate, many are not digitally literate. This section introduces the concept of digital literacy and explains why it is important to audit professionals who rely on cyberspace as a research and audit tool. xx The Auditor’s Guide to Internet Resources, 2nd Edition _________________________ Chapter 2 — Making the Right Connection. Auditors with experience using the Internet will find this chapter useful. It discusses the options for connecting to the Internet via Internet service providers, online service providers, or direct connections. Chapter 3 — Internet Services and Tools for Auditors. This chapter provides the tools and services that are available to auditors via the Internet, including e-mail, file transfers, and the World Wide Web. Auditors with limited experience in Internet services and applications should consider reading this chapter, which helps explain unfamiliar areas. Chapter 4 — The Auditor’s Great Internet Search. This chapter covers search tools and techniques for auditors to find information in the most efficient and effective manner. The Professional Auditor Search Strategy (PASS), search engine tips, and Web design coverage will help auditors locate relevant and useful Web sites. The chapter has been expanded in this edition to include more information that will help in using search tools more effectively. Chapter 5 — Look Who’s Talking! — Discussion Group Resources. This chapter shows auditors how to take advantage of the communication capabilities of the Internet to help solve internal auditing problems, discuss professional issues, and find resources via e-mail discussion groups and Usenet newsgroups. Chapter 6 — Internet Resources for Auditors. Organized into topical subject areas, this chapter represents a major expansion from the first edition of the book, as the number of resources grew from approximately 300 to over 850. This growth in the number of audit-related sites is a clear indication of business and the audit community’s integration of the Internet into their business practices. Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool. This chapter provides examples of how auditors around the world have used the Internet in order to foster creative thinking and discussion on new ways of using this powerful technology. Chapter 8 — Troubleshooting Internet Error Messages (or What Do Those Error Messages Mean?). This chapter is new to the 2nd Edition and covers those annoying error messages that auditors see on the Internet. It helps explain the messages, what they mean, and actions to take when they appear. Appendix A — Auditor’s Internet Glossary. A handy reference tool for auditors who need to learn the language of the Internet. It covers the major terms, words, and phrases needed to navigate the Auditbahn. Appendix B — The AuditNet Resource List (KARL). This is the latest version of the document that was first distributed via e-mail on the Internet in August 1994. The ARL was the foundation for the AuditNet concept and now includes over 850 Internet resources for auditors. _____________________________________________________________ Introduction xxi Appendix C — Sample Audit Programs. This provides examples of audit programs submitted by AuditNet users as part of the Auditors Sharing Audit Programs (ASAP) section of AuditNet. Appendix D — Digital Literacy Problem-Solving Approach for Auditors. The ability to access and use information is necessary for success in school, work, and personal life. This appendix includes the steps that represent the basic approach for auditors solving digital information problems. Interviews New to the 2nd Edition are interviews with individuals who are considered to be Internet leaders and trendsetters in reaching their audit customers or providing audit-related goods or services via the Internet. They were selected because the product or service they provide to the global audit community has had a significant impact on the profession and how professionals do their jobs. Each person was asked specific questions about their organization, product, or service. They were then asked general questions relating to the Internet and its impact on the internal auditing profession. These interviews show how important the Internet has become, not only from the perspective of the end user, but also the audit-related service provider. The Questions 1. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? 2. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? 3. How has your organization integrated the use of the Internet into internal auditing? 4. What Internet resources do you use, and how have they helped you and your organization? 5. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? 6. What effect have the Internet and the World Wide Web had on the internal auditing profession? 7. What Internet skills do you see as the most critical for new auditors? xxii The Auditor’s Guide to Internet Resources, 2nd Edition _________________________ The Participants John K. Peterson, Founder, Internal Auditing World Wide Web. The Internal Auditing World Wide Web (IAWWW) was conceived at Dartmouth by John K. Peterson as a production prototype demonstration project to act as a warehouse of information and knowledge pertaining to the internal auditing profession and functions across all associations, industries, and countries. Carolyn Newman, President, Audimation Services Inc. (ASI). Audimation Services Inc. (ASI) was formed in 1992 to distribute IDEA (Interactive Data Extraction & Analysis) software to internal auditing departments in industry and government. IDEA is a PC-based file interrogation package that allows accountants, auditors, and financial managers to view, sample, and analyze data from any other system. The product is developed under an exclusive license by the Canadian Institute of Chartered Accountants (CICA). The CICA granted exclusive U.S. distribution rights for IDEA to ASI in October 1997. Ben Heald, Editor, AccountingWeb UK. AccountingWeb, launched in June 1997, is a virtual community of accountants. It was voted European Information Product of the Year at the Online Information ’97 show at Olympia (December 1997). With over 30,000 members, AccountingWEB is now established as the largest Internet hub for the UK accounting sector and growing by over 1,000 members per month. Robert D. Randolph, Communications/Marketing Specialist, Arthur Andersen KnowledgeSpace Internal Audit Community. Arthur Andersen KnowledgeSpace® is a subscription-based, customized Web tool for internal auditors. The purpose is to focus, in a single Web site, on the news, resources, and connections that internal auditors need to stay on top of their profession. Harald Will, President, ACL Services Ltd. ACL, a global company dedicated to providing an integrated solution for the internal auditing professional, is based in Vancouver, Canada, with offices in Brussels and Singapore and representatives in over 30 countries worldwide. Since 1987 ACL has provided market-leading technology and services for data inquiry, analysis, and reporting. Charles Lawver, President, CPENet. CPENet, an all-volunteer nonprofit organization started in 1994, was the first distance education provider to offer National Association of State Boards of Accountancy (NASBA) certified continuing education credit on the World Wide Web. Michael Awad, President, IAD Solutions. Michael Awad, a practicing internal auditor, created a department management software application for internal auditors. Audit Leverage is Microsoft Access-based and provides features such as automated workpapers, budget-to-actual hours comparisons, annual audit planning, automated follow-up log, location risk assessment, and auditor performance evaluations. _____________________________________________________________ Introduction xxiii Alan McCafferty, Founder and President, OPTIMUM Technology. Since 1993 OPTIMUM Technology (O.T. Inc.) has grown from a local management consulting and custom software developer to an internationally recognized supplier of advanced business information systems. By 1997 OPTIMUM Technology was a full-service supplier to the private sector and to state and federal governments around the world. OPTIMUM Technology’s services include IT solutions, software development, business management, process engineering, and ISO consulting with a full range of off-the-shelf and custom business information tools marketed under the QS3 banner. One of the company’s products is QSAK, a management tool designed to organize, direct, document, and report on internal and external audits. As the internal auditing profession enters a new millennium, the Internet is having a profound impact on how we communicate and accomplish our mission. It is not only affecting individual auditors and internal auditing departments, but also providers of audit-related goods and services. The Internet is changing the way we are selecting, delivering, and using those products and services. As new technology has been introduced to the business community, auditors have cautiously approached integrating these new tools into their daily work. There are some aspects of the Internet that are not covered in this book because they do not directly pertain to professional auditors. A Continuing Internet Education (CIE) section that provides additional reference resources has been included at the end of some chapters for readers who would like to explore Internet basics in greater detail. The focus of this book is to provide information that internal auditing professionals need, from an internal auditing professional’s perspective, so that they can learn how to use the Internet as an auditing tool. I trust that readers will find the information useful in their pursuit of professional excellence. Remember that information is power, and the Internet is a mega-information resource. Therefore, if you know how to access, locate, and retrieve relevant internal auditing and business information, you and the organization for which you work will reap benefits. Whatever you may have heard about the Internet and its resources, after reading this book you will agree that the Internet is a good thing for auditors and the internal auditing profession. Read on to find the information you need to join the AuditNet Revolution. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 1 Chapter 1 An Overview of the Internet and Digital Literacy for Auditors “The Internet is the Mother of all Information Sources.” — Timothy K. Maloy What exactly is this phenomenon called the Internet? How did it start, how does it work, and what are the implications for you as an auditor? These and other questions are asked again and again by auditors trying to understand this thing called the information superhighway or cyberspace. The Internet is a topic of conversation in the home, at the office, in the news, and at professional meetings. Everywhere you look it leaps out at you, and you are probably wondering what all this hype is about. Are you connected, who is your provider, and what is the URL for that site you found? More importantly, what does all this mean to you as an auditor and the auditing profession? So Where Did the Internet Come From? The roots of the Internet can be traced to the Defense Advanced Research Project Agency (DARPA) government funded project in the early 1970s. The goal of the DARPA was to develop a communication protocol that would allow linked computers to talk to one another while remaining transparent to the end user. This network, called ARPANet, would be designed in such a way that if a segment of the system was down, the remaining parts of the system would continue operating. The government found that these networks provided an efficient and effective means of enhancing communication for conducting educational and military research and development. The ARPANet of the 1970s became the backbone of the network established in the early 1980s by the National Science Foundation (NSFNet). The NSFNet consisted of five supercomputing centers established at major universities across the United States. The system of networks developed in conjunction with this project came to be known as the Internet. Definition of the Internet The Internet is one of those elusive terms or concepts that almost defies definition. Trying to define it is almost like trying to hold Jell-O in your hands; you just cannot get a grasp on it. There is a difference between the Internet with a capital “I” and internet with a lowercase “i.” The Internet is the public network that runs applications like e-mail, file transfer, and the World Wide Web. An internet is a private network that is closed to the general public. Many organizations are creating intranets, which are internal, private networks using the Internet technology. Getting back 2 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ to the question at hand, the Internet at its most basic level is a global network of computers. Sitting at a standalone computer without a modem or connection to a LAN (Local Area Network) would limit you to performing tasks based on the application software installed on that computer, such as using a word processor or spreadsheet program to write an audit program or create a spreadsheet. Connecting that computer to other computers in the office — thereby creating a LAN or local area network — allows you to send and receive messages, and share applications and files with other network users. Connect that LAN to other LANs within the organization and departments and divisions acquire application and file sharing capability. Connect the LAN to a Wide Area Network or WAN and to a gateway or hub connected to a global network of computers and you have the Internet. Well, at least almost! We are making an assumption that each network operating system speaks a common language. Fortunately, or unfortunately, operating systems come in many flavors such as UNIX, DOS, Macintosh, SUN, etc. For systems to communicate with each other, they require a common protocol or translation mechanism. Transmission Control Protocol/Internet Protocol (TCP/IP), the Internet standard developed in the early phases of these government-funded projects, allows different operating systems on the global communication network or Internet to talk with one another. While TCP/IP was developed early on as part of the government-funded research projects, it remains the current Internet standard. The Internet is therefore a global conglomeration of computers linked together by a common standard language (protocol) creating a seamless communication network that is relatively transparent to the end user. If we were satisfied with that definition of the Internet, we would be missing perspectives that many individuals (including the author) consider to be equally important. The Internet is people communicating with each other and sharing information and ideas. Without the human element, the Internet is merely connected circuitry without a purpose. People make the Internet tick. It is a tool for enhancing communication and information/idea sharing. The Internet is changing the way we communicate, learn, read, and interact with each other. It is also changing the nature of business, and all types of organizations see the Internet as new opportunities for marketing, research, and electronic commerce. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 3 The Impact of the Internet on the Auditing Profession Two roads diverged in a wood, and I I took the one less traveled by, And that has made all the difference. — From “The Road Not Taken” by Robert Frost Just as the fax machine changed the nature of business communication, the Internet is having a profound impact on the way we share and exchange information. Many auditors find themselves at a crossroads and must decide which path they will take to accepting or rejecting the digital revolution. Internal auditors are becoming information specialists and increasingly viewed in management consulting roles. The Internet provides a virtually limitless number of resources for many auditing and management-related topics. Audit-related information on the Internet crosses organizational lines, and auditors must be able to manage the information and share it with others. Audit information on the Internet is constantly being added or updated, and these new resources are available to all auditors at virtually the same time. Those who know how to keep up-to-date with Internet information can immediately access and use this new information source. As an auditing professional, you are in the information business, and the Internet contains information on every conceivable subject. There is no question that if you are not currently connected to the Internet, you should be. If you are connected, you should be using it as a resource to gather information, conduct research, solve professional problems, and network with your peers. The information highway for auditing professionals, or the Auditbahn as I refer to it, may have potholes and dirt roads, but as construction continues, the Internet is a valuable tool now and for the future. Internet Competency Skills for Auditors The Internet is a new environment for many auditors. When using the Internet as a research and resource tool, auditors must acquire some new skills in order to be successful in a digital environment. While many auditors are now surfing the Internet, no one has really detailed the necessary skills required to circumnavigate this environment. I never really consciously thought about what competencies were needed to survive in this brave new world. That all changed when I read Paul Gilster’s Digital Literacy. It provides a road map for “the thinking and survival skills new users need to make the Internet personally and professionally meaningful.” Digital literacy is “the ability to understand and use information in multiple formats from a wide range of sources when it is presented via computers.”1 1 Gilster, Paul, Digital Literacy (New York: Wiley and Computer Publishing), 1997, p. 1. 4 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ What does digital literacy mean for auditors? The digital revolution has profound implications for the auditing profession. Auditors increasingly review and process digital information. Business and government organizations are finding digital information processing and storage to be efficient solutions to the current volume of business transactions. Computer processing and storage are replacing traditional media, which means that auditors must be comfortable working with digital information and understand digital storage, retrieval, and controls. There are core competencies that auditors should develop to take full advantage of the Internet. They need to first develop critical thinking skills on evaluating Internet content. Secondly, they need to understand how to assemble information in a digital environment. Internet information is not organized in the traditional way, and as an auditor you need to build knowledge based on new criteria. Finally, auditors must learn how to locate information on the Internet. The digital library is unlike the traditional library and therefore requires new search skills to tap Internet information. There is an Internet Literacy Checklist for Auditors provided as Exhibit 1. This checklist provides auditors with a basic Internet competency guideline to determine where training and development may be needed. Exhibit 1 Internet Literacy Checklist for Auditors The following checklist, adapted from a handout developed by Laura C. Larsson, University of Washington, is meant to provide a tool to evaluate digital literacy. Read through the list below and check off those competencies with which you are familiar. If you are not familiar with certain competencies, you will need to reinforce them by using this book or other resources on the Internet. The AuditNet Web site has a link to Ms. Larsson’s Web site that includes links to review material that will help you become digitally literate. Yes No Communication Competencies I can send, delete, reply to, and print e-mail messages (collaboration/ communication). I know how to attach files to an e-mail message to send to a colleague. I can subscribe and unsubscribe to online discussion groups for auditors. I know the difference between reply to sender and reply to all. I know the rules of Netiquette for online discussion groups. I understand the difference between e-mail discussion groups and Usenet newsgroups. I know how to configure my browser to read, send, and store e-mail. I know how to configure my e-mail program to read, send, and store e-mail. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 5 Exhibit 1 (Cont.) Yes No Web Process Competencies I know what a Web browser is and how to use it to move between Web sites or pages. I know how to save and organize useful Web sites in my browser. I know how to change my browser preferences. For example, I know how to change the default start page and change the font type and size. I know how to clear the memory cache and file history on my browser to free up space on my hard drive. I know how to read various file formats on the Web (e.g., GIF, JPG, PDF). I know how to troubleshoot common error messages. I understand what HTML is and how it is used to format text for display by Web browsers. Information Literacy (Critical Thinking Competencies) I can tell whether information on a Web site is reliable and valid. I understand that on the Web, not all information is equal in quality. I know how to find and use meta-information available on Web sites. I understand that information obtained from the Web is subject to manipulation. I know how to verify Web site information. Information Search Competencies I can search for, validate, and cite Web-based information (get information). I can find someone’s e-mail address using Internet white pages. I can locate an author’s contact information in at least three ways. I know how to recover postings from the newsgroups or discussion groups. I understand the difference between a search engine and a directory (guide) and when I should use one or the other to look for information on the Web. I understand who the major producers of information are in my field. Data Retrieval and Manipulation Competencies Once I have located data on the Web, I can identify the format and know how to move it into my desktop for further analysis. I can download files using my Web browser. I can reliably transfer text and binary files between client and server computers (move data between my desktop and mainframe computers) using FTP. 6 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Exhibit 1 (Cont.) Yes No Data Retrieval and Manipulation Competencies (Cont.) I can download files from public FTP sites. I know how to set up a personal news feed so that I only get the information I need (push technology). Information Organization I can organize, design, and create a Web site for my personal use or for my organization. Bibliographic Citation Not only do I know how to cite books, journal articles, and technical reports published in paper format, but I also know how to cite documents published on the Web. I understand that when I use someone else’s ideas that I must properly cite their work. Copyright Knowledge Competency I understand that all information except government and information “in the public domain” is copyrighted and may not be used except with permission of the copyright holder. Content Analysis Ability (Ability to make informed judgments about what you find online) Critical thinking about content is the Internet competency upon which all others are founded. You cannot work comfortably within this medium until you have established methods for judging the reliability of Web pages, newsgroup postings, and mailing lists. Evaluating content on the Internet means recognizing and verifying that you are in fact connecting to a site that will provide information useful for audit purposes. Content evaluation means taking steps to verify the information on Internet sites to ensure that it is accurate, complete, and useful. Exhibit 2 is an Audit Content Evaluation (ACE) Worksheet. The ACE Worksheet was adapted from a Content Evaluation Worksheet prepared by the Department of Education, Victoria, Australia. The ACE Worksheet includes questions that auditors should be able to answer when evaluating audit-related Web sites. Use the worksheet to conduct a preliminary assessment of a Web site. After using the worksheet several times, you should begin to intuitively apply critical thinking skills when evaluating Web site content. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 7 Exhibit 2 ACE (Audit Content Evaluation) Worksheet Adapted with permission of SOFWeb, Department of Education, Victoria, Australia The purpose of this worksheet is not to get you to reject audit resources on the basis of the answers you give, but rather to get you thinking about the resources critically. A site that is not updated regularly may still have lots of useful and reliable information, but if your audit research depends on current information, it may not be an appropriate site for you to use. Again, a site that is difficult to navigate may have good content, but it may take too long to find things, given your time constraints. All of these issues will influence your decisions about the material you use. Making critical judgments about the resource material you have found does not have to involve either wholly accepting or rejecting material. It does involve your being aware of any possible problems or limitations of the material you are using and taking that into account. What browser are you using? _________________________________________________ Does the site suggest that it is better viewed with one kind of browser in particular? ______ What is the location (URL) of the Web page you are evaluating? http:// ________________ Look at the domain name of the URL. How does the fact that the site is an .edu; .com; .gov; or .org influence your opinions about the site? ______________________________________ Who put this information here? ❏ Government ❏ Educational institution ❏ Commercial organization ❏ Special interest group (i.e., political party) ❏ Private person ❏ Other Does the source of the information have any influence on your judgment about the usefulness of this site? Yes ❏ No ❏ Comment _________________________________________________________________ How often is the site updated? ❏ Updated daily ❏ Updated weekly ❏ Updated monthly ❏ Updated less often Can you tell when the last time a particular page/section was changed? Yes ❏ No ❏ 8 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Exhibit 2 (Cont.) Does the currency of the information have any influence on your judgment about the usefulness of this site? Yes ❏ No ❏ Comment _________________________________________________________________ How old is the material? ❏ Recent (1-6 months) ❏ 6 months -1 year old ❏ 1-2 years old ❏ Older Does the currency of the information have any influence on your judgment about the usefulness of this site? Yes ❏ No ❏ Comment _________________________________________________________________ Who wrote the information? ❏ A known authority in the field ❏ Someone affiliated with a recognized organization/institution ❏ An unknown Is the author’s signature on the page? Yes ❏ No ❏ Is the author’s e-mail address included? Yes ❏ No ❏ Is there any other way of identifying the author (i.e., telephone number or address)? Yes ❏ No ❏ If you cannot identify the writer, does this have any effect on your judgment about the usefulness of this site? Yes ❏ No ❏ Does the institutional affiliation have any effect on your judgment about this site? Yes ❏ No ❏ Comment _________________________________________________________________ Why is this material here? ❏ As a public service ❏ For political reasons ❏ For personal reasons (i.e., a personal home page) Is the purpose of this page indicated clearly in a prominent place? Yes ❏ No ❏ Is there any evident bias in the information at this site? Yes ❏ No ❏ Does the reason for this have any influence on your judgment about the usefulness of this site? Yes ❏ No ❏ Comment _________________________________________________________________ ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 9 Exhibit 2 (Cont.) Can I do a crosscheck? Yes ❏ No ❏ Do I have any doubts about the accuracy of the material? Yes ❏ No ❏ If so, is there any way I can crosscheck the accuracy of the information? Yes ❏ No ❏ Is the information available anywhere else? Yes ❏ No ❏ Would it have been easier to get the information in some other way? Yes ❏ No ❏ Comment _________________________________________________________________ What kind of checks could I perform? ❏ Other Internet material? ❏ Print sources? ❏ Expert knowledge (i.e., contact a known authority)? ❏ Personal knowledge? Comment _________________________________________________________________ Is the information useful for direct evidence for this audit project? Yes ❏ No ❏ Does the site primarily provide meta-information (information about information) that may be useful for this audit project? Yes ❏ No ❏ Can I use the contact information (e-mail, guest book etc.) to find more information either online or in print format for this search? Yes ❏ No ❏ What kinds of links come off the site? __________________________________________ Does the site include links to other sites? Yes ❏ No ❏ Is there any selection process for the links? Yes ❏ No ❏ Are the links organized (i.e., by subject category)? Yes ❏ No ❏ Are the links described? Yes ❏ No ❏ Are the links all still active? Yes ❏ No ❏ Do the links seem relevant to the subject of the Web page? Yes ❏ No ❏ Comment _________________________________________________________________ 10 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Exhibit 2 (Cont.) Design The Web page includes: ❏ Color ❏ Graphics ❏ Tables ❏ Frames ❏ Animation ❏ Java Is the page only viewable by a specific browser or release of browser? Yes ❏ No ❏ Speed Is the site often busy and difficult to access? Yes ❏ No ❏ Does the page download in a reasonable amount of time? Yes ❏ No ❏ Does it include any large graphics or files that take a long time to download? Yes ❏ No ❏ Is it organized in a way that makes it easy to navigate? Yes ❏ No ❏ Are the navigational links clear? Yes ❏ No ❏ Do you have to scroll through the entire document to find the information you want? Yes ❏ No ❏ Is there any provision for searching the site? Yes ❏ No ❏ Is the page viewable by a text-based browser only? Yes ❏ No ❏ Do all the graphics have a text explanation? Yes ❏ No ❏ Does the design complement the content? Yes ❏ No ❏ Comment _________________________________________________________________ ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 11 Knowledge Assembly Ability (Ability to collect and evaluate both fact and opinion) Auditors need to learn how to assemble knowledge or build a reliable information base from diverse information resources such as e-mail, World Wide Web, newsgroups, and mailing lists. Knowledge assembly involves utilizing all the different sources of Internet information, including news feeds from magazines, newspapers, and newsletters; discussion forums such as listservs and newsgroups; and Web sites. Incorporating all of these into the auditing process requires careful planning and consideration. Many auditors are not actively tapping into digital media for audit purposes. Search Skill Ability (Ability to conduct searches within a digital environment) The final competency for auditors covers Internet search strategies for using search engines to hunt through millions of pages of information and return a list of targets for your consideration. It requires understanding how information is organized on the Internet and ways to use the existing tools in a digital environment. This competency is covered in more detail in Chapter 4, The Auditor’s Great Internet Search. If you plan to make effective use of the Internet, you need to develop your “digital literacy” skills. All indications are that the digital environment is here to stay. This means that auditing professionals need to make changes in the way they accumulate, examine, and use information. Readers can find a Primer on Digital Literacy at http://www.auditnet.org/diglit.htm. I recommend that you read this excerpt from the book and consider the implications on how you use the Internet in your work. Exhibit 3 provides a Digital Literacy Self-Assessment Tool that was adapted with permission from the Arts Wire Spider School of the New York Foundation for the Arts. The tool can help you determine your personal level of digital literacy. I am sure you will agree that this new environment — built around the Internet — requires new skills needed to survive and keep up with the competition. In my opinion this is one of the most important concepts that you need to understand in order to effectively integrate the Internet in your professional and personal life. 12 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Exhibit 3 The Auditor’s Digital Literacy Self-Assessment Tool Adapted with permission from the Arts Wire Spider School N.Y. Foundation for the Arts* The following is another tool for auditors to use in evaluating their digital literacy competence. Please judge your level of achievement for each of the following digital literacy skills. Circle the number that best reflects your current level of skill attainment. (Be honest, but be kind.) This tool is designed to help you conduct a self-analysis to determine what areas you should continue to learn and practice. (Level 1 – Novice; Level 2 – Beginner; Level 3 – Intermediate; and Level 4 Advanced.) I. Internet Integration ___ Level 1 - I do not see the need to blend the use of the Internet into my work. ___ Level 2 - I would like to blend the use of the Internet into my work, but there is not much time or enough access to equipment. I need a better understanding of what strategies will work. ___ Level 3 - I blend the use of the Internet and new technologies into my work whenever I have the opportunity to do so. I devote a small amount of time exploring software and equipment. ___ Level 4 - I frequently blend the use of the Internet and new technologies into my work. I use problem-solving skills and the help button to figure out how to make use of advanced features when I need to. 2. Browser Operation ___ Level 1 - I do not use a browser, nor can I identify any uses or features it might have which would benefit my work. ___ Level 2 - I can start up my browser and use the basic commands to surf the Web, but I spend little time doing so. ___ Level 3 - I am able to bookmark Web sites that I have visited and would like to revisit. *This tool is based on Mankato (MN) Schools Scale for staff technology skills assessment and technology competencies identified by the National Council for Accreditation of Teacher Education and the Association for Educational Communications and Technology. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 13 Exhibit 3 (Cont.) ___ Level 4 - I can organize by bookmark into folders. I can save local copies of Web pages and graphics on my hard drive. I know how to clear my browser cache and customize the settings. I know how to use keyboard shortcuts to make navigating more efficient. I understand almost all the error messages from the browser and can continue browsing without problem. 3. Internet Research ___ Level 1 - I do not explore, evaluate, or make use of Internet information, nor can I see any value in doing so. ___ Level 2 - I know how to do a basic search on at least one search engine, but I do not know how to narrow and refine my search. I often get lost, distracted, or overwhelmed. ___ Level 3 - I know how to do Boolean searches and use more than one search engine. ___ Level 4 - I can find almost anything I need that is available on the Internet quickly and efficiently and can evaluate the quality of the information. 4. E-Mail Use ___ Level 1 - I do not use electronic mail, nor can I identify any uses or features that would benefit my work. ___ Level 2 - I know the basic mechanics of using my e-mail program to send and receive messages from colleagues, constituents, or friends. I do not check or use my e-mail every day. ___ Level 3 - I know how to send documents as attachments, the address book, and file folder system. I check my e-mail at least once a day. ___ Level 4 - I feel confident using text to communicate with many different people on a variety of topics. I know how to write for the medium. I know how to manage my e-mail efficiently and integrate it with other technologies such as voice mail, phone, and fax. I feel lost when I cannot check my e-mail at least once or twice a day. 5. Listservs/Conferencing Software ___ Level 1 - I do not use listservs or conferencing, nor can I identify any uses or features that would benefit my work. 14 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Exhibit 3 (Cont.) ___ Level 2 - I have subscribed to a couple of listservs or participated in a couple of conferences, but I do not know how to make using them efficient. ___ Level 3 - I know how to filter listserv messages and efficiently communicate using conferencing software. ___ Level 4 - I feel that participating in listservs or conferencing with professional colleagues has been enormously valuable to my work and find it an efficient and economical way to collaborate. 6. Ethical Use Understanding ___ Level 1 - I am not aware of any ethical issues surrounding computer use. ___ Level 2 - I know that some copyright restrictions apply to computer software and Internet documents. ___ Level 3 - I clearly understand the difference between freeware, shareware, and commercial software and the fees involved in the use of each. I know the programs for which my organization holds a site license. I understand how I can use information gathered from the Internet without violating copyright laws. ___ Level 4 - I am aware of other ethical issues involving technology use such as privacy and can explain the issues to colleagues. 7. Basic Computer Operation ___ Level 1 - I do not use a computer. ___ Level 2 - I can use the computer to run a few specific, preloaded programs. I am somewhat anxious I might damage the machine or its programs. ___ Level 3 - I can set up my computer and peripheral devices, load software, print, and use most of the operating system tools like the notepad, find command, trash can, and clipboard. ___ Level 4 - I can run two programs simultaneously and have several windows open at the same time. I can customize the look and sounds of my computer. I use keyboard shortcuts and look for ways to maximize my computer time. I am confident enough to teach others some basic operations. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 15 Exhibit 3 (Cont.) 8. File Management ___ Level 1 - I do not save any documents I create using the computer. ___ Level 2 - I save documents I have created, but I cannot chose where they are saved on my hard drive or the network. I do not know how to back up my files. ___ Level 3 - I have a filing system for organizing my files and can locate files quickly. I back up my files to floppy or zip disk on a regular basis. ___ Level 4 - I regularly run a disk-optimizer on my hard drive, and use a backup program to make multiple copies of my files on a weekly basis. I have a system for archiving files on my hard drive. 9. Word Processing ___ Level 1 - I do not use a word processor, nor can I identify any uses or features it might have which would benefit the way I work. ___ Level 2 - I occasionally use the word processor for simple documents that I know I will modify and use again. I generally find it easier to hand write or type most written work I do. ___ Level 3 - I use the word processor for nearly all my written professional work: memos, worksheets, and communication. I can edit, spell check, and change the format of a document. ___ Level 4 - I use the word processor for all of my work and typically compose at the screen/ keyboard. I know how to use templates, macros, style sheets, mail merge, and import spreadsheets, databases, or graphics. I know how to save word processing files as HTML documents. 10. Presentation Software ___ Level 1 - After I do my research I am unlikely to use electronic technologies to save, format, or share my findings. ___ Level 2 - I would feel comfortable presenting my findings in a single application program such as a word processor, a spreadsheet, or a publishing program. ___ Level 3 - I am proficient at incorporating and sharing my findings using multimedia presentation software (Powerpoint) which combine elements from a number of applications (Netscape, graphics, word processing, database, etc.). 16 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Exhibit 3 (Cont.) ___ Level 4 - I use the presentation software to help me think, communicate, or revise my key points or message. 11. Spreadsheets ___ Level 1 - I do not use a spreadsheet, nor can I identify any uses or features it might have which would benefit the way I work. ___ Level 2 - I understand the use of a spreadsheet and can navigate within one. I can create a simple spreadsheet that adds a column of numbers. I can use the spreadsheet to make a simple graph or chart. ___ Level 3 - I use a spreadsheet and know how to add labels, formulas, and cell references. I can change the format of the spreadsheets to anything I need or want. ___ Level 4 - My use of the spreadsheet has helped me improve my data keeping and analysis skills. I know how to export spreadsheet data into other file formats or insert into word processing documents. I know how to program multiple spreadsheets with macros to do advanced financial analysis. 12. Database Use ___ Level 1 - I do not use a database, nor can I identify any uses or features it might have which would benefit the way I work. ___ Level 2 - I understand the use of a database and can locate information within one which has been pre-made. I can add or delete data in a database. ___ Level 3 - I use databases to collect and analyze data. I can create a database from scratch, defining fields and creating layouts in order to support queries. I can sort and print the information in layouts that are useful to me. ___ Level 4 - I use databases to track information about my program or area. I can automatically generate appropriate letters or forms. I understand how to use and structure a relational database. I know how to import/export data into other file formats. 13. Graphics Use ___ Level 1 - I do not use graphics in my word processing or presentations, nor can I identify any uses or features they might have which would benefit the way I work. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 17 Exhibit 3 (Cont.) ___ Level 2 - I can open, create, and place simple pictures into documents using painting, drawing, or image editing programs. ___ Level 3 - I can open, create, modify, and place graphics into documents in order to help clarify or amplify my message. ___ Level 4 - I can manipulate and interpret graphics using image-processing software (such as CAD, GIS, or Photoshop) for the purpose of design or analysis. I can use the programs to enhance my visual thinking skills. What Auditing-Related Things Can I Do On the Internet? Now that you have an idea about the impact of the Internet on auditing and the skills you must acquire to become “digitally literate,” here are 20 auditing-related activities you can do on the Internet. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Discuss auditing issues with specialists from around the world. Conduct auditing research from your desktop. Download auditing programs and adapt them to your organization. Download internal control questionnaires. Download audit-related statistical sampling software. Download demo software for flowcharting, data extraction and analysis programs, automated working papers, and more. Network with auditors and specialists within your industry group. Locate new career opportunities from online job postings. Stay in touch with your professional affiliations through association Web sites. Find information on professional certifications online. Earn college credit or continuing professional education online. Locate and schedule upcoming audit conferences and training seminars. Find audit manuals and guides from other auditing departments or organizations. Keep in touch with audit customers via e-mail with newsletters, audit briefings, and other targeted correspondence. Send and receive audit-related files via e-mail attachments while away from the home office. Conduct surveys and distribute audit questionnaires via the Internet. Locate industry standards and guidelines via trade associations at their Web site. Create an information feed of electronic magazines and newspapers delivered to you via email. 18 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ 19. Download free utility software and receive software updates and vendor support over the Internet. 20. Research airline schedules and hotel accommodations via Internet Web sites. Learning to Cyberspeak Before continuing the journey to find out the options available for accessing the Internet, you must start learning the language of the Auditbahn (or cyberspeak). A glossary of terms is included at the end of the book that can be referred to as needed. The glossary is unique in that it includes terms not just for Internet users, but also for audit professionals. Browse through the terms and get a feel for some of the language. Then start up your computer, put it in gear, and begin your journey into cyberspace. Always remember that the Internet is merely a tool — a means to an end. It will never take on a life of its own, although some people will tell you it already has. You will define how you use it and how to integrate it into your professional career. The history and origins of the Internet are already written. You have the ability to affect the future of the Internet and its usefulness as a tool for the auditing profession. Consider the tools and applications discussed in the pages that follow as a starting point. Follow the theme of “Electronic Progress Through Sharing” and you will discover that the Internet is a valuable auditing tool. Interview: John K. Peterson, Founder, Internal Auditing World Wide Web (http://www.bitwise.net/iawww) The IAWWW started at Dartmouth Hitchcock Medical Center. I found out about this new entity when I received the following notice sent to the Internet audit community: BIRTH ANNOUNCEMENT What is IAWWW? Date of Birth: 6/9/94 @ 4:00 P.M. Weight: 987 BYTES The purpose of the IAWWW is to provide: Online and real-time international communications. Real-time help and access. Information. Knowledge. Ordered and focused access to the Internet. Dedicated capability just for internal auditors. Facilitate professional exchanges without physical boundaries. Industry-specific audit repository. Non-filtered discussions and electronic conferences. Access list of peers. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 19 Access list of entities with audit functions. Why was IAWWW created? Wanted to know names of peers. Wanted to share information on a daily basis. Wanted to learn what everyone else was doing. Wanted to ask questions online and real-time. Wanted current and future list of conferences and seminars. Wanted to save money when acquiring information and knowledge. Wanted to supplement physical conferences and seminars. White papers. Multimedia audit-specific documents, movies, pictures, etc. Futures.......... Q. Tell me about IAWWW’s Internet strategy. The concept was and still is to provide a resource for internal auditors that goes across associations, companies, and legal entities. The IAWWW moves in the direction called for by its audience. It provides a “meeting ground” for all types of internal auditors from all countries and industries. It is still volunteer-based and tries to cover expenses with ads and certain services. Auditors have been sending resumes and looking for positions. The IAWWW has created a relationship with The Rivers Group to help auditors secure positions. The Career and News Page are the two highest utilized pages on the site. This recruiting tactic is in line with the strategy — to provide the service requested by auditors. The IAWWW Web site will grow in direct proportion to worldwide interest and contributions. The IAWWW is also used to test various user interfaces, languages, and technologies. The IAWWW has tried various types of concepts, and when negative responses were received, the concept was removed. Example: Automatic moves, based on time, using Javascript were installed and removed after a period of time. Different Web site design ideas have been used and the “auditor’s vote” decides what stays and what is removed. 20 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. The IAWWW was developed as a prototype for an online audit network. Now that the Internet and audit acceptance has matured, what changes do you see in the future of the IAWWW? I see the activity increasing as more and more personnel get on board. The utilization to date has been to see what is there on the IAWWW. We receive a great deal of “requests” for additional functionality… but when asked to volunteer time… requests seem to diminish quickly. The contribution by individual auditors seems to be confined to a few who contribute a great deal in time and money. Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? I hold a computer science degree and have been programing since 1963. I learned in formal classroom, on-the-job training at various employers, at home on my own, and I created a company called Peterson Consulting that is devoted to the development of extranets, internets, intranets, and electronic commerce. Internet technologies are my job, my passion, and simply fun. I am now learning XML and Ontology. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? Peterson Consulting has created very large portal extranets for cross-industry activities in financial services, insurance, banking, and investment. The IAWWW has provided auditors from mutiple companies, industries, and countries with a way of communicating that has never existed before. Q. How has your organization integrated the use of the Internet into auditing? The Internet and associated Internet technologies are simply tools that are utilized for various forms of communications in multimedia formats on a centralized, remote, and distributed basis. The level of collaboration has increased proportionally. Q. What Internet resources do you use, and how have they helped you and your organization? The ability to know of and contact various associations is one of the key resources — such as the Association Page within the IAWWW. The People Page within the IAWWW has allowed various people to communicate and compare notes on topics of mutual interest. ___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 21 Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? The Internet has a profound change on the way business is conducted... and this is only the beginning! The impact on business will be great. The companies that are part of the Internet change will learn, grow, and become a different business. Companies that do not become part of the Internet way of doing business will cease to exist over time. We are only just starting to see what can be accomplished. Auditors will need to expand their scope of work and now understand that a computer can and will process more business transactions in a nanosecond than most auditors can comprehend. The need for auditors to understand risk, automate themselves, and automate their processes is a fact for survival in the new business world. Q. What effect have the Internet and the World Wide Web had on the auditing profession? To date the effect has been minimal in a business transaction view. The auditing profession will be changed completely over the next five to 10 years — financial auditing will still be important but information and operational and managerial auditing will be in the spotlight. Q. What Internet skills do you see as the most critical for new auditors? Concepts of proactive information auditing before a new Internet-based technology system goes into production. To passively audit will be an error. It will be too late. Q. What role do you see for the Internet in the future of internal auditing? The use of Internet technologies will empower “state-of-the-art auditors” to perform a valueadded function for their employers. Q. Any other thoughts on how auditors could be using the Internet that you would like to share? Auditors should start to lobby their management and boards for education, technology, and proactive implementations of audit capabilities within their organizations. 22 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Continuing Internet Education The following books will provide you with additional information on the background and basics of the Internet and Digital Literacy. 1. 2. 3. 4. Digital Literacy, Paul Gilster, Wiley and Computer Publishing. Zen and the Art of the Internet, Brendan P. Kehoe, Prentice Hall PTR. The Internet Roadmap, Bennett Falk, Sybex. The Whole Internet User Guide and Catalog, 2nd Edition, Ed Krol, O’Reilly & Associates, Inc. 5. How the Internet Works, Preston Gralla, MacMillan Computer Publishing. _____________________________________ Chapter 2 — Making the Right Connection 23 Chapter 2 Making the Right Connection “Whatever method of access you choose, the underlying Internet remains the same.” — Paul Gilster from New Internet Navigator Before you can access anything on the Internet, you need one critical element — a connection. Without a connection you are merely an observer on the outside looking in to the vast resources available on the Auditbahn. So what do you do? Call 1-800 Internet and get connected? There are several alternatives available to you. Selecting the right option is dependent not only on your needs but also on how much online experience you have and where you live and work. The decisions you make will be based on a self-evaluation of the applications, tools, and resources available for your particular needs. Another key consideration is whether or not your employer currently has an Internet connection or provides other employees with some type of Internet access via commercial online services. Like the old saying about real estate, when it comes to the Internet and commercial online services, the ability to access relates largely to location, location, and location. If you live in or close to a metropolitan area, you have more choices for accessing the Internet than do professionals living in smaller communities. This is due to a variety of factors, including supply and demand as well as economies of scale when it comes to the number of individuals interested in a service. The larger the population density, the greater the likelihood of access alternatives based on the market and competition. Internet Connection Options Primary alternative methods for connecting to the Internet include direct connection or a dial-up connection to a remote site. There are advantages and disadvantages to either method that you need to know in order to make an informed decision. Making the choice about which road to take for connecting to the Internet requires understanding the differences and similarities between the alternatives. The following options will help guide you in making a choice. The advantages and disadvantages of each option are included so that you may choose an option that fits your particular experience, needs, and preferences. Direct Connections High-speed direct connections are commonly available through businesses, educational institutions, or government organizations with a large number of users and workstations that need to be connected to the Internet. Many organizations have established a direct connection to the Internet 24 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ for business reasons. High-speed connections are typically provided through networks already connected to the Internet. If your organization has a connection to the Internet, the only additional requirement involves installing Internet software on your workstation. Direct connections to the Internet offer the most efficient connection via a high speed, dedicated leased line. As an audit professional working for such an organization, you have the benefit of a network of information system professionals to help configure and establish a connection to the Internet using company resources. Setting up a workstation on a network directly connected to the Internet is not for novices. Each workstation may require tweaks and adjustments to connect. Contact the information system professionals for the installation and configuration of the workstation. These professionals have experience and can facilitate the connection. Once your workstation is configured, you have complete access to all the Internet services allowed by your organization, which may include e-mail, file transfer, and Web services. Direct Connections: · Provide full access to Internet applications authorized by the employer. · Provide the fastest connections. · Allow a greater number of organization-wide users. · Provide a stable connection to the Internet (limited line noise interference). · Provide easier control of access via senior management authorization. · Are expensive if there are few users. · Require specialized knowledge and skills for system setup. Dial-Up Connections Many organizations do not have a direct connection to the Internet for various reasons, including cost or the lack of a viable business reason for connecting business components. If your organization does not have a direct connection to the Internet, your other options for connecting are referred to as remote access dial-up connections. Even if your organization has a direct connection, you may want to consider a dial-up connection at home. There are several dial-up alternatives for connecting to the Internet. You can connect via an Internet Service Provider (ISP) or to an Online Service Provider (OSP). They are referred to as dial-up because you connect by dialing up an access (phone) number using your computer modem. Each dial-up alternative has certain elements that you need to understand before making the decision on which choice best meets your needs. ISP Dial-Up Connection The next best thing to a direct connection is an ISP dial-up option. This is more commonly referred to as a SLIP (Serial Line Internet Protocol) or PPP (Point to Point Protocol). This type of connection provides Internet access as long as the dial-up connection exists. When the connection is broken (by terminating the phone call), the computer is no longer connected to the Internet. With this type of connection, your computer actually becomes a computer node (host) on the Internet. You may then run any Internet client-server application program from your computer. _____________________________________ Chapter 2 — Making the Right Connection 25 The most popular type of ISP connection is an integrated dial-up. This means that the ISP provides the software front end or shell application for easy installation and setup. The startup package typically includes a browser (software program for viewing Internet resources), e-mail program, Gopher client, Usenet client, and more. You may use the software program provided by the ISP or, at your option, use your own programs to access the Internet. ISPs generally provide all the software for the connection, including the basic Internet communication protocol (TCP/IP) and the local access number (telephone number) to dial for the Internet connection. The software provided by the ISP will configure your computer to connect to the Internet. This means that you do not have to know the details for configuring your system in order to connect. All that you need to do is follow the instructions and provide the information requested during the setup process. A dial-up direct connection provides you with full Internet access but at a slower speed than a direct connection. Speed on a dial-up direct connection is a factor of both the modem installed on your computer and the maximum access speed provided by the ISP. The choice of which ISP to use depends to a certain extent on where you live. Because connecting to an ISP requires a dial-up connection, there are two alternatives available. The first option is a national ISP, which has local dial-up numbers in large metropolitan areas. An example of this type of ISP is Mindspring (800) 719-4664 (http://www.mindspring.com/). If you live in an area where connecting to a national ISP requires dialing a toll call, consider using a regional or local ISP. Look in a local business paper or check with other financial professionals for contact references for local ISPs. Another option for locating an ISP is to ask someone who is already connected to the Internet for a recommendation. There is also a site on the Internet that provides a database of ISPs at the following address: http://thelist.internet.com/. Dial-Up Direct Connections: · Allow you to choose the level of access or all the services of the Internet (cafeteria approach). · Provide flexibility in choice of Internet software applications. · Are cost effective for high-volume users. · Provide connection at speeds limited by the ISP. · Can be more difficult for users who have never been online before. · Provide access based on geographic locations (auditors in some locations may not be able to find a national ISP and must locate an alternative local ISP). · Provide cafeteria-style services so cost escalates as non-standard services are added. OSP Dial-Up Indirect Connections The simplest and quickest way to connect to the resources of the Internet is to use a commercial online service or online service provider (OSP) such as America Online or CompuServe. If you live in a metropolitan area or location where commercial online services have a local dial-up number (not long-distance), then all you need do is install the software, sign up, and log on. CompuServe and America Online provide their own proprietary software for connecting to their service via your home or office computer. You will need a computer (the more powerful the bet- 26 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ ter), modem (fastest speed available), and telephone (a separate line is preferable but not necessary). When you have completed the installation, you then use the software to dial a phone number to access their central computer, enter your user name and password, and you are connected. Follow the menu to Internet services and you can begin exploring. If you have never been online before, you may find this route to be the easiest way to determine how you can use the Internet. OSPs offer members a wide range of information and services, one of which is access to the Internet. Each of the online services provides e-mail addresses (which provide access to discussion groups), World Wide Web, and newsgroups. Each service also offers its own proprietary information not available on other online services or the Internet. So while this may be a deciding factor in choosing a particular service, it can also be a limiting factor as you will only have access to the features provided by that particular commercial online service. The key point to remember is that when connecting to a commercial online service, you are restricted to using the specific databases and services that they offer to members as part of their service. Each commercial online service offers specific types of Internet services, and you need to know what you want to do before deciding which service is best for you. Each commercial online service provides e-mail, file transfer, access to the World Wide Web, and newsgroups. Some services do not provide the ability to log onto a remote computer (telnet) from their service. The bottom line is to decide what services you want and need. Contact each of the commercial online services available in your area and ask about the features they offer. Each commercial online service provider includes a free trial period to test their offerings and determine whether their services meet your needs. Fully explore the services during this free trial period and make the decision based on factors such as ease of use, applicability of their service offerings to your specific needs, ability to connect, and comfort level with the support they provide. Selecting an online service should be done in a rational structured manner as your online experience is reflected by how comfortable you are with the service provider. Dial-Up Indirect Connections: • Provide a quick and easy connection. • Require only a minimal understanding of online communications. • Provide extensive support both from the commercial online service provider and other members (members helping members). • Offer proprietary information available only to members. • Provide space for Web pages. • Are only accessible in certain geographic locations. • Access speed limited to what the OSP offers and depending on geographical location. • Limit the auditor to using the Internet services and tools provided by the service. _____________________________________ Chapter 2 — Making the Right Connection 27 Deciding on an Option The preferred option for many auditors looking for the fastest and easiest way to connect to the Internet is by signing up with a commercial online service provider such as America Online or CompuServe. Those account types provide all the basic services and features that most auditors need to gain an understanding of the Internet and online services. If you have the benefit of a direct connection through your employer, you may still find having a separate account for personal and professional communication to be worthwhile. If the only connection that you have is through your employer, a job change will result in having to change your e-mail address. If you have a personal (not paid for by your employer) account, you will always retain that Internet address for as long as you continue using that service. Sometimes even a move to a different city or state will not mean a change in your e-mail address. As long as you stay with the same Internet service provider or commercial online service, your e-mail address will stay the same. Experience shows that it is a good idea to have a sense of permanence on the Internet. The decision on how to connect to the Internet is also influenced by what you want to do once you are connected. The next chapter covers Internet services and tools. Knowing what the Internet has to offer you as an auditor can help you make your decision on the connection option that best fits your needs. The Internet is a dynamic, changing medium. As competition moves through peaks and valleys, the costs of connecting will move up and down. An important point to remember when considering a service provider is that cost is only one factor. Selecting a provider that you will be with for a long period of time is a major consideration as well. If the most important reason for connecting is to obtain an e-mail address, remember that such an address requires a degree of permanence. Moving from service provider to service provider and changing your e-mail address as you go is like changing your home address. You will have to notify all of your correspondents of your new e-mail address each time you move. If you fail to notify them of the change, any messages they send you will end up being returned “address unknown.” Interview: Carolyn Newman, President, Audimation Services Inc. (http://www.audimation.com) Audimation Services, Inc. was formed in 1992 to bring audit automation solutions to the audit community. Their premier software offering is Interactive Data Extraction and Analysis (IDEA). As distributors, rather than developers of the software, they believe the Internet will have a major impact on their business in the next two to five years. Many software products are already available from the World Wide Web. In the case of IDEA, certain free updates and scripts can be downloaded. Users can go to the official IDEA Web page, access the IDEA Knowledge Base, check that they have the most current software version, download Help file updates, and contact their distributor all from within the software. Nothing with a cost is currently available by download. However, they believe the Internet will eventually be IDEA’s primary distribution channel. 28 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Audimation Services is committed to customer service and support, and they believe the Internet will play a major role in their ability to deliver exceptional, proactive support to the individual users. Some examples include the development of several services to help auditors deal with the Internet, including firewall log auditing routines available as IDEA “add-ins.” Their affiliate in the UK, Horwath Software Services, has developed an IDEA Knowledgebase and intends to offer additional add-ins such as credit card log auditing routines and checks on product pricing. The ability to collaborate and share ideas and best practices with affiliates around the world has been substantially improved because of the Internet. Q. Tell me about Audimation’s Internet strategy. We have just redesigned our Web page. Our Internet strategy has been stepped up to include plans to use the Internet as a means of providing consulting services, coordinating discussion groups with users, considering the potential for improved and more readily available training and technical support, and a little retail operation for the overworked professional. Q. What is Interactive Data Extraction and Analysis and why is it important for auditors? Interactive Data Extraction and Analysis (IDEA) is a Windows-based tool that allows you to display, analyze, manipulate, sample, or extract data from virtually any type of file. IDEA is important for auditors because it helps them work more effectively to test and analyze the data generated by their clients’ systems. Key analytical tests auditors use, like checking extensions, extracting large dollars, stratifying amounts, checking for gaps and duplicates, and performing several types of sample extractions, are preprogrammed in IDEA. Preprogrammed routines can save the auditor time and provide increased audit coverage. Noted for ease of use, IDEA has a number of Wizard/Assistants to guide the auditor through such procedures as importing data files, stratifying data, and preparing charts and reports. IDEA also has a built-in scripting facility that can be used to create macros. A macro is useful in recording and playing back a series of audit tests on the next file, whether it is the next day’s, month’s, or year’s transactions. IDEAScript (Visual Basic style of language) also allows the creation of automated systems with dialogs and messages, importing of complex data files, and control of other OLE2 enabled applications such as MS Word, Excel, LotusNotes, etc. IDEA’s latest version 3.0 has been componetized so that more technical auditors can use Visual Basic itself to automate IDEA in the development of a customized audit automation system. _____________________________________ Chapter 2 — Making the Right Connection 29 Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? Our “digital literacy” was obtained through lots of research and some trial and error methodology. Experimentation is one of the best ways of learning. Also, dealing with client “opportunities” has increased our digital knowledge. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? We have used our Web site to provide both technical and general information about IDEA. The information includes such items as frequently asked questions, training schedules and registrations, a free case study for independent learning, links to the IDEA Knowledge Base (developed by Horwath Software Services), and links to other audit related sites, including AuditNet.org! Q. How has your organization integrated the use of the Internet into auditing? IDEA’s development is definitely moving toward “Web enablement.” Version 3.0 users can access the IDEA Web site, Knowledge Base, and distributor from within the program. In addition, reports and files can be e-mailed from within IDEA, and IDEA files can be exported as HTML tables. Future versions will allow imports from the Web. Q. What Internet resources do you use and how have they helped you and your organization? Every time we meet a new prospect, we check out their Web page to learn what we can about the organization’s or firm’s business and style. We have checked out our competition’s Web page and are constantly viewing what’s new in professional associations through their Web pages. We also use the Internet to research cost and availability of the software, services, and equipment we use in our business and to stay current on technical developments as they affect the audit profession, software development trends, and delivery/sales channels. We are heavy users of e-mail for internal and external communications. Q. How has the Internet changed the way your organization does business and what impact has that change had on auditors? The Internet allows us to communicate better with less cost (e.g., long-distance charges) with customers, clients, and affiliates. The greatest benefit to us is the ability to become more “connected” to our clients, which builds rapport and, hopefully, loyalty with the professionals we have served. 30 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Our clients receive improved customer service because the Internet allows them to send us their problem files, which we can analyze and help define. This service really helps them hurdle the first roadblock to efficient and effective auditing using data extraction and analysis. Q. What effect have the Internet and the World Wide Web had on the auditing profession? The audit profession has awakened to some of the risks associated with the openness and easy access of information on and going through the Internet. I don’t believe they have yet realized how much easier fraud will be to accomplish. The audit profession will need to continue to become “digitally literate” and will need tools like IDEA even more with the continued advancement of e-commerce. Q. What Internet skills do you see as the most critical for new auditors? The most critical skills related to the Internet for auditors are a solid understanding of the risks and new methods of control for Web-based commerce and information systems. Because of the sheer volume of data auditors must deal with, it is critical for auditors to develop the ability to capture, analyze, test, and report on errors and irregularities. The Internet will eventually enable continuous reporting, and auditors will need to acquire new skills and tools to provide continuous auditing services. Q. What role do you see for the Internet in the future of internal auditing? I see the Internet as a resource of continuing value for internal auditors. As more and more applications are developed using Web technologies, I believe the Internet will be transformed from a resource to a tool for the internal auditor. Q. Any other thoughts on how auditors could be using the Internet that you would like to share? The Internet is forcing auditors to become more aware of the nature of worldwide business interconnections. In our own case, we are receiving Spanish language inquiries about technical capabilities of IDEA. Such inquiries often point out the similarity of problems across countries — a bank in Chile has the same issues as a bank in the U.S. or the U.K. _____________________________________ Chapter 2 — Making the Right Connection 31 Continuing Internet Education The following books will help you with information on connecting to the Internet. 1. The New Internet Navigator, Paul Gilster, John Wiley & Sons, Inc. 2. Internet Direct: Connecting Through SLIP and PPP, Robert Miller and Elissa Keeler, MIS Press. 3. Navigating the Internet with America Online, Wes Tatters, Sams.net Publishing. 4. Navigating the Internet with CompuServe, Wes Tatters, Sams.net Publishing. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 33 Chapter 3 Internet Services and Tools for Auditors “Nothing in life is to be feared, it is only to be understood.” — Marie Curie While the concept of the Internet is something that many auditors may not understand or even care about, what you can do with the Internet is an entirely different story. Getting to the root of the question as to what can be done on the Internet first requires understanding the basics of Internet addressing. It is also important to understand the distinction between services and tools. This chapter provides a high-level, easy-to-understand, non-technical discussion of these areas. For more information on how these Internet services and tools work, readers are encouraged to explore both online and offline for further details. As stated earlier, the Internet is a series of globally interconnected networks. The basic services that the Internet offers are all associated with communicating. These services include electronic mail (e-mail), file transfers (FTP), and logging on to a remote computer system (Telnet). You also need to understand and appreciate the client-server model. It provides access to powerful and popular tools and applications available on the Internet, including the World Wide Web. Internet Addressing Auditors who have not traveled the Auditbahn before will find that getting around requires a basic understanding of Internet addressing principles. Imagine taking a trip to another country and not knowing the rules of the road, let alone the language. The Internet is a strange place to many auditing professionals, and it is important to first become familiar with some terms and concepts. You must have an understanding of how to navigate the various components of the Internet. This does not mean that you have to have a detailed knowledge of these concepts, but rather an appreciation and understanding of them in order to make your first trip and future trips worth the effort. This is not as complex as you may think. This chapter will help you navigate around some of the different types of applications that you will find useful from an audit perspective. The Internet addressing system is what makes each computer location connected to the network unique. Internet addresses are a lot like traditional postal addresses in that you need a name and address in order for the mail to be delivered to the right place. E-mail addresses consist of the individual’s name (user ID) and the physical address or location of their mailbox (domain). The address consists of several unique components (just as you would have a street address, city, and state). The Internet’s addressing protocol requires separating the user ID and domain name with a 34 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ @ sign. Because the domain must identify all the traditional elements of a street address, the developers of the addressing system created a hierarchy allowing for sub-levels within the domain name. There are a number of domains in the Internet system so the addressing system uses unique identifiers to refer to different types of organizations. The highest level domain is the equivalent of the addressee’s country in a postal system. In order to deliver mail to the right location, the additional domain sub-level information is needed (the equivalent of street address, city, and state). Three letters identify the top-level domains: Domain Organization Type .com .edu .gov .mil .net .org commercial organization educational institution governmental organization military organization Internet resource non-profit organization So Joe Auditor (user ID = JAuditor) who has an account on Netcom has an e-mail address of [email protected]. There can only be one JAuditor on the Netcom system. If there is another JAuditor using Netcom, he might have a user ID of JAuditor1 with an e-mail address of [email protected]. E-mail addresses on the Internet must be unique just as a postal address is unique for an individual. If that were not the case, then two people with the same e-mail address would receive each other’s mail. There are also domain identifiers for countries — for example, Australia (.au), Canada (.ca ), United Kingdom (.uk), and United States (.us). If a two-letter country identifier is not present, then it is most likely the United States. Domain Naming System (DNS) Every computer connected to the Internet has a unique identifier called an Internet address or IP address. The IP address consists of a series of numbers separated by periods. However, because it is usually easier for individuals to remember names than numbers, translation software exists on the Internet that converts the names to numbers in order to locate the system. The translation is really just creating an alias. If you wanted to locate the Internet system at Harvard University, you would use the alias harvard.edu rather than the numerical address. This is important to know because when using various Internet services, the location of the computer must be accurately entered in order for the translation software to find the correct site. You will encounter some sites on the Internet that use their numerical IP address rather than a name. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 35 Electronic Mail Electronic mail (e-mail) represents the most common and widely used service on the Internet. It is the reason that many auditors connect in the first place. E-mail allows you to electronically communicate with any individual anywhere in the world provided they also have an e-mail address. This is the most basic of Internet services and provides a universal means of exchanging ideas and information. Sending e-mail to other auditors on the Internet requires knowing the other individual’s e-mail address. E-mail addresses are unique and must be entered correctly in order for messages to reach the recipient. E-mail addresses follow the username@domainname format. Each e-mail message contains certain components regardless of the e-mail program used. Each email message you send contains header information and a body. The header information includes routing information that directs the message to the recipient. Header information includes the DATE (the date and time the message was sent), FROM (who is sending the message), REPLY TO (preferred address for receiving responses), SUBJECT (brief topic description of the message), and TO (who the message is going to or recipient), usually the recipient’s e-mail address. There are guidelines or Netiquette (network etiquette) for the use of electronic mail. Netiquette is an Internet term referring to a code of conduct in online communications. It is important to adhere to the rules of e-mail netiquette when using this new form of communication. There are sites on the Internet that provide guidance and information on the netiquette, such as Arlene Rinaldi’s User Guidelines and Netiquette at http://rs6000.adm.fau.edu/rinaldi/net/user.html. E-mail provides more than just access to other peer professionals. Using e-mail you can access discussion lists and all the resources on the Internet. Dr. Bob Rankin’s The Whole Internet by Email (ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email) is a comprehensive guide for using e-mail to access all types of Internet information. This is a valuable (free) tool, especially if you only have e-mail access to the Internet. Mailing Lists E-mail discussion groups (or listservs) are essentially electronic mailing lists. An individual with a specific interest in a subject such as auditing need only join a list dealing with that subject. A message sent to the list is automatically distributed to all the list members, but the sender only has to type one e-mail message. An electronic mailing list is a register of Internet addresses of individuals interested in automatically receiving new information (documents, news, announcements, etc.) on a particular topic of interest. Mailing lists can be administered by an individual or by special software, which will be discussed shortly. The first step in joining a mailing list is to find out what lists are available. Chapter 5 provides you with information on mailing lists related to 36 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ various topics for auditors and accountants. There are instructions on how to subscribe to those mailing lists as well. A key point to remember is that subscribing to a mailing list does not cost anything other than your time. These lists represent one of the primary resources for using the Internet as an auditing tool. The majority of mailing lists typically use software programs that automatically respond to specifically worded commands for subscribing, unsubscribing, and other list management options. Listserv, Listproc, and Majordomo are the three most popular automated list management or list server software programs. These programs act as mail forwarding systems and file repositories. It is not necessary for you to understand the operational details of these programs. Subscribing to a list is as simple as sending an e-mail to a server such as LISTSERV at the list address and including in the body of the message the word SUBSCRIBE with the list name and your name (each list is different so you need to read the subscription instructions). The servers will pick up your e-mail address from the message and you will receive a reply confirming your subscription and instructions on how to use the service. Chapter 5 covers the address and commands for subscribing. The list server software will provide you with all the detailed instructions (by return e-mail) that you need to post messages, read messages, and cancel your subscription (unsubscribe) from the list. Remember to save the list instructions you receive. You may need to refer to them later. Occasionally, individuals who are familiar with the topic act as coordinators or moderators for the list. List moderator duties include monitoring the list, checking for and reporting inappropriate messages, making sure that new postings are distributed to list subscribers, and recommending enhancements that will benefit subscribers. Moderators encourage subscribers to post any relevant information that will increase the utility of the list, such as new documents, laws, other lists, or important topical developments. In some cases the individuals who post the information do not even have to be subscribers. However, in order to receive all the postings to a particular list, you must subscribe to the list. Lists can either be moderated or unmoderated. This refers to whether someone is monitoring the messages to determine the appropriateness of the topic or subject of the list. Moderated lists tend to provide more useful information because the topics are not allowed to veer too much off course. This does not mean that unmoderated lists do not include useful discussions. In many cases the subscribers to the list will self-moderate the discussions. If you posted an inappropriate message or one that is off-topic to a list with strong participation, the list participants will let you know the error of your ways. They can let you know about the incorrect behavior either directly through the list or to your personal mailbox. Mailing lists administered by an individual (as opposed to an automated mailing list) are distributed periodically depending on the guidelines defined by that list administrator. The list administrator performs all the tasks normally handled by automated list software. Typical tasks include adding subscribers, address changes, removing subscribers, and monitoring traffic for inappropriate postings. These types of lists are labor intensive. The administrator receives individual mes- _____________________________ Chapter 3 — Internet Services and Tools for Auditors 37 sages and combines and/or summarizes the comments before distributing to all the list subscribers. As the number of subscribers to this type of list grows, the amount of effort required by the administrator increases. Adding new subscribers, handling address changes or errors, deleting subscribers, and compiling and packaging the information becomes a time-consuming endeavor. The administrator typically maintains a distribution list based on the names of individuals that have expressed an interest in participating in the list topic. An example of an individual administered list is the Data Extraction and Analysis (DEA) Mailing List administered by Richard Lanza. The purpose of this list is based on the philosophy of audit users helping other users. The greater the participation, the larger the base of knowledge that benefits all the list participants. Information and instructions provided for the DEA Mailing List are provided below. Objective 1) To provide a moderated discussion forum for the exchange of ideas related to the use of ACL, IDEA, Microsoft Access, and any other data extraction and analysis software. The ideas should be sent to my Internet mailbox at [email protected]. Biweekly, the moderator sends a summarized document, which organizes the ideas sent during the previous two-week period. What the Mailing List Will Not Provide The mailing list is not a forum for technical questions (other than idea questions such as “Is it possible to use ACL for accounts receivable test work and does anyone have a good way to do this?”). All technical assistance questions should be directed to ACL, IDEA, Microsoft Access, or other software technical support. When You Send Your Ideas All messages and subscriptions should be sent to [email protected] with one line in the body of the letter: SUB DE&A. It would be appreciated by the moderator if the person’s real name, organization, software type, and number of years data extraction and analysis have been used be included in the message. I will assume that individuals would want to remain anonymous unless otherwise specified in the e-mail. Finally, it would be helpful to not only send the idea but also the commands to effectuate the report, which can be shared by all participants (This can easily be accomplished by uploading a batch report of the commands into the e-mail document.) Subscribing to Electronic Mailing Lists Subscribing to a mailing list does not involve any fees or charges. These lists are available to anyone interested in the subject matter of the list. Subscribing to a list involves sending an e-mail message to the list management program. The program recognizes certain commands, so it is very important that the request is worded according to the list management guidelines. If there are mistakes in the request, the list management software will reject the request and your name will not be added to the subscriber database. Fortunately, if you send a request to the right address but use improper commands, the list will notify you with an explanation of the error. The program may also recommend the correction required to successfully execute the command. 38 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ The procedure for subscribing to a mailing list is determined by the mailing list software. Usually, the auditor sends an e-mail message to the list server at the list address and includes in the body of the message: SUBSCRIBE (List Name) (Auditor Name) The mailing list software usually sends an acknowledgment message back to new subscribers, which provides guidance and assistance for using the list. Save the acknowledgment (or “welcome” message). It provides useful and necessary commands for managing your interaction with the discussion group. It explains items such as how to receive messages, digest messages so you only receive periodic (weekly or monthly) distributions, and stop receiving list messages (unsubscribing). Unsubscribing to Electronic Mailing Lists Knowing how to unsubscribe to a mailing list is just as important as knowing how to subscribe. In some respects, it is more important because when you are new to Internet mailing lists, you may get carried away with subscriptions. When you realize the volume of mail generated by some mailing lists you will need to know the correct command for removing yourself from that list. Usually, the request should go to the same address to which the original subscription was sent. In the body of the message the auditor would typically enter: UNSUBSCRIBE (List Name) (Auditor Name) However, this may not apply in all cases. If you are unsure, send an e-mail message to the list coordinator and ask about the procedure for unsubscribing to the list. If you know that there will be a change in your e-mail address, unsubscribe to all lists before your address changes. Resubmit subscription requests when your new e-mail address is available. If you are unable to unsubscribe before the address change, you will have to contact the list manager (not the list software) to change the address. This is not a good way to gain the confidence and respect of the list manager because this is meant to be an automated process requiring little human intervention. Posting (Sending) Messages and Responses to the List You post relevant information by sending e-mail to the list name@list address. The information will then go to all subscribers to the list. This is important to remember because there are circumstances when a reply should only be sent to the individual who posted the original message. When this happens, address the reply to that individual’s e-mail address rather than using the reply option, which sends the reply to all list subscribers. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 39 List Netiquette List Netiquette is based on the experience of other users and is really common courtesy that individuals should follow when participating in this type of electronic forum. The following document is an example of Netiquette. The list relates specifically to the Information Security discussion list. The 15 Points of INFSEC-L Netiquette (1) LIMIT all postings to topics, subjects, or issues relevant to the INFORMATION SECURITY field. Conserve cyberspace as much as possible, and always be considerate of subscribers who routinely pay for each message received. (2) ALWAYS include a subject line that is descriptive of the topic being discussed. (3) IDENTIFY YOURSELF at the bottom of your posting (i.e., include e-signature card or tagline). Include at a minimum your name and e-mail address to facilitate back-channel communication, if necessary. (4) USE DISCRETION when forwarding information to the INFSEC-L list. It might be preferable to reference the source of a lengthy document and provide instructions on how to obtain a copy. (5) EXERCISE CAUTION when using sarcasm and humor. Without face-to-face communications, your comments or the imports of your comments might be misinterpreted. (6) ALWAYS respect COPYRIGHT and LICENSE AGREEMENTS. (7) Be professional and AVOID FLAMING others. The INFSEC-L list is meant for constructive exchanges ONLY. (8) Cite all quotes, references, and sources, especially when forwarding information to another person or a discussion list. Where possible, obtain permission from the sender first. (9) Commercial or for-profit organizations using the Internet to advertise products or services violates one of the basic tenets of the Internet. Products may be discussed or critiqued on the INFSEC-L list as long as there is no payment from a vendor/individual (in the form of advertising or marketing expenses) to do so. 40 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ (10) When quoting another individual or replying to another individual’s posting, edit out whatever is not directly applicable to your reply. Including the entire posting can be annoying to those reading it. (11) Keep paragraphs and messages short and to the point. Limit line length (less than 80 characters per line) to avoid text wrapping and to improve readability. (12) Respond directly to the sender on specific or personal requests, not to the entire list. (13) The greatest benefit to INFSEC-L as a discussion list is the GIVE and TAKE of information. Everyone learns from the discussion. (14) ALWAYS feel free to offer advice and suggestions on how to improve the INFSEC-L list to make it more meaningful and enjoyable. Be tolerant of shortcomings and errant messages that might occasionally be experienced or witnessed on the list. The objective is to continuously improve this list. (15) If you want to redistribute someone else’s INFSEC-L posting to another forum (another mailing list, Usenet, your in-house newsletter, etc.), please secure the original author’s consent. Usenet Newsgroups There is another popular type of discussion group available on the Internet where people with common interests can share information and opinions. Usenet is a worldwide system of discussion groups carried by many systems linked to the Internet. It is organized into categories referred to as newsgroups. Many individuals simply refer to Usenet as newsgroups, net news, or electronic news. There are thousands of different groups organized into topic categories. Newsgroups operate like bulletin boards where users post information to share with all other readers of the board. You must subscribe to the newsgroups that you want to access. Subscribing to a newsgroup does not cost anything. It is just a way of having your newsreader identify the groups with which you are interested in participating. There are some differences between e-mail discussion lists and newsgroups. Some of the key differences are: • Usenet may not be accessible to all individuals (especially auditors using a direct connection from their place of work). The reason for this is that in order to use Usenet, you need access to a software application called a newsreader. Organizations that have direct Internet access may not have newsreader software installed on their network. Even if your organization has the necessary software installed, the system administrator may only allow access to specifically authorized newsgroups. If you are using an ISP or commercial online service, they will provide access to Usenet newsgroups. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 41 • If there are newsgroups that you are interested in, you must subscribe (join) in order to participate in the discussions. There is no charge for subscribing to a newsgroup other than the fees you are already paying via your online service or ISP. Once you have subscribed, you may read topics or messages that interest you, post follow-up messages, or post a new message topic. In other words, you select what you want to read. This is in contrast to e-mail discussion groups where you receive all messages directly via your mailbox. The only way you can read newsgroup postings is by accessing the group via your Internet connection and selecting the messages that interest you. • Usenet messages are removed from the newsgroup after a period of time. Some newsgroups maintain archives of messages. However, if you do not use this service often, you may miss out on important discussions. • Usenet does not have as many discussion groups established for auditors. While many Internet users find newsgroups of interest, there are few newsgroups available on auditing, accounting, and finance topics. The primary newsgroup established specifically for auditors is called alt.business.internal-audit. Chapter 5 provides additional newsgroup resources of interest to auditors, accountants, and financial professionals. File Transfer Protocol (FTP) File Transfer Protocol (FTP) provides the ability to download (receive) and upload (send) files from Internet connected computers. This is possible even if the operating systems or file formats on the two computers are different. The speed of the transfer depends on several factors, including the type of connection and time of connecting to the FTP site. Using FTP through your service provider gives you access to a large number of files available on the Internet. A good source of information on archives of files in general is the Usenet newsgroup comp.archives. Obtaining files using FTP requires knowing the location of the remote computer (address or name), the subdirectory location on the remote computer (path), and the name of the file you want to retrieve (filename). Files are stored on the remote computer within certain directories or subdirectories, usually organized by subject or topic. Knowing the path or location of the files is a critical factor in how fast you can find the particular file you need. Access to files on FTP sites is controlled by the organization’s policy on authorized use. Some organizations that maintain files require you to have an account in order to access the server. However, many system administrators do not allow non-registered user access to their computer systems. Other organizations allow what is known as “anonymous FTP,” which means you do not need to have an account established to access the files. Locations that allow non-registered users to access certain public files without the need to establish usernames and passwords are referred to 42 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ as anonymous FTP sites. When you log onto an anonymous FTP site, you are prompted for a user name and password. For the user name you type in “anonymous” and use your e-mail address as the password. This allows the system administrator at the FTP server to track users. There are several auditing-related FTP sites that allow anonymous FTP to access financial files and programs. FTP can be an effective tool for obtaining software or documents from remote computers. Remember to always check downloaded (files retrieved) executable programs for viruses before installing and running them on your system. The Internet’s file transfer protocol provides auditing professionals with the ability to exchange audit programs and other media electronically. Rather than sending another auditor a disk via traditional delivery methods like the postal service, you can electronically transfer the information immediately via computer-to-computer connections. An example of a site that provides information for auditors is the original Auditors Sharing Audit Programs FTP site at the University of North Florida. The following is a description of the site along with information on how it was accessed from various systems. (Note: This system was replaced by the ASAP section of AuditNet.) What is Auditors Sharing Audit Programs or ASAP? In the interest of “Progress Through Sharing,” auditors began submitting audit programs to listservs to share with their peers who requested assistance. Taking that concept one step further, I recently posted a request asking auditors to submit audit programs for a library that they could access when needed. The audit programs are those submitted by auditors in the worldwide community of AuditNet. Programs in the ASAP are included from AuditNet participants without editing or modification. I assume that the submitted programs have been developed or modified by the submitting auditor and therefore are not subject to copyright restrictions. The programs are provided as is and therefore we are not responsible for any errors or omissions. The programs should be carefully reviewed and modified to meet the needs of your organization. The programs have been posted to the anonymous site and are accessible at ftp.unf.edu (ftp:// ftp.unf.edu). The directory is pub/auditnet. The AuditNet ASAP Audit Programs are in the directory pub/auditnet/programs. Auditors can contribute programs by sending them via e-mail to [email protected]. Auditors with America Online (AOL) access may send the file to [email protected] using the attach file feature. Author’s Note: The ASAP clearinghouse of audit programs moved to AuditNet.org (http:// www.auditnet.org) and this is where you will find the most complete inventory. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 43 Sample FTP Session for the Auditor Sharing Audit Programs FTP Site 1. Log on to your computer or ISP. 2. Start the FTP program and enter the FTP address of the system you are trying to reach (for example, ftp.unf.edu). 3. Once connected, enter anonymous for the user name and enter your e-mail address for the password. 4. Change to the directory where the ASAP files are located /pub/auditnet/programs. 5. Select the audit program for the subject area you want. 6. Transfer a copy of the program to your computer. 7. Log off the remote computer and exit the FTP program. 8. Open the audit program you just retrieved in your word processor and modify as required. FTP Tips Reading large files while you are connected is not recommended because it keeps the FTP server loaded. Be sensitive and do not overuse this. Get some readme or index files first and read them off-line so you know how the site is organized and where you can find things. Archie At one point prior to the World Wide Web, the Internet was so large that finding files could sometimes be a bit difficult. A software utility called Internet Archive Server Listing Service (Archie) was developed to help individuals locate files on anonymous FTP sites. It is a special tool that you can connect to and query for items you need. Archie scans the anonymous sites and maintains file listings from those different sites. If Archie finds a match, it provides the domain name and IP address for the site, where the site is stored, and any other information available. You must then use your FTP client software to connect to the site using the information provided by Archie. The downside of using Archie for locating files is that first you need the file name (or a close facsimile) in order to locate programs or files. Secondly, you must then use your FTP program to access the site. Go to http://www-polisci.tamu.edu/lab/archie.htm for more information about Archie and Archie servers. There are a few rules you should follow when looking for information on Archie servers. Since they are not dedicated machines, using them during normal working hours is not recommended. Queries must be as specific as possible. Searches without a specific file in mind can be time consuming and provide limited results. Choosing an Archie server close to your physical location will speed the response and transfer time. 44 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Telnet Telnet is a program or protocol that allows you to log in to another computer to run programs and perform tasks on that computer as if you were sitting at that computer’s terminal. In order to Telnet to a remote system, you need to have Telnet capability on your computer or via your ISP. To Telnet to a host computer, you need to know its name (either as a numeric address or in words). A Sample Telnet Session to CapAccess (the National Capital Area Public Access Network) 1. 2. 3. 4. 5. 6. Log in to the local system or ISP. Start the Telnet program c:\windows\telnet.exe. Enter the domain name of the remote system that you want to access (capaccess.org). Upon connection, enter your user name and password (or guest registration). Explore the site. When finished, quit the program and log off. Exit the Telnet program. Back in the early days of my online experience, I connected to CapAccess from my home by dialing up a local phone number. But when traveling, I would have to dial long distance and incur toll charges to connect to CapAccess. By using Telnet, I connected to my ISP via a local number and connected to CapAccess via Telnet without incurring any long-distance charges. Some Telnet sites may require establishing an account, while others will provide guest access privileges. When you find sites that say Telnet access is allowed, check them out. It is a service that you may not use often, but if it is available, it provides another option for accessing Internet information. Client-Server Model When the Internet was first developed, it took a great deal of knowledge and patience to navigate the terrain. In terms of the current Auditbahn, early users of the Internet were literally traversing dirt roads rather than superhighways. All of this changed with the introduction of the client-server model. Under this model, communication takes place on both your computer (client) and the computer at the remote site to which you are connecting (server). Very simply put, you use a program on your computer called a “client” to connect to the computer holding the files, a “server.” Software developers have concentrated on making the client end of the system user-friendly so that you do not need to know all the complex commands once required to navigate a system on a remote computer. The server end of the communication link can provide an automated response with minimal or no human intervention. Because the links are independent, the power of each element is dependent on the power of the machine from which the application resides. Examples of popular client-server applications are Gopher (a menu-based look up and browse tool), Veronica (a search tool), WAIS (another powerful search tool), and, most importantly, the World Wide Web (a hyper-media browse and search tool). _____________________________ Chapter 3 — Internet Services and Tools for Auditors 45 Gopher Gopher (developed at the University of Minnesota) was a powerful client software tool used to search, retrieve, and view different types of information on the Internet. It was the precursor to the World Wide Web. The derivation of the term “Gopher” relates to the fact that the software goes out and retrieves information. Gopher is in essence a distributed document delivery system wherein people make information available over the Internet. Gopher servers (computers) store documents at their local sites and provide links to related information located at other sites. Early users of the Internet had to Telnet to public Gopher sites in order to query Gopher servers. Commercial online services now provide easy-to-use Gopher interfaces, and ISPs include Gopher client software in their applications. For example, if you are using America Online, type “Gopher” and select “Go.” There are a number of choices available from the Gopher menu that will lead you to Gopherspace. Gopher uses plain English with a simple menu-based hierarchical system that many new Internet users find easy to navigate. The power of Gopher resides in the fact that it accesses a wide range of resources across the Internet. This means that Gopher menus may point to FTP sites, Usenet archives, and other resources on the Internet. The beauty of Gopher is that the operational detail is transparent to the user, as the software maneuvers Gopherspace to locate information. In order to appreciate the straightforward approach of using Gopher, connect to the FinanceNet Gopher by typing gopher.financenet.gov from your Gopher software or from your browser. The FinanceNet menu provides the following choices: Welcome to FinanceNet’s Electronic Library What’s New on FinanceNet FinanceNet Public Mailing List Happenings in Public Financial Management Documents, Publications & Standards Government Asset Sales Closely Related Networks FinanceNet Discussion Groups and Usenet Newsgroups Internet Resource, Search and Help Tools Evaluation and Comments Search for Gopher and News Servers Search Messages Sent to all FinanceNet Mailing Lists Help for Search Click on one of the above choices and you will be presented with information or another menu of choices. Hit the escape (or back) key and you will return to the previous menu. FinanceNet was one of the first sites that gave me an appreciation for the types of audit and accounting-related resources available online for professionals. Gopher servers require a significant investment in human resources to maintain the information and the system. As a result, Gopher servers are either being shut down or not updated regularly. Web servers provide a much easier and viable alternative to Gopher for the needs of the current Internet community. 46 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Veronica Veronica stands for Very Easy Rodent Oriented Net-Wide Index to Computerized Archives. This client-server application was to Gopher what Archie was to FTP. Veronica is actually an index and retrieval system that maintains an index of Gopher directory names and document titles. You can search titles by entering a simple query. Unlike Archie (the search tool for anonymous FTP), the result provided by Veronica allows you to directly connect to the resource by selecting the item from the list provided. Veronica searches can be done by title word or by directory. Veronica finds resources by a search of words in titles as opposed to a full text search. For more information on how to compose a Veronica query, go to: http://civic.net/cambridge_civic_network/libcopy/search_engines.html You can access Veronica during a Gopher session. Most Gopher servers include a menu with a name like “Search GopherSpace using Veronica.” If the Gopher server you are using does not offer a menu item for Veronica, go to a public Veronica site such as gopher://gopher.tc.umn.edu/11/ Other%20Gopher%20and%20Information%20Servers/Veronica. America Online uses Veronica to conduct a search of Gopherspace. Veronica can be a powerful search tool for auditors looking for information on the Internet. However, it is important to understand that Veronica does not search the text of the document, but rather the title of the document for a match. WAIS Wide Area Information Servers (WAIS) took Veronica to the next level up by searching for words in documents. WAIS (pronounced “ways”) is a client-server application that takes advantage of the TCP/IP protocol. A number of Internet locations have set up WAIS servers for the database of information contained at their site. The WAIS index and text search system allows you to conduct rapid, simple queries of those databases. If a site provides for WAIS searches, you will find a form that will prompt you for all the necessary information for your query. Your query will search for matches and provide an ordered list of successful hits for review. Some WAIS search engines provide for access to multiple databases. The following steps apply to a WAIS query regardless of the site: 1. 2. 3. 4. 5. 6. Select the database that you want to search. Construct your query by entering the keywords that you define. Run the query and WAIS looks for matches on the relevant databases. WAIS client produces a list of document that matched the query. Select a document from the list for review. Restate the query to further define the search and improve the results. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 47 World Wide Web The World Wide Web (commonly referred to as WWW or Web) is a browsing and searching system that bypasses all the usual commands required for circumnavigating the Internet. The Web is a method of sharing resources with many individuals at the same time regardless of where the resources are physically located. This may seem bewildering, but as you read on you will come to appreciate the simplicity and sheer power of jumping (via links or connections) from one document or site on the Internet to another. Navigating the vast resources of the Internet has always been a challenge. While some of the tools such as Gopher, Archie, and Veronica make it a little easier, there are still some limitations inherent in a hierarchical structure. Gopher is a primary example of limitations in moving between locations or documents. You can only go from menu to menu, or menu to item. The World Wide Web gives a whole new meaning to the concept of surfing the Auditbahn. In order to navigate the Web, you will need client software called a browser. Browsers allow you to access information on different types of servers around the world. Web browser software is considered the “killer app” for the Internet because it incorporates all or most of the other Internet applications such as Gopher, Telnet, Usenet, and more. Browsers were first developed as public domain and were freely distributed over the Internet. There are a number of browsers available, including NetScape Navigator and Internet Explorer. They provide you with tools for accessing Web sites using key word search engines. Browsers require a graphical user interface such as Windows, which means that the more powerful the machine, the better. If you choose a commercial online information service for your Internet access, you will have the Web browser provided with that service. ISPs also include a Web browser with their software package. If you do not like the browser provided by your service provider, you can always purchase another. Check and make sure that any browser you purchase will work with your service provider. The Web was developed as a resource for physicists by the European Laboratory for Particle Physics (or CERN, which is the acronym for the French name of the organization). It links documents and pictures into a hyper-media environment that has made the Internet a household word. While the Internet has been around in one form or another since the early 1970s, the Web has only been on the scene since the early 1990s. The Web has fostered the evolution of the Internet from a military research communication sharing medium into a business and personal cyberspace that is transforming the way we access, retrieve, and use information. The unique mechanism that sets the Web apart from all the other types of client-server tools is the hyperlink. Hyperlinks are really pointers to other information within a document or other documents or, quite often, other sites on the Internet. Imagine that you are reading an article on corporate reengineering. Within the article you come across a reference to an article on the subject of delayering within an organization. A print article might include a footnote with a reference where that article is located. That same document on the Internet would most likely have a hyperlink, which means you would simply click on the word “delayering” and it would transfer you directly 48 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ to that article. Once you finish reading the delayering article you could return to the original article with the click of the mouse. The Web uses these hyperlinks to provide access to a variety of Internet resources, including FTP, Gopher, Telnet, Usenet, and more. Just as a spider’s web is an intricate set of interconnected threads, the Web provides you with a seemingly transparent connection to the depth and breadth of resources on the Internet. The method of connecting to a Web site involves entering the address or location of the site. The creators of the Web developed a universal access system for addressing Internet locations. Part of this addressing is the domain naming system that gives unique location identifications to every site on the Internet. Reaching an audit-related site on the Internet requires entering a code called a Uniform Resource Locator (URL) in the browser program. This uniform resource locator is a standard for specifying an object on the Internet, and is all that you need to connect to a Web site. The URL concept can be compared to finding a channel on your television set. If you know the URL (channel), you will connect to the right site (station). URLs for the World Wide Web appear as follows: http://www.auditnet.org HyperText Transport Protocol (HTTP) is a universal identification for Web sites. Anytime you are connecting to a Web site, the URL will begin with http://. Following the http:// is the site name at which the particular resource is located. You must be careful in the way that you enter the site name because some URLs are case sensitive. The site above is the AuditNet Web site with the domain name www.auditnet.org, which is the AuditNet home page (the first page in a set of Web documents). The file extension of “htm” means that it is written in HyperText Markup Language (HTML), which is the universal coding language used for creating and identifying hyperlinks. HTML is plain text with special coding or paragraph tags similar to desktop publishing recognized by all browsers. Documents posted on the Web need to be in HTML format so that the different types of browser programs can read and display them. Browsers will also allow you to reach other types of resources on the Net by using a different prefix for the URL. The following are examples of prefixes you might likely see in a URL: gopher:// indicates a Gopher site on the Internet. ftp:// indicates an FTP site on the Internet. URLs represent a means of identification as well. Auditors are including URLs on business cards, and organizations are including them in radio and television commercials and in print publications. After using the Internet and the Web awhile, the format for entering a URL will become second nature to you. You may even start committing URLs to memory the same way that you remember your address, phone, or fax number. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 49 Web pages may include text as well as graphics (images) and perhaps even sound. The addition of graphics and sound adds a different flavor and personality to the Web. The graphic capability gives the Web visual appeal but may add little to the content. There are sites that make worthwhile use of the Web by incorporating images or maps into the interface so that an auditor can click on an area of a graphic and link to another section of the site. This can also be accomplished with a text link so in reality it is nothing more than another option for accessing the data. A picture can be worth a thousand words in some settings, but other than making a site visually appealing, it adds minimal value. In my experience, auditors are more interested in getting the information, rather than the bells and whistles. The bottom line is information and that translates to text. The downside of sites that include large graphic images is that they also significantly increase the time it takes for the page to load. Some computers may even freeze up due to memory limitations. You can overcome these limitations and problems by turning off the LOAD IMAGES feature in your browser. Concluding Remarks With a fundamental understanding of the different types of services and tools available, you can begin to use the resources of the Internet in an auditing environment. You may not need all the features or the services covered in this chapter, but it is important to know that they are available. You also do not need to know all the nuances of how each of the services and tools works in order to take advantage of them. Technically inquisitive auditors can find a wealth of information on the Internet about the intricate workings of the services and tools mentioned. Now that you have a basic understanding of the services and tools available, the next step is to understand how to find information on the Internet. Chapter 4 covers how to search for and find audit-related information on the Internet. Interview: Ben Heald, Editor, AccountingWeb UK (http://www.accountingweb.co.uk) AccountingWEB from Sift plc is an everyday business information service for accountants. It integrates a wide collection of Internet resources, accountancy news, organization directories, and financial, news, and market research databases. Initially focused on the UK accounting sector, it recently launched in the United States at http://www.accountingweb.com. After AccountingWEB won the prestigious European Information Product of the Year Award at the Online Information 1997 Exhibition at Olympia, Information World Review said, “It is not often that you can call an information product elegant, but Sift’s AccountingWEB is precisely that.” The concept behind Sift is that they do not believe “surfing” is an appropriate metaphor for busi- 50 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ ness use of the Internet. Their approach is to use search technology, online wizards, and good oldfashioned editors to direct you to the information you need to stay informed. Because let’s face it — not everyone is an Internet guru or wants to be! So rather than your spending precious hours aimlessly surfing, AccountingWeb sifts things for you. AccountingWEB exploits the new ways in which information is being made available on the Web, while retaining access to traditional information sources such as ICC, Infocheck, Dun & Bradstreet, and others. The approach is encapsulated by the company information wizard, which directs the user to free Web resources as a preference to paid sources. In addition to being a source of information, AccountingWEB is an online community centered around the discussion area. Most features of the service are free, including the Accountancy Search Engine, the PressZone, the Suppliers Directory, the AccountingWEB newswire, and the discussion areas. Q . The latest trend in providing information for professionals is the establishment of vortals or vertical industry portals. How do you see the role of AccountingWEB as fitting a global vortal for accounting and audit professionals? In a professional context, “global” communities are difficult to create due to the structural, regulatory, and language differences between various domestic markets. We have a multidomestic model for AccountingWEB, the intention being to create sites with their own identity and focus in the UK, the U.S. initially, with further European and Asian sites to come. Each site will have its own editors, business development managers, etc. However, there will be some issues and themes that cross the domestic boundaries. Audit is a good example because some of the issues of an auditor in the UK and an auditor in the U.S. will be common. It’s really important though to recognize the huge differences between an accountant in the U.S., say, and one in France or Germany. Not only does a French accountant apply different methods to the way in which he carries out accounting assignments, he will account for things in completely different ways, and perhaps most importantly from a community standpoint, he has a different role in the business community. For example, generally speaking, he is not seen as having as much of a business advisory role as is the case in the U.S. Q. What was the main impetus for establishing AccountingWeb? To take advantage of the business opportunity available through building professional virtual communities. Q. What have been the benefits of establishing a site on the Web? Without the site we would have no business! _____________________________ Chapter 3 — Internet Services and Tools for Auditors 51 Q. What, if any, are the drawbacks of establishing a site on the Web? If a site is good and develops an atmosphere of its own, taking it forward is never-ending; it is open all hours, every day. You can be sure that when you have to close it on a quiet Sunday night for development and maintenance there will be someone out there who had hoped to have a heavy session! Don’t launch if you’re not prepared to stick with it. Q. How do you see the Internet changing the delivery of information to auditing professionals? The Internet will simply be the way in which virtually all information is delivered to professionals through a combination of electronic newsletters, focussed discussion areas, and searchable reference. Q. What has been the response of the audit community to accepting this new method of information delivery? People are more than willing to accept new methods of getting things, but only when there is a clear benefit. Being able to get things any time, more cheaply, and from anywhere is all in all a better value proposition. Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? Whilst we’re talking about the Internet entering the new Millennium, let’s not forget that it has still to enter its second decade! It’s difficult to avoid becoming at least more digitally literate this year. There is a new digital high street being created. Although people can’t see it in the sense they could see a new mall, they are increasingly able to conceptualize it. Like all things there’s a learning curve. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? Internally we use a range of Internet-based authoring tools and task-management systems to run the business. None of our editors works from the main office, for example. 52 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. What Internet resources do you use, and how have they helped you and your organization? One of AccountingWEB’s main aims is to help accountants and auditors to navigate their way to resources on the Internet. We therefore spend a lot of time keeping track of what’s going on in the relevant sites for our community so that we can do this effectively. Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? See above - totally dependent on the Internet. We ourselves are driving change in auditors. Q. What effect have the Internet and the World Wide Web had on the auditing profession? Overall, probably still a small effect on audit process so far, but you could say that the Internet is part of the rapidly changing world in which auditors are operating, so auditors are already having to deal with companies that are operating on the Internet. Q. What Internet skills do you see as the most critical for new auditors? Most significantly, to understand what is going on, as otherwise auditors are not going to be able to deal with their clients who will be selling, purchasing, etc., online. Q. What role do you see for the Internet in the future of internal auditing? Down the road, as application outsourcing over the Internet takes off, both internal and external auditors are going to have to deal with business processes that essentially occur over an Internet-enabled distributed network. _____________________________ Chapter 3 — Internet Services and Tools for Auditors 53 Continuing Internet Education The following resources are available for those auditors interested in further exploring individual tools and applications. In addition, now that you know something about the different tools available, several resources that are available on the Internet have also been included. This is a good opportunity to consult the Internet for furthering your Internet education. 1. Internet Guides, Online Courses and Tutorials, is available on the World Wide Web at http:// lcweb.loc.gov/global/internet/training.html. This is a Library of Congress compilation of Internet resources. 2. A collection of resources, including guides, FTP, Gopher, Usenet, mailing lists, and more, is available at http://www.mcs.brandonu.ca/~ennsnr/Resources/Welcome.html. 3. E-mail Security, Bruce Schneier, John Wiley & Sons, Inc., 1995. 4. Using the Internet, Mary Ann Pike (and others), Que Corporation, 1996. 5. The Internet for Busy People, Christian Crumlish, Osbourne McGraw-Hill, 1996. 6. The Usenet Book: Finding, Using, and Surviving Newsgroups on the Internet, Bryan Pfaffenberger, Addison-Wesley Pub Co., 1995. 7. 10 Minute Guide to the Internet and World Wide Web, Rick Bolton, Galen A. Grimes, Que Education & Training, 1997. ________________________________ Chapter 4 — The Auditor’s Great Internet Search 55 Chapter 4 The Auditor’s Great Internet Search “Knowing how to use the Web intelligently means knowing how to locate useful information on the Web.” — Bryan Pfaffenberger Introduction to Searching Of all the changes that are taking place in Internet services and tools, perhaps one of the most dramatic involves search engines. More than a billion hyperlinks or connections reside within the hundreds of millions of Web pages that currently exist, and millions of new pages are being created daily. With all this available information one would think that finding relevant information would not be difficult. In fact, the Internet was not created or envisioned as an information database and was not designed to support the volume of information that it currently maintains. The situation is complicated further by the fact that anyone can create a Web site. The Internet does not store information in a uniform database format. Entering a simple query into a traditional search engine may yield thousands or tens of thousands of matches. Many of those matches may or may not be relevant to what you are looking for. Internet gurus are well aware of the shortfalls in the virtual library of information to which users have access. On the plus side, tools to search this global information source that has no “card catalog” are improving. This means that auditors should be conducting more successful searches. In order to do so, they need to learn “smart searching.” Smart searching means understanding how search engines work, how Web pages are developed, what search tools to use for different situations, selecting a strategy, and translating traditional research techniques to an online environment. Living in the information technology era means that you will have to learn how to utilize new tools to do your audit spelunking. Getting the job done means not just having the right tools, but also knowing how to use them. That knowledge can mean the difference between success and failure in your audit-related search strategy. It is no wonder then that search skills represent one of the core competencies for audit digital literacy. The Internet is the largest warehouse of information in the world. It consists of networks and file servers with useful audit-related data buried throughout. There is little doubt or disagreement about the amount of information available for auditors on the Internet. The problem has never been (and probably never will be) whether the information is out there; at issue is where to find it. I have always maintained that when I cannot find what I am looking for, it is not because the information is not there, it is because I am not looking in the right place. 56 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Auditors constantly ask me for assistance in locating specific information needed for a project with which they are involved. Finding information of a specific nature or on a specific auditrelated topic is like looking for the proverbial needle in a haystack. It is definitely a frustrating experience for auditors who are new to the online world. I always try to give general directions on where to look or how to go about conducting a search. My philosophy is akin to the proverb about giving a hungry man a fish and you will feed him for a day, teach him how to fish and you will feed him for life. The same holds true for searching for audit resources on the Internet. Learn how to search the Auditbahn for information and your thirst for data will always be quenched. There are some general considerations that apply to the Internet when searching for information. The Internet is decidedly different from other traditional information resources such as the library. The Internet is a distributed data environment with thousands of computers connected around the world. There is no single authority that oversees the information content and there are no restrictions on who may post information on the Internet. As a communication medium the Internet has unlimited potential for exchanging audit ideas and sharing professional knowledge. A second consideration in searching for information is that the Internet is constantly changing. Individuals or organizations can publish and upload volumes of information in a relatively short time, and audit-related information can change in the blink of an eye. Think of data on the Internet from a perspective of now you see it, now you don’t. The dynamic nature of the Internet means that searches conducted over a short time can yield significantly different results. The third consideration is that there are no existing standards for information content on the Internet. While there is a definite abundance (sufficiency) of information, there is a question of validity. It is important to carefully consider the source of any information obtained from the Internet. The sheer volume of available information means concentrating on the most relevant information. Relevance has a direct bearing on the purpose or objective of the specific search. Finally, if the information helps meet the goal of the audit or search, then it may be considered useful. So while there may be sufficient information available for auditors on the Internet, the information must meet the tests of competence, relevance, and usefulness. There are various methods of searching for information on the Internet. Many auditors may be tempted to use a technique for locating information called “serendipitous surfing.” Surfing the Internet involves locating a page containing links to information that you think are relevant to the subject area you are looking for. You then select a link to a page based on individual judgment believing that the link will take you to the information you need. Surfing does not utilize a structured approach for conducting a search, nor does it use any of the various search tools. This technique may be fine for an individual who has time to “lurk” across the Internet hoping to hit relevant information, but for auditors, surfing is an inefficient and ineffective method of searching. There are a variety of search and retrieval tools available for auditors connected to the Internet. Auditors need to focus on information searches using tools that will find competent, relevant, and useful information. ________________________________ Chapter 4 — The Auditor’s Great Internet Search 57 How Search Engines Work Many auditors use the term “search engine” when describing search engines and search directories. The two are not synonymous. Search engines compile their listings automatically by querying Web sites. They are capable of updating their database by visiting sites and noting changes in Web page information. In contrast, directories, which are not true search engines, rely on human intervention for their listings. A human cataloger reviews information you submit and determines the appropriate subject-oriented classification for the site. If the information on that site should change, the only way it will be updated is if you notify the directory Webmaster. Search engines are composed of three parts. The first component is the spider (also referred to as crawler or Web-bot). The spider queries a page by looking at the Hypertext Markup Language (HTML) used in creating Web pages. Different search engine spiders look at different parts of the Web page. Search engines may review a Web page’s title, meta tag for keywords, meta tag for description and the text included in the body of the page. The information that the spider finds goes into the second component called an index, which is a catalog that captures all the information that the spider found. When a Web page changes, the index is updated to reflect the most recent information. The final component is the search engine itself. This is the actual program that organizes the pages in the index and locates matches based on your criteria. The search engine then displays them according to a ranking algorithm to determine the order in which matching documents are returned on the results page. Different search engines configure the three components based on their own specifications. This is why using the same search criteria on different search engines will provide different results. How Web Pages are Developed Auditors should have a basic understanding of how Web pages are developed in order to structure an effective search. Because there are so many different types of systems operating on the Internet, the World Wide Web was developed so that a simple standard could be applied to Web pages. Web pages use plain ASCII or DOS text but include special formatting codes. It is possible to create Web pages using a simple text editor as long as the author who creates the page knows the HTML formatting codes. In addition to using the right codes it is important for Web page authors to understand the basics of search engines. If you know what kind of information the search engines look for, you can provide relevant information and tags within the HTML document that will increase a searcher’s chances of finding the information they are looking for. Title tags and meta tags are important components of a Web page, yet many Web page authors are unaware of how to include this information correctly. Additionally there are many Web authoring software programs that produce default information for the meta tags. Failure on the part of a Web page author to change the default settings for meta tags may hinder and sometimes prevent you 58 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ from finding information about that site when you query a search engine. If, for example, I create a Web page that provides audit work programs but uses a title that does not clearly identify the site or neglects to include meta tags, you might never find it unless you were told specifically where to locate the page. Proper Web page design is almost as important as strong search skills in finding the right sites when using a search engine. Search Tool Selection Smart searching also means choosing the right tools for the search. Many auditors first turn to Yahoo for conducting an Internet search. Yahoo is not a search engine but rather a subject-oriented index. It can be an effective search tool for auditors looking for general information that falls into a broad subject category. For instance, if you were looking for hotel accommodations you could go to Yahoo, look under Travel/Lodging/Hotels, and find a complete listing of hotels that have Internet sites. On the other hand, if an auditor is searching for specific audit information such as a 401K plan audit program, Yahoo does not have the depth of content to find that information. Conduct that same search for a 401K plan audit program using a search engine, and the first hit will be the AuditNet Auditors Sharing Audit Programs site with a link to that program. So which search tool is the most effective for auditors? I am asked this question repeatedly as I spread the gospel of using the Internet in auditing. There are excellent search tools available for auditors. The following is a list of some search engines and indexes —old favorites and new — that offer more sophisticated searching and have been particularly useful in locating audit resources. Auditors need to become familiar with the “suspects” and find out which ones meet their individual needs and preferences. Presently there are only levels of better as opposed to best. • About.com (http://www.about.com/) employs expert guides to research and provide targeted news and links for their communities. Each channel represents a specific topic such as business, finance, e-commerce, and more. • AltaVista (http://www.altavista.com/) provides a natural language query with the Ask Jeeves search engine. AltaVista also provides translation service for various languages. The translation feature will help bring the global audit community together as a truly international professional body. • Excite (http://www.excite.com/) allows for concept-based searching, which may help in gathering background information for audit-related projects. • FAST — Fast Search and Transfer (http://www.alltheweb.com/) — lives up to its name by providing a quick response when querying its database. This next generation search engine will conduct a virtual search of the entire Web. It employs new technology to operate more efficiently and provide relevant results. Search time and number of documents found are provided to show both the speed and relevancy of the tool. ________________________________ Chapter 4 — The Auditor’s Great Internet Search 59 • HotBot (http://www.hotbot.lycos.com/) allows for establishing time parameters for a search. Say you only want sites posted within the last month or last three months. HotBot allows for a focused query. This ensures that information retrieved is relatively current. • InfoSeek (http://www.infoseek.go.com) allows for searches of Web pages, newsgroups, Internet FAQs, e-mail addresses, and more. • Lycos (http://www.lycos.com/) searches index sites by document title, links, and keywords. It offers both simple and deep search options, and responds with a ranked list of sites with options on how to display the results. • Northern Lights (http://www.northernlight.com/) organizes matches by domain, organization, or other specific levels. This allows auditors to target their search to a specific industry group or type of organization. • Research-It! (http://www.iTools.com/research-it/research-it.html) is a real time saver. It provides for searches of dictionaries, thesauri, language translators, acronyms, quotations, maps, phone numbers, postal information, package tracking, financial information, and more in one swift move. • Vertical Industry Portals or Vortols provide industry-specific news, updates, research and statistics, discussion groups, and business services related to a specific profession. An example of an audit-related Vortol is KnowledgeSpace from Arthur Anderson Consulting. This new generation of search tools works on the premise that general search engine results are less than precise. Vertical portals, sometimes referred to as affinity portals, help users find specific information. They also attract strategic partners who have an interest in targeting their product marketing at a unique industry or profession. • Webcrawler (http://webcrawler.com) is a fast search engine that is worth using for audit-related searches. It provides options for retrieving either the site name or the site name and a brief description of the site. • Yahoo (http://yahoo.com) is the pioneer of Internet directories. It provides subject categories that you may browse and search. The site also provides a people search feature for finding phone numbers and e-mail addresses by completing a simple form. Using Site-Specific Search Engines Many audit-related Web sites have provided search engines that query the local site as well as the global Internet. These site-based search engines provide an effective way for auditors to focus in on relevant sites and then query those sites for the necessary information. 60 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Finding New Ways for Productive Searching Hypersearching or Clever Searching is now being promoted as the future of productive searching on the Internet. This is due to the fact that the phenomenal growth of online information has rendered traditional search tools ineffective. This new technique looks at how Web pages are linked together. Pages on the Internet fall into two broad categories — authorities and hubs. Authorities represent the best sources of information on a particular subject. Hubs represent collections of links to authoritative locations. This new technique concentrates on looking at the hyperlinks rather than at the Web pages themselves. Hyperlinks confer authority so if a page is identified as having a large volume of hyperlinks, it is most likely an authoritative source. This new search methodology has shown promise and should increase the effectiveness of searching the Internet for audit resources. Strategies for Searching Competency in digital searching is not difficult to acquire. Following some basic search guidelines and strategies goes a long way to making Internet research for auditing more productive and efficient. The Sherlock Strategy Sometimes a good place to start a search for a specific site or organization on the Internet is by using what I call the Sherlock theory or logical guessing strategy. Logical guessing means figuring out the site address by assuming the organization chose an easy-to-remember acronym for its site name and registered it for its domain. As Sherlock Holmes would frequently comment to his associate when solving crimes, “Elementary my dear Watson.” • Start by omitting the http:// when entering the address in your browser (Netscape Navigator or Microsoft Internet Explorer). • Enter the common WWW for the site. • Enter the site acronym, corporate name, or initials as appropriate (OHSA, GAO, USDA, NYTIMES). • Add the top level domain (see Chapter 3, Internet Services and Tools for Auditors), most often .com or .gov. This strategy works for many common sites on the Internet. This is a quick logical way to find audit-related sites and should not be overlooked by any auditor. ________________________________ Chapter 4 — The Auditor’s Great Internet Search 61 The Subject-Oriented Indexes or Directory Strategy When your search criteria involves broad-based areas, using subject-oriented indexes may be an effective search strategy. Typically these directories classify sites into subject categories and subcategories. The most popular (and oldest) subject-oriented index is Yahoo (www.yahoo.com). There are two ways to look for information in these directories. One way is to browse through the classifications and find the subject category or subcategory that matches your criteria. For example, if you were looking for a hotel chain, you would look in the travel category. There you would find lodging as a subcategory and then hotels as a sub-subcategory. Scroll down and find the hotel chain you are looking for. Of course if you were looking for the Hyatt Hotel Web site, you could have used the Sherlock strategy and guessed www.hyatt.com. Directories are effective for locating organization sites, general topics, and commercial products. The main disadvantage of directories as search tools is that they are maintained and updated with human intervention. Therefore directory databases are not as large as other search tools nor are they as current. Auditors looking for specific information need to choose more advanced search tools in their quest. The Search Engine Strategy Advanced searching requires sophisticated search tools. Search engines (robots or crawlers) rely on software that examines the underlying code (HTML) embedded in Web pages. Through this examination, the search engine builds a database and indexes as many sites as possible. This technique is most effective and efficient for creating a large index of Web sites. Once a site is indexed, the software periodically goes out (crawls), examines the Web site for changes, and updates its database. Auditors can use search engines by entering their query and retrieving a “hit list” of sites with relevant information. Different search engines use different search methodologies so you need to read the “help” section of each search engine. Become familiar with terms like natural language query, Boolean logic, qualifiers, and extenders. Search engines make it possible for auditors to access information stored on Internet servers for words or phrases that are relevant to their inquiry. Those words or phrases can lead to authoritative pronouncements, audit guides, manuals, tools, and other audit-related topics. The key to getting the right information lies in formulating the appropriate query for the search engine. In designing the query for the search engine it is extremely important to select the right words that will select the most relevant documents existing on the Internet. But even selecting the right words may not uncover the best information or all the information relevant to your search. Search engines are only effective if the Web page developers have done a good job of creating their pages. Remember that search engines look at the underlying code (HTML) used by the Web page developer. That universal code is recognized by Internet browser software. If a developer has left out important information such as title, keyword listing, or page description, the search engine may not even include that page in your list of relevant hits. This is why there has not been a search engine developed to date that will provide a comprehensive index of every site on the Internet. Search 62 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ engines can only find relevant sites when those sites have been properly constructed. To take this strategy one step further, if you misspell a word in your search query, it is very likely that your search will turn up hits in which the Web developer misspelled the same word. Therefore a search on “audting” (or any misspelled variation) will turn up hits. Give it a try and you will see how effective search engines are in finding spelling errors! Search engines also have their limitations. For example, search engines cannot link to text within Adobe portable data format (PDF) documents; information residing on corporate, government, or organization intranets (Internal networks using Internet technology); or information in sites that require a membership login and password. Offline Search Utilities Not all of the search utilities are Web-based. Some search utilities reside on your local computer. These search tools query Web search engines and return results in the form of an abstract with the address. Click on the address and your browser opens the site. Many of these tools, such as WebFerret from Ferret Software (http://www.ferretsoft.com), are free. Research Techniques for Auditors The Professional Auditor Search Strategy (PASS) If the main reason you are connecting to the Internet is for audit-related information, it is imperative that you approach searches with a rational and planned strategy. The best way to start looking for information that meets the guidelines of competence, relevance, and usefulness is to utilize what I call a professional auditor search strategy (PASS). The successful PASS for audit-related information relies on utilizing what researchers call critical-thinking skills. This means applying what you have learned as an auditor in order to approach each search for information in a logical and systematic way. The PASS includes the four phases of traditional research methods, including: 1. 2. 3. 4. Identifying the audit issue (also known as the audit search definition or objective). Developing the audit search. Choosing where to search. Evaluating the results of the search. Phase 1 — Identifying the Objective (the Audit Issue) Begin by defining the objective of the search. This is also known as the issue identification phase. Auditors looking for information on the Internet are doing so for a specific reason. They need information on a particular topic for a specific reason such as ideas for the long-range audit plan, preparing for scheduled audits that are included in the current audit plan, or based on a specific request from management or the audit committee on an important business-related issue. Write ________________________________ Chapter 4 — The Auditor’s Great Internet Search 63 down the objective or purpose of the project. It will help you define the search before you begin. As an example, suppose that your organization recently decided to provide e-mail access to all employees. The objective of your search might be to find existing policies and risks associated with employee use of e-mail. It is important that you narrow the scope of the search as much as possible by clearly defining the objective. Phase 2 — Developing the Audit Search After identifying the search objective, you must decide how you want to search. There are sites on the Internet where the information is organized by subject matter or trees. Subject-oriented sites organize information in a hierarchical directory format. Subject indexes can provide successful results by browsing through the hierarchy of menus. There are several subject-oriented sites such as Yahoo (http://www.yahoo.com) that are popular with auditors. Most of the time you will use a combination of subject matter and a specific search criteria known as a keyword query. In developing the search you should consider identifying the keywords that will provide you with information related to the search objective. There are several ways of structuring a keyword search. Consider using synonyms (different words with similar meanings) for the audit terms selected for the key query. Using a different form of a keyword will also yield different results. If the first search attempt fails to yield sufficient results, try using a different form of the word. For example, using “auditor” as the keyword may turn up a number of hits (matches) for auditory (hearing) or auditorium. Changing the keyword in the query to “auditing” will yield more relevant matches. Sometimes using a different word in a keyword query alters the results considerably. Another technique for search strategies involves using relevant phrases or words rather than a single word. The phrase “internal control” will yield far different search results than will separate searches using the words “internal” and “control.” Phase 3 — Choosing Where to Search There are four different areas on the Internet available to auditors looking for information. You can search for audit-related information on commercial online information services, via peoplebased searches, through text-based Internet tools, and by using the World Wide Web. The order in which these areas are presented does not signify a priority of which resource will most likely provide you with the answer to your query. Your audit search may include one or more of these areas. However, based on the explosion of information and sites on the World Wide Web, auditors will tend to concentrate their efforts here. This may limit the results obtained by ignoring otherwise worthwhile information. If there is sufficient information available on the Web, auditors may stop searching. If sufficient information sources are not found on the Web, auditors should pursue other areas for relevant and reliable information. Commercial Online Information Services If you subscribe to a commercial online service, you may search the resources available within that service. Many of those resources are unique to the commercial service to which you subscribe and therefore may not be available to all auditors connected to the Internet. Each service provides access to various business resources, including professional associations, newspapers and busi- 64 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ ness magazines, and special forums for entrepreneurs, small businesses, and industry groups. Each commercial service provides research tools for locating information. Typically you may query online versions of newspapers, magazines, and databases by title and subject. If you are not a member of a commercial online information service, ask a friend or audit colleague if they can search America Online or Compuserve for you. People-Based Searches The people-based search for audit information consists of utilizing e-mail discussion lists, Usenet newsgroups, and your network of auditors connected to the Internet by e-mail. We have already covered discussion lists, but an excellent resource for topics is the archives of audit-related lists. Some of those archives are posted on the World Wide Web or Gopher servers. Discussion lists and Usenet newsgroups connect you to a worldwide network of auditors and financial professionals. These resources should be one of primary tools for finding audit-related information on the Internet. If only I knew someone who had the answer to the question, “How do I find other auditors connected to the Auditbahn?” Sometimes it is a matter of finding another peer who may already have the answer. So the issue becomes where can you find other audit professionals in your area with whom to network. Although finding other auditors on the Internet is not always easy, there are several ways to go about doing so. One way is simply to ask people for their e-mail address when you meet them. Including your e-mail address on your business card helps this process along. Another way is to post a message on a discussion list or audit-related newsgroup to connect with other auditors with similar interests. America Online (AOL) allows for keyword search of their member profiles. This is an excellent way of networking and finding other auditors who subscribe to AOL. There is also an online e-mail registry of auditors, accountants, and financial professionals. The AuditNet Accounting/Audit/Finance E-mail Directory is the most comprehensive listing of auditors, accountants, and financial professionals available on the Internet. Financial professionals voluntarily e-mail a registration form for listing in the directory. Information and the format for submitting a request to the directory are included in Chapter 6. If you are trying to locate an e-mail address and you know the person’s name but not their phone number or address, you have alternatives. For frequently asked questions (also known as FAQ) on how to find e-mail addresses, go to: http://www.cis.ohio-state.edu/hypertext/faq/usenet/findingaddresses/faq.html. Another option is the Yahoo People Search site at http://people.yahoo.com/. The site provides a form where you complete the first name, last name, and domain. For example, when I entered Jim Kaplan on the netcom.com domain, it returned my e-mail address as [email protected] and another Jim Kaplan with a different e-mail address on Netcom. If an auditor you are looking for has posted a message on a Usenet newsgroup recently (within the last six months), you can use ________________________________ Chapter 4 — The Auditor’s Great Internet Search 65 the Deja.com Web page (http://www.deja.com). The site searches Usenet postings under the auditor’s name and retrieves the message he or she wrote or is mentioned in. You can then get the auditor’s Internet address. Professional organizations such as the National Association of Local Government Auditors are including e-mail addresses on new member and renewal applications. Member directories will be a primary resource for finding peer e-mail addresses. Incorporate people-based search options in every audit or project that you undertake. Remember that the Internet is more than just computer networks tied together. It is a people-based network of information resources that epitomizes the concept of “Progress Through Sharing.” Text-Based Search Tools and the World Wide Web In the previous chapter we talked about some of the text-based search tools such as Archie, which searches anonymous FTP sites, and Veronica, which searches Gopherspace. We will next concentrate on search and retrieval tools designed for the World Wide Web. The World Wide Web provides powerful tools that make it easy for an auditor to search for audit-related information. Auditing, Accounting, and Financial Hotlists (Link Sites) There are a number of sites on the Internet where other individuals, government agencies, professional associations, or companies maintain hotlists or links to auditing, accounting, and financialrelated information. These sites act as a directory specifically directed to particular subjects such as security, internal auditing, accounting, taxes, and education. Each site chooses to organize their information differently so you need to look carefully to find the right category. The AuditNet Resource List, available on the AuditNet Home Page (http://www.auditnet.org/karlhome.htm), is a list of audit-related resources that you can refer to in an Internet search. Find a site that could be related to the topic you are researching. For example, if you were looking for a federal circular from the Office of Management and Budget (OMB), go to the site on the Internet and you will find the current publications available. These hotlists are a great help if you know what type of information you are looking for and it relates to a particular subject or organization. One thing to keep in mind is that sites sometimes do not update their links regularly. Find a site that you feel comfortable with and visit it regularly to keep up to date with new resources. The AuditNet site also includes links to some popular search engines. Audit-Specific Databases There are a growing number of audit-related locations that index their information and include WAIS searching capability. These sites provide word searches of their indexes that make it easy to search for specific terms. They include a popup dialog box that allows for different types of searches, and typically include a help feature that guides you through the selection criteria. Availability of an audit-specific database narrows down a search if you already know that material on your subject has been gathered before. Government sites such as FinanceNet (http://financenet.gov/) and the Auditor General of Canada have keyword search capability in their respective sites. There are also search engines that list (by subject) a number of sites with WAIS capability. 66 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ The U.S. General Accounting Office (http://www.gao.gov) is an excellent example of an auditspecific searchable database. GAO audit reports are found easily by using the Government Printing Office Search and Retrieval tool at Purdue University (http://thorplus.lib.purdue.edu/gpo) for accessing Wide Area Information Server (WAIS) databases. Databases available for searching include congressional bills, the Congressional Record, the Federal Register, public laws, the U.S. Code, and the GAO Blue Book. When planning a review or audit, go to this database first and find out whether GAO has performed any similar reviews. Subject-Oriented Directories Some Web sites are subject-oriented directories or catalogs. These sites are organized by subject trees and provide a hierarchy of categories and sub-categories that allow for searches by topic. They are organized in alphabetical order. Selecting a category provides you with additional subcategories, which provide you with a list of resources for that particular sub-category. Subject directories are used for browsing broad-based subject or general topic areas. Some of these Web sites also allow for a keyword index search of the resources that they reference. Yahoo (http:// www.yahoo.com) and the WWW Virtual Library (http://vlib.org/Overview.html) are examples of well-known subject tree directories. While these directories should be queried when conducting a search for audit information, most of the sites will include topics for business and accounting, but not specifically for auditing. Use the keyword index search capability to locate audit-related topics. Internet Indexes There are Internet indexes that utilize search engines for conducting searches. Search engines, or search and retrieval tools as they are referred to, allow you to find and retrieve audit-related information by connecting to Internet resources through a keyword query. Search engines negotiate multiple locations on the Internet and return matches based on the keywords or phrases chosen for the search. Search engines operate by using tools (robots and spiders) that travel the Internet looking for resources. The search engine maintains an updated index of the sites queried to speed the process. These tools visit millions of WWW pages to create their databases and are the preferred method for searching for audit-related information available on the Internet. Popular search engines include AltaVista (http://altavista.digital.com/), WebCrawler (http://www.webcrawler.com/ ), Lycos (http://www.lycos.com/), and InfoSeek (http://www.infoseek.com/). Do not assume that all search engines produce the same results. Based on the way that each search engine queries sites, results can be surprisingly different. There are also sites that will simultaneously query a variety of search engines. These are known as metasearch engines and can be a powerful addition to the Internet audit search toolbox. The downside of metasearch engines is the limitation of structuring queries for a specific search engine. So the bottom line is knowing how to structure the query for the search engine you chose. This requires a basic familiarity with the different search techniques that Internet search engines utilize. ________________________________ Chapter 4 — The Auditor’s Great Internet Search 67 Search Techniques and Search Queries Internet search engines create an indexed database of words and phrases for the URLs of the sites they query. Making the most effective use of indexes requires knowing how to develop a query using the logical rules or algorithms that the search engine understands. Each search engine uses its own set of rules for queries. Those rules are spelled out in the search engine help feature. All of the Internet search engines provide a query form in which you are asked for the search term. Structuring a query requires knowing what search technique each search engine utilizes. Indexes provide for keyword searching of their respective databases. Additional techniques include Boolean operators, natural language, single term, and automatic truncation. Simple queries for each search engine use the default search technique programmed into that search engine. Each search engine also provides the capability for advanced queries. Before using any one of the popular search engines, read the explanation of how to do simple or complex (advanced) queries. Knowing how to structure your queries will increase the chances for a successful search. Boolean operators allow you to search for different concepts within one query. Boolean operators are actually words such as AND, NOT, and OR. By using a Boolean operator in a query you can search for concepts rather than limiting yourself to single keyword queries. An example of a Boolean search would be a query for INTERNAL and CONTROL. Choosing different Boolean operators can either narrow (and) or broaden (or) the search results. This can be a powerful tool for searching indexes, however not all of the search engines utilize Boolean logic. Some sites support natural language queries that allow you to ask questions as you would in a conversation. Asking the right questions can give you successful search results if you ask them correctly. This technique can give quite unexpected results. Single-term sites rely on using a keyword for the query. The challenge for these sites is choosing the right word to use for the query. Automatic truncation provides for near searches of an indexed site. This technique provides for searching the root of the word and its various endings. Using the term AUDIT would return hits on AUDITOR, AUDITING, AUDITORIUM, etc. Some sites allow using an * or ? as part of the query as well. Search engines that use truncation are worthwhile when you are looking for variations on the root word but will likely include other irrelevant hits. There are also search engines that recognize phrases or a string of contiguous words. These sites look for occurrences of words together such as INTERNAL CONTROL, or GENERALLY ACCEPTED AUDITING STANDARDS. 68 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Here are some tips for making the most of your search for audit-related information. • Start by posting a message on one or more of the audit-related discussion groups (mailing lists or newsgroups). While many subscribers to the lists read messages regularly, some subscribers only check intermittently. Many good ideas come from posting to an audit-related discussion list. Other auditors may know where to find the information you are looking for. • Check any audit-related Web sites you have visited before. Sites constantly change and you may find the information you are looking for on an audit-related indexed location. A good example of this is the GAO searchable database of reports issued, which is available on the GAO home page at http://www.gao.gov/. • Prepare for searches early in the planning stage of the audit. In fact, searches can begin when the annual audit plan is approved. • Choose the right words. Use your knowledge of auditing to select the right word or phrase for the search. • Spell the words you select for the query correctly. Spelling errors may have a significant impact on the search results. • Use synonyms to increase the chances for a successful search. • Try several different search engines for your queries. Each one indexes Web sites differently and produces varied results. • Check the help feature for the search engines you use. Learn the methods of structuring the query for your favorite search engine. • Check for FAQs or Frequently Asked Questions. FAQs contain a wealth of information and should not be overlooked in an audit-related search strategy. • Be as specific as possible in your search terminology with several caveats. The better your definition, the greater the chance of a successful search. If you receive too much information it may be due to your choice of words. If you receive too little information, you may have been too limiting. Phase 4 — Evaluating the Results of the Search The final step in finding audit-related information on the Internet is to evaluate the results of the search (search results). At this stage consider the objectives of the search. Did what you find satisfy the objectives? If not, perhaps the objectives were not clear. Did you find sufficient information? The search criteria could have been too limiting. You may need to expand your search to ________________________________ Chapter 4 — The Auditor’s Great Internet Search 69 locate more records. There are several ways to expand a search on the Internet for information. Use the Boolean operator AND to find more records on the subject. Another possibility is that you may not have allocated sufficient lead time to conduct a thorough Internet search. Did you find too much information? Perhaps your search criterion was too general or not focused enough. You could use the NOT Boolean operator or use a phrase for limiting the records found. The success of the search from an audit perspective depends on more than sufficient, relevant, and useful. The competence or quality of the information is perhaps the most important ingredient of a successful search. The dynamic nature of the Internet combined with the fact that anyone can post information means that you should evaluate the quality of any information retrieved. When it comes to evaluating content on the Internet, the ability to think critically is another of the core competencies that auditors need to develop to achieve digital literacy. Evaluate the information found by applying the following standards. Who Posted the Information? Consider the author of the material when evaluating quality. The background and credentials of the author may provide evidence of his or her qualifications for writing on the subject. What is the Nature of the Information? Is it source information or merely a reference to another’s work? Original information is the most reliable and can be easily verified through the provider. Consider the source in determining the nature of the data found. Why is the Information Posted? The purpose for writing or posting information on the Internet may be another indicator of quality (or lack thereof). Marketing information on a particular site is meant to entice consumers to buy a product or service. Beware of advertising hype such as “This is the best software auditing program on the market.” Where is the Information Coming From? Information from academic, government, or commercial sites is posted for a variety of purposes. Commercial sites post volumes of marketing-oriented material. University sites post research papers, theoretical, and other academic works from professors and doctoral students. Information intended for those audiences may not be competent for audit purposes. When Was the Information Last Updated? How current is the information? You may find sites where the information is not updated regularly. Stale information may not be factually accurate. If there are questions as to when the information was posted or last updated, send an e-mail to the Webmaster or individual who maintains the site. 70 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ How is the Information Obtained? What method did the Webmaster use to obtain the information? Did another individual upload the information to the site and not provide contact information? If a survey was conducted, make sure that the methodology is documented on the site. Find out about the site and make sure that any information posted is done with the knowledge of the Webmaster. If you download any executable programs from a site, make sure that you check them with an antivirus software program. While these questions may seem intuitive, it is important that you not alter or impair your professional judgment just because you are using a new tool (the Internet). The Internet is another source for information, but it is not the only source. Apply professional judgment to any information obtained from the Internet by making sure that it is sufficient, competent, relevant, and useful. There are many more search engines and indexes available on the Internet. While I have found the above tools to be helpful, you may find other tools to help locate audit and audit-related resources. There are several books that I recommend for maximizing your search efforts. Web Search Strategies by Bryan Pfaffenberger (MIS Press) will help you understand more about searching the Internet, especially deep search strategies. Finding It On the Internet by Paul Gilster (John Wiley and Sons) provides details for utilizing all the search capabilities of the Internet. It is also wise to keep up to date on new tools for searching the Internet. The best way to keep informed is by subscribing to the Scout Report, a Publication of Net Scout Services. The Scout Report is available via e-mail by sending a message to [email protected]. In the body of the message, type: subscribe scoutreport-HTML. The Scout Report includes a section on Network Tools that highlights new resources for searching. It also has a Web site (http://www.scout.cs.wisc.edu/) where subscription information is available. Remember that the Internet is constantly changing. In order to make the most of it, keep current on what tools and resources are available to you. Interview: Robert D. Randolph, Communications/Marketing Specialist, Arthur Andersen Knowledgespace (http://www.knowledgespace.com) KnowledgeSpace® is a Web-based knowledge service designed to help improve business performance. It integrates Arthur Andersen’s business resources with daily news and insights to help business people identify and address issues and opportunities. KnowledgeSpace® enhances collaboration among business professionals by creating “virtual communities” of members who face similar issues and have similar interests. By joining a KnowledgeSpace community, members can conduct research on business issues that are specific to their function and industry, use diagnostic tools designed to address their individual business and industry-specific challenges, and participate in discussion groups and electronic forums with their peers and relevant industry experts. The internal audit community gives auditors the knowledge base needed to enhance their internal audit performance. Members have access to the business processes advisor, expanded global best ________________________________ Chapter 4 — The Auditor’s Great Internet Search 71 practices, accounting rules and regulations, and proven procedures — valuable resources for improving their companies’ financial processes. Q. Why did Arthur Andersen create KnowledgeSpace? KnowledgeSpace was created in response to client requests for access to best practice information that Andersen had been collecting in a knowledge base since the early 1990s. What began as an internal knowledge management tool became a resource that any business can use to supplement their existing knowledge management efforts, bringing structured business knowledge into their environment from outside the organization. Q. Tell me about KnowledgeSpace’s Internet strategy. KnowledgeSpace is designed as a forum for sharing Arthur Andersen’s unique business knowledge with the business world and a means to enhance the work we currently do with clients. We have a free business portal site for enterprise business owners and managers, but a more robust site for clients. The client site includes tools that will help the client better understand their needs and work more effectively with their Arthur Andersen engagement team. KnowledgeSpace is a Web-based knowledge service designed to improve business performance. By delivering relevant information when it is needed, KnowledgeSpace helps business people better understand their industry, their opportunities, and their business challenges. The Arthur Andersen resources delivered through KnowledgeSpace help the user address critical business issues they identify with the assistance of KnowledgeSpace. Tools such as Global Best Practices for KnowledgeSpace help benchmark business practices, while Business Radar delivers deep, broad business news from many of the leading business news sources and over 400 industry and trade publications. KnowledgeSpace will also help you connect to the global business community through the “Connections” area of the service. There you can network with business leaders in your industry in online forums, or view video broadcasts of presentations made by leading business luminaries. Overall, KnowledgeSpace is an awardwinning integration of Internet business resources that captures and shares the relevant information business people need to meet their business objectives — and their bottom line. Q. Recently KnowledgeSpace had an article on “virtual auditing.” Do you see an expanded presence for “cyberaudits” as the Internet integrates itself into business processes? The personal aspect of an audit will never disappear, but the Internet can result in some of the audit being virtual. What will be exciting is when an organization and its auditor can tie into a shared system for purposes of the audit. While that will certainly make the audit seem much more virtual, it will be surprising that the importance of the personal relationship will increase. 72 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. What do you see as the future of Internet subscription-based products such as KnowledgeSpace directed at the audit community? An offering like KnowledgeSpace Internal Audit community will be the general format for subscription Web services. General offerings will continue to be offered for free with an advertising revenue model. Very deep specific resources will be able to command a subscription fee because they truly do offer timesaving opportunities. People do not look for a one-stopshop for ALL business information, but they do want one resource they can turn to for all the right information on a very specific topic, such as internal auditing. Q. One of the digital literacy core competencies identified by Paul Gilster was knowledge assembly or being able to target specific information through media feeds that will meet the needs of business professionals. How do you see KnowledgeSpace as meeting the criteria associated with knowledge assembly? KnowledgeSpace was designed with that competency in mind. We have created several different ways for subscribers to reach the information that is relevant to them. One very effective way is through our topical navigator — an index of business issues that auditors deal with on a routine basis throughout the year. By drilling down through a specific topic, an auditor can find all the resources KnowledgeSpace has to offer on that matter. Another effective way is through our Search Plus! feature. Enter a search term and locate all the resources and news articles containing that term or phrase. Finally, we offer Business Radar, a news search service that scours the more than 400 top business dailies and trade journals, and a browse option to scroll through the various resources we have compiled. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? Within our firm new electronic tools, primarily using Internet technology, have allowed our professionals equal and timely access to critical information, tools, and resources. Our use of Internet technology internally (intranet) enables the dissemination of new and updated content on a worldwide basis for our firm in the most efficient fashion imaginable. Q. How has your organization integrated the use of the Internet into auditing? As described above, KnowledgeSpace and our firm intranet have provided our internal auditing professionals with access to the newest auditing tools and methodologies. The Internet has also provided our professionals with access to global internal auditing resources, outside of our own, via the World Wide Web. By having access to auditing resources that are provided by professional organizations such as The Institute of Internal Auditors via their Web site, our auditors are able to keep up with and adjust to industry standard practices. E-mail transfer ________________________________ Chapter 4 — The Auditor’s Great Internet Search 73 between our partners and employees and our clients (made possible by Internet tools) has increased the efficiency of our work and communication tremendously. Q. What Internet resources do you use, and how have they helped you and your organization? Part of the answer to this question is addressed above. We use the Internet to view industry information and standards. We use it to search for specific auditing tools such as work programs offered for viewing by several organizations with Web sites. We use the Internet to share information about our firm with the global business community, to “open our doors” to students at universities worldwide, and to stay abreast of our competitors’ actions. In a nutshell, the Internet has been revolutionary in the way it has allowed our firm to share knowledge internally and externally. Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? See all answers above. Q. What effect have the Internet and the World Wide Web had on the auditing profession? The existence of the Internet and the World Wide Web has increased the speed by which internal auditors discover and adapt to best auditing practices. In the “old world” it took significant time for a new auditing technique to be discovered through paper mail or word of mouth. Now auditors around the world have access to new trends and best auditing practices on a timely, almost immediate, basis. These revolutionary times have also evened the playing field, allowing departments with smaller budgets and fewer resources access to the same level of data, tools, methodologies, standards, and other auditing resources that the larger “wealthier” departments enjoy. Q. What Internet skills do you see as the most critical for new auditors? The Internet does not require much “skill” to use; it requires action. The major mental model that is necessary for internal auditors to embrace and foster is one of “sharing.” In order for us all to keep this knowledge ball moving, we must all share our ideas and practices with each other. The profession will take huge steps forward as a result of the coming together of minds via the Internet. 74 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. What role do you see for the Internet in the future of internal auditing? Since we are in the infancy stages with the Web and Web technologies, all of the ideas and actions commented on above will be enhanced and used more completely by internal auditors around the globe. Plus, if you let your imagination run a little wild, there are many more possibilities. Who knows, the day might not be far off when internal auditors are needed to keep systems and processes controlled in far-off places such as international space stations, giving a whole new meaning to knowledge sharing in cyberspace. Continuing Internet Education The following books are excellent resources for using the advanced techniques of searching for information on the Internet. 1. The AltaVista Search Revolution, Richard Seltzer, Eric J. Ray, and Deborah S. Ray. 2. The Information Specialist’s Guide to Searching and Researching on the Internet and the World Wide Web, Ernest Ackermann and Karen Hartman. 3. Finding It On the Internet, 2nd Edition, Paul Gilster, John Wiley & Sons, Inc. 4. Official Netscape Guide to Internet Research, 2nd Edition, Jill Nystrom and Tara Calishain. 5. The Internet Research Guide, Timothy K. Maloy, Allworth Press. 6. Web Search Strategies, Bryan Pfaffenberger, MIS Press. To keep up with the latest in search tools, go to www.researchbuzz.com. The site was developed as a companion to the Official Netscape Guide to Internet Research. Most business days you can get the latest on new research sites and information. ResearchBuzz is also available as a free weekly newsletter. Subscription information is available at their Web site. ____________________________________________ Chapter 5 — Look Who’s Talking! 75 Chapter 5 Look Who’s Talking! Discussion Group Resources The Internet has long been an important resource for academicians, researchers, and government employees. Today’s auditors and accountants are also appreciating the power of online digital resources. Those resources include a variety of tools that will help professional auditors increase efficiency and effectiveness within their departments and throughout their organizations. Auditors can maximize the power of electronic communications by using discussion groups, one of the oldest and most popular services available on the Internet. Discussion groups are often referred to as mailing lists (or sometimes listserv). Mailing lists are distributed via e-mail and are popular because all that is required to participate is an e-mail account or address, which means virtually everyone on the Internet can participate. Unlike traditional mailing lists, which are used for marketing purposes, electronic mailing lists are used by professionals as electronic newsletters or magazines, as forums for discussions of professional related subjects, and to disseminate news and information. Each list covers a topic or group of topics to which all messages distributed are expected to relate. Some of these lists are open to the entire audit community while others are open only to specific groups of auditors. These interactive lists encourage participation of the list members in order to exchange information and ideas. There are definite economies of scale in that the greater the number of auditors that participate in the discussion, the greater the opportunity for sharing and networking. Some of these lists are monitored or moderated which means the list coordinator reviews material for appropriateness to the purpose of the list. Other lists are not moderated, which means that the topic areas may sometimes drift from their original subject. There are also lists available that are termed reactive and are used primarily for disseminating information or news items. These lists typically do not encourage discussion among list members. There are mailing lists devoted to auditing, accounting, and financial related topics. Subscribe to these mailing lists and you will receive periodic distributions from the list. You may also post messages to the mailing list that will be sent to all subscribers. For example, you could post a request for information on interest rate derivatives in planning for an audit on that subject. Each subscriber to the mailing list would receive the request. Within minutes of sending that request you might receive a reply stating that GAO performed an audit on interest rate derivatives. The response could provide you with information on where to obtain the document electronically. Discussion lists or mailing lists are powerful, efficient tools for networking that auditors may utilize for audit planning, problem solving, and discussion of topical issues. Like most other electronic tools, auditors must understand what mailing lists are available, learn how to subscribe, and use them effectively. Chapter 3 provided the mechanics of mailing lists, including how to join, manage, and leave this type of electronic forum. The following provides specific information on audit-related mailing lists. 76 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Tips for Using Mailing Lists Mailing lists represent a powerful tool for auditors. As with other tools, you should learn to make the most of them. Following are tips for using mailing lists. 1. Save the instructions that you received when you first subscribed to the list. They will provide the details on how to use the list, including unsubscribing from the list. 2. Subscribe to only those lists that are of interest because some lists generate a large volume of e-mail. 3. Address your subscription request to the listserv address rather than the list address. 4. Follow the format for using your name (not e-mail address) in the body of the request (i.e., Subscribe Auditlist John Doe, if so instructed). 5. Know how to unsubscribe just in case the volume of mail becomes unmanageable. 6. Browse messages and archives before contributing to get a feel for the mailing list personality. 7. Keep your postings short and to the point. 8. Practice e-mail etiquette techniques when contributing and responding to list messages. 9. Use sound professional judgment when submitting to lists (i.e., do not distribute sensitive or confidential information to the list). 10. Share meaningful, relevant information to the list. This is an effective way to network with thousands of other auditors. 11. Share relevant messages with peers who are not subscribers to the list. Auditing and Accounting-Related Mailing Lists There are literally thousands of discussion groups available on the Internet. A common question is, “Where do I go to find out what audit-related mailing lists are available?” There are sites on the Internet that store databases of discussion groups, but unfortunately they include all topics. Finding out what relevant discussion groups are available for auditors is a matter of networking. The following auditing, accounting, and financial-related mailing lists for auditing professionals were available at the time of publication. These lists represent a wide variety of auditing and accounting-related topics. The AuditNet Resource List provides updates of new audit-related lists and should be consulted periodically for additions or changes. The AuditNet Resource List, available by e-mail from [email protected] or at the AuditNet home page (http:// www.auditnet.org/karlhome.htm), maintains references to various audit-related mailing lists. The following lists are organized by list name and include the list address for subscribing. ____________________________________________ Chapter 5 — Look Who’s Talking! 77 Audit Discussion Groups ACUA-L List - Association of College and University Auditors (ACUA) - ACUA-L is a listserv on Bitnet and is a closed list, available only to college and university auditors. The list is very active and is a valuable resource, networking, and information tool for auditors in an educational institution environment. Contact Chuck Jefferis at the University of Vermont ([email protected]) for subscription information. ANZ Internal Audit Group Mailing List (http://www.curtin.edu.au/curtin/audit/ mailing%20list.htm) allows for the free exchange of ideas for internal auditors of Australian and New Zealand universities and other interested participants. The site provides information for subscribing to the ANZUIAG-L list. This list was previously called INTAUDIT-L). Audit-L is a generalized audit discussion list open to all auditors irrespective of industries and organizations. The list is intended to have a diverse membership so that broad perspectives from all auditors can be gained through interactive communication. While many specialized lists are created to address unique needs of specific industries or special interest groups, the concept of this list recognizes that many audit issues cross industry/organizational lines. Send subscription requests to [email protected] with one line in the body of the letter: SUB AUDIT-L your name. AuditNet-L is a monthly mailing from AuditNet that provides the latest additions to the AuditNet Resource List, new audit programs added to Auditors Sharing Audit Programs, and more. For a free subscription to AuditNet-L, which includes the monthly updates to Internet Resources for Auditors, send an e-mail to [email protected], leave subject blank, and in the body of the message put subscribe auditnet-l (your name). To unsubscribe, send an e-mail to the same address and put unsubscribe AuditNet-L (your name) in the body of the message. Audit-Y2K Discussion List ([email protected]) is a discussion list devoted to year 2000 issues for auditors. This list is open to all auditors interested in the year 2000 issue and is not moderated. Dyan Hudson, University of Texas at Austin, is the list owner. Subscribe by sending an e-mail request to [email protected] with the message Subscribe AuditY2K (your name). CISACA-L - The Central Indiana Chapter ISACA created a list for information systems auditors. The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe send a one-line message to [email protected] with the message SUBSCRIBE CISACA-L (your name). Leave the subject line blank. Messages sent to [email protected] will be distributed to all subscribers. 78 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ COBIT™ listserv (COBIT-List) created to facilitate discussion about COBIT among members, ISACA has created a COBIT listserv. By exchanging knowledge through the listserv, subscribers are sure to find answers to their questions and advice for improving implementation procedures. Subscribe to the COBIT listserv by sending the following e-mail message to [email protected], type subscribe in the subject line, and leave the message body blank. There is also a digest function for auditors who want to receive a complete daily digest of all postings instead of each posting separately. To subscribe to the digest version of the COBIT list, add the following command in the body of the message: BODY OF MESSAGE: SET DIGEST cobit-list. You will receive an acknowledgment and instructions on how to unsubscribe by e-mail. Computer-Assisted Audit Tools and Techniques (CAATT-L) is a forum for exchange of ideas, experiences, and information related to automated audit tools and techniques such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and automated audit working papers. It is a closed discussion list hosted by RAIN, a regional networking service provider. Send subscription request to [email protected] with “subscribe” in the body of the letter. Control Self-Assessment (CSA-L) Mailing List - an unmoderated discussion list devoted to Control Self-Assessment and open to anyone with an interest in discussing issues related to CSA. CSA is a process that allows work groups to identify or refine the business and quality objectives that they should be fulfilling, while assessing the adequacy of plans and controls in place to meet those objectives. To join the list send a message to [email protected] with the text SUBSCRIBE CSA-L. You will receive an acknowledgement and a message with administrative issues. Credit Union Internal Auditors Mailing List - Discussion list for credit union internal auditors. To join this Internet mailing list, send an e-mail to [email protected] and include the following: “subscribe cu-ia” in the body of the message. Data Extraction and Analysis Mailing List. Established March 1, 1995, on America Online as a moderated discussion forum for the exchange of ideas related to the use of ACL, IDEA, Microsoft Access, and any other data extraction and analysis software. ACL, IDEA, and Microsoft Access are PC-based and allow users to easily read, analyze, and report on data. Biweekly, the moderator sends a summarized document, which organizes the ideas sent during the previous two-week period. The mailing list is not a forum for technical questions (other than idea questions such as, “Is it possible to use ACL for accounts receivable test work and does anyone have a good way to do this?”). All technical assistance questions should be directed to ACL, IDEA, Microsoft Access, or other software technical support. Send all messages and subscriptions to [email protected] with one line in the body of the letter: SUB DE&A. It would be appreciated by the moderator if the person’s real name, organization, software type, and the number of years that data extraction and analysis has been used be included in the message. ____________________________________________ Chapter 5 — Look Who’s Talking! 79 GovCon Discussion Groups (http://www.govcon.com/) - Government contractors site that includes discussion groups for auditing, accounting, and financial management issues. KPMG Peat Marwick is moderating a new discussion group on government audit and reviews. If you have a question on issues affecting the performance and resolution of government contract audits (DCAA, IGs, etc.), post it online. Access to the site is free but registration is required. IDEA Software Users Discussion List - IDEA-LIST is an unmoderated discussion list and forum to exchange ideas and information among users of IDEA (Interactive Data Extraction and Analysis). IDEA is a productivity tool for auditors, accountants, and financial managers that can help display, analyze, manipulate, or extract data from other computer systems. Send subscription requests to [email protected] with one line in the body of the letter: SUBSCRIBE IDEA-LIST. For more information, you can send an e-mail to [email protected]. IS Audit List (isaudit-list) - The IS Audit list server provides IS auditors with a forum to freely discuss topics affecting the profession, including career development issues. The site is sponsored by Gerry Myers Associates, an IS Audit Consulting and Recruiting firm. To subscribe to the list, address your request to [email protected] with the word SUBSCRIBE in the subject field only. You will receive an acknowledgment welcoming you to the list with important information on using the list server. PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L) is a list server devoted to PeopleSoft Security, Audit, and Control. To subscribe to this list, send an e-mail (with your signature feature turned off) to: [email protected]. Include no subject line. In the body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example: subscribe PSSAC-L Jane Doe). Business-Related Discussion Groups Employee Benefits Mailing List (Benefits-L) provides discussion on health management, human resource information systems, payroll, ERISA, unemployment insurance, workers compensation, and other benefit-related issues. To subscribe, send a message to [email protected]. Leave the subject blank and type in the message area: subscribe BENEFITS-L (your name). Government Finance-Related Discussion Groups FinanceNet Mailing Lists FinanceNet operates various mailing lists that are useful for sharing information and staying abreast with breaking issues in the area of government financial management. For information on all the current mailing lists available from FinanceNet and instructions on how to use them, send a message to [email protected]. . 80 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ FinanceNet mailing lists open for public subscription use the “Listproc” program software to automatically respond to specifically worded commands to subscribe and unsubscribe users and to respond to certain “special option” commands that provide further utility. Subscription to any of the FinanceNet e-mail lists is free and available to anyone interested in improving government financial management through the sharing of information and ideas. There are many e-mail lists within the FinanceNet network, each one dedicated to a government financial management discipline or professional organization. FinanceNet mailing lists are “coordinated” by a member of the FinanceNet Core Team who is familiar with the topic of the list. Coordination involves monitoring the list, checking for and reporting disruptive inflammatory messages, insuring that the appropriate new documents, newsletters, journals, bulletins, circulars, or other pertinent items of interest to the list membership get distributed to the list, and making policy recommendations back to the FinanceNet’s Core Team for list enhancements. You are free (even encouraged) to post pertinent documents, news, or announcements (or notices of the electronic location of same) to any of the FinanceNet mailing lists. You are not required to be a subscriber to a list to post to it. However, to receive distributions posted to a particular list, you must subscribe to that list. All communications to the list (postings) are addressed to the list itself (i.e., [email protected]). All subscription service requests must always go to the list manager address (i.e., [email protected]) or they will not get processed. FinanceNet Mailing Lists Currently Available All of the following mailing lists are available through FinanceNet. The purpose of the lists is for posting and receiving news, announcements, notices, information comments, and questions related to the list topics. The list title is provided first followed by the list name in parentheses. The list name is the address to send messages to that will go to the subscribers of the list (see How to Post Messages). Each list includes a description of the types of information covered by the list topic. Subscribe to the list by sending an e-mail to [email protected] and include a message SUBSCRIBE (LISTNAME) (YOUR NAME FIRST/LAST). Replace LISTNAME with the name of the list that you want to subscribe to (for example, muninet, budget-net, etc.). Remember that the list name is everything before the @ sign. For general information about FinanceNet mailing lists, send an e-mail to: [email protected]. FinanceNet is always adding new lists based on specific needs of the government financial management community. Accounting ([email protected]) - A distribution list for public and private sector accountants to encourage the cross-sector posting of accounting-related notices, papers, standards, and other documents to increase the awareness of each sector’s particular accounting problems, successes, and best practices. ____________________________________________ Chapter 5 — Look Who’s Talking! 81 Association of Government Accountants ([email protected]). This AGA mailing list is for discussions of governmental accounting issues. Budget-Net ([email protected]) - A distribution and discussion list for revenue, appropriation, and budget issues at all levels of government related to the mission of BudgetNet, a NetResults network of people at the National Performance Review. Calendar - Joint Financial Management Improvement Program ([email protected]) is a free government distribution list (no discussions). FinanceNet’s “calendar” posts periodic updates (usually monthly) of the FinanceNet Universal Financial Management Calendar for Events and Training. This calendar is also cross-posted on the FinanceNet Web site. Calendar events and training opportunities are posted by day of month for all federal, state, and local participating agencies and professional organizations. This list is coordinated by the Joint Financial Management Improvement Program (JFMIP). You are encouraged to send agency and professional association calendar events for posting to this list to the JFMIP. Daily Asset Sales from the CBD ([email protected]) - FinanceNet’s “daily-sales” list server is a daily distribution list of all government asset sales and surplus listings from each day’s edition of the “Commerce Business Daily.” This service is provided compliments of the Loren Data Corp. Electronic Commerce ([email protected]) - FinanceNet’s free “EC-Finance” list server targets all issues relating to financial administrative aspects of government electronic procurement and acquisition at all levels of government. Your topic-related comments and participation in this list are encouraged and welcomed. Employment Opportunities in Public Financial Management - FinanceNet’s “Fin-Jobs” list server is a free government distribution list (no discussions) that posts notices of employment openings in government financial management positions, including accounting and budgeting jobs, at all levels of government. FASAB ([email protected]) list server is a free government distribution list (no discussions) reserved for official news and announcements from the Federal Accounting Standards Advisory Board (FASAB). Posted to the list are news, announcements, meeting agendas, and newsletters from the FASAB. Fin-audits ([email protected]) list server addresses all issues relating to government financial audit issues at all levels of government. Discussions can relate to the various financial issues relating to the relations between the CFO and audit communities, agency audit findings and recommendations, audit follow-up and validation procedures, materiality thresholds, IG vs. IPA audits, financial audit resources and staffing, etc. Your topic-related comments and participation in this list are encouraged and welcomed. 82 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Financial Executives Institute ([email protected]). Financial Legislation ([email protected]) list server is a free government distribution list (no discussions) that posts periodic updates on the status of financial management legislation, in various stages of completion, from the U.S. Chief Financial Officers Council’s (CFOC) Legislation Committee. Financial Operations ([email protected]) - FinanceNet’s “Fin-Operations” list server is a free government distribution and discussion list that targets the full range of government administrative financial management operations, including vendor payments, cash management, travel, accounting standards, financial reporting, etc. Your topic-related comments and participation in this list are encouraged and welcomed. Financial Personnel & Training ([email protected]) - FinanceNet’s “Fin-training” list server is a free government distribution and discussion list that addresses all matters relating to government financial personnel and training issues at all levels of government. Discussions frequently center around establishing core competencies for government financial managers, retention, recruitment, training and continuing education issues, course content, professional readiness, applicant pool size, interviewing skills, classification standards, position descriptions, etc. Your topic-related comments and participation in this list are encouraged and welcomed. Financial Policy ([email protected]) - FinanceNet’s “Fin-policy” list server is a free government distribution and discussion list that addresses all matters relating to government financial management policy at all levels of government. Your topic-related comments and participation in this list are encouraged and welcomed. Financial Statements & Reporting ([email protected]) - FinanceNet’s “Fin-reporting” list server is a free government distribution and discussion list that addresses all matters relating to the various financial reporting requirements of the FASAB, treasury, and OMB; financial statements issues, accountability and stewardship reporting, policy, procedures, improvements, standards, etc., and especially the newly required “Statement of Financing.” Your topic-related comments and participation in this list are encouraged and welcomed. Financial Systems ([email protected]) - FinanceNet’s “Fin-Systems” list server is a free government distribution and discussion list that addresses all matters relating to government financial government financial systems at federal, state, and local levels such as systems integration, core systems, systems requirements, computer hardware and software, contractors, useful life, information architecture, functional standards, data dictionaries, standard general ledger implementation, cross-servicing, general improvements, etc. Your topic-related comments and participation in this list are encouraged and welcomed. ____________________________________________ Chapter 5 — Look Who’s Talking! 83 Financial Technologies ([email protected]) - FinanceNet’s “Fin-Technologies” list server is a free government distribution and discussion list that addresses all matters relating to emerging technologies in governments. Your comments and participation in this list are encouraged and welcomed. Submissions to this list are liberally moderated for applicability to the topic. General Public Finance Topics ([email protected]) - FinanceNet’s “General” list server is a free government distribution and discussion list that addresses all matters relating to government financial management issues that do not conveniently fall into one of the categories represented by the other FinanceNet mailing lists. Your topic-related comments and participation in this list are encouraged and welcomed. GovSales ([email protected]). This list server is a free government distribution list that announces matters relating to the public sale of all manner of assets, surplus, and property posted by federal, state, and local governments. Included are notices for auctions and public sales and information on hard, soft, and financial assets covering everything from loans and estates to boats and cars. Traffic is light, especially as agencies “gear up” to participate in this list. This list is set up as a “digest” so that subscribers receive only one message per day. Government Finance Officer’s Association Mailing List - FinanceNet’s “GFOA” list server is a free government distribution and discussion list that addresses all matters relating to the mission of the Government Finance Officers The GFOA posts announcements and other important information via this mailing list. For information on this and other FinanceNet mailing lists, send email to [email protected]. To post information to the GFOA mailing list, send a message to [email protected]. Your topic-related comments and participation in this list are encouraged and welcomed. International Financial Management ([email protected]) - FinanceNet’s “International” list server is a free government distribution and discussion list that addresses all matters broadly relating to international government financial management. Discussions can relate to topics such as government accounting, audits, financial statements, budgets, financial operations and policy, controls, revenues and taxation, accountability and stewardship, and all other issues of interest to international government financial managers and taxpayers. Issues and problems discussed and best practices offered cross geopolitical borders. Posts are accepted in multiple languages. This list also provides a communications medium for members of the International Consortium for Government Financial Management (ICGFM) and other international government professional financial management and accounting organizations. Your comments and participation in this list are encouraged and welcomed. Submissions to this list are liberally moderated for applicability to the topic. 84 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Local Government Elections and Technology ([email protected]) - FinanceNet’s “LEAT” list server is a free government distribution and discussion list that addresses all matters relating to the mission of government elections administrators. The list is sponsored and moderated by the International Institute of Municipal Clerks (IIMC). Municipalities and Townships ([email protected]) - FinanceNet’s “MuniNet” list server is a free government distribution and discussion list that addresses all matters relating to financial accountability and stewardship of municipalities, towns, and townships within larger geopolitical jurisdictions. As in the “state-county” list, documents and discussions broadly relate to accounting matters, bonds, revenues and taxation, budgets, systems, fees, licenses, audits, controls, payroll, and all other issues of interest to clerks, and other local government financial management staff and taxpayers. This list also provides a communications medium for the membership and agenda issues for the International Institute of Municipal Clerks and other local government professional organizations. Your comments and participation in this list are encouraged and welcomed. National Association of Local Government Auditors ([email protected]). A list devoted to issues and topics for city and county local government auditors. Subscribe to this list by sending an e-mail message to [email protected]. News ([email protected]), FinanceNet’s free “News” list server, is the “master” announceonly list server (no discussions). All messages sent to ALL of FinanceNet’s topical and organizational financial management listservers are forwarded to this “master” listserv. The default has been set to “weekly digest” — you will get only one message each week (on Wednesday). That message will include all messages sent to all FinanceNet’s public listservers for the week ending that Wednesday. The “news” Web archive is also the “master” archive for all of FinanceNet’s public list server messages distributed from 12/10/98 forward. Performance Measures ([email protected]) - FinanceNet’s “Perf-measures” list server is a free government distribution and discussion list that addresses all matters relating to government performance measures at federal, state, and local levels. Dialog can relate to the Government Performance and Results Act of 1993 (GPRA), outcome vs. output measures, statistical presentation and reporting, performance measures impact, development, standards, compliance, etc. Your topic-related comments and participation in this list are encouraged and welcomed. Privatization ([email protected]) - FinanceNet’s “Privatization” list server is a free government distribution and discussion list that addresses all matters relating to privatization of government services at federal, state, and local levels. Your comments and participation in discusions on this list are encouraged and welcomed. This list is sponsored by the National Council for Public and Private Partnerships (NCPPP). ____________________________________________ Chapter 5 — Look Who’s Talking! 85 Procurement Issues ([email protected]) - FinanceNet’s “Procurement” list server is a free government distribution and discussion list that addresses all matters relating to government procurement, acquisition, streamlining and reinvention, and electronic commerce at all levels of government. Your topic-related comments and participation in this list are encouraged and welcomed. Property Plant and Equipment ([email protected]) - FinanceNet’s “PP_E” list server is a free government distribution and discussion list that addresses all matters relating to fully accounting for and reporting the costs of property, plant, and equipment held by federal, state/local, and international government agencies. Historically, governments have often not maintained records to fully account for PP&E costs. Issues may relate to developing and maintaining a complete inventory, techniques for determining original cost, useful life considerations, accounting for agencyunique assets, capitalization thresholds, documentation and retention, and cost/benefit considerations. Your topic-related comments and participation in this list are encouraged and welcomed. State & County Issues ([email protected]) - FinanceNet’s “State-County” list server is a free government distribution and discussion list that addresses all matters relating to government financial stewardship and taxpayer accountability issues at state and county levels of government. Posts and discussions broadly relate to accounting matters, bonds, revenues and taxation, budgets, systems, fees, licenses, audits, controls, payroll, and all other issues of interest to local government financial managers and taxpayers. Your comments and participation in this list are encouraged and welcomed. The following is information provided by FinanceNet on subscribing and managing participation on these mailing lists. How to Subscribe You can automatically subscribe to any FinanceNet Internet mailing list by following a few simple procedures exactly. The list program will process your request and subscribe you to the list only when your commands are worded correctly and in the proper sequence. It is important to remember that the “Listproc” program will not understand any commands, comments, or verbiage you might send in the body of your message that do not precisely match the commands and instructions described below. Additional verbiage will just confuse the software. Although you may subscribe to as many FinanceNet mailing lists as you like, we suggest that you subscribe to only one list per message. You will be able to subscribe to any of the lists by sending a simple Internet e-mail message. To begin you must address your message to: [email protected] DO NOT address your subscription request (or other list maintenance or service request) to the list name itself (i.e., [email protected]). Not only will your service request not be under- 86 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ stood or honored, your service message will go out to all subscribers of record for that particular list. Your service request message will more than likely be confusing and an irritant to other subscribers. To repeat, all mailing list subscription service request messages must be sent ONLY to: [email protected] You may leave the subject blank on all list service requests. However, you may want to include one for your own future reference. For example, if you wanted to subscribe to the FinanceNet list “intcontrols” you would include in the first line of the body of the mail message (case being unimportant) the command: subscribe list name your name Example: subscribe int-controls John Doe You must use your true name (John Doe) in the command above (not your e-mail address) and, again, send via e-mail to: [email protected] Rarely you may need personal attention from a live individual relating to a special mailing list request or problem. In this case, send your e-mail comment or request to the list manager: [email protected] Contacting the list manager for anything other than compliments should be your last option, NOT your first. The whole idea is that YOU manage your account with the list and the manager only steps in when the need goes beyond what the list service will allow you to do. How to Unsubscribe To unsubscribe (sign off) from any FinanceNet e-mail list, simply send in the first line of the body of a mail message the command: unsubscribe list name Example: unsubscribe int-controls and send via e-mail to: [email protected] ____________________________________________ Chapter 5 — Look Who’s Talking! 87 Again, DO NOT address your “unsubscription” or other service request to the particular mailing list name itself. All such requests MUST go to the “listproc” address above. All service requests do not require the subject line to be filled out, although you may do so for your own record keeping if you like. If you send your “unsubscribe” request to the list itself you will NOT be unsubscribed, and everyone on the list will receive a wasted message. We enthusiastically encourage you to actively subscribe to and participate in FinanceNet mailing lists by browsing and replying to messages. However, until you become accustomed to the structure and nature of the lists, you may want to just browse through the messages until you gain confidence. Also, as you begin to acquaint yourself with the process, you may want to limit your subscriptions to only those lists of particular interest. This will also reduce the likelihood of overloading your e-mail inbox. How to Post (Send) Messages and Responses to the List By default, everything you post to the list goes to every subscriber on the list, and the list may have thousands of members. There are times when you only want to reply to the individual who posted a particular message. Make sure you address your message to that individual rather than simply using the reply option on your e-mail service. The reply option will send your message back to all members of the list. Quoting in a Reply If your e-mail package allows you to quote the message you are replying to — USE IT. Do not quote the whole message, just quote enough so that the other person understands what you are replying to. Many members of a list get and send a lot of mail and they need a memory jogger as to what you are talking about. If you do not have a quote feature, add a reminder as part of your reply. Be Brief This is a gray area that requires good judgment, but the general rule is to keep your posts to a list short and to the point (this post is not a good example). Most subscribers are not looking for 10page books. If you have a lot to say, then send a message to the list announcing your book and how they can request it. DO NOT drop a book into 2,000 mail boxes without permission. The practice of dropping large messages on a list is also a problem for the list manager’s equipment. The computer managing the list has to work overtime when someone posts a huge document to thousands of e-mail addresses. To send a message to the entire list, always address it to the list itself: list [email protected] Example: [email protected] 88 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ You may subscribe to as many lists as you like, but you will need to keep in mind that should a message ever be sent to all of the FinanceNet mailing lists (for instance, a general interest message from the FinanceNet Core Team), you will get a duplicate message for every list to which you subscribe. Some Good General Mailing List Tips A list service wants to avoid subscribing and unsubscribing users on a case-by-case basis. Individuals send subscription service commands directly to the list processor via e-mail messages rather than relying on the list manager to manually and laboriously do it for them. FinanceNet mailing lists are expected to develop thousands of subscribers, so it is not practical for the manager to personally assist in subscription service requests unless absolutely necessary. The Listproc software sends a message back to a new subscriber explaining how to unsubscribe from the list, set various list service options, and get additional help. A good practice is to save that document for future reference. A good way to manage this is to create a physical or electronic directory/folder called Listproc (or whatever you like). Under that directory/folder, create directories for every list to which you subscribe. Next, store anything related to that service in its directory for future referral. Change of Addresses If you know your e-mail address is going to change, unsubscribe from ALL lists that you belong to before the address changes. Then re-subscribe to them again using the new address. If you wait until you are using the new address, the list manager will have to unsubscribe you from the list under the old address. If were unable to unsubscribe before your address changed, send a subscribe message to the list and a second message to the manager asking that your old address be removed. The Digest Command An excellent way to avoid e-mail inbox overloading, or to solve the problem of a currently overloaded e-mail inbox, is to use the “digest” command. This useful command will “digest” all messages posted to a particular mailing list by sending you only one message per day. That one message will include every message sent to the list that day with a handy “index” to all the posted messages up font to help you sort through the day’s e-mail traffic. The only disadvantage to setting the “digest” option is that it makes replying to any particular message in the “digest” more difficult. To respond to a message buried within the “digest,” you would manually jot down the address of the sender and then address a separate message as your reply. We suggest you use the “digest” setting only when necessary should your e-mail inbox become overloaded. ____________________________________________ Chapter 5 — Look Who’s Talking! 89 To set the “digest” option (for the “int-controls” example), include in the first line of the body of an e-mail message the following command: set <list> mail digest Example: set int-controls mail digest and send via e-mail to: [email protected] The reversing listproc command to turn off digest option is: set <list> mail ack Example: set int-controls mail ack WARNING: DO NOT send a list maintenance message for change of address, the setting of special options, or subscribe or unsubscribe messages to the lists themselves (example above). Your list maintenance message will go out to every member of the list, much to their dismay. Send any and all automatic list maintenance and service commands to: [email protected] Send special subscription requests, comments, or evaluations to: [email protected] Additional Mailing List Information For additional information on FinanceNet Internet e-mail list commands, send the following request in the first line of the body of an e-mail message: help and send to: [email protected] For complete information on all FinanceNet services, send a blank e-mail message to: [email protected] You will automatically receive a response by return e-mail with complete details. 90 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Jobs and Career Discussion Groups Accounting and Finance Employment Opportunities (JOBS-ACT). This is a moderated mailing list of employment opportunities for accounting and finance jobs, including cash management, auditing, and tax (no entry level positions). To subscribe, send a message to [email protected] with the word SUBSCRIBE in the subject line and the body. Do not include your name, address, or additional text in the subject line or the body of the message. Subscribers can obtain an archive file, which gives information on several employment BBS’s around the nation by sending the command ARCHIVE JOBS-ACT to the list address. Privacy Discussion Groups Cypherpunks list is a forum for discussing personal defenses for privacy in the digital domain. It is a high-volume mailing list. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE cypherpunks-unedited. Cypherpunks Announce is a low-volume announcements list which is moderated. Announcements for physical cypherpunks meetings, new software, and important developments are posted there. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE cypherpunks-announce. Privacy Digest Discussion group covers all issues related to privacy, including government, credit reporting agencies, and individual rights. Subscribe by sending an e-mail to [email protected] and leave the subject line blank. Type SUBSCRIBE in the body of the message. The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS. It spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: information privacy. Security Discussion Groups Security mailing lists represent important tools for auditors, network administrators, security officers, security consultants, and anyone who needs to keep current on security-related information. Computer Risks covers industrial espionage, trade secrets, and computer security risks. Subscribe by sending e-mail to [email protected] and leave the subject line blank. Type SUBSCRIBE in the message area. ____________________________________________ Chapter 5 — Look Who’s Talking! 91 Firewalls Mailing List is a list server devoted to the subject of firewalls and Internet security. Any auditor concerned with information security and the issue of firewalls should subscribe to this list. The list generates a great deal of traffic on the subject of internet security and the construction of firewalls. Subscriptions should be sent to [email protected] with the message subscribe firewalls-digest. I would recommend the digest version rather than the direct mail (nondigest) version. Information Security Discussion List ([email protected]) INFSEC-L is an unmoderated Internet discussion list intended to foster open and constructive communication among information security and auditing professionals in government, industry, and academic institutions. Discussion is encouraged on a broad range of topics and issues related to information security. Initial subscriptions to the list are screened by the list owner to ensure the addition of only appropriate individuals. Send subscription requests to [email protected] with one line in the body of the letter: SUB INFSEC-L your name. PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L) is a list server devoted to PeopleSoft Security, Audit, and Control. To subscribe to this list, send an e-mail (with your signature feature turned off) to: [email protected]. Include no subject line. In the body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example: subscribe PSSAC-L Jane Doe). RACF-L ([email protected]) is a discussion list devoted to the topic of Remote Access Control Facility. Auditors in organizations that use this security tool should consider subscribing to this e-mail discussion group. You can join this group by sending the message “sub RACF-L your name” to [email protected]. Note: This is a high-volume list specifically designed for audit and security personnel using RACF. To get the latest network security news and information, use the following services: [email protected] with “send index” in message http://www.iss.net/ ftp://ftp.iss.net/pub/ Alert is a moderated list designed to keep the noise to a minimum and provide quality security information. It covers topics such as security product announcements, security product updates, new vulnerabilities, frequently asked questions (FAQs) on security, and new intruder techniques and awareness. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: subscribe alert. To remove, send e-mail to [email protected] and, in the text of your message (not the subject line), write: unsubscribe alert. 92 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Best-of-Security was created in order to compile information for the average security administrator. Best-of-Security is currently an unmoderated list. That may sound strange given its stated purpose of massive entropy reduction, but because “best” often equates with “vital,” it is important that material sent to this list be delivered to its subscribers quickly. If you find information from any source (including other mailing lists, newsgroups, conference notes, papers, etc.) that fits into one of the acceptable categories, you should immediately send it to “[email protected]”. Do not try and predict whether or not someone else will send the item. Unless you are on a time-delayed mail vector, such as polled uucp, or the item has already appeared on best-of-security, mail the info to the list! Even if it is a widely deployed piece of information, such as a CERT advisory, the proceeding argument still applies. If the information has not appeared on this list yet, SEND IT. It is far better to run the risk of minor duplication in exchange for having the information out where it is needed than to act conservatively about the occasional doubling up on content. To join, send e-mail to [email protected] with the following in the body of the message: subscribe best-of-security. The Bugtraq list is for detailed discussion of UNIX security holes — what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing the use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list’s charter. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: information on Unix-related security holes/ backdoors (past and present), exploit programs, scripts or detailed processes about the above, patches, workarounds, fixes, announcements, advisories or warnings, ideas, future plans or current works dealing with Unix security, information material regarding vendor contacts and procedures, individual experiences in dealing with above vendors or security organizations, and incident advisories or informational reporting. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: subscribe bugtraq. CERT (Computer Emergency Response Team) advisory mailing list provides past advisories and other information related to computer security, available for anonymous FTP from cert.org (192.88.209.5). To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: I want to be on your mailing list. The CIAC (Computer Incident Advisory Capability) of DoE. CIAC manages the following mailing list for its electronic publications: CIAC-Bulletin: CIAC Information Bulletins and Advisory Notices containing important, time-critical computer security information. To join, send email to [email protected] and, in the body of your message (not the subject line), write any of the following examples: subscribe ciac-bulletin. COAST Security Archive for the Computer Operations, Audit, and Security Technology (COAST) Project. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE coast. ____________________________________________ Chapter 5 — Look Who’s Talking! 93 The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the Usenet newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) list established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: subscribe cpd. Computer Underground Digest or CuD is available as a Usenet newsgroup: comp.society.cudigest and covers many issues of the computer underground. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUB CUDIGEST. Euro Firewalls deals with the issue from the European perspective. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE firewalls-uk e-mail-addr. Firewalls discussion lists provide useful information regarding firewalls and how to implement them for security. This list is for discussions of Internet “firewall” security systems and related issues. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE firewalls. HP, Hewlett Packard. The latest digest of new HP Security Bulletins will be distributed directly to your mailbox on a routine basis. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: subscribe security_info. Intrusion Detection Systems list is a forum for discussions on topics related to the development of intrusion detection systems. Possible topics include techniques used to detect intruders in computer systems and computer networks, audit collection/filtering, subject profiling, knowledgebased expert systems, fuzzy logic systems, neural networks, methods used by intruders (known intrusion scenarios), CERT advisories, scripts and tools used by hackers, computer system policies, and universal intrusion detection systems. To join, send e-mail to [email protected] with the following in the body of the message: subscribe ids. NTBugtraq is a mailing list for the discussion of security exploits and security bugs in Windows NT and its related applications. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: subscribe ntbugtraq. To remove, send e-mail to [email protected] and, in the text of your message (not the subject line), write: unsubscribe ntbugtraq. 94 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ NT Security Mailing List is a moderated mailing list discussing Windows NT security as well as the Windows 95 and Windows for Work Group security issues. The issues discussed include everything at the host and application level security as well as at the network level. To join, send email to [email protected] and, in the text of your message (not the subject line), write: subscribe ntsecurity. To remove, send e-mail to [email protected] and, in the text of your message (not the subject line), write: unsubscribe ntsecurity. Risks is a digest that describes many of the technological risks that happen in today’s environment. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE. Secure NCSA http is a World Wide Web (WWW) server supporting transaction privacy and authentication for Secure WWW clients over the Internet using the Secure HyperText Transfer Protocol (S-HTTP). Secure NCSA httpd was developed by Enterprise Integration Technologies in cooperation with RSA Data Security and the National Center for Supercomputing Applications at the University of Illinois, Urbana-Champaign. The purpose of this mailing list (shttp-talk) is to allow people who are interested in potentially using SHTTP to ask questions, air issues, express concerns, and discuss the specification and reference implementation. Information about Secure HTTP can be found on the CommerceNet WWW server. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE . Secure Socket Layer - Talk is a mailing list to discuss secure sockets layer - Netscape’s approach to providing encryption and authentication for IP-based services (primarily HTTP, but expanding to address Telnet and FTP as well). To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE. The Sneakers mailing list is for discussion of legal evaluations and experiments in testing various Internet “firewalls” and other TCP/IP network security products. Vendors are welcome to post challenges to the Internet network security community. Internet users are welcome to post anecdotal experiences regarding (legally) testing the defenses of firewall and security products. “Above board” organized and/or loosely organized wide area tiger teams (WATTs) can share information, report on their progress, or eventual success here. There is a WWW page with instructions on unsubscribing as well as posting, and where notices and pointers to resources may be put up from time to time: http://www.cs.yale.edu/HTML/YALE/CS/HyPlans/long-morrow/sneakers.html. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE Sneakers. Sun Security Alert mailing list informs users of security information for SUN systems. To join, send e-mail to [email protected] and, in the subject of your message write: SUBSCRIBE CWS your-e-mail-addr. ____________________________________________ Chapter 5 — Look Who’s Talking! 95 UNINFSEC - University Info Security Forum is a closed, unmoderated discussion list for people who have information security responsibilities in their jobs and who work for educational institutions or have a close relation with education. Discussions range from policy discussions, awareness programs, virus protection, change control, privileges, monitoring, risk assessments, auditing, business resumption, etc. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: subscribe uninfsec. Virus Alert (VALERT-L) is an electronic mail discussion forum for sharing urgent virus warnings among other computer users. Postings to VALERT-L are strictly limited to warnings about viruses (e.g., “We here at University/Organization X just got hit by virus Y - what should we do?”). Follow ups to messages on VALERT-L should be done either by private e-mail or to VIRUS-L, a moderated, digested, virus discussion forum also available on this listserv, [email protected]. Note that any message sent to VALERT-L will be cross-posted in the next VIRUS-L digest. To preserve the timely nature of such warnings and announcements, the list is moderated on demand (see posting instructions below for more information). What VALERT-L is not? A place to do anything, other than announce virus infections or warn people about particular computer viruses (symptoms, type of machine which is vulnerable, etc.). To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE valert-l your name. Virus-L is an electronic mail discussion forum for sharing information and ideas about computer viruses. It is also distributed via the Usenet Netnews as comp.virus. Discussions can include (but are not necessarily limited to) current events (virus sightings), virus prevention (practical and theoretical), and virus-related questions/answers. The list is moderated and digested. That means that any message coming in gets sent to me, the editor. I read through the messages and make sure that they adhere to the guidelines of the list (see below) and add them to the next digest. Weekly logs of digests are kept by the listserv (see below for details on how to get them). To join, send email to [email protected] and, in the text of your message (not the subject line), write: subscribe virus-l your name. WWW Security list is maintained by the www-security team of Network Services, Rutgers University Telecommunications Division. WWW-SECURITY is the official mailing list of the IETF Web Transaction Security Working Group. While there are many approaches to providing security services on the Web, most of the current work is concerned with securing the HyperText Transport Protocol. Because of the great need for quick implementation of Web security services, HTTPlevel solutions cover a wide range of WWW applications, and the IETF is a proven forum for promoting standards to vendors and the international networking community. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE www-security your_e-mail_address. 96 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Tax and Accounting Discussion Groups Accounting and Tax Professionals in Public Practice and in Industry Discussion Lists - The following lists are jointly owned and managed by Kent Information Services, Inc., and TAPNet. If you have questions or need additional information about these lists, e-mail John Graves at [email protected] or Jim Snell at [email protected]. Subscribe to these lists at http:// www.kentis.com/listsub.html. AA-STDS-APP discusses actual accounting and auditing problems and how current standards should be applied in those circumstances. Participants must agree that the names of the companies that are the subject of discussion will not be identified, and opinions offered by participants will not be relied upon as authoritative but only as a starting point for further research. All accounting and auditing professionals are welcome to join this list. CPA-INET-USE focuses on: 1. How CPAs in public practice are using the Internet to improve client service, lower costs, and enhance revenues. 2. How CPAs in industry are using the Internet to enhance administration and productivity. The Internet is a new tool being used by CPAs in innovative ways not predicted even a year ago. This discussion group shares new ideas and lessons learned from successful implementations as well as those that were not as successful. Home pages are submitted to this group for evaluation and comment. All accounting and tax professionals are welcome to join this list. CPA-MGMT-MRKTG - The CPA Management and Marketing list is dedicated exclusively to subjects on managing and growing a CPA firm. The goal of the list is to be a forum for discussing ideas, sharing problems, and communicating successes about firm management and marketing. By participating in this group, practitioners have a place to turn for access to the most current ideas and trends and to sound out ideas and plans in a supportive atmosphere. All tax and accounting professionals in public practice are welcome to join this list. MGMT-ACCT - The Management Accounting list discusses new issues and ideas relevant to financial professionals working for both large and small companies. This list helps management accountants cope with the increasing corporate demands for greater organization efficiency. Relevant topics include a range of practical issues from “strategies used to decrease lead times for order fulfillment” and “choosing the right combination of organization benefits,” to “strategies used in downsizing, strategic planning, and financial reengineering.” Tax and accounting professionals with an interest in management accounting are welcome to join this list. TAX-PRCT-ISSUES - The Tax Practice Issues list is a discussion among tax professionals working in industry and public practice. The discussion focuses on how companies and tax practitioners are dealing with current tax issues. Members agree not to identify organization names during these discussions or use the content of this list as a basis for taking a position before the IRS. By ____________________________________________ Chapter 5 — Look Who’s Talking! 97 participating in these discussions, tax professionals support each other by sharing information and become more efficient and productive. Tax and accounting professionals with an interest in taxation are welcome to join this list. Accounting Education Using Computers and Multimedia (AECM-L) - This list/interest group provides a forum for discussions of all hardware and software that can be useful for accounting education at the college/university level. Hardware includes all platforms. Software includes spreadsheets and related templates, practice sets, multimedia authoring and presentation packages, database programs, tax packages, instructor-developed applications, etc. Loyola College in Maryland, which has an AACSB-accredited accounting program, serves as the host to the list, which was established in February 1994. It was the first list/group for accounting education on either Bitnet or Internet. AECM-L provides an unmoderated environment where issues, questions, comments, ideas, and uses of educational accounting software and related hardware can be freely discussed. As is the case on all unmoderated lists, the topics and discussions are limited only by the imagination and interest of its subscribers. Members are welcome to take an active role by posting to AECM-L or an inactive role by monitoring the list. This list brings together accounting faculty, authors, developers, publishers and anyone else with an interest in using computers and multimedia in accounting education. Subscribers are encouraged to ask questions, share ideas and information, and discuss experiences they have had with various educational accounting software and hardware products. Possible topics include: · Computer applications in managerial/systems/tax, etc. · AECC curriculum revisions and computer-based pedagogical approaches to support these changes. · Notable educational accounting software and hardware, as well as inferior products one should avoid. · Information about related conferences, workshops, and seminars. · A discussion of articles, books, and notes which subscribers find to be stimulating and worthwhile. · “What’s the best software to use for my [blank] course?” · “In what direction is educational accounting software evolving?” · “How can I get [product] to do [function]?” IMPORTANT - Mail sent to the list/group must be addressed to: [email protected] (Internet users) All mail sent to an above address is automatically forwarded to all list/group subscribers. If you reply to a question, observation, etc., using the REPLY command, your response will also be forwarded automatically to all subscribers. If you wish to respond privately to the original sender, you must locate that person’s address on the “From:” line of the mail header and address the 98 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ response directly to them. This list is NOT listserv-based. MAILSERV supports the following commands, among others: HELP - Ask for the HELP file. SUBSCRIBE - Subscribe to a list. UNSUBSCRIBE - Unsubscribe to a list. To subscribe to AECM_L, send the message SUBSCRIBE AECM-L to [email protected]. MAILSERV accepts only mail messages, not interactive SENDs or TELLs. To unsubscribe to the AECM-L list, send the message UNSUBSCRIBE AECM-L to [email protected]. (Notice that you do not need to give a subscription name or address. MAILSERV gets them from your e-mail.) Questions regarding this list should be addressed to the owner: E. Barry Rice Internet: [email protected]. American Accounting Association Government and Nonprofit Section mailing list (AAAGNPL). The purpose of this list is to share information of specific interest to AAA GNP members, including notice of upcoming AAA GNP meetings and their agenda, and to facilitate discussions on various topics of interest to AAA GNP members. In general, this newsgroup is of interest to anyone in the government or nonprofit areas of accounting, especially those interested in academic research in areas such as governmental auditing and finance, public choice, public interest, and the U.S. Governmental Accounting Standards Board standard-setting process and behavioral accounting research relating to governments. The AAA GNP newsgroup is sponsored by the International Accounting Network (ANet). To subscribe, send the following e-mail message: subscribe AAAGNP-L yourfirstname yourlastname to [email protected]. ANet Mailing Lists The ANet is a cooperative venture of a number of individuals around the world that seeks to provide a networked, electronic forum for the exchange of information and discussion of issues in the auditing and accounting discipline. One of the major services provided by ANet is more than 30 mailing lists in a range of areas. The principal mailing list is ANews-L, which provides information on a variety of upcoming events, new publications, and important developments on the Internet. Lists are both open and closed. Open lists are available for everyone to see and use. Closed lists are for specific purposes and have limited membership. ANet also maintains archives of certain mailing lists. Descriptions of the available ANet mailing lists, moderation status, and whether the respective lists are open or closed are provided below. Send requests for the lists to [email protected] with Subscribe Listname in the body of the message. Following are the lists distributed by ANet: ____________________________________________ Chapter 5 — Look Who’s Talking! 99 AAAES-L ([email protected]) - American Accounting Association AI/ES Section Newsletter. The American Accounting Association AI/ES Section Newsletter list. Note: There is no discussion on this list. Archives of the list are maintained. AAATC-L ([email protected]) - American Accounting Association Teaching and Curriculum Section Newsletter. The American Accounting Association Teaching and Curriculum Section Newsletter list. Note: There is no discussion on this list. Archives of the list are maintained. AAccSys-L ([email protected]) - Discussion on all matters concerned with accounting information systems theory and practice. AAcrdn-L ([email protected]) - Accounting Program Accreditation. The purpose of the AAcrdn-L list is to provide an open forum for the exchange of ideas, concerns, questions, or comments by individuals involved with their department/school/unit’s efforts to obtain either American Assembly of Collegiate Schools of Business first time or reaccreditation of their school’s accounting programs. The primary focus of the list is AACSB accounting accreditation in the U.S., but general business school accreditation items that relate to the accounting accreditation process are welcome. General issues of accreditation that might encompass accounting programs in other countries are welcome on the general ANet teaching and curriculum list, ATeach-L. The AAcrdn-L list is intended as a forum for those seeking AACSB accreditation in accounting, those thinking about entering the accreditation process, and those who are already accredited. The list is intended to serve as an independent support vehicle to the AACSB accounting accreditation work efforts of schools and is not affiliated with the AACSB in any official or unofficial way. The purpose of the list is not to debate the overall merits of AACSB or any other accreditation process; rather it is hoped that the list can serve as a continuous virtual meeting place for individuals who are involved in AACSB accounting accreditation efforts. Archives of the list are maintained. AAudit-L ([email protected]) - Moderated list to discuss all aspects of external and internal audit. Archives of the list are maintained. ABooks-L ([email protected]) - A mailing list that allows authors and publishers to advertise the arrival of new books in the discipline. Comment: Be warned - unashamed advertising allowed in this mailing list. Archives of the list are maintained. ADble-L ([email protected]) - Double Entries is produced weekly by a group of volunteers from the profession and academia. It is designed to provide brief news on accounting and auditing around the world and is available both by e-mail and on the World Wide Web. AEthics-L ([email protected]) - Moderated list to discuss the ethical dimension of accounting and auditing. Archives of the list are maintained. 100 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ AEthnog-L ([email protected]) - Moderated list to discuss the ethnographic dimension of accounting and auditing. Archives of the list are maintained. AFinAcc-L ([email protected]) - Moderated list that discusses all aspects of financial accounting. If the demand warrants, this may need to be supplemented by country-specific mailing lists. Archives of the list are maintained. AGvNFP-L ([email protected]) - Moderated list concerned with the discussion of accounting for government and not-for-profit organizations. Archives of the list are maintained. AIntAcc-L ([email protected]) - Moderated list that discusses all aspects of international accounting. Archives of the list are maintained. AIntSys-L ([email protected]) - Moderated mailing list that discusses the application of intelligent and expert systems to accounting and management. Archives of the list are maintained. AJobs-L ([email protected]) - Moderated list that carries academic job announcements. Contact the ANet team for information. Archives of the AJobs-L list are maintained. AMgtAcc-L ([email protected]) - Moderated management accounting list. Archives of the list are maintained. ANews-L ([email protected]) - A low-volume, high-quality mailing list that concentrates on news of journals, conferences, seminars, and other matters of interest to the academic accounting community. If you want only minimal contact with ANet, subscribe to this “news only channel.” Archives of the list are maintained. This mailing list is unidirectional. Any information posted to ANews-L is incorporated into a single digest and posted periodically. AOilAcc-L ([email protected]) - Moderated list that discusses accounting for extractive industries, including oil and gas. Archives of the list are maintained. AProfsn-L ([email protected]) - Moderated list that discusses the nexus between academia and the accounting and auditing profession with particular emphasis on improving the relationship and cooperation between the two elements. Archives of the list are maintained. ASocial-L ([email protected]) - Moderated list that discusses all aspects of accounting in its behavioral and sociological context. Archives of the list are maintained. AStdnt-L ([email protected]) - This list enables student-to-student contact around the world. Archives of the list are maintained. ____________________________________________ Chapter 5 — Look Who’s Talking! 101 ATax-L ([email protected]) - Moderated list to discuss all accounting and other tax-related issues. Archives of the list are maintained. ATeach-L ([email protected]) - Moderated list that discusses developments in the teaching, learning, and curriculum design of accounting and auditing. Archives of the list are maintained. ATechno-L ([email protected]) - Moderated list of accounting and technology investment issues. ATwoYear-L ([email protected]) - Moderated list is devoted to teaching and learning in the two-year community college system in the United States. Archives of the list are maintained. Closed Mailing List Details There are a number of ANet mailing lists whose membership is closed. AAccWeb-L - A closed list for ANet and other developers of a multinational, multi-institutional World Wide Web server of accounting information. For further information contact Roger Debreceny <[email protected]> No archives of the list are maintained. ANetDev-L - This closed, moderated list discusses the development of ANet and is particularly designed for moderators and those involved with the management of the network. No archives of this list are maintained. Moderator: Roger Debreceny, Southern Cross University, Australia. ARes00-L - Moderated ANet service to the academic accounting community, a number of unmoderated and closed lists are provided to academics who are working on group research projects. They facilitate teams that have more than two members where normal e-mail is a nuisance. Once the ANet management team has established the membership of the list, the list is then left to its own devices. No archives of these lists are maintained and membership can, if desired, be concealed. If you would like to use one of these lists, please e-mail [email protected]. Can-AccTech is a discussion list where Canadian accountants and financial professionals can swap ideas, problems, and experiences in an open, unmoderated exchange of views and comments. The Can-AccTech discussion forum may lead to the development of further information sources and assistance in technology matters specifically geared to the needs of accountants and financial professionals. To join Can-AccTech, send an e-mail message to [email protected] and in the message body state: subscribe can-acctech. You will receive, via return e-mail, an acknowledgement of your free subscription along with information on how you can participate in Can-AccTech. If you have any questions about Can-AccTech, please email the list owner, Richard Morochove, at: [email protected]. 102 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Cost Accounting Discussion List - The Southeast Conference on College Cost Accounting sponsors this list dealing with cost accounting issues, OMB Circulars A-21, A-110, A-128, and other related issues. To subscribe, send message to [email protected]. CPAS-L Internet Accounting List/Forum for CPAs is a free list/forum for CPAs in public practice, private industry, and government. The list is hosted by Loyola University Department of Accounting. It provides an unmoderated forum for discussion of all aspects of the practice of accounting. Subscribe by sending an e-mail to [email protected] and leave the subject line blank. The message should read: SUBSCRIBE CPAS-L firstname lastname firm/organization/ organization. CTI-CCC-AUDIT - Auditing and accounting mailing list sponsored by the CTI Centre for Accounting, Finance and Management at the School of Information Systems, University of East Anglia, UK. The list is open to anyone interested in auditing and wanting to be in contact with others with similar interests. This is a listserv. To subscribe, send an e-mail message to [email protected] and state in the message: Join cti-acc-audit firstname lastname. FedTax-L Discussion list (unmoderated), supported by Sam Houston State University of Huntsville,Texas, provides discussion of federal taxation issues from both a practitioner’s and academic viewpoint. The discussions cover trends, regulatory actions, and an idea exchange forum. Archives for this list are available via anonymous FTP at niord.shsu.edu/fedtax-l and from the gopher site:niord.shsu. Subscribe by sending a message to [email protected] with the word subscribe. Internet Guide for Accounting Discussion List (http://www.swcollege.com/acct/inet_acct/ subscribe.html) is for exchanging information relating to accounting professionals’ use of the internet. Free subscription is available from the site. Microsoft Network Industry Accounting Forum (http://www.microsoft.com/industry/acc/) Site includes articles and products of interest to accountants. There is a downloadable version of Microsoft’s Software Auditing Resource Kit for designing software audit applications. Real Estate Accounting Professionals Forum (http://www.reap.com/reap/) site, sponsored by a financial products vendor, includes a discussion area with topics on software support and managerial issues. There are software reviews, sample products, and links to related Internet resources. Tax Analysts Discussion Groups nonprofit corporation that moderates various e-mail discussion groups. Archives are available at http://205.177.50.2/groups.htm. ____________________________________________ Chapter 5 — Look Who’s Talking! 103 The following discussion lists are hosted by representatives of the Tax Analyst group. Interested auditors may subscribe to a group via e-mail by selecting the group’s address below. In the body of your e-mail message, type “subscribe,” followed by your e-mail address. Subject Accounting Financial Institutions Tax-Exempt Bonds Bankruptcy & Insolvency Business Tax Issues Criminal Violations Employment Taxes Estate, Gift, Trusts Excises and User Fees Exempt Organizations Farm and Ranch Individual Income Taxes International Taxation Legislation and Policy Natural Resources Partnership Taxation Pensions, Benefits, ERISA IRS Practice, Procedure Real Estate S Corporations State and Local Taxes Subscription Address [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Usenet News Discussion Groups for Auditors What is a newsgroup and why should you use one? A newsgroup is a bulletin board. Readers who are interested in that newsgroup’s particular topic can read and respond to messages posted on the bulletin board by other readers. Generally, there will be different “threads” of discussion going on at the same time, but they all share some common theme. There are approximately 900 newsgroups, with more being added all the time. There are two types of newsgroups: moderated and unmoderated. A moderated newsgroup does not allow individuals to post directly to the newsgroup. Rather, the postings go to the newsgroup’s moderator who determines whether or not to pass the posting to the entire group. An unmoderated newsgroup allows a reader to post directly to the other readers. 104 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Many auditors may not be aware that there is a Usenet newsgroup targeted to internal auditors. Newsgroups contain messages from people who participate in them. Each message includes the name of the author, subject, date and time of posting, the name of the originating computer system, and the body of the message. How do I subscribe to a newsgroup? You do not subscribe to a newsgroup. Either you get the service through an Internet service provider or commercial online service or you gain access through your corporate Internet access. If there is one you want, you can ask the systems administrator to try to get it for you. Access to newsgroups via a corporate or organization Internet connection depends on policy decisions for this type of activity. What is netiquette? There are some guidelines that apply for communicating in newsgroups that financial professionals should follow. These guidelines are referred to as “netiquette.” • Read the topics and subject matter to become familiar with the thread of the discussion before participating. This will give you a certain comfort level before contributing your own views. Read messages carefully and make sure you understand exactly what the message is before responding. • Choose newsgroups of particular interest to you and your organization. Newsgroups can generate a large volume of messages and may become time consuming to read and respond to. What began as a perceived productivity tool may become a productivity inhibitor. Add or remove a newsgroup based on a benefit analysis. If the time spent monitoring and reading the messages is not beneficial, then remove the newsgroup from your daily routine. • Newsgroup privacy is an oxymoron. There is no privacy in newsgroups because it is a public forum. Therefore, post only those messages that you would feel comfortable posting in an open environment. • Identify personal opinions as just that. If you are participating in a newsgroup and using your organization name in either the e-mail address or your signature line, be sure that you are not misrepresenting or conflicting with your organization’s position on issues. This could be a career deterrent if you embarrass your organization. • Respond by posting to the newsgroup when it is appropriate as a follow-up to a specific posting and is beneficial for all members to read. Many messages posted to newsgroups could be answered with a post directly to the sender of the message, thereby reducing the traffic of useless group information. Include the original sender’s message when posting follow-up to the group so that the original sender is identified and everyone understands the message and response. ____________________________________________ Chapter 5 — Look Who’s Talking! 105 • Offensive language is no more appropriate in a newsgroup than it would be in the office. Do not use it. Using ALL CAPS is e-mail for shouting and is considered rude. • “Electronic Progress Through Sharing” is a major benefit of this type of forum. The more auditors and accountants that participate in the discussion, the greater the likelihood that more members of the newsgroup will receive the benefits. Greater active participation by individual auditors and accountants yields greater returns for the participants and their organizations. • If your organization has Internet access to Usenet, identify those newsgroups that are appropriate for the organization and ask your newsgroup administrator to add them. If your organization does not have access, use an Internet service provider such as NetCom, or PSI, or one of the online services such as America Online or CompuServe. Usenet Newsgroups for Auditors ABIA (Alt.business.internal-audit) - Internal audit newsgroup formed for discussion of internal auditing related subjects. Open forum to share ideas, proposals, experiences, hopes, fears, and vulnerabilities. Access via Usenet newsreader, or on America Online Internet Center, or GO Usenet on CompuServe. Contribute to the newsgroup via your Usenet newsgroup or send mail for the newsgroup to: [email protected] or [email protected] Frequently Asked Questions (FAQs) on ABIA The following represent frequently asked questions about the alt.business.internal-audit Usenet newsgroup. The document was adapted from RFC1855 by Charles Bury, Auditor, U.S. Department of Education.1 alt.business.internal-audit Posting FAQ Abstract This document provides a minimum set of guidelines for Network Etiquette (Netiquette) that alt.business.internal-audit users should attempt to follow. Please pay particular attention to the instructions regarding information to be included on the SUBJECT line. 1 Hambridge, S.,”RFC 1855 - Netiquette Guidelines,” <URL: ftp://rs.internic.net/rfc/rfc1855.txt> author’s e-mail: [email protected]. 106 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ General Guidelines for Mailing Lists and NetNews Read both mailing lists and newsgroups for one or two months before posting anything. This will help you to get an understanding of the culture of the group. This guideline is optional, but you should at least have read this FAQ2 and all current messages in the newsgroup before posting for the first time. Consider that a large audience will see your posts. That may include your present or your next supervisor. Take care in what you write. Remember that mailing lists and newsgroups are frequently archived, and that your words may be stored for a long time in a place to which many people have access. Assume that individuals speak for themselves, and what they say does not represent their organization (unless stated explicitly). Remember that both mail and news take system resources. Pay attention to any specific rules regarding their uses that your organization may have. Messages and articles should be brief and to the point. Do not wander off-topic, do not ramble, and do not send mail or post messages solely to point out other people’s errors in typing or spelling. This type of behavior will mark you as an immature Internet beginner. SUBJECT lines should follow the conventions of the group. For alt.business.internal-audit all posts must relate to the subject of auditing. To help readers of the group identify that your article is specifically related to auditing, please begin the SUBJECT line with “AUDIT:”; if the article relates to the use of the newsgroup itself, the SUBJECT should begin with “ADMIN:”; for the rare advertisements that relate to auditing (i.e., conferences, software, etc.) the SUBJECT should begin with “ADVERTISEMENT”; and for employment-related articles please begin the SUBJECT with “AUDIT POSITION OFFERED” or “AUDIT POSITION WANTED.” The geographic location of the position should be included in the SUBJECT line as well. Advertising is welcomed on some lists and newsgroups and abhorred on others. This is another example of why it is important to know your audience before you post. Unsolicited advertising that is completely off-topic will most certainly guarantee you a lot of hate mail. If you are sending a reply to a message or a posting, be sure you summarize the original at the top of the message, or include just enough text of the original to give a context. This will ensure that readers understand when they start to read your response. Since NetNews is proliferated by distributing the postings from one host to another, it is possible to see a response to a message before seeing the original. Giving context helps everyone. But do not include the entire original! 2 ABIA FAQ <URL: http://www.netaxs.com/~edoig/abiafaq.txt> author’s e-mail: [email protected]. ____________________________________________ Chapter 5 — Look Who’s Talking! 107 It is recommended that you have a signature that you attach to your message. This will guarantee that any peculiarities of mailers or newsreaders, which strip header information, will not delete the only reference in the message of how people may reach you. Be careful when you reply to messages or postings. Frequently, replies are sent back to the address that originated the post, which in many cases is the address of someone else answering the original question. You may accidentally send a personal response to the wrong person. It is best to type in the address instead of relying on “reply” when sending a response by e-mail only. If you find a personal message has gone to a list or group, send an apology to the person and to the group. If you should find yourself in a disagreement with one person, make your responses to each other via mail rather than continuing to send messages to the list or the group. If you are debating a point on which the group might have some interest, you may summarize for them later. Do not get involved in flame wars. Do not post or respond to incendiary material. Avoid sending messages or posting articles that are no more than gratuitous replies to replies. Be careful with monospaced fonts and diagrams. These will display differently on different systems, and with different mailers on the same system. NetNews Guidelines NetNews is a globally distributed system that allows people to communicate on topics of specific interest. It is divided into hierarchies, with the major divisions being sci – science-related discussions; comp – computer-related discussions; news – for discussions that center around NetNews itself; rec - recreational activities; soc - social issues; talk - long-winded, never-ending discussions; biz – business-related postings; and alt - the alternate hierarchy. Alt is so named because creating an alt group does not go through the same process as creating a group in the other parts of the hierarchy. There are also regional hierarchies and hierarchies that are widely distributed, such as Bionet. Your place of business may have its own groups as well. Recently a “humanities” hierarchy was added, and as time goes on it is likely that more will be added. In NetNews parlance, “posting” refers to posting a new article to a group, or responding to a post someone else has posted. “Cross-posting” refers to posting a message to more than one group. If you introduce cross-posting to a group, or if you direct “Follow-up To:” in the header of your posting, warn readers! They will usually assume that the message was posted to a specific group and that follow-ups will go to that group. Headers change this behavior. Read all of a discussion in progress (we call this a thread) before posting replies. Avoid posting “Me Too” messages, where content is limited to agreement with previous posts. Content of a follow-up post should exceed quoted content. 108 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Send mail when an answer to a question is for one person only. Remember that news has global distribution and the whole world probably is not interested in a personal response. However, do not hesitate to post when something will be of general interest to the newsgroup participants. Check the “Distribution” section of the header, but do not depend on it. Due to the complex method by which news is delivered, distribution headers are unreliable. If you are posting something that will be of interest to a limited number of readers, use a distribution line that attempts to limit the distribution of your article to those people. For example, set the distribution to be “nj” if you are posting an article that will be of interest only to New Jersey readers. If you feel that an article will be of interest to more than one newsgroup, be sure to cross-post the article rather than individually posting it to those groups. In general, probably only five or six groups will have similar enough interests to warrant this. Consider using reference sources (manuals, professional journals, ASAP3, AuditNet4, GARP5, etc.) before posting a question. Asking a newsgroup when answers are readily available elsewhere generates grumpy “RTFM” (Read The Fine Manual - although a more vulgar meaning of the word beginning with “f” is usually implied) messages. Although there are newsgroups that welcome advertising, this is not one of them. If you have an audit-related product that you want to advertise in this group, clearly identify your posting by beginning the SUBJECT line with “ADVERTISEMENT:”. Your post should consist of no more than 10 lines, which should primarily consist of guidance on how the reader can contact you for further information. Under no circumstances should advertising for products unrelated to auditing be posted to this group. If you discover an error in your post, cancel it as soon as possible. DO NOT attempt to cancel any articles other than your own. Contact your administrator if you do not know how to cancel your post, or if some other post, such as a chain letter, needs canceling. If you have posted something and do not see it immediately, do not assume it has failed and re-post it. Some groups permit (and some welcome) posts which in other circumstances would be considered to be in questionable taste. This group does not. 3 Auditors Sharing Audit Programs <URL: http://www.auditnet.org/asapind.htm/> If you would like to contribute an audit program send it via e-mail to [email protected] or [email protected]. 4 Kaplan’s AuditNet Resource List <URL: http://www.auditnet.org/karlhome.htm> author ’s e-mail: [email protected]. 5 The Government Auditors’ Resource Page <URL: http://www.netaxs.com/~edoig/GARP.html> author’s e-mail: [email protected]. ____________________________________________ Chapter 5 — Look Who’s Talking! 109 Forging of news articles is not permitted. You can protect yourself from forgeries by using software that generates a manipulation detection “fingerprint,” such as PGP (in the U.S.). Postings via anonymous servers are acceptable. However, your comments and questions are most useful when they can be placed in context. Material that is inappropriate when posted under one’s own name is still inappropriate when posted anonymously. FinanceNet Discussion Groups The following information is part of FinanceNet’s documentation for their newsgroups. Instructions for Posting to FinanceNet Newsgroups via E-Mail One way to improve financial management is for financial professionals to be able to communicate daily with one another in a “forum” in which one can post and receive answers and solutions to questions and problems encountered in daily work. The Internet Usenet or newsgroups provide that unique opportunity. The preferred access to FinanceNet’s newsgroups and discussion forums is by newsreader or by Web browsers that provide newsgroup access. To reach the “financenet” newsgroups, point your newsreader’s news (NNTP) server to news.financenet.gov and subscribe to any one of FinanceNets’ newsgroups. However, for those financial professionals who do not have high-level Internet tools, FinanceNet provides all newsgroup messages on its Gopher server with the additional facility to respond by regular Internet e-mail. You should be aware that the method of threading (sequencing of related messages) may not be as readable or “user friendly” as you would likely find had you accessed via either Usenet newsreader or a Web browser. The newsgroup Gopher directories contain mirror images of all messages sent to FinanceNet newsgroups from all sources, i.e., newsreaders, WWW, and e-mail. Each Gopher directory is a newsgroup that corresponds to one of the FinanceNet public mailing lists. Many messages moderated as inappropriate for distribution to a certain FinanceNet mailing list may well be considered interesting and appropriate material for the corresponding newsgroup(s). Such messages are posted to the newsgroup(s) and bear the “moderation desk” name “[email protected].” Such messages are forwarded from subscribers and users and not “created” or “sourced” by FinanceNet. Messages will appear on these directories for one month before being deleted. How To Post Messages to These Newsgroups via E-Mail Again, even without a newsreader, you will have the capability to reply to any newsgroup message posted by sending a regular Internet e-mail message to a certain FinanceNet address. In replying, we suggest that you copy to the clipboard (in Windows: Ctrl+Ins) a portion of any message to 110 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ which you want to respond and then paste it (in Windows: Shft+Ins) into the body of your responding message. It may also be useful to put the identifier, “>”, at the beginning and end of the text copied. This will assist others in identifying the comments you are responding to since the threading sequence on the Gopher may not always be very efficient. The protocol for mailing to a newsgroup is slightly different from that for the mailing list. For instance, the mailing list called “[email protected]” will have a corresponding newsgroup called “[email protected]” (note the word “news-” in front). After composing your regular e-mail message (be sure to include your own personal e-mail address in the body if you want a return reply), address your message to the appropriate newsgroup that carried the message to which you are responding. For example, if you read a message on the “Financial Audits” (fin-audits) newsgroup directory, you will address your Internet message to “[email protected].” It is also important to try to make the subject of your message read the same as the message to which you are responding. This assists in the “threading” process and augments thematic continuity on the Gopher. The names of the newsgroups that correspond to our public mailing lists are provided below (with the Reply hotlink at the end). Each is a particular Internet e-mail address to which you may send your message. E-Mail newsgroups and addresses for FinanceNet newsgroups via Gopher: FinanceNet Discussion Forms 1. Association of Government Accountants ([email protected])/ 2. Accounting Related News and Notices ([email protected]../ 3. BudgetNet ([email protected])/ 4. Calendar ([email protected])/ 5. Financial Audits ([email protected])/ 6. Finance Related Job Opportunities. ([email protected])/ 7. Financial Policy ([email protected])/ 8. Financial Reporting ([email protected])/ 9. Financial Systems ([email protected])/ 10. Financial Training ([email protected])/ 11. Financial Management News, Notices and Announcements ([email protected]) 12. General Public Finance Information ([email protected]) 13. Government Financial Officers Association ([email protected]) 14. Government Asset Sales News, Notices & Announcements ([email protected]) 15. Internal Controls ([email protected]) 16. Municipal and Town Financial Management ([email protected]) ____________________________________________ Chapter 5 — Look Who’s Talking! 111 17. 18. 19. 20. 21. Payroll Issues ([email protected]) Performance Measures ([email protected]) Procurement ([email protected]) State and County Government Issues ([email protected]) Travel Issues ([email protected]) For further assistance and instructions, send e-mail to: [email protected]. Tax Usenet Groups Usenet FAQ (Frequently Asked Questions) Copies of the misc.taxes FAQ as well as those for other newsgroups may be obtained by anonymous FTP from rtfm.mit.edu. For the misc.taxes faq look under /pub/usenet/news.answers/taxesfaq (this is part1). Or send e-mail to [email protected] with send usenet/news.answers/ taxes-faq/part1 in the body of the message, leaving the subject line empty. Misc.taxes Usenet Newsgroup. Accessible by any Usenet newsgroup reader. The group’s broad charter is: Tax laws and advice. To read previous posts of misc.taxes, go to the searchable message base: gopher://niord.shsu.edu/11gopher_root%3a%5b_DATA.FILESERV us.finance.taxes. This group is for the discussion of preparing U.S. tax returns as well as the planning and structuring of personal and household finances with regard to U.S. tax laws. Practical questions and answers about tax returns and tax planning are completely appropriate. Participants should be aware that they need to seek the professional help of an accountant or attorney for advice that they can completely rely on. All U.S. taxes are discussed in this group, including but not limited to income, estate, and excise taxes. Additional groups can be split off to cover specialized topics when traffic warrants. Advertising is not appropriate in this group, although neutral reviews of tax-related products or services are appropriate. Arguments and discussions concerning the politics, ethics, or history of the U.S. tax system are specifically not appropriate to this group. The group is unmoderated. us.politics.taxes. This group is for the discussion of the politics, ethics, and history of the U.S. tax system. Any discussion of U.S. taxes that is not related to personal, household, or business finance is appropriate in this group. Questions and answers about tax preparation and tax planning should not be posted to this group. Advertising is not appropriate in this group. The group is unmoderated. 112 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Interview: Harald Will, President, ACL Services Ltd. (http://www.acl.com) ACL Services Ltd. is a privately held company based in Vancouver, Canada, with offices in Brussels and Singapore and representatives in over 30 countries worldwide. Since 1987 ACL has provided market-leading technology and services for data inquiry, analysis, and reporting. ACL is the only global organization dedicated to providing an integrated solution for the audit professional. Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? The concept of creating and leveraging value and knowledge from digital literacy is the very foundation upon which ACL was built. As far back as the 1970s, before this notion was generally accepted, we recognized/foresaw/anticipated the need for audit and related professions to extract and present valuable business information through automated and interactive auditing of data. Auditors were being asked to access data from many environments and perform various audit tasks, yet no tool or solution was available. As a result, ACL was born! Consequently we have been educating and supporting all auditors, not just EDP auditors, through provision of the tools and training so that they may flourish in the age of the digital explosion. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? As an industry leader and an active member of the international audit community, we have a responsibility to share information, education, and best practices with our global audience of users and non-users alike. The Internet is a perfect conduit for both disseminating and receiving timely and relevant industry information. Specifically, we participate in a number of thirdparty on-line forums and chat areas as well as host various industry-specific electronic listservs for our clients. Additionally, our own Web site – www.acl.com – contains a wealth of information, which serves as a valuable resource available to anyone, anytime, from anywhere in the world. Our Web site also offers links to many other useful Web locations. ACL actively contributes to other knowledge sites such as accountantsledger.com, as well as ITAudit.org – the information technology education site of The IIA - of which we are the founding sponsor. Q. How has your organization integrated the use of the Internet into auditing? Being an audit technology provider, we have certainly recognized the importance of auditing through the Internet. Consequently, our software incorporates Internet associated features such as the ability to export to HTML, which allows ACL reports to be posted on organization intranets. This feature also allows automated ACL routines (batches) to be loaded onto the intranet and shared by auditors from different departments, locations, or countries, thereby ____________________________________________ Chapter 5 — Look Who’s Talking! 113 ensuring consistency and achieving efficiencies across an organization. Another important Web specific feature is our software’s ability to continuously monitor and send e-mail notification to specified personnel once “exceptions” are identified. Auditing through the Internet allows for both the distribution of critical information and response in a timely manner. Q. What Internet resources do you use, and how have they helped you and your organization? Mining the internet is a good source of both technical and audit information which we can apply to our offerings, in order to maintain our market-leading position as the provider of premium audit technology solutions. By actively participating in various audit knowledge sites and electronic forums, we are instantly in touch with the audit issues of today and tomorrow, while helping to foster a healthy virtual user community and strengthen our product and services. Using the Internet has also allowed us to achieve operational efficiencies as we can now conduct our beta testing online, provide technical support via the Web, and communicate with our user base through e-mail. Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? The Internet has had a huge impact on the way and the speed with which we conduct business both internally and externally. Internally, we can ensure that all our offices, no matter where they are located in the world, can instantly, constantly, easily, and relatively cheaply communicate with each other. Interoffice business is transacted quickly, which has very definite and positive repercussions for our clients. Externally, we can rapidly and cost-effectively distribute our goods and services via the Internet. Where traditional distribution methods prove difficult, we use the Internet to distribute our software. We can provide technical support via the Web no matter where or in what time zone our clients operate. Particularly complex problems can be expeditiously resolved because clients can send extracts of data files over the Web for immediate review. Not surprisingly, customer service expectations have risen accordingly and ACL constantly strives to exceed these expectations with even higher levels of client excellence! 114 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. What effect have the Internet and the World Wide Web had on the auditing profession? The rise of e-commerce, e-banking, and other Web-based applications and business activities has extended the realm of risk, security, and control responsibilities for auditors. It presents new challenges in terms of the nature of control over privacy, and the accuracy of data and its impact can be compared to the emergence of EDI some five to 10 years ago. But, in principle, the same audit analysis techniques apply equally to EDI data as to Internet data, although some technical differences exist. Consequently, initiatives such as the CPA WebTrust have been launched as a way to assess commerce Web sites to assure they meet AICPA and CICA defined criteria for standard business practices and controls over transaction integrity and information protection. The proliferation of the Internet has also brought the audit profession much closer together. Every auditor worldwide can share knowledge and ideas and participate in the discussion of issues to quickly lead the profession forward. In the past this was limited to attending conferences on an annual basis. Now there is a virtual audit community online acting together on a constant, real-time basis. Q. What Internet skills do you see as the most critical for new auditors? The ability to locate, send, and share report findings and knowledge over the Internet will be an important skill for auditors today and tomorrow. Mastering this skill will help to increase productivity, especially for audit teams in international organizations who can leverage off sharing and accessing knowledge bases on the Internet and intranet. Auditors will also need to become more technically proficient in all aspects of risk and control issues and implications associated with the Web and e-business transactions. The ability to conduct Web-log reviews with data analysis software will be a critical component of an auditor’s toolkit. Q. What role do you see for the Internet in the future of internal auditing? In addition to all the aforementioned issues, the future role of internal auditing must be considered in the context of the emergence of the Knowledge Age – where knowledge is an organization’s most important asset and competitive advantage. Internal audit will have a role to play in assessing risk and control concerns of knowledge management projects which are often inextricably tied to information systems. Management decisions are only as good as the data on which they are based, and internal auditors must ensure the integrity, validity, and accuracy of this information. No organization can afford to ignore evaluations that assess the quality and use of the knowledge that underpins the business. ____________________________________________ Chapter 5 — Look Who’s Talking! 115 Q. Any other thoughts on how auditors could be using the Internet that you would like to share? We are currently evaluating different ways for our audit client base to leverage off the Internet to operate more effectively within their organization; for example, the delivery of modularized, industry-specific, interactive Web-based ACL training. So no matter where you are located, if you have Internet access, you can attain or maintain current technical and professional skills and expertise. Similarly, ACL users will in the future be able to download specialized ACL applications tailored to the needs of their particular industry from our Web site, thereby increasing response time to specific issues without “reinventing the wheel.” Additionally, we are considering making the current version of ACL available for download for use on a real-time, as-needed basis for clients who require this type of flexibility and/or cost and information system efficiency. ___________________________________ Chapter 6 — Internet Resources for Auditors 117 Chapter 6 Internet Resources for Auditors The Internet has created a unique opportunity for auditors by supplementing traditional resources with online electronic information resources. The true value of the Internet for auditing professionals lies in the wealth of available online information in various disciplines. Accountants, auditors, and financial professionals can benefit from a wide variety of resources, which fall into specific categories depending on the nature of the information included. Pay special attention to those identified as “knowledge assembly resources.” They focus on relevant business information useful for establishing an auditor’s digital literacy foundation. The resources reflect both the depth and breadth of information available for financial professionals. While the volume of information may seem large, it is only a small portion of the total amount of resources available on the Internet. It is important to remember that the dynamic nature of the Internet means that what was available yesterday may not be accessible today, and new resources that were not there before may have been added. Do not be surprised if you go to one of these sites and find information that is different from what is described in this book. In the same way that our society has become mobile, you may find that resources included in these pages have been moved online. Sometimes they will be linked to a new address. Other times you may find “address unknown,” in which case an alternative search may be in order. Refer to Chapter 8 for help in deciphering Internet error messages.The resources presented here are offered as a snapshot of what was available as this book went to press. The following resources are organized by categories based on the subject matter. The name of the site for the organization is presented first, followed by the uniform resource locator (URL) and a description of the information contained at the site. The URL is similar to a channel on a television set. If you know the URL, you can reach a site. Some sites simply provide links to other sites while others have more detailed information. For sites that provide links, it is not necessary for you to know the URL. Anytime there is a link at a site, you may reach that site by selecting the link using your mouse or keyboard. While there may be duplication in the links provided at many of the sites it is important to understand that sometimes sites are not available. This means that sometimes there is more than one way to reach a particular site through links. The following codes indicate which type of site is indicated in the resource listing: http:// = Web site gopher:// = Gopher site ftp:// = FTP site 118 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Auditing Resources This section provides resources specific to auditing or auditing organizations. It includes auditing departments in private industry, colleges and universities, and government at all levels. Audit guides, manuals, checklists, and audit work programs provide you with best practices and examples of resources that other auditing offices developed. Making these resources available on their Web sites represents support of “Electronic Progress Through Sharing,” the principle that has been an integral part of building the AuditNet. Audit Guides, Manuals, and Checklists The following sites represent value-added resources from the global audit community that promotes “Electronic Progress Through Sharing.” Utilize the information from these sites to build on the internal audit database of best practices material. Advanced Technology Program (ATP) Audit Guidelines (http://www.atp.nist.gov/atp/psagco.htm) are provided by the Office of Inspector General, U.S. Department of Commerce. The ATP is a cost-sharing program between government and industry to pursue high-risk, enabling technologies with significant commercial and economic potential. Application Review Questionnaire (http://www.umanitoba.ca/admin/internal_audit/admin/ internal_audit/html/application.html) for an environmental controls system. Appraising Your Auditors (http://www.icas.org.uk/members/framewk7.pdf) is a report from the Institute of Chartered Accountants of Scotland. The report provides a framework for the review and appointment of auditors by listed companies. Audit Manual (http://www.utsystem.edu/AUD/manual/tab_cont.htm) from the UT Systems Audit Office includes details on organizational structure, office policies and procedures, and sample documents. Audit Methodology Manual (http://www.sao.state.tx.us/sao/Manuals/meth.htm) from the Texas State Auditor’s Office represents their comprehensive guide on audit-related topics, techniques, and methods. The Manual is an excellent resource for state and local government audit offices looking for guidance on a broad range of audit issues. The Manual is in Adobe Acrobat PDF format. Auditors may download individual sections or the entire manual. Audit Process Handbook (http://www.hhs.gov/progorg/oas/tap.pdf). The DHHS OIG Audit Process Handbook in PDF format was developed to give auditors tools to conduct audits and prepare reports. It lays out a systematic approach designed to keep the audit focused, involve all team members throughout the process, and facilitate report preparation. ___________________________________ Chapter 6 — Internet Resources for Auditors 119 Audit Report Writing Guide (http://www.psc-cfp.gc.ca/audit/metod1-e.htm) from the Public Service Commission of Canada provides guidelines for the design, style, and content of the reports they publish. This document is an excellent resource for audit organizations that want to develop their own guide. Audit Survival Guide (http://www.stanford.edu/dept/Internal-Audit/docs/guide/) from Stanford University provides information for staff on the auditing process. This is a great resource for internal marketing of the auditing function through demystification of the auditing process. Audit Techniques Guide (http://www.irs.ustreas.gov/prod/bus_info/mssp/index.html). Internal Revenue Service market segment specialization program provides audit guides used by examiners for 11 different industries. Good reference material for auditors reviewing air charters, architects, the tobacco industry, and more. Benchmark Project Guide (http://www.dtic.mil/c3i/bprcd/0135.htm) from the Department of Defense Electronic College of Process Innovation is a tutorial on How to Prepare for and Conduct a benchmark project. Excellent resource for auditors looking at organizational analysis issues. Best Practices Procurement Manual (http://www.fta.dot.gov/fta/library/admin/) from the Federal Transit Administration provides recipients of Federal Transit Administration (FTA) funds with suggested procedures, methods, and examples for conducting third-party procurements to assist them in meeting FTA standards. Better Practice Guides (http://www.anao.gov.au/bpgs.html) from the Australian National Audit Office are reports on specific areas of interest to auditors along with best practices information. Includes guides for selecting suppliers, travel, effective control, performance information, and more. Building and Auditing a Trusted Network Environment with Netware 4.x (http:// developer.novell.com/research/appnotes/1994/april/a1frame.htm) Online Guide from Novell includes a security overview, security basics, and audit guidelines for Novell networks using Netware 4.x. Business on the Web Management Guide (http://www.butlergroup.co.uk/). Go to the free publications section. This is an excellent guide that auditors can use in evaluating the organizational decision to establish a Web site. The Guide includes a chapter on security issues. Business Tools (http://www.toolkit.cch.com/tools/tools.htm) is a Web site from CCH that provides a comprehensive list of ready-to-use templates, checklists, and model business documents. You never know when one of these documents may come in handy. 120 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Check Fraud: A Guide to Avoiding Losses (http://www.occ.treas.gov/chckfrd/contents.htm) from the Office of the Comptroller of the Currency provides guidance on a major organizational issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check cashing guidelines), and more. Client Satisfaction Measurement Questionnaire (http://www.psc-cfp.gc.ca/audit/metod2e.htm) from the Public Service Commission of Canada provides an excellent resource for measuring audit customer satisfaction. COBIT (http://www.isaca.org/ct_dwnld.htm) - Control Objectives for Information Technology from ISACA are online. The executive summary, the framework, and the control objectives are available for download in Adobe Acrobat (PDF) format. Computer Control and Audit Guide (http://arts.uwaterloo.ca/ACCT/acct.html) prepared by Professor J. Efrim Boritz, a recognized accounting scholar, is an overview and reference source pertaining to computer control and auditing issues with which an accountant or financial manager should be familiar. This guide can be used as a text in a course or for self-study. It is organized into three logically related parts as follows: risks and exposures in computer-based information systems; computer controls, objectives, standards, and techniques; and computer auditing issues. Go to People-Faculty-J. Efrim Boritz for the Guide. Conference Audit Guide (http://www-tradoc.monroe.army.mil/irac/guides/g-conf.html) provides information and guidance for performing audits of conferences, symposiums, and workshops. Corporate Credit Card Best Practice Guide (http://www.audit.nsw.gov.au/corpcd98/ crdtcard.htm) from the Australian government provides a policy, controls over card issues, operational controls, and more. Corporate World Wide Web Strategy: Development, Implementation, and Audit (http:// ourworld.compuserve.com:80/homepages/bfelmly/webdoc.htm). This is an excellent guide for information systems audit professionals who want to understand and audit issues that are associated with the Internet and the Web. Cost Estimating Handbook (http://www.jsc.nasa.gov/bu2/PCEHHTML/pceh_c.htm) is an excellent resource tool for auditors and accountants. The Handbook provides statistical techniques and development guidelines for cost estimation, acceptance criteria for cost estimation, guidelines for auditing and analyzing a cost estimation relationship, elements of good estimating practice, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 121 Cost Performance Model for Assessing WWW Service Investments (http:// www.ctg.albany.edu/projects/inettb/SpreadSheets.html) is a set of tools designed to assist organizations in estimating the likely costs and benefits of developing a Web-based service. This is an excellent tool for auditors looking to evaluate the organizational cost and ROI for Web-based services. Cost Principles - Procedures for Developing Cost Allocation Plans (http://www.hhs.gov/ progorg/grantsnet/state) is an implementation guide for OMB Circular A-87. Curtin Control Assessment (http://www.curtin.edu.au/curtin/audit/iad7b.htm) is a management tool utilized at the university that enables managers to informally assess their control processes. Customer Service Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/cus_ser.e.html) from the Treasury Board of Canada provides information for conducting a review in this area. Data Collection and Analysis Site (http://www.deakin.edu.au/~agoodman/sci101/) from Deakin University in Australia provides a comprehensive guide on the scientific process of collecting and analyzing data. There are particularly useful chapters for auditors on surveys, sampling, and techniques. Economics, Essential Principles (http://william-king.www.drexel.edu/top/prin/txt/ EcoToC.html) is a hypermedia text on the subject. The comprehensive text covers both microeconomic and macroeconomic principles and is a good refresher for auditors on economic principles and theories. EDI Implementation Guide (http://www.pa.gov.au/ec/ediguide/editoc.htm) from the Australian government provides control audit and security issues, implementation plans, standards, and more. Environmental Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/envguid.e.html) from Consulting and Audit Canada provides information for reviews in this subject. Environmental Auditing Program (http://www.pca.state.mn.us/programs/audit_p.html) provides information from the Minnesota Pollution Control Agency, including audit checklists for aboveground tanks, underground tanks, spills, and more. Ethical Business Guide (http://nt1.ids.ac.uk/eldis/hot/ethics.htm) is a Web site with links and material covering non-financial benchmarks of institutional/corporate activity, including social and environmental impacts and anti-corruption measures. 122 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ FDIC Bank Examination Manual (http://www.fdic.gov/regulations/compliance/manual/ index.htm). The table of contents of this Federal Deposit Insurance Corporation Compliance manual links the auditor with files in Adobe Acrobat format. This is a useful resource for bank auditors. FDIC Information Systems Handbook (http://www.fdic.gov/regulations/information/information/index.html) is the interagency guide for regulatory examiners for examining information systems operations in financial institutions and service bureaus. The Handbook includes an overview of IS concepts, practices, controls, and sample audit programs. This is a valuable resource for IS auditors. The files are in Adobe Acrobat format. Federal Financial Accounting Concepts and Standards (http://www.gao.gov/policy/ volume.pdf). The General Accounting Office (GAO) has posted an electronic version of Volume I, Original Statements of Federal Financial Accounting Concepts and Standards, on its home page. The document is in Adobe Acrobat PDF format. Federal Information Processing Standards (http://www.nist.gov/itl/lab/fips/) is online access to the FIPS developed by NIST for government use. FIPS have been developed for information processing areas such as hardware, software, security, telecommunications, data, and operations standards and are widely accepted by private industry. Auditors have found them useful for research, comparison, and audit planning. Federal Sentencing Guideline Manual (http://www.ussc.gov/1997guid/tabcon97.htm) from the United States Sentencing Commission provides the most recent guidelines and policy statements on the guideline sentencing process. Fraud Control Policy (http://www.law.gov.au/aghome/commprot/olec/LECD/fraud2.html) is part of a report from the Australian Commonwealth Law Enforcement Board. The report includes a section on best practice for fraud control with the policy, reporting of fraud information, case handling, and fraud training. Auditors should check the quality assurance guidelines and the attachments on criteria against which fraud risks can be measured. Full Cost Initiative Implementation Guide (http://ifmp.nasa.gov/codeb/fullcost/) developed by NASA provides a comprehensive accounting and management approach to costing services. GAO Federal Information Systems Control Audit Manual (http://www.gao.gov/policy/ 12_19_6.pdf) from GAO provides guidelines for auditing information systems. GAO Financial Audit Manual (http://www.gao.gov/policy/fam/fam.htm). The GAO manual (Volumes 1 and 2) for conducting audits includes the methodology and tools. The manual is in Adobe Acrobat format. ___________________________________ Chapter 6 — Internet Resources for Auditors 123 GAO General Policies/Procedures and Communications Manual (http://www.gao.gov/policy/ gppm-cm.pdf) provides guidance on their methodologies, including sampling, workpapers, reporting, and more. GNA Internal Controls and Procedures (http://www.gnacademy.org:8001/uu-gna/admin/finance/newpages/page8.htm) Web page provides an excellent description of a financial control system, including goals for control procedures and general and specific procedures. Guide to Cost-Based Decision-Making (http://www.sao.state.tx.us/manuals/cost.htm) from the Texas State Auditor’s Office is designed to assist management in developing more comprehensive cost accounting information. This will enhance the ability of decision-makers to identify, analyze, and control the causes of costs as well as establish links between cost information and program efficiency and effectiveness. Guide to Minimizing Computer Theft (http://www.rcmp-grc.gc.ca/html/ccprev.htm) provides information on methods to safeguard computer assets. Guide to Performance Measurement (http://www.fpm.com/journal/mattison.htm) from the Foundation for Performance Measurement provides non-financial indicators. Handbook for Audit Committee Members (http://www.gt.com/resources/assurance/role/ roletoc.html) is a good reference from Grant Thornton for auditors who need to provide guidance to the audit committee. Includes sections on reviewing internal controls and working with internal auditors. Hiring Policies and Procedures Manual (http://vms.www.uwplatt.edu/~pers/contents.htm) from the University of Wisconsin Platteville provides a good example of guidelines for a human resources department. Housing and Urban Development Audit Guide (http://www.hud.gov/oig/oigguide.html) provides a link to their consolidated audit guide. Human Resource Management Self-Assessment Guide (http://www.hr.state.tx.us/cfdocs/apps/ hrsag/icg-f.html) from the Texas State Auditor’s Office serves as a tool for evaluating areas to improve. Shows organizations how to address identified deficiencies in human resource management. Internal Control and Financial Management Manual (http://www.state.ct.us/otc/accdir1/ acctitl.htm) is Connecticut’s Accountability Directive issued jointly by the Office of the State Comptroller, Office of Policy and Administration, and the Auditor of Public Accounts. 124 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Internal Control Guide (http://www.jhu.edu/~oams/guide/guide.htm) developed by Johns Hopkins University. The Guide focuses on the policies and procedures of the university but could easily be adapted to other organizations. Internal Control Guide (http://www.state.ma.us/osc/homeview/CONTROL/contents.htm) Massachusetts Comptroller General guide for state departments. Straightforward format that could be adopted by other auditors in recommendations. Internal Review Guide (http://www.asafm.army.mil/ir/irgd/ir-gd.htm) from the U.S. Army provides details of the process used in conducting audits of their operations. Excellent example of a comprehensive audit program targeted toward meeting customer needs. Internet Administration Policy Guide (http://www.elronsoftware.com/) provides an executive overview on the subject and includes an acceptable usage policy template. Internet Security Policy Guide (http://csrc.nist.gov/isptg/) from the NIST Special Publication series is designed to help organizations create an Internet-specific information security policy. Investigations Manual (http://www.ig.navy.mil/Publications_Investigations_Manual_Frame. html) from the Office of the Naval Inspector General’s office is an excellent guide for conducting investigations. Investigator’s Guide to Sources of Information (http://www.gao.gov/special.pubs/soi.htm) a GAO publication that provides a comprehensive list of resources useful in conducting investigations. The guide is downloadable as a PDF file and requires the Adobe Acrobat reader (also available for download). Updated in April 1997, it now includes a chapter on an Investigator’s Guide to the Internet. Auditors will find the selected Internet sites for investigate reference worth reviewing. IS Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/kits.html) from Slemo Warigon at Gallaudet University includes ready-to-use IS/IT audit program and security review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions organized to lead auditors through the audit or review. This is an excellent site for jumpstarting an IS security review or audit. Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (http:// csrc.nist.gov/nistpubs/800-10/) NIST Special Publication 800 10 provides auditors with an excellent introduction and overview of firewall issues. Useful in planning audit reviews of Internet connections. ___________________________________ Chapter 6 — Internet Resources for Auditors 125 Kelley Blue Book (http://www.kbb.com/) provides vehicle values for new and used cars and motorcycles. This is a recognized industry standard resource for auditors looking at inventory valuation guidelines for fleet vehicles. LAN Security Guidelines (http://www.utoronto.ca/security/) site provides checklists for administrators to evaluate and adjust LAN security. This is a comprehensive document that covers everything from access controls to virus protection. Includes a section on LAN audit considerations. Legal Services Corporation Audit Guide (http://oig.lsc.gov/lscpages/aud1.htm) provides guidance to auditors and recipients of LSC grants. Managerial Cost Accounting Guide (http://www.va.gov/cfo/pubs/CostGuide/default.htm) is available on the Veteran’s Administration Web site. The Guide includes tools and techniques for implementing a managerial cost accounting system. There is an introduction to project management, implementation strategies, organizational analysis, costing methodologies, team charters, position descriptions, statements of work, and more. The Guide, in Word97 format, provides a free viewer download for those professionals who do not have the program. Micro-Computer Security Checklist (http://www.fis.ncsu.edu/audit/selfaccs/intcont/ selfeval.htm) Web site from the North Carolina State University internal auditing department provides a guide for department managers. Network Risk Assessment Users Manual (http://wwwoirm.nih.gov/security/) is available in either Word or WordPerfect format from the NIH Information Systems Security page. Performance Assessment Guide (http://www.dtic.mil/performance/paguide.html) from the Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide for Developing Performance Measures, a Guide For Measuring Customer Satisfaction, Quality and Productivity Self-Assessment Questionnaires, and more. Performance-Based Management Guide (http://www.itpolicy.gsa.gov/mkm/pathways/ 8-steps.htm) from the General Services Administration provides eight steps to develop and use information technology performance measures effectively. Performance Management Guide (http://www-hr.ucsd.edu/~staffeducation/guide/) is an excellent publication from UC San Diego on managing employee performance. Auditors reviewing the human resources department for their organization can use this guide as a model for setting up an employee performance management system. 126 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Performance Management System Audit Guide (http://www.qao.qld.gov.au/guidelin.html) from the Australian Queensland Audit Office provides an audit approach, methodology, audit considerations, criteria, and more. Performance Measurement Guide (http://www.sao.state.tx.us/) from the Texas State Auditor’s Office provides information about setting up a performance measurement system and detail on how agencies can establish adequate internal controls in measurement systems in order to assist them in reporting accurate information. Performance Measurement Handbook of Tools and Techniques (http://www.orau.gov/pbm/ resources/handbook1/handbook1.html/) is an excellent resource for auditors involved in performance measurement. The Handbook is available in html format or may be downloaded in PDF format for printing. Performance Planning Guide (http://www.ospl.state.nc.us/planning/hcontent.html) from the North Carolina Office of State Planning provides an excellent step-by-step process for setting up a performance management system. Practical Guide to Corruption Prevention (http://www.icac.nsw.gov.au/) prepared by the Independent Commission Against Corruption is an excellent resource for developing a fraud and corruption prevention program within organizations. Modules include risk assessment, ethics, cash handling, purchasing, and more. Go to Reports and Publications for the Guide. Procurement Policies and Procedures Handbook (http://www.state.ma.us/osd/phand/) for the Commonwealth of Massachusetts includes best value guidelines, role of procurement for managers, contract categories, and more. This is a good reference document for auditors reviewing and comparing best practices. Research Methods Knowledge Base (http://trochim.human.cornell.edu/kb/) is a comprehensive Web-based textbook that addresses all of the topics in a typical introductory undergraduate or graduate course in social research methods. Auditors will benefit from the sections covering the entire research process. Review Information Network (http://www.tbs-sct.gc.ca/rin/) Web site provides audit publications and guides from the Treasury Board of Canada. Risk Management Audit Guide (http://www.tbs-sct.gc.ca/Pubs_pol/dcgpubs/TB_H4/ RISK_e.html) from the Treasury Board of Canada provides review guidance for auditors, including risk identification, compensation, volunteers, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 127 Sales System Control Objectives (http://www.umanitoba.ca/admin/internal_audit/admin/ internal_audit/html/sales.html) from the University of Manitoba provides system implementation control objectives for this functional area. Sampling and Surveying Handbook (http://www.au.af.mil/au/hq/selc/smplntro.htm) from the Air University provides guidelines for planning, organizing, and conducting surveys. The site includes guidance on selecting a sample size with a corresponding free program available for download. Security Checklist (http://spider.osfl.disa.mil/cm/security/check_list/check_list.html). This site from the Defense Information Infrastructure Common Operating Environment (DII COE) includes security check lists for Solaris, Windows NT, Oracle, and more. Files are available in both PDF and MSW versions. Sick Leave Management Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/AuditGuidance/ GUID305S.e.html) from the Treasury Board of Canada provides guidance for reviews in this area. Sections include a model for sick leave management, planning and performing the audit, and more. Site Security Handbook (http://www.net.ohio-state.edu/hypertext/rfc1244/toc.html) is the product of an Internet Engineering Task Force work group. This document provides auditors with guidance on how to deal with Internet security issues. Useful for designing audits and reviews of Internet security. Software Management Guide (http://microsoft.com/piracy/samguide/introduction/) provides an effective system for software acquisition, distribution/use, copyright law, and more. Includes sections on software audits, audit tools, audit resources, preparing for an audit, initial analysis, conducting, and reporting. Software Management Policy Manual (http://www.state.ct.us/otc/softmpm/smpmtoc.htm) from the State of Connecticut provides their policy statements, agency responsibilities, and software use policies. This excellent resource is a model for combating organizational software piracy. Sub-Recipient Audit Guide (http://www.phila.gov/atservice/reports/audit98/auditweb/). The purpose of this manual is to implement the city of Philadelphia’s audit requirements for organizations and their independent auditors in preparing for and performing audits of organizations that receive financial assistance awards from the city. 128 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ System Implementation Review Checklist (http://www.umanitoba.ca/campus/ adminstrative_systems/application_development/internal.htm) from the University of Manitoba provides a comprehensive approach for a review of this area. Training Function Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/AuditGuidance/ GUIDE307.e.html) from the Treasury Board of Canada provides information for reviews in the staff training area. Users Guide for the Uniform Bank Performance Report (http://www.ffiec.gov/UBPR.htm) – Guide from the Federal Financial Institutions Examination Council for an analytical tool created for bank supervisory, examination, and management purposes. Value for Money Audit Manual (http://www.oag-bvg.gc.ca/domino/other.nsf/html/ 99cam_e.html) from the Office of the Auditor General of Canada provides standards and expected and common practices. Windows NT Security Guidelines (http://www.trustedsystems.com/NSAGuide.htm) from Trusted Systems Services provide guidelines for securely configuring the Windows NT operating system. The 110-page guidelines were the result of a one-year project for the National Security Agency (NSA) Research Organization. Audit Programs After observing repeated postings requesting audit programs in audit-related discussion groups it became clear that auditors should not have to “reinvent the wheel” every time they start an audit. The following listings are links to audit work programs or sites that contain audit work programs. Remember that these programs represent a starting point in preparing for an audit area. Expect to modify or revise the audit program to fit your organization and the specific objectives of the area selected for review. Association of College and University Auditors Audit Exchange Library (http://www.acua.org/ library.htm). This resource contains audit programs, audit reports, questionnaires, guides, program reviews, etc., focusing on audits for institutions of higher education. Includes an index that lists and briefly describes all available files. Association of Healthcare Internal Auditors (AHIA) Electronic Audit Library (http:// www.ahia.org/auditlibrary/libindex.htm). Available to AHIA members only. Audit Guides - Treasury Board of Canada (http://www.tbs-sct.gc.ca/rin/ia_main/ AuditGuidance/Audit_Guidance_Index.e.html). ___________________________________ Chapter 6 — Internet Resources for Auditors 129 Audit Manuals, Guides and Programs - Treasury Board of Canada (http://www.tbs-sct.gc.ca/ rin/ia_main/AuditManuals/Audit_Manuals_index.e.html). Audit Program Guides (http://www.ci.tampa.fl.us/audit/audit_guides.htm) from the city of Tampa’s internal auditing department are available in Adobe Acrobat PDF format. The audit guides cover many functional and program areas of local governments such as fixed assets, inventory, cashiering, and more. Local government auditors should bookmark this site for future reference. Audit Programs (http://www.utsystem.edu/AUD/programs/programs.htm) from the UT Systems Audit Office includes programs and questionnaires for internal controls, information technology, payroll, and more. Auditing the Human Resources Function (http://www.auxillium.com/audit.htm). An audit program provided by a human resource consulting firm that outlines the basic approach as well as information that should be included to cover a regulatory compliance review. AuditNet Auditors Sharing Audit Programs (ASAP) (http://www.auditnet.org/asapind.htm). In the interest of “Progress Through Sharing,” auditors began submitting audit programs to listservs to share with their peers who requested assistance. The audit programs are those submitted by auditors in the worldwide community of AuditNet. If you would like to contribute a program, send it via e-mail to [email protected]. Those with AOL access may send the file to [email protected] using the attach file feature. AuditNet Supplemental List of Audit Programs (http://www.auditnet.org/asap2.htm). Computer Security Institute Mini-Checklist (http://www.all.net/books/audit/generic/ CSIlist.html). Construction Audit Program (http://150.176.41.12/cig/construct-audprog.asp). Defense Contract Audit Agency (DCAA). Directory of Tailored/Standard Audit Programs (http://web.deskbook.osd.mil/reflib/DDCAA/0038z/0038zdoc.htm#T2). File System Checklists (http://www.all.net/books/audit/unix/files/top.html). Florida Power Corporation Audit Services Audit Programs (http://www.fpc.com/audits/ pgmslist.htm). Florida Power Corporation Audit Services Internal Control Questionnaire Checklists (http:/ /www.fpc.com/audits/icqlist.htm). 130 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ GASSP Firewall Checklist (http://www.all.net/books/audit/Firewall/gassp/top.html). Information Systems Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/ kits.html). LAN Administration Self Assessment Questionnaire (http://jhuniverse.hcf.jhu.edu/~oams/ lan.htm). Management Analytics Firewall Checklist (http://www.all.net/books/audit/Firewall/manal/ top.html). Novell Network Security Self Assessment (http://www.stanford.edu/dept/Internal-Audit/docs/ novell.shtml). Operating Unit Compliance Audits (http://www.stanford.edu/dept/Internal-Audit/docs/ compliance.shtml). PBX Audit Checklist (http://www.all.net/books/audit/pbx/general.html). PCCIP Risk Management Best Practices Audit (http://www.all.net/books/audit/pccip.html). Post Award of Contract and Leases Audit Program (http://150.176.41.12/cig/ SysAuditProgram2.asp). Process Audit Checklist (http://www.all.net/books/audit/unix/process.html). QS-9000 Auditor’s Checklist (http://www.isogroup.iserv.net/qslist.html). ___________________________________ Chapter 6 — Internet Resources for Auditors 131 Government Auditing Government sites represent a primary resource for audit-related Internet information. In the interest of making government information available for citizens, taxpayers, and peer audit organizations, government audit and evaluation are a cornerstone of free resources. If you do not find what you want on a government Web site, contact the site administrator or Webmaster and ask if the information you are looking for is available. Meta-information (information about information) is often neglected by auditors looking for resources on the Internet. Air Force Audit Agency Headquarters AFAA Home Page (http://www.afaa.hq.af.mil) contains links to audit and accounting information, downloadable files, government sites, and Web reference sites, including a dictionary, thesaurus, and the CIA World Factbook. Air Force FAR Site (http://farsite.hill.af.mil/) Web site set up by the Air Force for Federal Acquisition Regulations. Alabama State Auditor’s Office (http://agencies.state.al.us/auditor/) Web site provides information about the office, staff, press releases, and more. Alaska Division of Legislative Audit (http://www.legis.state.ak.us/legaud/web/default.htm) site provides summary and full text of audit reports. Anchorage Internal Audit (http://ci.anchorage.ak.us/Services/Departments/Audit) Web site provides information about the office, their annual audit plan, and links to reports. Arizona Auditor General (http://www.auditorgen.state.az.us/) Web site provides a navigation guide that explains about the office and its reports. There are links to performance, financial, and investigative audit reports issued by the office. The Services section includes manuals, forms, and newsletters issued by the office. They also have employment information and links to other related audit sites. Arkansas State Auditor Home Page (http://www.state.ar.us/auditor/auditor.html) provides information about the office and its services. Audit Commission (http://www.auditcommission.org/) is an independent government body in England and Wales responsible for appointing auditors in local government, setting standards, preparing special studies, and defining comparative performance measures. Auditing Government Funding (http://www.dhfs.state.wi.us/grants/Audit/IntroAud.htm) Web site from the Wisconsin Department of Health and Family Services provides information related to grants and contract audits. 132 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Auditor of the Commonwealth of Massachusetts (http://www.magnet.state.ma.us/sao/ auditor.htm). The Office of the State Auditor Web site provides information about the office and its divisions. Auditor General of Canada (http://www.oag-bvg.gc.ca). The annual reports of the Auditor General of Canada are available on the Internet. The reports contain detailed information about the office and are organized based on the results of studies and audits completed. There is a searchable index built into the reports. There is also information about the office and publications and other materials. Australian National Audit Office (http://www.anao.gov.au/anaohome.html) Web site of auditing for Australia provides audit reports, audit strategy, better practices guides, publications and more. Board of Audit of Japan (http://www.jbaudit.admix.go.jp/engl/) Web site provides status and history of the office and its audit activities. Brevard County Internal Audit (http://199.241.8.81/pages/interaud.htm) provides information about the office and online versions of recent audit reports. British Columbia, Office of the Auditor General (http://www.oag.bc.ca/) site provides information about the office and the reports produced. Also includes links to other related sites. California State Auditor (http://www.bsa.ca.gov/bsa/) site provides information about the office, employment opportunities, audit reports issued by both the Bureau of State Audits as well as the Auditor General. Audit reports may be ordered from this Web site. California State Controller’s Office (http://www.sco.ca.gov/) - details about the office including responsibilities and functions. The home page provides links to the Controller’s Monthly Revenue Updates, Controller’s Quarterly Reports, and a response to the May 1995 Performance Audit. The response is an excellent example of a detailed plan with corrective action identified. Chesapeake Audit Services Department (http://www.chesapeake.va.us/services/depart/audit/audit.html) Web site provides contact information for the office. Chesterfield County Internal Audit (http://www.co.chesterfield.va.us/ManagementServices/ InternalAudit/iahome.htm) Web site provides information about the office and an e-mail contact. Chicago Housing Authority Inspector General (http://www.thecha.org/Inspect_Gen.htm) Web site provides information about the office, job opportunities, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 133 Clark County Internal Audit (http://www.co.clark.nv.us/intaudit/Intaudit.htm) Web site provides information about the office, audit process, audit plan, audit programs, and more. Clerk’s Internal Audit Department (http://www.clerk.collier.fl.us/internal_audit.htm) Web site of the Collier County Clerk of the Circuit Court Internal Auditor provides information about the office, audit plan, reports issued, and more. Colorado State Controller’s Office (http://www.state.co.us/gov_dir/gss/acc/) Web site for the organization that manages the financial affairs of the state by providing financial information, issuing fiscal policies, ensuring timely recording of the budget, and providing accounting consulting services to state agencies. The site includes general information as well as reports and publications. Commonwealth of Australia Department of Finance (http://www.finance.gov.au) provides information about the Australian Department of Finance, including mission statement, organization structure, and links to other organizations. There is also a link to the Commonwealth budget, which could assist auditors in reviewing budgets for their own organizations. Connecticut Auditor of Public Accounts (http://www.state.ct.us/apa/) Web site provides information about the office, types of audits performed, reports, employment information, and more. Connecticut Office of the State Comptroller (http://www.state.ct.us/otc/) home page provides an overview of the office, press releases, reports, manuals, and an excellent page of links to other state comptrollers on the Internet. Corporate Review, Evaluation and Audit (http://www.ncr.dfo.ca/communic/cread/english/ index_e.htm) Web site of the Canadian Department of Fisheries and Oceans audit organization with access to their service standards and reports and links to other sites. Dallas City Auditor (http://www.ci.dallas.tx.us/html/city_auditor.html) Web site provides information about the office, FAQs, and a program description. D.C. Inspector General (http://www.dcig.org/) provides information about the office, media releases, reports, and more. Defense Contract Audit Agency (http://www.dcaa.mil/) Web site for the agency responsible for performing all contract audits for DoD and providing all accounting and financial advisory services for contracts and subcontracts in DoD organizations. Site includes background information about the organization, vision and goals, audit guidance, and more. Auditors involved in reviewing contracts will find useful guidance at this site. 134 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Delaware Auditor of Accounts (http://www.state.de.us/auditor/index.htm) Office of the Auditor of Accounts for the State of Delaware. Provides information about the office and links to economy and efficiency reports issued by the office. Denver Auditor’s Office (http://www.denvergov.org/dephome.asp?depid=228) provides information about completed audits, city budget, technology update, and more. Department of Commerce Inspector General (http://www.oig.doc.gov/) Web site provides information about the office, online reports, and more. DuPage County Auditor’s Office (http://www.co.dupage.il.us/auditor/index.html) local government audit office that includes the role of the county auditor, summaries of revenues and expenditures, and abstracts of audit reports issued the county auditor. Contains links to federal, state, and local government sites and specifically sites of interest to local government professionals. Environmental Protection Agency Office of the Inspector General (http://www.epa.gov/ oigearth/) Web site provides information about the office branches, audit reports, and more. Their customer service rules and strategic plan provide excellent sample frameworks for other audit offices. Fairfax County Internal Audit Office (http://www.co.fairfax.va.us/gov/audit/) Web site provides information about the organization, a local government audit survey, annual audit plan, Internal Audit Manual with forms (Adobe and WordPerfect format), links to fraud, performance and audit-related sites, and more. Federal Trade Commission Inspector General (http://www.ftc.gov/oig/oighome.htm) Web site provides their mission, a statement of reinvention principles, audit reports, and links to other resources. Florida Auditor General (http://sun6.dms.state.fl.us/audgen/) Web site provides information about the office, report summaries by subject, a report listing, and the rules of the auditor general. Florida Comptroller (http://www.dbf.state.fl.us/index.html) Web site provides an overview of the organization, financial highlights, comptroller’s newsletter, consumer alerts, and more. Florida Inspectors General Network (http://fcn.state.fl.us/dms/sec/fignet/fignet.html) Web site provides a central information resource for the Florida IG community. Includes IG-related state statutes, audit reports from state agencies, and Web information references. Florida Legislature Office of Program Policy Analysis and Government Accountability (http:/ /www.oppaga.state.fl.us/). In addition to reports and manuals, the site contains F-GAR, an electronic encyclopedia and search engine covering 400 state programs, performance measures, and accountability ratings. ___________________________________ Chapter 6 — Internet Resources for Auditors 135 Franklin County Auditor (http://www.co.franklin.oh.us/Auditor/) local government Web site provides information about the office and the services they offer. Gainesville City Auditor’s Office (http://www.afn.org/~auditor/) Web site provides a profile, annual audit plan, recent audit reports, peer review information, and policies and procedures. GAO Daybook. The U.S. General Accounting Office has a mailing list service for a daily electronic posting of the GAO Daybook. The “Daybook” is the daily listing of released GAO reports and testimony. Subscribe to the GAO Daybook by sending an e-mail message to: <[email protected]> with the message “subscribe daybook” (no quotes). For additional information about GAO services, send an e-mail message to [email protected] with “info” in the body. GAO Report Database on the Internet (http://www.access.gpo.gov). General Accounting Office reports are now available on the Internet through the Government Printing Office Access Service. General Accounting Office (http://www.gao.gov). The site includes GAO reports and testimony, decisions of the Comptroller General of the U.S, GAO policy and guidance materials, special publications, and more. General Services Administration Inspector General (http://www.gsa.gov/staff/ig/audit/ httoc.htm) site provides a straightforward audit plan for the office. Georgia Department of Audits (http://www.state.ga.us/Departments/AUDIT/) home page of the State Auditor for Georgia. Includes a description of the department and each of the divisions. The Performance Audit Operations Division has a list of completed report topics, reports in progress, sources of related information, employment opportunities, and more. GovCon Discussion Groups (http://www.govcon.com/) Government Contractors site that includes discussion groups for auditing, accounting, and financial management issues. KPMG Peat Marwick is moderating a new discussion group on government audit and reviews. Questions on issues affecting the performance and resolution of government contract audits (DCAA, IGs, etc.) can be posted online. Access to the site is free but registration is required. Government Auditing Standards (http://www.ignet.gov/ignet/internal/manual/yellow/ yellow.html) Web site for the GAO Government Auditing Standards or Yellow Book. Government Auditor’s Resource Page (http://www.trib.infi.net/~zsudiak/GARP.html) U.S. Department of Education Office of Inspector General home page provides information on resources for government auditors. Includes links to Thomas (legislative information on the Internet), Internet search tools, audit resources, sources for government documents, and links to other government resource indexes. 136 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Grant Administration and Audit Resources (http://www.dhfs.state.wi.us/grants/Resources/ IntroRes.htm) Web site from the Wisconsin Health and Family Services Department provides links to federal sites, audit requirement sites, department resources, and more. Guide to the World Wide Web for Research and Auditing (http://www.tetranet.net/users/ gaostl/guide.htm). David Henry of GAO provides auditors with the basic instructions for using the Web as an auditing/research tool. Harris County, Texas Auditor’s Office (http://www.co.harris.tx.us/auditor/default.html). Site includes information about the office, staff, organization charts, and financial information. Health and Human Services Office of Audit Services (http://www.hhs.gov/progorg/oas/ index.html) Web site provides reports, manuals and guides, employment opportunities, and more. Health and Human Services Office of the Inspector General (http://www.dhhs.gov/progorg/ oig/) Web site provides information about the office, audit and inspection reports, and a link to the HHS Redbook, a compendium of OIG recommendations that have not been substantially implemented. Henrico County Internal Audit (http://www.co.henrico.va.us/audit/) Web site contains information about their mission, staffing, audit committee, audit charter, e-mail contacts, external auditing, and office history. Hong Kong Audit Department (http:/www.hk.super.net/~audskli/welcome.htm) is one of the oldest departments in the Hong Kong government. The site includes information about the office, types of audits performed, links to audit reports, and more. Howard County Auditor’s Office (http://www.co.ho.md.us/auditor/index.htm) Web site for this Maryland local government jurisdiction includes background information, charter, links to audit reports, and more. HUD OIG (http://www.hud.gov/oig/oigindex.html). The U.S. Department of Housing and Urban Development Office of the Inspector General Web page includes a mission statement, hotline information, list of IG offices, testimony from the IG, the semiannual report to Congress and audit reports covering management of programs by HUD and others, technical assistance and useful information about audit requirements, and links to other audit-related information and search tools. Idaho Legislative Auditor (http://www.state.id.us/legislat/audit.html) Web site provides online executive summaries of legislative fiscal audits for the various departments, boards, and commissions of the Idaho state government. ___________________________________ Chapter 6 — Internet Resources for Auditors 137 IGNet (http://www.ignet.gov). Internet-based electronic communications network dedicated to improving the effectiveness of the inspector general community and to provide public access to IG reports. Site includes links to IG home pages, Internet resources via a virtual library, the IGNet Internet search list, related organizations, and more. The site includes the Interactive Yellow Book, a valuable tool for government and non-government auditors. The Job Opportunities home page lists IG vacancies and links to other sites related to career planning and job search strategies. Illinois Auditor General (http://www.state.il.us/auditor/audhome.htm) Web site provides information about the auditor general’s office, agencies audited and audit reports, career opportunities, and more. Indiana State Auditor (http://www.state.in.us/acin/auditor/index.html) Web site provides information about the office, staff, and more. Indiana State Board of Accounts (http://www.ai.org/sboa/) Web site provides information about the office, guidelines, manuals, reports, job opportunities, and more. Inspector General Social Security Administration (http://www.ssa.gov/oig/oig1.htm) Web site provides information about the office, audit reports, job announcements, and more. Iowa Office of the State Auditor (http://www.state.ia.us/government/auditor/index.html) Web site provides information about the office. Ireland Comptroller and Auditor General (http://www.irlgov.ie/audgen/default.htm) Web site includes organization details, press releases, publications, and areas of interest/current projects. Kansas City Auditor’s Office (http://www.kcmo.org/auditor/) site provides information about the office and the type of audits performed. Kansas Legislative Division of Post Audit (http://skyways.lib.ks.us/kansas/kslegPAUD/ homepage.html) is the audit organization of Kansas government. The site provides information about the organization, its functions, missions, goals, and performance measures. There are links to other audit organizations, search engines, and more. Kentucky Auditor of Public Accounts (http://www.state.ky.us/agencies/apa) Web site provides information about the office, reports, an employee index, and more. King County Auditor’s Office (http://www.metrokc.gov/auditor/) home page provides information about the office, e-mail addresses for the staff, a list of current projects, an index of audit reports issued, including the executive summaries (organized by agency, topic, and year issued), and links to other audit-related sites. 138 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Korean Board of Audit and Inspection (http://www.bai.go.kr/) Web site for the agency that monitors the performance of Korean government operations. Information available includes a history of the organization, annual report, and links to other Korean sites. Legal Services Corporation Office of Inspector General (http://oig.lsc.gov/aud/cs3recov.htm) Web site provides a link to their Audit Guide and Compliance Supplement, and allowable cost/ cost principles. Legislative Analyst’s Office (LAO) (http://www.lao.ca.gov/). The LAO provides analysis to the California legislature on financial and policy issues. As an independent legislative oversight body, the LAO advises lawmakers on the financial impact of policy issues, including state and local government implications, and the use of information technology as a tool to make government more effective. Documents include budget analysis, reports, policy briefings, and special publications. Lorain County Auditor (http://www.loraincounty.com/auditor/) local government Web site provides information about the office and the services they offer. Louisiana Inspector General (http://www.state.la.us/oig/inspector.htm) Web site provides a history of the office, mission statement, public reports, and more. Louisiana Legislative Auditor (http://www.lla.state.la.us/) Web site provides information about the office, types of audits performed, reports issued, and more. Maine Office of Program and Legislative Audit (http://www.state.me.us/legis/opla/ reports.htm) Web site of the Maine legislative audit function provides access to reports issued. Manatee County Internal Audit (http://clerkofcourts.com/internal.htm) Web site provides information about the office, services provided, published audit reports, and more. Maricopa County Internal Audit (http://www.maricopa.gov/internal_audit/default.asp) provides information about the department and an index of audit reports issued. Maryland Comptroller of the Treasury (http://www.comp.state.md.us/main.htm) provides information about the office, services offered, and links to general taxpayer assistance for Maryland residents and businesses. Massachusetts Office of Inspector General (http://www.state.ma.us/ig/ighome.htm) Web site for the state watchdog agency. Site provides information about the office, publications issued, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 139 Massachusetts State Auditor (http://www.state.ma.us/sao/) Web site provides information about the office and its divisions. Medina County Auditor (http://www.medinacountyauditor.org/) local government Web site provides information about the office and the services they offer. Metro Office of the Auditor (http://www.metro-region.org/glance/auditor/dow.html) helps the Portland Metro regional government achieve honest, efficient management and full accountability to the public. Links to reports, a newsletter, and more. Metropolitan Water District of Southern California (http://www.mwd.dst.ca.us/audit/docs/ audhome.htm) audit department home page includes information about the department, charter, work plan summaries, and more. Michigan Office of the Auditor General (http://www.state.mi.us/audgen/) home page includes information about the office and their reports. Milwaukee County Department of Audit (http://www.co.milwaukee.wi.us/depart/daudit.htm) Web site provides information about the office and the services offered. Minnesota Office of the Legislative Auditor (http://www.auditor.leg.state.mn.us/) Web server for the Legislative Auditor’s Office. The OLA server includes history of the office, information about the financial audit division, and program evaluation division. Copies of audit reports, including a report on performance budgeting. Provides links to the Minnesota legislature Gopher server, and federal, state, and Internet information resources of interest to auditors. Minnesota Office of the State Auditor (http://www.osa.state.mn.us) Web site provides information about the office, online access to reports, and downloadable files from prior periods. Mississippi Joint Legislative PEER Committee (http://www.peer.state.ms.us/index.html) Web site for the Mississippi Performance Evaluation and Expenditure Review Committee provides access to reports from 1974 to present in Adobe Acrobat format. There are also FAQs and links to other sites of interest. Mississippi Office of the State Auditor (http://www.osa.state.ms.us/) Web site provides information about the function, public documents, press releases, and links to other sites of interest. Missouri State Auditor’s Office (http://www.auditor.state.mo.us/). Site includes information about the office, details on reporting fraud, waste and abuse, summaries of reports, and more. For more information, send e-mail to [email protected]. 140 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Montana Legislative Audit Division (http://www.mt.gov/leg/audit/). Site provides information about the organization, access to reports, goal, audit standards, employment opportunities, and more. Multnomah County Auditor’s Office Home Page (http://www.multnomah.lib.or.us/aud). First county auditor’s office to establish a home page on the Web. Includes summaries of recent auditors’ reports, an index of past reports, a profile of the office, and an auditor’s column. The page is directed at Portland citizens with access to the Internet to let them know about the county auditor’s office. NARA IG (http://www.nara.gov/ig/). The National Archive and Records Administration Inspector General’s Office home page provides a wealth of resources for IG offices. The site provides information about the role of the IG and the audit and investigation units. There are links to other related sources and a Guide to Internet Legal Research with links to areas of special interest to IGs, statutes, case law, regulations, legislative history, and more. NASA Office of Inspector General (http://www.hq.nasa.gov/office/oig/hq/) Web site provides the mission statement, information on their hotline, and summaries of the audit and investigation sections, including sample audit findings. National Audit Office (http://www.open.gov.uk/nao/home.htm) home page for the independent public sector audit organization in the United Kingdom. This office reports on the economy, efficiency, and effectiveness of departments and related parts of the government. The NAO publishes up to 50 value-for-money audits annually. A listing of the reports is on the site as well as press notices that provide an abstract for each report. The annual report summarizes their work and results achieved. Naval Inspector General (http://www.ig.navy.mil/New_Look.html) Web site provides information about the office, online publications, and more. Nebraska State Auditor of Public Accounts (http://www.nol.org/home/auditor/index.html) home page provides information about the organization, including the Special Audits and Evaluation Unit, which operates a hotline. Includes examples of complaints and concerns. Netherlands Court of Audit (http://www.rekenkamer.nl/en/index.htm) is the official audit organization for the government. The site includes performance and regularity audit manuals, summaries of audit reports, the legal basis for the office, and more. Nevada Legislative Counsel Bureau Audit Division (http://www.leg.state.nv.us/lcb/audit/ audit.htm) Web site provides information about the office, list of reports issued, organizational structure, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 141 New Hampshire Legislative Budget Assistant (http://www.state.nh.us/lba/index.html) Web site for the audit division provides their mission, staff directory, summaries of reports, and links to other sites. New Jersey Office of the State Auditor (http://www.njleg.state.nj.us/html98/olsaudit.htm) Web site provides information about the office, mission statement, and full text of recent audit reports in Envoy format (free reader available). New Mexico State Auditor (http://www.saonm.org/) Web site of the office responsible for safeguarding New Mexico taxpayers’ money. New South Wales Audit Office (http://www.audit.nsw.gov.au/) Web site includes information about the office, roles and responsibilities, reports and publications, and more. New York State Office of the State Comptroller (http://www.osc.state.ny.us). Well-organized Web site provides information about the office, audits of state agencies, local government services and audits, the State Comptroller’s Assistance Network (SCAN), links to other useful sites, and more. New Zealand Controller and Auditor-General (http://www.netlink.co.nz/~oag/) Office of the Controller and Auditor-General of New Zealand provides general information, recent reports, speeches, and international affiliations. Non-Federal Audits Team Home Page ( http://home.gvi.net/~edoig) provides “one stop shopping” for information pertaining to single audits and other audits of education programs (SFA audits, lender audits, etc). (Non-federal means audits of federal funds performed by non-federal auditors.) Information is organized by source (GAO, OMB, PCIE, ED, etc.). There are links to other related sites. North Carolina Office of the State Auditor (http://www.osa.state.nc.us/) provides information about the State Auditor’s Office, online access to selected audit reports, e-mail request for other reports, and links to other sites. North Dakota State Auditor (http://www.state.nd.us/auditor/) Web site provides information about the office, links to audit reports, FAQs, employment information, staff directory, and a fraud hotline. Northern Territory Auditor-General’s Office (http://www.nt.gov.au/ago/) Web site provides information about the office and their reports. Nova Scotia Office of the Auditor General (http://www.gov.ns.ca/legi/audg/) Web site provides information about the office and the services offered. Includes annual reports by the auditor general. 142 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ NYCComptNet (http://www.comptroller.nyc.ny.us). Office of the New York City Comptroller established an Internet connection and offers other localities ideas on how to improve their financial systems and reporting, internal controls, and performance measures via the Internet. Office of the Auditor General, Alberta, Canada (http://www.oag.ab.ca/) Web site provides a report on government accountability and links to annual reports. Office of the Auditor General, New Brunswick (http://www.gov.nb.ca/audgen/index.htm) Web site provides information about the office and their publications. Office of the Auditor General, Newfoundland and Labrador (http://www.gov.nf.ca/ag/) Web site provides information about the office, entities subject to audit, reports, and more. Office of the Inspector General EPA (http://www.epa.gov/oigearth/index.htm) provides information about the organization, reports, strategic plan, and more. Office of the Inspector General University of Florida (http://oig.ufl.edu/). This Web site contains a wealth of information for auditors in the college and university environment and others. Includes a checklist for accounting and administrative controls, control summaries for time records and leave, and tax compliance issues. The UF Software Copyright Policy is an excellent model, which includes policies and guidelines, resources, and training materials. There are also links to other sites, including the Florida Legislature. Office of the Provincial Auditor, Ontario, Canada (http://www.gov.on.ca/opa/en/ieng.htm) Web site provides information about the office and links to audit reports by ministry and program. Office of the Provincial Auditor, Saskatchewan (http://www.legassembly.sk.ca/provaud/) Web site provides information about the office, reports issued, and more. Ohio Auditor of State (http://www.ohio.gov/auditor/). The Ohio State Auditor Office provides information about the office and its division, audit reports released, technical bulletins, publications, links to related sites, and more. Ohio Office of the Inspector General (http://www.ohio.gov/watchdog/) Web site provides information about the office such as mission and history. There are summaries of investigations, investigation reports, annual reports, FAQs, and more. Oklahoma State Auditor (http://www.state.ok.us/~auditor/) Web site includes agency information, audit reports, and forms. ___________________________________ Chapter 6 — Internet Resources for Auditors 143 Orange County Florida Audit Division (http://www.comptroller.co.orange.fl.us/audit/ audit.html) Web site provides information about the office, the audit process, a fraud hotline, and a list of published reports back to fiscal year 1987. Orange County Internal Audit Department (http://www.oc.ca.gov/audit/index.htm) Web site for this California county provides information about the office, control self-assessment, internal control, and more. Oregon Secretary of State Audits Division (http://www.sos.state.or.us/audits/audithp.htm) Web site includes information about the office, report summaries, fraud hotline, and more. Orlando Internal Audit Office (http://www.ci.orlando.fl.us/departments/audit/) Web site provides their mission statement, a list of available audit reports, links to their hotline, revenue auditing, and more. Pennsylvania Auditor General (http://www.auditorgen.state.pa.us/). Interactive tour of Pennsylvania’s Taxpayer Advocate provides information about the office, audit results, and career opportunities. Philadelphia Office of the City Controller (http://www.libertynet.org/~citycont/) Web site provides information about the office, access to city economic information, and a searchable audit database. Portland City Auditor’s Office (http://www.ci.portland.or.us/auditor/pdxaudit.htm) Web site includes general information about the City of Portland, Oregon Audit Services Division. Includes list of all audit reports issued, abstracts of audits, and links to other resources. Public Service Commission of Canada Audit and Review (http://www.psc-cfp.gc.ca/audit/ internet/recourse.htm) Web site includes information about the PSC, monographs and reports, methodologies used, and links to other related sites. Queensland Audit Office (http://www.qao.qld.gov.au/) home page includes information about the office and links to other sites. Review Information Network (http://www.tbs-sct.gc.ca/rin/) Web site provides audit publications and guides from the Treasury Board of Canada. St. Charles County Auditor (http://www.win.org/county/depts/sccgaud.htm) Web site provides information about the office, their annual audit plan, links to audit reports, and more. 144 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Saipan, Office of the Public Auditor (http://www.opacnmi.com/) Web site for the official auditor of the Commonwealth of the Northern Mariana Islands provides information about the office, reports issued, government ethics, links to other resources, and more. San Diego Auditor’s Department (http://www.co.san-diego.ca.us/cnty/cntydepts/general/auditor/) Web site provides information about the department, goals, services, job information, FAQs, and more. San Jose Office of the City Auditor (http://www.ci.san-jose.ca.us/auditor/www.shtml) Web site provides information about the office, types of audits performed, FAQs, benefits to the city, organizational charts, and a list of issued audit reports. Seattle, Office of the City Auditor (http://www.pan.ci.seattle.wa.us/seattle/audit/hpg.htm) Web site for the city’s independent auditor provides audit reports, a description of the audit process, a whistleblower’s page, links to other audit offices, an excellent newsletter with a performance theme, and more. South Australia Auditor General (http://www.audit.sa.gov.au/) government Web site provides information about their office and the reports issued. South Carolina Audit and Certification (http://www.state.sc.us/mmo/audit/audmenu.htm) Web site provides information about the office, audit program, internal control questionnaire, and more. South Carolina Comptroller General (http://www.state.sc.us/cg/news.htm) Web site provides information about the organization, monthly financial reports, their Comprehensive Annual Financial Report, and more. South Dakota State Auditor’s Office (http://www.state.sd.us/state/executive/auditor/ auditor.htm) Web site provides information about the office and the tasks performed. South Florida Water Management District (http://www.sfwmd.gov/gover/2_intaudit.html) Inspector General’s Office Web site has information about the office, charter, audit reports, and more. Tallahassee Auditing Department (http://www.state.fl.us/citytlh/auditing/audhompg.html) home page provides information about the office, its staff, and a list of recent audit reports. Tampa Internal Audit Department (http://www.ci.tampa.fl.us/audit/index.htm) is the Web site for the city audit office. The site includes information about the office, current audit agenda, audit programs, audit reports, tax information, links to related sites, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 145 Tasmanian Audit Office (http://www.audit.tas.gov.au/) site includes information about the office, audit reports, and links to other Australian audit sites. Tennessee Comptroller of the Treasury (http://www.comptroller.state.tn.us/) Web site provides information and reports released for the office that has audit responsibility for all counties in the state. Tennessee Valley Authority Office of the Inspector General (http://www.tva.gov/oig) home page with information about the office and links to other audit, finance, and business-related sites. For more information, send e-mail to [email protected]/. Texas Comptroller of Public Accounts (http://www.cpa.state.texas.us/) Web site provides news and information, including comptroller publications, e-mail link to the comptroller, and links to other related servers. Texas State Auditor’s Office (http:// www.sao.state.tx.us/) Web site has information about the mission, goal, objectives, and statement of values of the SAO. Key points of reports released since 1994 and the full text of reports released since 04/96 is available online. Resources include Acrobat versions of the Guide to Performance Measurement and the SAO Methodology Manual. Another downloadable file is CAFE (Comprehensive Analysis for Efficiency), a visual basic application that contains summary information from various Texas state databases. Audit resource links on the Internet, employment opportunities, and training schedules for Texas State Agency internal auditors are also included on this comprehensive Web site. Tulsa City Auditor’s Office (http://www.webzone.net/philwood/) Web site provides links to audit reports, audit and accounting resources, and more. United Nations Office of Internal Oversight Services (http://www.un.org/Depts/oios/) Web site for the internal auditing function of this worldwide organization provides information about the office, mandate, mission statement, activities, and reports. U.S. Army Audit Agency (http://www.hqda.army.mil/AAAWEB/) Web site provides information about the agency’s mission, vision, values, goals, and strategic plans. There are links to audit-related sites, government sites, and search engines. U.S. Army Internal Review (http://www.asafm.army.mil/IR/IR.htm) Web site has information about their mission, services, training program, internal review guide, audit programs, and links to other resources. 146 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ U.S Army Training and Doctrine Command Center OIRAC (http://www tradoc.monroe.army.mil/irac/). The Office of Internal Review and Audit Compliance Web site contains listings of ongoing audits from Army Audit Agency, DoDIG, General Accounting Office, and local internal review audits. There are also past audit reports from GAO, Army Audit Agency, and other select audits. The site also includes pointers to selected audit resources geared to the internal review audit community. U.S. House of Representatives OIG (http://thomas.loc.gov/home/audit.html) Web site provides financial statements and performance reports issued. Reports are in PDF format and require the Adobe Acrobat Reader. U.S. Postal Service Inspector General (http://www.uspsoig.gov/oiginfo.htm) Web site has links to information about the office, hotline, reports, and more. Utah State Auditor’s Office (http://www.sao.state.ut.us/) Web site provides information about the office, a mailing list of local governments, access to audit reports, an audit hotline, and more. Utah’s Legislative Auditor (http://www.le.state.ut.us/audit/lag.htm) home page of Utah’s Legislative Auditor General. Provides information about the office, the purpose of performance audits, and abstracts of recent audit reports. Victoria Auditor General’s Office Australia (http://www.vicnet.net.au/~vicaud1/aghome.htm) home page includes information about the office, abstracts of reports, and links to other audit offices and resources. Reports include a performance audit of the office by Price Waterhouse, Privatisation: An Audit Framework for the Future, and more. Virginia Auditor of Public Accounts (http://www.apa.state.va.us/) Web site for the commonwealth organization that conducts audits of state agencies and local governments. Site includes audit reports for online viewing, information about the office, a directory, and recruiting information. Virginia Department of State Internal Auditor (http://www.cns.state.va.us/dsia/) Web site provides information about the office, newsletters, job opportunities, an audit forum to discuss relevant issues, and more. Virginia Evaluation Information Online (http://jlarc.state.va.us/). The Joint Legislative Audit and Review Commission home page provides information about members, meeting schedules, and reports issued back to 1975. There is a chronological list of all reports issued, an annotated index of reports, and online report summaries for selected reports back to 1993. Washington State Auditor’s Office (http://www.sao.wa.gov/) site provides information about the office and links to legal and audit resources. ___________________________________ Chapter 6 — Internet Resources for Auditors 147 Washington (State) Legislative Budget Committee (http://www.wa.gov/lbc/) site for the LBC, which conducts performance audits, program evaluations, special studies, and sunset reviews on behalf of the Legislature and the citizens of the state of Washington. The committee makes recommendations to the Legislature and state agencies that will result in cost savings and improved performance in state government. West Virginia State Auditor’s Office (http://www.wvauditor.com) site provides information about the office, guides, and reports. Western Australia Office of the Auditor General (http://www.audit.wa.gov.au/) site provides information about the office and includes an index of reports from 1991. Recent reports are available online. Wisconsin Legislative Audit Bureau (http://www.legis.state.wi.us/lab/index.html) Web site provides information about the office and their work products. Wyoming Department of Audit (http://audit.state.wy.us/) Web site provides information about the organization’s divisions. Internal Auditing These are primarily links to corporate internal auditing departments or Web sites focusing on internal auditing. The resources of AuditNet are included in this category as a central clearinghouse for internal auditors using the Internet as an auditing tool. Accounting and Audit Resources (http://www.disastercenter.com/audit.htm) from the disaster center provides a comprehensive list of links to related sites. The links to accounting and audit associations and organizations is especially useful. Ameritech Internal Audit Services (http://www.ameritech.com/corporate/internalaudit/ index.html) Web site provides information about the office and the services offered. Auditors will find information on self-directed work teams, benchmarking, and more. ANet Mailing Lists (http://www.csu.edu.au/anet/lists/). One of the major services provided by ANet is mailing lists in a range of areas. The principal mailing list is ANews-L, which provides information on a variety of upcoming events, new publications, and important developments on the Internet. Archives of the various ANet lists are maintained on the site. ANZ Internal Audit Group Mailing List (http://www.curtin.edu.au/curtin/audit/ mailing%20list.htm) allows for the free exchange of ideas for internal auditors of Australian and New Zealand universities and other interested participants. The site provides information for subscribing to the ANZUIAG-L list. This list was previously called INTAUDIT-L). 148 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ ANZUIAG (http://www.curtin.edu.au/curtin/audit/anzuiag1.htm) is the Web site for the Australian & New Zealand internal audit group at the University of South Australia. This page provides links to other Australian and New Zealand universities. Arthur Andersen KnowledgeSpace® for Internal Auditors (http://www.knowledgespace.com) is a customized source of internal audit resources, tools, methodologies, checklists, and self-assessment surveys. The site provides access to Arthur Andersen’s Global Best Practices knowledge base for business process improvement. You can sign up online for a free 30-day trial of this subscription-based Web site. Audit Software and Security Utilities (http://www.rawnet.co.uk/) Web site provides downloadable demos of audit-related software and security programs, including a random password generator, NT and Netware Security, software inventory, and more. Auditing Home Page (http://www.uwm.edu:80/dept/Auditing/) guidance tool for students or individuals interested in auditing. Site was established by a group of accounting majors at the University of Wisconsin-Milwaukee. Includes a description of what auditing is, who performs, professional associations, business schools, and courses. Provides links to accounting sites on the Internet as well as accounting and software. Audit-L Discussion List. A generalized audit discussion list that is open to all auditors irrespective of industries and organizations. The list is intended to have a diverse membership so that broad perspectives from all auditors could be gained through interactive communication. While many specialized lists were created to address unique needs of specific industries or special interest groups, the concept of this list recognizes that many audit issues cross industry/organizational lines. Send subscription request to [email protected] with one line in the body of the letter: SUB AUDIT-L yourname. Auditmall (http://www.vfauditmall.com/) Web site for VF Internal Audit: The internal auditing department of VF Corporation, a Fortune 500 apparel company. Topics include internal audit philosophy, internal controls, control self-assessment, employment opportunities, links to related sites, and much more. AuditNet Accounting/Audit/Finance Email Directory (http://www.ecu.edu.au/mra/resources/ auditnet.html). The AuditNet Email List was established for the purposes of fostering electronic communications among auditing professionals in government, industry, and academic institutions. Listing in the AEL is by request. The e-mail directory is being maintained at Edith Cowan University. E-mail the following request to [email protected]: ___________________________________ Chapter 6 — Internet Resources for Auditors 149 Please include me in a directory of e-mail addresses of auditors. I understand that this information will be used as a networking tool for auditors to maintain a communications link. Full Name (your REAL name, please): E-mail Address: Occupation: Company/Organization Name: Organization’s Web Page Address (if applicable): Industry Title: City: State: Country: Your Personal Web Page Address (if applicable): AuditNet Communication Network for Internal Auditors (http://www.auditnet.org/ acnia.htm). An electronic bulletin board providing internal auditors with a place to communicate with other professionals. Areas include internal auditing best practices (AuditBest), conferences and training seminars (AudiTrain), Internet books of interest to internal auditors (AuditBooks), job notices (AuditJobs), and other timely information. AuditNet Home Page (http://www.auditnet.org/) is the central site containing information about the components of AuditNet, including the AuditNet Resource List (KARL), Auditors Sharing Audit Programs (ASAP), AuditNet E-Mail Directory, and more. Links to the KARL and indexed pages facilitate connecting to related resources. AuditNet Internet Use Policy Resources for Internal Auditors (http://www.auditnet.org/ iupaudit.htm) Web site provides links to policy resources for Internet use, security, e-mail, and other related topics. AuditNet-L is a monthly mailing from AuditNet that provides the latest additions to the AuditNet Resource List, new audit programs added to Auditors Sharing Audit Programs, and more. To subscribe to AuditNet-L, which includes the monthly updates to Internet Resources for Auditors, send an e-mail to [email protected] and, in the body of the message, put SUBSCRIBE AUDITNET-L (your name). AuditNet Resource List Home Page (http://www.auditnet.org/karl.htm). The official hypertext version of the AuditNet Resource List (KARL) that provides the most recent set of links to auditrelated resources on the Internet. AuditNet Year 2000 Resources for Auditors (http://www.auditnet.org/y2kaudit.htm) Web site provides links to year 2000 resources for auditors. 150 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ AuditZine (http://www.auditnet.org/aud_zine.htm) compilation of articles related to audit and accounting uses of the Internet. Provides links to articles or a bibliography entry of the article for ease of location. Bank Internal Auditing (http://members.xoom.com/bankauditing/) is an e-library for bank internal auditing with links to related resources. Certified Internal Auditor Information (http://www.theiia.org/cia/ciacvr.htm) provides information for the CIA certification and examination. Provides details about the certification and examination, including exam locations and dates. Credit Union Internal Auditors Mailing List Discussion list for credit union internal auditors. To join this Internet mailing list, send an e-mail to [email protected] and include “subscribe cu-ia” in the body of the message. (Knowledge Assembly Resource) EDIFICAS Schwiez (http://www.firmnet.ch/edificas/) awareness group formed to establish EDI accounting and auditing guidelines. Includes an excellent article, “The Auditor in the EDI Environment,” which discusses the auditor’s role, answers to new requirements, and the auditor’s use of information technology. Florida Progress Corporation Audit Services (http://www.fpc.com/audits) Web site is provided as a service to the audit community. Includes audit programs and internal control questionnaires, an Excel statistical sampling routine, and more. Internal Audit Newsgroup (Alt.business.internal-audit). Internal audit newsgroup formed September 5, 1994, for discussion of internal auditing related subjects. Open forum to share ideas, proposals, experiences, hopes, fears, and vulnerabilities. Access via Usenet newsreader or on America Online Internet Center or GO Usenet on CompuServe. Internal Audit Stakeholders (http://athens.bitwise.net/iawww/) is a database of internal auditing professionals who have voluntarily listed their names, areas of interest, and e-mail addresses on the Internal Auditing World Wide Web site. This is a great resource for auditors looking for peer professional contacts. Look in the People Section. Internal Auditing Resource Center (http://members.tripod.com/~sisaac/index.html) Web site from Automation Consulting links to auditing software, auditing sites, and more. Internal Auditing World Wide Web (IAWWW) http://www.bitwise.net/iawww. Developed as a prototype demonstration project, the site functions as a warehouse of information and knowledge pertaining to the internal auditing profession and functions across associations, industries, and countries. This is a premier source of information on the internal auditing profession. Send email to [email protected]. ___________________________________ Chapter 6 — Internet Resources for Auditors 151 Jefferson Laboratory Internal Audit Department (http://www.jlab.org/div_dept/audit/ index.html) Web site provides the charter, strategy, methodology, reports and work plans, and more. New Mexico Military Institute Internal Audit (http://www.nmmi.cc.nm.us/audit/Guest.html) site provides information about the department, FAQs, and links to other resources. Union Pacific Corporate Audit (http://www.up.com/audit/) provides information about the department and employment opportunities. College and University Auditing Colleges and universities were early users of the Internet because, along with the government, they played a role in research and development. The internal auditing departments of colleges and universities are established denizens of the Internet. Most of their sites provide guidance on internal controls and security issues that auditors will find particularly useful. Their foundation in the use of the Internet makes them likely candidates for answering questions that perhaps other auditors cannot answer. Use their sites as a meta-information resource and do not hesitate to contact them via e-mail if the resources you are looking for are not available on their Web pages. Auburn University Internal Audit Department (http://www.auburn.edu/~auaudit/) home of the internal audit department. Provides information about the department, FAQs, a Guide to Internal Controls, Ask an Auditor, the Fraud Hotline, and more. Boston College Internal Audit (http://www.bc.edu/bc_org/fvp/ia/home/home.html) is the Information Security and Internal Control Awareness home page from the Boston College internal auditing department. Site includes information about the office, network security, software copyright information, end-user computing, and AuditNews that covers articles of interest to auditors compiled from other journals. California Institute of Technology Internal Audit Department (http://www.cco.caltech.edu/ ~iaudit/~iaudit.html) Web site provides information about the office, internal control descriptions, the audit process, and more. Columbia University Internal Audit (http://www.columbia.edu/cu/ia/). The Columbia University Web site has a section devoted to their internal auditing department. The section includes “A Guide to Internal Controls,” “Internal Control Issues,” and “Auditing at Columbia University: A Service to Management.” The last document is an excellent guide that other audit organizations can follow to educate management and departments about internal auditing. Curtin University Internal Audit Department (http://www.curtin.edu.au/audit/index.htm) Web site includes their charter, mission, resources, and links to other Internet locations. 152 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Duke University Internal Audit (http://www.duke.edu/web/iaudit/audit.html) Web site provides information about the office, a self-assessment survey, and more. Edith Cowan University Management Review and Audit (http://www.cowan.edu.au/mra) ECU MRA site includes information about the function and their audit plan. Also includes articles written by staff, links to other Internet audit resources, e-mail discussion lists, and search tools. Emory University Office of Internal Audit (http://www.cc.emory.edu/IAD/home.html) Web site provides background information, staffing, mission, and more. Gallaudet University Management and Advisory Services (http://www.gallaudet.edu/ ~auditweb/index.html) Web site provides information about the office, audit programs and review kits, links to other resources, and more. Harvard University Internal Audit (http://www.harvard.edu/internal_audit/HUIA.html) site provides information about the office, audit tools and techniques, policies and procedures, and publications on passwords and software copyright. The questionnaire for conducting a departmental review is a useful document that can be customized by other audit organizations. Indiana University Internal Audit (http://www.indiana.edu/~iuaudit/main.html) Web site provides information about the staff, organizational structure, information and publications, and more. Princeton Office of Internal Audit (http://webware.princeton.edu/Audit/) site provides information about the office, their charter, objectives, audit guidelines, and links to other useful resources. Purdue University Internal Audit (http://www.purdue.edu/OOP/AUDIT/index.html) Web site provides information about the office, a guide to internal controls, links to other resources, and more. RMIT Internal Audit Group (http://www.rmit.edu.au/departments/ia/) is the Web site for the auditors of the Royal Melbourne Institute of Technology. The page includes information about the department, charter, FAQs, links to other audit sites, and more. Rutgers Accounting Web (RAW) (http://www.rutgers.edu/Accounting/) site located at Rutgers University mirrors the ANet WWW site. Stanford University Internal Audit (http://www-portfolio.stanford.edu/104401/) Web site provides information about the department, their audit program, an Audit Survival Guide for management, internal control factors, a Novell Network Security Self-Assessment, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 153 Syracuse University Internal Audit Department (http://sumweb.syr.edu/internal_audit/) contains useful information for all audit departments. The site includes information on the department, policies, procedures, and more. There is proactive information provided for the department’s customers such as password suggestions, computer security improvement suggestions, self-assessment documents, brochures, videos, and more. There is guidance for university departments on self-audit for computers as well as administrative areas, including cash handling, inventory tracking, revenue, budget, personnel, and computing issues. Texas A&M University System Internal Audit Department (http://sago.tamu.edu/iaudit/) Web site provides information about the office, internal controls, an overview of the audit process, and more. Thomas Jefferson University Internal Audit Department (http://physres2.uns.tju.edu/ internal.audit/) Web site provides background about the organization, audit plan, internal control guidance, and more. UCAR Internal Auditing (http://www.fin.ucar.edu/), the Web site for the University Corporation for Atmospheric Research, provides information about the office, FAQs, a guide to internal controls, Ask-An-Auditor, and more. UNCW Internal Audit (http://www.uncwil.edu/ia/Index.htm) Web site of the University of North Carolina at Wilmington includes information about the department, their audit manual, an excellent set of forms for control self-assessment, and more. University of Arizona Internal Audit (http://w3.arizona.edu/~audit/) Web site provides information about the office, links to policies and procedures, and related sites. University of Buffalo Internal Audit Program (http://www.mgt.buffalo.edu/departments/ AandL/intaudit/) Web site for an endorsed internal audit program at the university. Site provides information about internal auditing, career opportunities, program course requirements, certification, student organizations, and more. University of California, Berkeley Internal Audit Department (http://www.audit.berkeley.edu) Web site provides information about the office, planning, process, controls, and more. University of Chicago Internal Audit (http://www uccomp.uchicago.edu/audit/audit.htm) site provides information about software piracy, internal control, the policy on information technology resources, and a link to ACUA. University of Idaho Auditing Services (http://www.uidaho.edu/admin/FnA/audit/) Web site provides information about the office, an Internal Control Self-Assessment Checklist, and more. 154 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ University of Iowa Internal Audit (http://www.uiowa.edu/~intaudit/index.html) site provides audit plans, mission statement, department news, and links to other university internal audit Web pages. University of Manitoba Internal Audit (http://www.umanitoba.ca/admin/internal_audit/ admin/internal_audit/) Web site provides information about the office, FAQs, resources, review checklists, and more. University of Maryland, Internal Audit Office (http://www.umsa.ums.edu/iao/) site provides the IAO charter, procedural guidelines, an electronic brochure, a link to an anonymous re-mailer, and more. University of Massachusetts Accounting and Auditing Information (http://www.umass.edu/ acctg). This site is designed primarily as an information source for students. There are links to accounting sites, including accounting organizations, public accounting firms, and other sources of information. There is also a section that provides selected course materials, including Introduction to Financial Accounting, Cost Accounting, and Auditing. Included is a syllabus, a list of class projects, and practice exams. The exams are structured like professional exams with a combination of multiple-choice and essay questions. University of Melbourne Internal Audit (http://www.unimelb.edu.au/audit/) site includes a strategic planning and management procedures manual. The manual describes a computer-based system used for planning, monitoring, and reporting audit activity. This is an outstanding example of auditors sharing knowledge and techniques in the pursuit of global audit excellence. University of Missouri Internal Audit (http://www.system.missouri.edu/audit/) Web site provides information about the office and FAQs. University of New Hampshire Internal Audit Department (http://marley.unh.edu/audit/) Web site provides information about the department, policies and procedures, FAQs, flowcharts, previously issued reports, and an excellent list of common audit findings. University of Notre Dame Audit and Advisory Services (http://www.nd.edu/~auditing/) Web site describes the office, services, policies and procedures, and more. University of Rochester University Audit (http://listener.uis.rochester.edu/audit/) home page provides information about the office, a description of internal controls, links to other sites, and more. There is a Top 10 List of Typical Audit Findings that auditors may find interesting. ___________________________________ Chapter 6 — Internet Resources for Auditors 155 University of Waterloo Internal Audit Department (http://www.adm.uwaterloo.ca/infoia/) site provides background information on audit reviews, information on internal controls (why they are necessary), policies and procedures, and more. University of West Florida Office of Inspector General (http://www.uwf.edu/~oig/oig.htm) site provides information about the office, mission statement, strategic plan, and audit and management advisory services. Includes links to auditing resources and more. UT System Audit Office (http://www.utsystem.edu/AUD/) is the Web site for the University of Texas System Audit Office. The site provides information about the office, the services they offer, various resources including audit programs, and a participant manual for a control self-assessment workshop. UWS Nepean Internal Audit (http://www.nepean.uws.edu.au/dvc/intaudit/) is the Web site for the University of Western Sydney Internal Audit Office. Includes their fraud control strategy, audit plan, the role of internal audit, and links to related Internet sites. Virginia Polytechnic Institute Internal Audit Department (http://www.ams.vt.edu/) provides information about the office, policies and procedures, and an internal control guide for managers. Washington State University Internal Audit (http://www.wsu.edu:8080/~intaudit/ a_page1.html) Web site provides the mission and objectives of the office, information about audits, and more. West Virginia University Internal Audit Office (http://www.wvu.edu/~inaudit/). This site provides information about the internal audit program at WVU. Includes the charter, types of audits conducted, selection and scheduling, audit policies, other resources available, and links to other audit sites. Wichita State University Office of Internal Audit (http://twsuvm.uc.twsu.edu/~iawww/) site includes FAQs, their charter, and a link to ACUA. 156 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Information Systems Auditing Information systems (IS) auditing is a term that most auditors recognize. The information age has made this branch of auditing an integral part of most auditing departments. Many organizations have merged their traditional audit functions with IS auditing capabilities creating an integrated audit team. Auditors with information technology competence skills will command a premium in millenium audit organizations. Internet resources on information systems issues will expand exponentially as organizations shift more of their business to the global economy. COBIT Listserv (COBIT-List) - created to facilitate discussion about COBIT among members, ISACA has created a COBIT listserv. By exchanging knowledge through the listserv, subscribers are sure to find answers to their questions and advice for improving implementation procedures. Subscribe to the COBIT listserv by sending the following e-mail message to [email protected], SUBJECT: subscribe and leave the MESSAGE BODY blank. Computer-Assisted Audit Tools and Techniques (CAATT-L) is a forum for exchange of ideas, experiences, and information related to automated audit tools and techniques, such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and automated audit workpapers. It is a closed discussion list hosted by RAIN, a regional networking services provider. To subscribe, include “subscribe” in the body of your e-mail message to [email protected]. Enterprising Associates (http://members.aol.com/ealimited/OURPAGE/ealindex.htm) is an information technology audit, computer security, and consulting practice. The site includes The Computer Advisory with articles on computer security and auditing. A free ram resident utility providing a fix to the year 2000 problem for PCs is also available for download. Interactive Data Extraction & Analysis (http://www.cica.ca/idea/) home page for IDEA, an audit automation package. Provides information about the product, a downloadable demo, guidelines for requesting computer data, and an article dealing with the year 2000 issue. What’s New provides updates about the product, training opportunities, and links to IDEA-related topics. IS Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/kits.html) from Slemo Warigon at Gallaudet University includes ready-to-use IS/IT audit program and security review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions organized to lead you through the audit or review. This is an excellent site for jumpstarting an IS security review or audit. ___________________________________ Chapter 6 — Internet Resources for Auditors 157 IS Audit List (isaudit-list). The IS audit list server provides IS auditors with a forum to freely discuss topics affecting the profession, including career development issues. The site is sponsored by Gerry Myers Associates, an IS audit consulting and recruiting firm. To subscribe to the list server, address your request to [email protected] with the word SUBSCRIBE in the subject field only. You will receive an acknowledgment welcoming you to the list with important information on the usage of the list server. IS Auditing Business Research Projects (http://www.csupomona.edu/~cis/gallegos/ msbaproj.html) Web site containing project topics and abstracts for student research going back to 1983. Many recent projects cover Internet-related topics. ITAudit.org (http://www.itaudit.org/) is The Institute of Internal Auditors Web site dedicated to information technology (IT) information needs of auditors at all levels. Features include a forum for timely, interesting articles on IT topics; a reference section containing links to useful information resources on the Net, including AuditNet; a conference section with threaded and interactive discussions; and a Yellow Pages section containing links to technology products and services that auditors need. PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L). A listserv devoted to PeopleSoft Security, Audit, and Control has been created. To subscribe to this list, send an e-mail (with your signature feature turned off) to: [email protected]. Include no subject line. In the body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example: subscribe PSSAC-L Jane Doe). Windows NT Security Guidelines (http://www.trustedsystems.com/NSAGuide.htm) from Trusted Systems Services provide guidelines for securely configuring the Windows NT operating system. The 110-page guidelines are the result of a one-year project for the National Security Agency (NSA) Research Organization. 158 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Business Resources Business resources include sites that would be of interest to financial professionals in areas such as business process reengineering, business management, benefits, risk, and quality issues. These sites also provide links to other business-related resources on the Internet and vendors of business-related services for audit organizations. Corporate World Wide Web Strategy: Development, Implementation, and Audit (http:// ourworld.compuserve.com:80/homepages/bfelmly/webdoc.htm). This is an excellent guide for information systems audit professionals. Cost Performance Model for Assessing WWW Service Investments (http:// www.ctg.albany.edu/projects/inettb/SpreadSheets.html) is a set of tools designed to assist organizations in estimating the likely costs and benefits of developing a Web-based service. This is an excellent tool for auditors looking to evaluate the organizational cost and ROI for Web-based services. Data Collection and Analysis Site (http://www.deakin.edu.au/~agoodman/sci101/). Web site from Deakin University in Australia provides a comprehensive guide on the scientific process of collecting and analyzing data. Particularly useful chapters for auditors on surveys, sampling, and techniques. Economic Indicators (http://www.gpo.ucop.edu/catalog/econind.html) from the Government Printing Office provides access to the monthly federal economic indicators. Great site for statistical economic analysis information. Economics of the Internet (http://www.sims.berkeley.edu/resources/infoecon/) Web site provides data on the economics of the Internet, information goods, intellectual property, and related goods. Worthwhile site for auditors looking for background information for Internet audits. Environmental Finance Financial Tools Guidebook(http://www.epa.gov/efinpage/guidebk/ guindex.htm) EPA reference guidebook of more than 250 tools for financing environmental programs. Great reference tool for auditors reviewing environmental programs and their respective financing. Financial Ratios (http://www.americanexpress.com/smallbusiness/resources/managing/ ratios.shtml) page from American Express provides a guide for understanding 10 key financial ratios. Auditors who perform financial statement analysis should consider bookmarking this page. ___________________________________ Chapter 6 — Internet Resources for Auditors 159 Information Management Forum (http://www.infomgmtforum.com/). International association of information and business executives. Site provides information on strategic uses for information technology and implementation planning and management. Discussions include current trends, year 2000 issues, and more. There are abstracts of reports on technology research, technology management, and transcripts of CIO presentations. Institute for Business and Professional Ethics (http://www.depaul.edu/ethics/) Web site at DePaul University devoted to the subject of ethical behavior. Includes professional and ethics resources, an ethics calendar, Ethics Beat, and more. International Financial Encyclopedia (http://www.euro.net/innovation/Finance_Base/ Fin_encyc.html) Web site of an Interactive Financial Encyclopedia. There is also a link to Innovation’s Guide to Management and Technology, an online book that is a professional’s survival guide for technology in the information age. Book sections include Accounting (Control and Monitoring), Finance, and Economics. This is an excellent desktop reference for auditors interested in the impact of technology on the organization. Internet Learning Materials for MBA Students (http://bized.ac.uk/fme/) Web guide from BizEd focused on MBA studies. Sections provide links and research tips for accounting and finance, business economics, human resource management, marketing, strategy, and operations management. Knowledge World (http://www.ec2.edu/kworld/index.html) is a comprehensive Web site covering issues on knowledge management, including a small business advisor, education center, white paper, and more. Litigation Cost Control Resource Center (http://www.tiac.net/users/svoltz/freebies.htm). Web site dedicated to information on controlling the cost of litigation. A free Litigation Cost Control Manual and other advice is available by e-mail. Management Link (http://www.inst-mgt.org.uk/external/mgt-menu.html) is a comprehensive site developed by Information Researchers at the Institute of Management’s Management Information Centre. There are links to sites on management skills and management sources. Nijenrode Business Resources (http://library/nyenrode.nl/) comprehensive list of business resources maintained by Nijenrode University in the Netherlands. Provides links to business resources on the Internet. Professional Ethics Resources on the WWW (http://www.ethics.ubc.ca/resources/professional) provides links to sites on the subject. 160 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Professionals Online (http://www.prosonline.com) Directory of WWW sites organized by profession. Classifications include accounting, finance, business, and more. Resources for accountants are organized into CPA Exam, Theory, Practice, Auditing, Commercial Law, Tax, SEC Accounting, and more. Financial resources include business and personal finance and digital cash. Project Management Institute (http://www.pmi.org) Web site for the organization for project management professionals includes information about the organization and available resources. The site includes a comprehensive Guide to the Project Management Body of Knowledge. The guide is in PDF format and requires an Adobe reader (available for free). The guide alone makes this site a sure bookmark for all auditors, accountants, and financial professionals. StudyWeb (http://www.studyweb.com/) is a site designed for researching a variety of topics using the Internet. The business and finance category includes topics for accounting, economics, federal reserve banks, finance, glossaries, investing, and newspapers on the Web. Swedish School of Economics and Business Administration in Helsinki, Finland, Department of Accounting Web site (http://status.shh.fi/Depts/Redovis) includes tutorials and working papers. “The Property of Audit Trail” by Anders Tallberg analyzes the concept from the perspective of computer security and accounting systems. Includes links to accounting-related sites. WebEc (http://www.helsinki.fi/WebEc/) is an effort to categorize free information in economics on the Web. An excellent site for anything related to economics resources on the Internet. Control Self-Assessment Resources Corporate governance, control self-assessment, and control risk assessment all refer to a new method of assessing risk and controls within organizations. Auditors are adapting to these new models and methodologies to meet the needs of the companies and organizations for which they work. The following sites provide different approaches taken by these entities as well as a knowledge base for auditors examining how to implement the process. The Institute of Internal Auditors’ Control Self-Assessment Center provides a repository of information, including the Certification in Control Self-Assessment. CoActive Connection (http://www.coactiveconnection.com). The Tongren and Associates Web site provides information on CoActive Audit, CoActive Control, CoActive Governance, and CoActive Risk as well as a library of articles on the above principles. Control Co-Assessment (http://www.vfauditmall.com/Cca/ccashop.HTM) provides the VF Corporation’s approach to control self-assessment. ___________________________________ Chapter 6 — Internet Resources for Auditors 161 Control, Risk and Governance (http://www.cica.ca/) from the Canadian Institute of Chartered Accountants provides an overview of the Criteria on Control, the exposure draft CoCo report, newsletters, publications, and articles from CA Magazine. Look under Studies and Standards in What’s New July-September 1998. Great resource for auditors implementing CSA. Control Self-Assessment (http://vpf-web.harvard.edu/audit/home/CSA_frame_bot.html) from Harvard University provides an introduction, questionnaire, guidance on completing the questionnaire, and reference material. Control Self-Assessment (CSA-L) Mailing List. An unmoderated discussion list devoted to CSA and open to anyone with an interest in discussing related issues. CSA is a process that allows work groups to identify or refine the business and quality objectives that they should be fulfilling, while assessing the adequacy of plans and controls in place to meet those objectives. To join the list, send a message to [email protected] with the text SUBSCRIBE CSA-L. You will receive an acknowledgment and a message with administrative issues. Control Self-Assessment Center (http://www.theiia.org/csa/csa.htm) at The Institute of Internal Auditors provides comprehensive information and material on CSA, including qualification, certification, conferences, seminars, and educational products. Control Self-Assessment Resource Center (http://www.jhw.com/~jhw/csa/) Web site provides links to CSA resources available on the Internet. Control Self-Assessment Workshop (http://www.utsystem.edu/AUD/Resource/csaintro.htm) Participant Manual is available from the UT System Audit Office. The manual serves as an excellent example of a training document for the CSA process. Controls Assessment Tool (http://www.oig.ufl.edu/cat/) comes from the University of Florida Office of the Inspector General. The survey consists of questions that address controls in a variety of business processes, such as planning and policy making, budgeting and performance measurement, procurement, personnel and fiscal management, and more. Corporate Governance (http://www.corpgov.net/) Web site covers issues related to management accountability within organizations. There are links to sample policies, library reference materials, forums, and more. Facilitation Skills Course (http://www.dtic.mil/c3i/bprcd/4122.htm) from the DoD Electronic College of Process Innovation is a complete workshop on the topic. Excellent resource for auditors implementing a CSA approach in their organization. 162 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Framework for Internal Control Systems in Banking Organisations (http://www.bis.org/ publ/bcbs40.htm) from the Bank for International Settlements is available for download from their Web site. Internal Control (http://137.21.52.50/CTRL.HTM) from the State University of New York at Brockport provides information about their program. The site includes a definition, human resource internal controls, general and specific standards, and more. Internal Control and Financial Management Manual (http://www.state.ct.us/otc/accdir1/ acctitl.htm) is Connecticut’s Accountability Directive issued jointly by the Office of the State Comptroller, Office of Policy and Administration, and the Auditor of Public Accounts. Internal Control Guide (http://www.icaew.co.uk/internalcontrol/) draft from the ICAEW provides internal control guidance for directors of listed companies incorporated in the United Kingdom. Internal Control Guide (http://www.jhu.edu/~oams/guide/guide.htm) developed by Johns Hopkins University. The Guide focuses on the policies and procedures of the University but could easily be adapted to other organizations. Internal Control Guide (http://www.state.ma/osc/homeview/CONTROL/Contents.htm) Massachusetts Comptroller General guide for state departments. Straightforward format that could be adopted by other auditors in recommendations. Internal Control Resources (http://pw1.netcom.com/~jstorres/internalaudit/index.html) Web site has a comprehensive set of links to articles, books, organizations, resources, and more. Management Control (http://www.mc2consulting.com/govpage.htm) Web site for corporate governance, accountability, and management control provides information and articles on the subject for internal auditors. The site advocates a collaborative approach involving various disciplines and stakeholders. This site provides excellent information on control self-assessment and coactive control topics. Management Control Concepts (http://www.mc2consulting.com/) home page for audit-related consulting and training services. Includes a description of services offered, books authored by the consultant (David McNamee), and links to audit-related sites. Methodware Ltd. (http://www.methodware.com/) Web site for Advisor software products which automate international frameworks such as COBIT and COSO and help organizations perform control self-assessment, quality reviews, risk evaluations, and more. The Web site also includes examples of customized solutions. ___________________________________ Chapter 6 — Internet Resources for Auditors 163 OptionFinder (http://www.optionfinder.com/) is an electronic meeting tool that gets everyone involved and keeps meetings on schedule. This keypad-based group polling system is used by many organizations in the control self-assessment process. Risk Assessment and Control Design WWW Resource Kit (http://www.kpmg.ca/crsa/ main.htm) is a project of KPMG and includes a virtual library on the topic. There are articles and guides and a moderated mailing list on the subject of CSA. Disaster Recovery and Business Continuity Planning Binomial International (http://www.binomial.com) site for disaster recovery planning contains valuable information for auditors. Also includes links to over 400 DRP sites. A free monthly newsletter is available by sending a message — “subscribe disaster recovery” — to [email protected] or via the home page. Rothstein Associates (http://www.rothstein.com) home page for industry’s primary source of information on disaster recovery. Contains an extensive index of material on disaster recovery and links are planned to resources for business continuity and disaster recovery professionals. For more information, send e-mail to [email protected]. Year 2000 Audit Program (http://www.cowan.edu.au/mra/approach/year2000.html) is available from the Edith Cowan University Web site. The model covers the issues, control weaknesses and exposures, recommendations, and key controls. Year 2000 Auditing and Accounting Guidance (http://www.aicpa.org/members/y2000/ intro.htm) is provided by the AICPA. The report is available for download in Word, WordPerfect, PDF, and RTF formats. Year 2000 Business Continuity Plan (http://www.magnet.state.ma.us/y2k/projplanning/ businesscontinuityplan_template.htm) is a comprehensive template from the state of Massachusetts that helps auditors address key issues. Year 2000 Contingency Plan (http://www.magnet.state.ma.us/y2k/projplanning/ contingencyplan_template.htm) is a template from the state of Massachusetts for actions to be implemented in response to a year 2000 hazard. Year 2000 Contingency Planning (http://www.bis.org/ongoing/index.htm) from the Bank for International Settlements provides business continuity planning guidelines for financial institutions. 164 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Year 2000 Disclosure Requirements (http://www.auburn.edu/slgacct/hotissue/hotissue.htm) for state and local governments provided by the AICPA and GASB. Year 2000 Information Center (http://www.year2000.com/) site covers the issue of the date change to the year 2000. The site includes articles related to the issues, links to vendors that will assist in the process, and links to other date-related sites. There is information on subscribing to the year 2000 mailing list that will help you stay up to date about the problem and solutions. Auditors should ensure that the information system professionals are starting the planning process now for this event. For more information, send message to Peter de Jager ([email protected]). Year 2000 Information Page (http://www.magnet.state.ma.us/sao/edp1yr2000.htm) from the Massachusetts State Auditor Information Technology Audit Division provides a survey, report, and links to state, federal, and other Y2K-related pages. Year 2000 Page (http://www.disastercenter.com/year2000.htm) from the Disaster Center provides information and links to many resources for auditors. Site includes general information on year 2000 as well as compliance information. Year 2000 Problem Checklist (http://www.cunamutual.com/custaff/managedu/Y2K/ 2000list.htm) from the CUNA Mutual Insurance Society provides a structured approach for dealing with the year 2000 time bomb issue. Year 2000 White Papers (http://www.myrickconsulting.com) Web site provides discussion papers for Y2K Project Guide, Contingency Planning, PC Application Test Report, and an xBase Function Library. Discussion Lists (See Chapter 5 for auditing and accounting discussion groups or mailing lists.) ___________________________________ Chapter 6 — Internet Resources for Auditors 165 Employment-Related Resources This section provides resources for employment and career-related issues for auditors and financial professionals. There are links to other career-related sites on the Internet from America’s Job Bank. Employment opportunities for government and private industry are also available through these resources. Accountants on Call (http://www.aocnet.com/) staffing service specializes in accounting and financial personnel placement. This recruiting and job search Web site includes articles on hiring for employers, career articles for job seekers, a list of FAQs, salary guide by request, and access to the searchable database of jobs and candidates. Accountemps (http://www.accountemps.com/jobsAT/) is the Web site for an International temporary financial staffing placement firm. The site provides an excellent career advisor, salary survey, and more. Accounting and Finance Employment Opportunities (JOBS ACT). This is a moderated mailing list of employment opportunities for accounting and finance jobs, including cash management, auditing, and tax (no entry-level positions). To subscribe, send a message to JOBS [email protected] with the word SUBSCRIBE in the subject line and the body. Do not include your name, address, or additional text in the subject line or the body of the message. Subscribers can obtain an archive file, which gives information on several employment BBS’s around the nation, by sending the command ARCHIVE JOBS ACT to the list address. Accounting and Finance Jobs (http://www.accountingjobs.com) is a national database of accounting and finance-related jobs. This joint project sponsored by AccountingNet and CareerMosaic focuses on employment opportunities in the accounting and finance professions. Creative Financial Staffing (http://www.cfstaffing.com/index.html) Web site for an accounting and financial placement firm. Includes articles for companies about staffing, human resources, and accounting industries. There are resume, job search, and interviewing tips for job seekers. There is also a financial and accounting salary guide. Employment Opportunities in Public Financial Management FinanceNet established a discussion list ([email protected]) for notification of federal, state, and local employment opportunities in public financial management. A corresponding newsgroup (fnet.fin.jobs) encourages discussion and dialog on employment issues in the public financial management profession. Send message to email [email protected] for more details. Financial/Accounting/Insurance Jobs Page (http://www.nationjob.com/) NationJob Network provides list of accounting, audit, and financial positions available across the United States. 166 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ GFOA Employment Opportunities (http://www.gfoa.org/employ/empann.htm) Web site with links to government finance, auditing, and accounting jobs. IS Audit Consulting & Recruiting Services (http://www.isaudit.com/) Web site with job postings, information on happenings in the IS job market, and more. IS Audit List (isaudit-list). The IS audit list server provides IS auditors with a forum to freely discuss topics affecting the profession, including career development issues. The site is sponsored by Gerry Myers Associates, an IS Audit Consulting and Recruiting firm. To subscribe to the list server, address your request to [email protected] with the word SUBSCRIBE in the subject field only. You will receive an acknowledgment welcoming you to the list with important information on the usage of the list server. Source Services (http://www.experienceondemand.com/) is the Web site for one of the leading financial employment services. There are articles on career development, a strategic staffing guide, the Salary Survey on Demand, and more. This is a great site for auditing departments looking to fill positions or for auditors seeking information on their worth in the job market. Tax-Jobs.Com (http://www.tax-jobs.com/) Web site with job listings for tax professionals provides opportunities for employers, job seekers, and links to other related sites. USA Jobs (http://www.usajobs.opm.gov/). This is the U.S. government’s official site for jobs and employment information. Auditors and accountants may search this site for employment information and online career transition assistance. Finance Resources Finance resources include government and private industry sites on the Internet. These locations provide a starting point for auditors looking for finance-related resources online. FinanceNet (http://financenet.gov) is a professional governmental financial management network of organizations, agencies, and departments. Designed to share information and ideas for improving financial management throughout all levels of government. Accountants, auditors, and financial managers participate and share financial management information, ideas, news, experiences, software, comments on financial documents, best practices, resources, etc. Gopher to [email protected]. FinanceNet Mailing Lists and a FinanceNet Newsgroup are available. For more information on FinanceNet mailing lists, send e-mail to e-mail [email protected]. Point your newsreader to news.financenet.gov for this new Usenet news group. ___________________________________ Chapter 6 — Internet Resources for Auditors 167 Financial Data Finder (http://www.cob.ohio-state.edu/dept/fin//fdf/osudata.htm) site at Ohio State University provides links to over 140 finance-related Web sites, including financial news sources, economic databases, financial data, a database of financial criminals, and more. Financial Management Association International (http://www.fma.org/). The FMA is a professional association of finance practitioners, academicians, and students founded to develop a continuing relationship between financial theory and practice. The site includes a one-stop shopping guide to finance on the Internet. Financial Managers Society (http://www.fmsinc.org/index.htm) Web site for the only not-forprofit professional society dedicated to serving the technical and professional needs of bank, thrift, and credit union financial officers. Site includes information about the organization, regulatory issues, employment opportunities, and more. Financial Reporting in Government (http://www.pwc.gmu.edu/course/govt490/). Pilot online course focusing on a critical analysis of current governmental accounting and financial reporting at the state and local level as well as a presentation of the main tenets of the current model for financial accounting and reporting. This document is a work in progress by Dr. John Sacco of George Mason University in Fairfax, Virginia. FINWeb (http://www.finweb.com) Financial Economics WWW server managed at the University of Texas at Austin. Provides a list of Internet resources with substantive information concerning economics and finance-related topics. Includes the Financial Economics Network, the Journal of Finance, the Financial Executive Journal, and Resources for Economists on the Internet. Also includes services such as EDGAR, providing SEC reports and statements on publicly traded companies. Treasury Management Pages (http://www.mcs.com/~tryhardz/tmpaa.html) set of Internet information resources developed for treasury management professionals. Provides a wealth of information on banking and corporate finance, treasury operations, and other management topics. 168 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Government Resources Auditors looking for government resources on the Internet will not have to look very far. There is information from all levels of government available for citizens, businesses, and other governments. Government access via the Internet is considered to be a customer service feature. While it would be impractical to list all government sites available, check out the Government Information on the Internet resource. That site has already done the work by listing all the available federal government information available. Links to state and local government information make them a prime source for connecting to government on the Internet. Acquisition Best Practices (http://[email protected]/BestP/BestP.html) Web site provides links to Office of Federal Procurement Policy Best Practice guides. Acquisition Reform Network (http://[email protected]/index.html) Joint Project of the National Performance Review, Office of Federal Procurement Policy, and others focuses on procurement-related issues. There is an Acquisition Best Practices area where auditors may find ideas on reinventing procurement within their organizations. Activity Based Costing Resources (http://www.saffin.hq.af.mil/FMC/ABC/index.htm) Web site provides links to an ABC dictionary, bibliography, software models, periodicals, and more. Bureau of Economic Analysis (http://www.bea.doc.gov/) Web site for the nation’s economic accountant. CFO Council (http://financenet.gov/cfo.htm) link to the organization of the chief financial officers and deputies of the largest federal agencies, OMB, and treasury officials who work together on improving federal financial management. Code of Federal Regulations on the WWW (http://www4.law.cornell.edu/cfr/34cfr.htm). The Code of Federal Regulations is the official subject-matter-order compilation of the federal regulations of a general applicability and legal effect that are currently in force. In accordance with section 1510(d) of title 44 of the U.S. Code, the Code of Federal Regulations is compiled by the Office of the Federal Register of the National Archives and Records Administration. The Code is divided into 50 titles by subject matter. Each title is divided into sections. Sections within a title may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions. Titles may also have appendices that may be divided into sections, rules, and/or forms. Government Information on the Internet (http://www.govspot.com/) provides links to federal, state, and local governments. ___________________________________ Chapter 6 — Internet Resources for Auditors 169 Federal Register (http://www.access.gpo.gov/su_docs/aces/aces140.html) Web site for the official daily publication for Rules, Proposed Rules, and Notices of Federal Agencies and Organizations. Contains archives going back to 1995. Federal Reserve Economic Data (http://www.stls.frb.org/fred/) provides historical U.S. economic and financial data such as daily interest rates, monetary and business indicators, exchange rates, and regional economic data. Another great resource for audit projects involving financial analysis based on key economic indicators. FedStats (http://www.fedstats.gov/) site, maintained by the Federal Interagency Council on Statistical Policy, provides access to statistical information produced by more than 70 agencies. Fedworld (www.fedworld.gov). Over 135 federal government BBSs, including Office of Management and Budget. FinanceNet (http://financenet.gov). Professional governmental financial management network of organizations, agencies, and departments. Share information and ideas for improving financial management throughout all levels of government. Accountants, auditors, and financial managers participate and share financial management information, ideas, news, experiences, software, comments on financial documents, best practices, resources, etc. Gopher to [email protected]. FinanceNet Mailing Lists and a FinanceNet Newsgroup are now available. For more information on FinanceNet mailing lists, send e-mail to email [email protected]. Point your newsreader to news.financenet.gov for this new Usenet news group. Financial Reporting in Government (http://www.pwc.gmu.edu/course/govt490/). Pilot online course focusing on a critical analysis of current governmental accounting and financial reporting at the state and local level as well as a presentation of the main tenets of the current model for financial accounting and reporting. This document is a work in progress by Dr. John Sacco of George Mason University in Fairfax, Virginia. Florida Government Accountability Report (http://www.oppaga.state.fl.us/government/) is a free Internet service for legislators and the public to monitor the activities and performance of approximately 400 state government agencies and programs. GovBot (http://ciir2.cs.umass.edu/Govbot/) database was developed by the Center for Intelligent Information Retrieval and includes more than 500,000 searchable pages from U.S. government and military sites. Government Accounting Standards Board (http://www.gasb.org/) site for this standards-setting body provides information about GASB, GASB happenings, documents, publications, and standards. 170 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Government Contractor’s Glossary (http://www.govcon.com/) site provides a reference guide for professionals dealing with government contracts. Also contains an acronym table. Source documents for this guide include Federal Acquisition Regulations (FAR), Armed Services Pricing Manual (ASPM), and the DCAA Contract Audit Manual (DCAAM). Access to the Glossary is free but site registration is required. Government Printing Office (http://thorplus.lib.purdue.edu/gpo/). Purdue University added a Web-based search and retrieval access point using WAIS (Wide Area Information Server) to GPO’s database. The database includes all GAO Bluebooks published since 1994, 1993-95 Congressional Bills, the 1994-95 Congressional Record, the 1994-95 Federal Register, Public Laws of the 104th Congress, and the U.S. Code. The search tool provides for user entry text search of document types in the database. Government Reinvention Center (http://www.govexec.com/reinvent). This Web site from Government Executive Magazine includes full text articles on government reform, links to agencies and organizations involved in reinvention, background documents, and a conference calendar. GovNews (http://www.govnews.org/). The International GovNews Project is a topical-based news discussion service providing auditors with information on various financial areas. The discussion groups are also available via Usenet. There are discussions on performance measures, internal controls, audits, and more. (Knowledge Assembly Resource) Internal Revenue Service (http://www.irs.ustreas.gov/) site of the IRS Digital Daily providing access to tax forms and publications for businesses and individuals and more. There is a text-only version at http://www.irs.ustreas.gov/plain/ for auditors with slower connections. Internet Guide to the U.S. Government (http://www.uncle-sam.com/guide.html) Web site provides links to all branches of the federal government, independent agencies, and commissions. LGNet (http://www.ig.org/). The Local Government Network sponsored by the Innovations Group on the WWW provides information services for local government professionals. Valuable resource for local government auditors and accountants with information on performance-based measurements, document imaging, reinvention projects, and more. The Innovations Group issues a quarterly newsletter titled Local Government Online that highlights ways cities and counties are using electronic communication to improve productivity, save money, and provide excellent service to citizens. Louisiana State Division of Administration (http://www.state.la.us/doa/doa.htm) - site of the organization that oversees the management of state financial administration. ___________________________________ Chapter 6 — Internet Resources for Auditors 171 MuniNet Mailing List FinanceNet mailing list targeted to municipal and township financial managers and clerks. The list is a distribution and discussion list for issues relating to financial management of municipalities, townships, and counties within larger geopolitical jurisdictions. To subscribe, send e-mail to [email protected] and include message “subscribe MuniNet (FirstName LastName). (Knowledge Assembly Resource) National Credit Union Administration (http://www.ncua.gov/) Web site of the independent federal agency that oversees federal and state credit unions. Online information for auditors includes guidelines for operations, an accounting manual, the FFIEC IS Examination Handbook, and Financial Performance Report Guide. National Criminal Justice Reference Service (http://www.ncjrs.org/). The NCJRS site contains various resources from the National Institute of Justice, the research and development agency of the U.S. Department of Justice. Includes updates from the Office of Justice and the Office of National Drug Control Policy. Also provides information about products and services sponsored by NCJRS. There is an e-mail address to send questions, documents, Web sites, listservs, and other resources. National Library of Australia Department of Finance (http://www.finance.gov.au/) site provides Australian government information from the Department of Finance. The Information Technology and Systems area includes IT Acquisition Council Guidelines as well as information on publications such as Implementing Financial Management Information Systems. New Mexico State Treasurer (http://www.stonm.org/). Web site of the office responsible for accounting for taxpayers’ money. Site provides access to public reports. NPR Report (http://www.npr.gov) From Red Tape to Results, hypermedia document. The Federal Reinventing Government report is available with word search capability on the Web. See the Library section. Occupational Safety and Health Administration - OSHA’s Web site (http://www.osha.gov) which includes general information about the agency, standards, news releases, fact sheets, publications, OSHA Compliance Assistance Tools, and safety and health-related links on the Internet. Auditors with OSHA audit responsibilities should include this site on their hot list. Office of Management and Budget (http://www.whitehouse.gov/OMB) site contains links to selected OMB circulars, bulletins, and regulations. 172 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Securities and Exchange Commission (SEC) (http://www.sec.gov/) provides free Internet access to the EDGAR database. EDGAR on the Internet began as a trial project in 1993 with New York University and the nonprofit Internet Multicasting Service. The Internet database makes key financial information available to anyone with Internet access. There are plans to provide e-mail requests for specific EDGAR filing documents and SEC information documents, multiple indexing of SEC information documents, and text search of SEC public information documents. The SEC site menu of services includes corporate financial information from the EDGAR database; information on SEC operations and underlying acts; SEC-produced investor brochures, publications and alerts; speeches, congressional testimony, press releases, and daily information on Commission enforcement actions included in the SEC News Digest; and rulemaking proposals as well as final rules. Texas Information Resource Standards (http://www.state.tx.us/Standards). The Texas State Government site includes information security standards as well as a document titled Information Resources Security and Risk Management Policy, Standards and Guidelines. There are also links to the American National Standards Institute (ANSI), Federal Information Processing Standards (FIPS), and more. Transactional Records Access Clearinghouse - TRAC (http://trac.syr.edu/ aboutTRACgeneral.html) is a data gathering, research, and distribution organization affiliated with Syracuse University. The site accesses federal enforcement and regulatory agencies such as BATF, DEA, IRS, and the FBI. This is an excellent site for benchmarking information, statistics, and trends on crime and enforcement issues. U.S. Code on the WWW (http://uscode.house.gov). The United States Code is the official, subject-matter-order compilation of the federal laws of a general and permanent nature that are currently in force. In accordance with section 285b of title 2 of the U.S. Code, the Code is compiled by the Office of the Law Revision Counsel of the United States House of Representatives. The Code is divided into 50 titles by subject matter. Each title is divided into sections. Sections within a title may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions. Where in Federal Contracting (http://www.radix.net/~ambrose/) is a Web site that provides a comprehensive set of links to resources on the subject. Developed and maintained by a government auditor. ___________________________________ Chapter 6 — Internet Resources for Auditors 173 Human Resources Keeping up with all the changes in human resources issues is now facilitated by Internet sites covering benefits, human resources management, and other personnel-related issues. The following sites provide a sample of what the Internet offers auditors looking at reviews of human resources activities. Benefits-L Internet Resource is a comprehensive list of benefits resources for human resources professionals. This is an excellent point of reference for auditors and financial professionals to research and obtain background for reviews in the benefits area. Coverage includes health management, human resources information systems, payroll, ERISA, unemployment insurance, workers compensation, and other benefits-related issues. URL is http://www.mtsu.edu/~rlhannah/ employee_benefits.html. The coordinator also maintains an employee benefits list. To subscribe, send a message to [email protected]. Leave subject blank and type in the message area: subscribe BENEFITS-L (your name). (Knowledge Assembly Resource) HR Links (http://www.shrm.org/hrlinks/). The Society for Human Resources Management maintains this home page of human resources links on the Internet. The site includes links to information on compensation and benefits, diversity, flexible work arrangements, labor relations, safety and health, and more. National Council on Compensation Insurance (http://www.ncci.com/index.html) is the largest workers compensation data, statistical, and research corporation. Web site contains information about products and free publications. Performance Management Guide (http://www-hr.ucsd.edu/~staffeducation/guide/) is an excellent publication from UC San Diego on managing employee performance. Auditors reviewing the human resources department for their organization can use this guide as a model for setting up an employee performance management system. Information Security Resources Many individuals consider the issue of security to be closely related to the auditing profession. The following resources provide a wide range of information on security, audit, and control issues. Sites include links to disaster recovery resources, security guides, ethics issues, and more. The COAST site at Purdue University is a gateway to computer operations, audit, and security technology resources on the Internet. AntiOnline (http://www.antionline.com/) is a megasite devoted to the subject of computer security. Site includes a virtual library based on user level, archives, special reports, a local file search engine, and more. 174 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ AS/400 Security Page (http://home.earthlink.net/~vleveque/) is an excellent resource for security and disaster recovery information. The site has links toAS/400 and IBM sites, general resources for security and disaster recovery, security vendors, and more. Australian Computer Emergency Response Team AUSCERT (http://www.auscert.org.au) is funded by the Australian Academic Research Network (AARNet) for its members. Located at The University of Queensland within the Prentice Centre, AUSCERT is a full member of the Forum of Incident Response and Security Teams (FIRST). AUSCERT maintains an anonymous FTP service at ftp://ftp.auscert.org.au. This archive contains past SERT and AUSCERT advisories and other computer security information. CERIAS (http://www.cerias.purdue.edu/index.html) is the Web site for the Center for Education and Research in Information Assurance and Security. There are links to the various programs supported by the Center, including COAST. CERT (http://www.cert.org/), the Computer Emergency Response Team Coordination Center site, is a focal point for computer security concerns of Internet users. There are links to CERT advisories, the CERT FTP archives, FAQs, and more. Comprehensive Info-Surety Database (http://www.all.net/) site maintained by Dr. Frederick Cohen. Contains a potpourri of security-related information, including numerous articles related to IT audit, lists of attack and defense methods, studies of emerging information protection technologies, national infosecurity technical baselines, and other information to aid the auditor in keeping current and effective on leading edge security issues. Computer and Network Security (http://www.netsurf.com/nsf/index.html) Netsurfer Focus addresses the issue of computer and network security. This electronic magazine is available on the Web site and also via e-mail. To obtain Netsurfer Focus directly via e-mail, send message to nsdigest [email protected]. In the body of the message, type: subscribe nsdigest html or subscribe nsdigest text. (Knowledge Assembly Resource) Computer Operations, Audit, and Security Technology (COAST) (http:// www.cerias.purdue.edu/coast/) Project Computer security research project in the Computer Science Department at Purdue University. Exploring new approaches to computer security and computer system management. COAST has a comprehensive archive containing tools, papers, technical reports, documentation, announcements, alerts, security patches, and newsletters. Areas of interest include, but are not limited to, access control, authentication, criminal investigation, email privacy, firewalls, and incident response. Computer Security Awareness Training (http://wwwoirm.nih.gov/sectrain/index.html#intro) is a computer-based training course. There is also an accompanying document available for download with an overview of basic computer and information security practices. ___________________________________ Chapter 6 — Internet Resources for Auditors 175 Computer Security Institute (http://www.gocsi.com/) - Web site of the oldest international membership organization for training information security professionals. This site provides excellent information on computer security issues, including current issues and trends, technology links, and valuable Guides to Computer Security for Managers in the areas of e-mail security, Internet security, computer viruses, communications fraud, and computer security awareness. Free registration required for online access to the guides. Computer Security Publications from NIST - send e-mail to [email protected] with the message “send index” for a list of NIST computer security publications. To retrieve copies of the publication via e-mail, send message “send <document filename>. The NIST also distributes a Computer System Security Laboratory Newsletter via the Internet. Send e-mail message to [email protected] with the message “subscribe csl newsletter.” Computer Security Resource Clearinghouse (CSRC) (http://csrc.ncsl.nist.gov/)/. The NIST Computer Security Division maintains an electronic clearinghouse to encourage the sharing of information on computer security. The CSRC contains computer security awareness and training information, publications, conferences, and software tools as well as security alerts and prevention measures. Firewalls FAQs (http://www.v one.com/pubs/fw faq/faq.htm). As organizations establish Internet connections, auditors are asked to review security issues associated with connectivity. Frequently Asked Questions or FAQs may help auditors address some of the issues. This Web site provides answers to commonly asked questions. Firewalls Mailing List. This is a listserv devoted to the subject of firewalls and Internet security. Any auditor concerned with information security and the issue of firewalls should subscribe to this list. Subscriptions should be sent to [email protected] with the message subscribe firewalls digest. I would recommend the digest version rather than the direct mail (non-digest) version. (Knowledge Assembly Resource) Generally Accepted System Security Principles (http://web.mit.edu/security/www/ gassp1.html) from The International Information Security Foundation (I2SF) provides uniform organizational guidance for security issues. Information Security Discussion List INFSEC-L is a non-moderated Internet discussion list intended to foster open and constructive communication among information security and auditing professionals in government, industry, and academic institutions. Discussion is encouraged on a broad range of topics and issues related to information security. Initial subscriptions to the list are screened by the list owner to ensure the addition of only appropriate individuals. Send subscription request to [email protected] commerce.edu with one line in the body of the letter: SUB INFSEC-L your name. 176 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Information Security SWAT Team (http://www.axent.com/swat/swat.htm) is a compendium of security resources for the advanced user from a security vendor, Axent Technologies. Categories include Attack Signatures, Threats, Security Tasks, Security Resources, and Hacker Links. (Knowledge Assembly Resource) Information Security Zone (http://www.information-security-zone.co.uk/). Web site from a corporate training company with a multitude of links to sites on topics such as general security, viruses, cryptography, firewalls, and more. Information Systems Security Association (http://www.issa-intl.org) site of the ISSA provides information about this international organization of information security professionals. There are links to security-related sites, security tools and utilities, and security-related listservers. For more information, send message to [email protected]. InfoSec Heaven (http://all.net) Web site of Dr. Fred Cohen provides a comprehensive database of information security links and articles separated into categories of attacks and defenses and viewpoints. There is also a link to the InfoSurety Database at Sandia Labs. Internet Security Systems (http://iss.net) is a vendor of network security software. This site provides information on their products and FAQs on security, a list of security discussion groups, and links to other security sites. There are also downloadable free security tools available from ISS. The site contains an article on the threat of hacking, which is worthwhile reading for an understanding of the threats present on the Internet. For more information, send e-mail to [email protected]. NJH Security Consulting, Inc. (http://www.njh.com/) - Web site for a security consultant specializing in Internet penetration testing and Web security. Items of interest to auditors include articles on security-related issues and problems. RACF-L ([email protected]) is a discussion list devoted to the topic of Remote Access Control Facility. Auditors in organizations that use this security tool should consider subscribing to this e-mail discussion group. You can join this group by sending the message “sub RACF-L your name” to [email protected]. Note: This is a high-volume list specifically designed for audit and security personnel using RACF. (Knowledge Assembly Resource) Raptor Systems Security Library (http://www.raptor.com/lib/) provides links to a variety of security articles. Security Alert for Enterprise Resources (http://safer.siamrelay.com/online/) provides a monthly security update for IT professionals and executives. E-mail notifications provide links to this Webbased newsletter. Great knowledge resource on information technology security. (Knowledge Assembly Resource) ___________________________________ Chapter 6 — Internet Resources for Auditors 177 Security Articles (http://www.intrusion.com/sec-art.htm) provided by Intrusion Detection Inc. The articles are on subjects such as NT network security, help desks, sniffers, and more. The site includes links to other security sites. Security and Auditing Software Related Home Page (http://www.gy.com/esd/esd1/se_hp.htm). Web site with links to related topical resources. Security Checklist (http://spider.osfl.disa.mil/cm/security/check_list/check_list.html). This site from the Defense Information Infrastructure Common Operating Environment (DII COE) includes security checklists for Solaris, Windows NT, Oracle, and more. Files are available in both PDF and MSW versions. Security & Hackerscene (http://bau2.uibk.ac.at/matic/). Web site with a comprehensive set of links to security and hacker information. Covers all aspects of Internet security on Unix, X Windows, articles, hacker sites, security software, newsletters, and files. Security and IS Audit Resources (http://www.versalink.com/resource.htm) provides information for security and IS audit professionals. Site includes hacking information, security archives, virus information, information systems audit, and more. Security Management Online (http://www.securitymanagement.com) magazine of the American Society for Industrial Security. Contains information about ASIS, editorial columns, articles, and more. Security Newsletter, authored by noted security expert Winn Schwartau, provides the latest security tips, product news, and analysis to help reduce your network’s vulnerability. Free subscription to this e-mail newsletter is available at Network World Web site (http://www.nwfusion.com/focus). (Knowledge Assembly Resource) Security Policies (http://www.sans.org/newlook/resources/policies/policies.htm) provided by the SANS Institute include templates for computer usage guidelines, acceptable use statements, special access policy, incident handling, and more. Security Resource Net (http://nsi.org/) site of the National Security Institute provides information on security-related topics, including computer alerts, products, a virtual security library, and more. Site Security Handbook (http://bilbo.isu.edu/security/isl/rfc1244.html). Product of an Internet Engineering Task Force work group. This document provides auditors with guidance on how to deal with Internet security issues. Useful for designing audits and reviews of Internet security. 178 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Symantec AntiVirus Research Center (http://www.symantec.com/avcenter/vinfodb.html) Web site from an AntiVirus software vendor provides a comprehensive database of computer virusrelated information. The site provides updates to their software, information about virus hoaxes, and more. Investigations, Fraud, and Privacy Resources The criminal and civil investigation community has made information readily accessible via the Internet. Federal and State Inspectors General have been leaders in providing electronic information via the Internet. Inspectors General offices are well organized and provide useful information that auditors will find invaluable. Privacy has become a major concern from both individual and corporate viewpoints. As a result there is a wealth of privacy information available on the Internet. Fraud resources will continue to be added to the Internet, especially with the presence of the Association of Certified Fraud Examiners Web page. Business Fraud Detection Services (http://getzoff.com/business_fraud/business_fraud.html) site of a fraud examination consultant. Includes a checklist of 20 ways to detect fraud. Check Fraud: A Guide to Avoiding Losses (http://www.occ.treas.gov/chckfrd/contents.htm) from the Office of the Comptroller of the Currency provides guidance on a major organizational issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check cashing guidelines) and more. Cybercop Home Page (http://www.well.com/user/kfarrand/index.htm) site provides a number of links to crime prevention and investigatory resources. The training schedule for the Financial Fraud Institute at the Federal Law Enforcement Training Center. For more information, contact [email protected]. Economic Crime Prevention (http://www.rcmp-grc.gc.ca/html/ecbweb.htm) Web site that provides information about current criminal behavior trends in such areas as fraud, computer crime prevention, and more. Financial Action Task Force (http://www.oecd.org/fatf/) is an inter-governmental body dedicated to the development and promotion of policies to combat money laundering. The policies aim to prevent proceeds from being used in future criminal activities and from affecting legitimate economic activities. The site provides annual reports on money laundering, an evaluation of preventive measures, recommendations from members, and more. Financial Scandals (http://www.ex.ac.uk/~RDavies/arian/scandals.html) page provides links to sources of information on the subject. Includes general sources on corruption, bank scandals, insurance fraud, forensic accounting, and more. Auditors may find the links to resources to finding people useful in conducting fraud audits. ___________________________________ Chapter 6 — Internet Resources for Auditors 179 Forensic Accounting and Litigation Support (http://www.forensicaccounting.com/) Web site provides information about this field of business-related investigations. Fraud Defense Network (http://www.fdn.net/) provides resources for insurance fraud investigators. Fraud Report (http://www.hm-treasury.gov.uk/pub/html/docs/fraud/9596fr/main.html) is a report from the United Kingdom that analyzes reported fraud in government departments. The report provides details on the types and causes of the frauds, how they were discovered, and more. Auditors should check out the section of the report for guidance on managing the risk of fraud. Fraud Report Newsletter (http://www.fraudreport.com/) provides users with anti-fraud articles, legislative updates, and upcoming events. Free subscription available on the site. (Knowledge Assembly Resource) Hacked (http://www.2600.com/hacked_pages/) provides reproduced copies of hacked Web sites. This is a good site for auditors who are looking at the risks of connecting to the Internet and setting up organizational Web sites. Independent Commission Against Corruption (http://www.icac.nsw.gov.au/) exposes and minimizes corruption involving the New South Wales public sector through investigation, corruption prevention, and education. Site features include background information on the Commission, publications, reports, and more. Infowar.com (http://www.infowar.com/) - Winn Schwartau’s comprehensive Web site on information security. Premier site for information security resources and links. Categories include tools, utilities & jobs, resources, survey & studies, discussion and chat groups, the Journal of Infrastructural Warfare, and more. Inside Fraud Bulletin (http://www.maximag.co.uk/) is a publication from Maxima Group that focuses on all aspects of fraud, including embezzlement, management fraud, audit, and more. The Web site has links to past issues. Insurance Fraud Bureau of Massachusetts (http://www.ifb.org/) is a unique and multifaceted investigative agency dedicated to the systematic elimination of fraudulent insurance transactions. Features include their quarterly publication, FocusFraud, and links to other law enforcement, crime prevention, and research organizations. Insurance Fraud Fightback Site (http://www.geocities.com/ResearchTriangle/1528/) was designed to stimulate discussion among auditors and fraud examiners about ways of expanding our toolkits via the inclusion of state-of-the-art electronic tools to proactively seek out insurance fraud activities. Site includes articles written by the site developer and links to other related resources. 180 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Insurance Fraud Management Advisory Panel (http://www.aisg.org/ifm/ifm.html) is an organization that brings together property/casualty fraud units and claims management to share information and build effective anti-fraud programs. Internal Auditing and Fraud Investigation (http://users.aol.com/marksimms/mrsweb/ index.htm) site focuses on topics dealing only with internal auditing or fraud investigations. Includes links to relevant articles and Web resources. Investigators Toolbox (http://www.virtuallibrarian.com/it/index.html) is a meta-site of links to researcher resources such as companies, databases, and more. Great information resource for auditors. Legal Investigator Links (http://www.teleport.com/~pagrue/). The private [email protected] page provides links to sites of interest to investigators. There are resources such as the Detective Information Network, Criminal Justice Links, Computer Network Security, the FBI, and others. There is also a link to several privacy-related sites. Municipal Bond Scandals (http://lissack.com/) site provides overview of scandals and problems affecting the municipal bond industry in the U.S. Includes definitions and common terms, search capability, and a large index of relevant articles. Northeast Insurance Anti-Fraud Group (http://www.geocities.com/WallStreet/Exchange/ 1276/) is an organization of investigative professionals dedicated to finding fraud in the insurance industry. Site includes topics of past and future meetings and links to other related sites. Practical Guide to Corruption Prevention (http://www.icac.nsw.gov.au/guide.htm), prepared by the Independent Commission Against Corruption, is an excellent resource for developing a fraud and corruption program within organizations. Modules include risk assessment, ethics, cash handling, purchasing, and more. Preventing Business Fraud (http://www.ioma.com/newsletters/pbf/), a newsletter from the Institute of Management and Administration, provides recent articles on the subject. RespondaNet (http://www.respondanet.com/) is the Web site for the Americas Accountability Anti-Corruption project. The site contains information in English and Spanish, including Accountability, the quarterly newsletter, links to related sites, publications, event listings, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 181 Journals – Accounting, Auditing, and Finance Publications The Internet provides new opportunities for the publishers of audit and business-related information. Many of the following sites provide online examples of the information available via their print publications. Copies or articles, abstracts, and indexes of articles and publications make this a worthwhile area for locating elusive information. Many of the sites provide search engines that allow you to find relevant information using key word queries. These sites also represent an important knowledge assembly resource in acquiring auditor digital literacy. Accountancy Edition-Sift (http://www.sift.co.uk) Web search site for accounting professionals. The accountancy edition of Sift draws together a wide collection of relevant Internet resources for an accountant doing business in the UK. Includes access to accountancy news and company directories (ICC, Infocheck, Dun & Bradstreet, and others) as well as a wide collection of financial, news, and market research databases from DataStar. Maintains a set of links to other relevant Web sites. Subscription service is available. Accountants’ Ledger (http://www.accountantsledger.com/) is an online magazine for accountants. Includes feature articles, online resources, reviews, and more. Accounting, Auditing & Accountability Journal (http://www.mcb.co.uk/cgi-bin/mcb_serve/ table1.txt&aaaj&journal1.htm) site provides information about the Journal and allows browsing of selected articles. Subscription information is provided. CGA Magazine (http://www.cga-canada.org/eng/magazine/default.htm) is the journal of the Certified General Accountants Association. CPA Journal (http://www.cpaj.com/) is a subscription publication directed at public practitioners, management, educators, and other accounting professionals. The Web site provides access to the lead story as well as a comprehensive collection of links to Internet resources for CPAs. CPANews (http://www.webnetcpa.com/cpanews/) is a weekly electronic newsletter dedicated to reporting events, developments, and news for CPA firms and financial professionals. Daily Auditor’s Virtual News (http://www.bitwise.net/iawww/IAWWW NEWS EXEC.HTML). Includes news of a general nature, internal auditing news, and news pertaining to the IAWWW. Check this section weekly and keep up to date on internal auditing-related news. 182 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Disaster Recovery Journal (http://www.drj.com/) home page for a magazine dedicated to business continuity. Links are available to a variety of disaster recovery sites, disaster recovery service providers, and selected articles and highlights from past issues. Double Entries (http://www.accountingeducation.com) is a newsletter produced weekly by a group of volunteers from the profession and academia. It is designed to provide brief news on accounting and auditing around the world and is available both by e-mail and on the World Wide Web. Register your name and e-mail address via the AccountingEducation.com Web site. (Knowledge Resource) Electronic Accountant (http://www.electronicaccountant.com/) is an accountant’s Web magazine and resource guide. This e-zine includes reviews of accounting software, a buyer’s guide, and online discussion groups, including accounting and auditing. (Knowledge Resource) Exec (http://www.unisys.com/execmag/framesets/resources.htm) is an electronic journal for senior managers from Unisys. The publication includes timely articles on subjects like electronic commerce. (Knowledge Resource) Financial Times (http://www.ft.com/) - site of the publication that provides business, economic, and political news. Free service after registration. (Knowledge Resource) Government Executive Magazine (http://www.govexec.com). Electronic version of an independent business magazine of government. Includes discussion of leading edge information on budgets, procurement, technology, and virtual government. The Reinvention Center has information of interest to auditors. (Knowledge Resource) Information Week Interactive (http://www.iweek.com). IW is a weekly newsmagazine oriented to business and technology managers. Frequently covers issues of interest to auditors on topics such as security and software management. Good resource for auditors to stay current on hot issues in IT. Provides WAIS search for back issues. (Knowledge Resource) Journal of Accountancy (http://www.aicpa.org/pubs/jofa/joahome.htm). The professional journal of the American Institute of Certified Public Accountants. The site includes articles and indexes from 1997 to current. Journal of Financial Abstracts published by the Financial Economics Network and devoted to the electronic publishing of abstracts in research in financial economics and related topics. The JFA is free and distributed electronically via the Internet. To subscribe, send e-mail to Wayne Marr at the following address: [email protected] Managerial Auditing Journal (http://www.mcb.co.uk/cgi-bin/jorunal1/maj) provides links to illustrative articles and subscription information. ___________________________________ Chapter 6 — Internet Resources for Auditors 183 Quality Digest Magazine (http://www.tqm.com/digest/index.html). The Quality Digest electronic magazine covers quality management issues. Examples of topics include How To, Case Studies, Benchmarking, Reengineering, and more. The site maintains both current and back issues. (Knowledge Resource) Security Magazine (http://www.secmag.com/) is a publication for corporate and commercial buyers of security and other products in business, industry, and government. The site includes an online database of products and articles on security issues. (Knowledge Resource) Performance Measurement Resources Measuring performance is an excellent way for organizations to determine how well they are meeting their goals and objectives. As part of the Standards for the Professional Practice of Internal Auditing, the auditing profession has taken an active role in performance measurement reviews and audits. Measuring outcomes and benchmarking against other like organizations are well on the way to becoming recognized as the “right thing to do.” The following Internet sites represent various best practices on performance measurement issues. Center for Performance Measurement (http://www.icma.org/abouticma/programs/performance/index.cfm) Web site from the International City Manager’s Association is dedicated to helping local governments measure, compare, and improve municipal service delivery. The site contains sample performance measures for selected services and a library of articles on the topic of performance measurement. Information Technology Performance Measures (http://wwwoirm.nih.gov/itmra/ perform.html) Web site from the National Institutes of Health provides performance measures for help desks, LANs, links to other sites, and more. Measure.net (http://measure.net/index.htm) Web site dedicated to improving corporate performance measurement systems provides an Idea Exchange, a Resource Center, and information about performance measurement audits. Performance Assessment Guide (http://www.dtic.mil/performance/paguide.html) from the Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide for Developing Performance Measures, a Guide for Measuring Customer Satisfaction, Quality and Productivity Self Assessment Questionnaires, and more. Performance-Based Management Guide (http://www.itpolicy.gsa.gov/mkm/pathways/8steps.htm) from the General Services Administrations provides eight steps to develop and use information technology performance measures effectively. 184 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Performance-Based Organizations (http://www.npr.gov/library/pbo/guide1.html) from the NPR Web site provides a Conversion Guide for organizations that are shifting to a performancebased environment. Performance Indicators Page (http://www.audit-commission.gov.uk) provides comparative measures for local government and public safety entities. Results are in Microsoft Excel format with separate spreadsheets for England, Wales, and police data. Performance Management (http://www.ey.com/) download library from Ernst & Young contains practical articles on topics in Adobe Acrobat format. Performance Management (http://www.oecd.org/puma/mgmtres/pac/) Web site for the Organization for Economic Cooperation and Development (European Countries). The site identifies and explains key performance management issues, performance management publications, work methods, links to other sites, and more. Performance Management System Audit Guide (http://www.qao.qld.gov.au/guidelin.html) from the Australian Queensland Audit Office provides an audit approach, methodology, audit considerations, criteria, and more. Performance Measurement Best Practices (http://www.npr.gov/library/papers/benchmrk/ nprbook.html) is a benchmarking study report from the National Performance Review. Performance Measurement Guide (http://www.sao.state.tx.us/) from the Texas State Auditor’s Office provides information about setting up a performance measurement system and details on how agencies can establish adequate internal controls in measurement systems in order to assist them in reporting accurate information. Performance Measurement Handbook of Tools and Techniques (http://www.arau.gov/pbm/ resources/handbook1/handbook1.html) is an excellent resource for auditors involved in performance measurement. The Handbook is available in HTML format or may be downloaded in PDF format for printing. Performance Measurement Info (http://financenet.gov/financenet/start/topic/perf.htm). FinanceNet has a number of files and reports available on performance measurement. Performance Measurement Office (http://www.qed.qld.gov.au/about/pmo/index.htm) Web site of the Queensland Education Department includes information about the office, performance information, a school planning and accountability framework, a measurement listserv, and more. Performance Measurement Resources (http://www.zigonperf.com/performance.htm) is a set of free resources to help you with performance measurement problems. There are articles, links, and sample performance measures for various job categories. ___________________________________ Chapter 6 — Internet Resources for Auditors 185 Performance Measures for Procurement (http://www.itpolicy.gsa.gov/perfmeas/pathways/ pp8ahow.htm) is a government task force report that provides best practices and procurement performance measures. Performance Pathways (http://www.itpolicy.gsa.gov/mkm/pathways/pathways.htm) Web site from the Office of Government-wide Policy provides a central resource for information related to the development and use of performance measurement. Performance Planning Guide (http://www.ospl.state.nc.us/planning/hcontent.html) from the North Carolina Office of State Planning provides an excellent step-by-step process for setting up a performance management system. Professional Associations Professional associations establish Web sites to encourage new members and share information with existing members of their respective organizations. Some of these sites use the accessibility of the Internet to market their services and broadcast their purpose to the general public. Professional associations on the Internet provide a link for you as a professional to the global resources of the professional audit community. With the globalization of many organizations, these sites reflect the changing nature of professional bodies. The sites provide links to other audit, accounting, and financial resources available on the Internet. AAA Government and Nonprofit Section (http://www.bs.ac.cowan.edu.au/aaagnp/) Web site provides information about the organization, research papers, and teaching material. Affiliated Conference of Practicing Accountants (http://www.acpaintl.org) Web site provides information about the organization and the programs offered. American Accounting Association Auditing Section (http://raw.rutgers.edu/raw/aaa/audit/) site provides background information, announcements for accounting conferences and paper deadlines, links to accounting and auditing sites, and technical resources. American Accounting Association Government and Nonprofit Section mailing list (AAAGNPL). The purpose of this list is to share information of specific interest to AAA GNP members, including notice of upcoming AAA GNP meetings and their agenda, and to facilitate discussions on various topics of interest to AAA GNP members. In general, this newsgroup is of interest to anyone in the government or nonprofit areas of accounting, especially those interested in academic research in areas such as governmental auditing and finance, public choice, public interest, the U.S. Governmental Accounting Standards Board standard setting process and behavioral accounting research relating to governments. To subscribe to the AAA GNP newsgroup, sponsored by the International Accounting Network (ANet), simply send the following e-mail message: subscribe AAAGNP-L yourfirstname yourlastname to [email protected]. 186 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ American College of Forensic Examiners (http://www2.acfe.com/acfe/). This is a not-for-profit organization for professionals involved in forensic examinations and consultation. There are links to criminal justice sites and other forensic links that provide information about forensic accounting (Zeno’s Forensic Page). Certain areas on this page are restricted to members. American Health Information Management Association (http://www.ahima.org/index.html) Web site provides background on the organization, searchable clinical and non-clinical library databases, online publications and articles, and more. American Institute of Certified Public Accountants (http://www.aicpa.org/). The AICPA home page includes general information, member matters, catalogs, conference notices, research links, a news flash of professional happenings, and more. American Institute for Chartered Property Casualty Underwriters (http://www.aicpcu.org) provides information about property and liability insurance. American Payroll Association (http://www.amerianpayroll.org/) contains articles on payroll topics, information about the organization, and more. American Society of Military Comptrollers (http://www.asmconline.org) is the professional organization for military controllership (professions of financial management in the Department of Defense and Coast Guard). The site includes information about the organization, local chapters, membership, career opportunities, professional development, and more. The links section provides access to many additional resources for DoD financial professionals. American Society of Women Accountants (http://www.aswa.org/) site provides information about the organization, membership, scholarships, and a directory of chapter presidents. This organization represents a good networking tool for auditors. American Society for Quality Control (ASQC) (http://www.asqc.org) - professional organization for persons employed or interested in the field of quality science. Arizona Society of Certified Public Accountants (http://www.ascpa.com/) site provides information about the Society, accounting information, links to other sites, and the Newsledger. Association of Certified Fraud Examiners (http://www.cfenet.com/) - site for the organization of professionals who investigate fraud. Provides information about the Association, the certification program, links to local chapters, the Code of Professional Ethics, and more. Association of Chartered Accountants in the U.S. (http://www.acaus.org/) - home page for the professional organization representing U.S.-based chartered accountants. Includes information about the organization, an accounting bookstore, a history of accounting, and links to other sites. ___________________________________ Chapter 6 — Internet Resources for Auditors 187 Association of Chartered Certified Accountants (http://www.acca.ca) Web site provides information about the organization, news, events, links to resources, and more. Association of College and University Auditors (http://www.acua.org). Home page of ACUA, an international professional organization focusing on internal auditing in higher education institutions. Site includes information about the organization, scheduled events, links to document libraries, and other interesting Web sites. Association of Credit Union Internal Auditors (http://www.acuiainc.org). International organization for internal auditors in the credit union industry. Site provides information about membership and more. Association of Government Accountants (http://www.agacgfm.org/). The official site of the educational organization dedicated to the enhancement of public financial management. Web site provides information about the organization, links to local chapters, publications, conferences, education and training, news, and more. Association of Healthcare Internal Auditors (http://www.ahia.org/). Professional organization for healthcare internal auditors dedicated to the advancement of the healthcare internal auditing profession. Site provides information about AHIA, Code of Ethics, position papers, and a planned audit library. Association of Inspectors General (http://www.lib.jjay.cuny.edu/ig/) Web site provides information about the organization representing state and local inspectors general and other public inspection and oversight entities. There are links to IG offices and various Internet-based professional development initiatives. Association of Practicing CPAs (http://www.ap-cpa.org/) is a forum for CPAs to network with other CPAs by mentoring, teaching, learning, and sharing business opportunities. Includes links to their newsletter, a CPA directory, and related resources. Association of Public Pension Fund Auditors, Inc. (http://www.appfa.org/) is an organization whose members are responsible for internal auditing of public pension funds. The site provides information about the organization, conference schedules, audit programs, their listserv, and more. Association for Computing Machinery (ACM) (HTTP://www.acm.org). Largest and oldest international scientific and educational computer society in the industry. ACM provides members with a forum for sharing knowledge on developments and achievements. There is a Special Interest Group (SIG) for Security, Audit, and Control. Australian Society of CPAs Online (http://www.cpaonline.com.au) site includes information about the Society, membership, regulations, professional development, services available through the Microsoft Network, and available information resources. 188 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Bank Administration Institute (http://www.bai.org/) provides information about BAI, links to emerging issues, and Certified Bank Auditor training material demo. California State Association of County Auditors (http://www.co.sanmateo.ca.us/controller/ auditchf.htm) Web site provides a list of California counties and their auditors, a list of audits performed with contacts, and links to other sites. Canadian Environmental Auditing Association (http://www.mgmt14k.com/ceaa/) organization dedicated to development of the practice of environmental auditing. Site provides background on the organization. Canadian Institute of Chartered Accountants (CICA) established a Chartered Accountants of Canada Web home page (http://www.cica.ca). The site will contain links to the provincial institutes. There are also links to accounting and consulting practices of accounting firms, national and international accounting organizations, and activity areas, including accounting and audit. While much of the site is under construction, there are excellent links to environmental accounting resources and activities. Certified General Accountants Association of British Columbia (http://www.cga bc.org/). Site provides information about the Association, tax tips, links to accounting associations, and more. Certified General Accountants Association of Canada (http://www.cga canada.org) provides information about the CGA structure, programs, publications, and more. Chartered Institute of Management Accountants (http://www.cima.org.uk). Provides information about the CIMA and describes management accounting. This is an information server for this association of United Kingdom financial professionals. Chartered Property Casualty Underwriters Society (http://www.cpcusociety.org/index2.htm) Web site of insurance professionals containing information for consumers covering areas such as insurance law, finance, ethics, and management. CharterNET Web server for the Institute of Chartered Accountants in Ireland (ICAI). This site (http://www.icai.ie/) provides information about the ICAI services and online library of materials. There is also a description of the Business Network reaching out to chartered accountants working in industry, commerce, and the services sector. Confederation of Asian and Pacific Accountants (http://www.capa.com.my) Web site for a professional organization provides information on projects, articles, publications, links to other CAPA bodies, an Accountant’s Forum, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 189 Construction Financial Management Association (http://www.cfma.org/) site provides information about the organizations, publications, a job bank, and more. Council of Higher Education Internal Auditors (http://www.wlv.ac.uk/ias/cheia/ welcome.html) Web site provides information about the organization, newsletter, internal audit links, and an e-mail discussion list. County Auditor’s Association of Ohio (http://www.caao.org) professional organization Web site provides a directory of county auditors, a virtual tour, and fiscal responsibilities. Credit Union Internal Auditors Association (http://www.cuiia.org/MainPg.htm) Web site provides information about the CUIAA, a useful discussion forum, and more. European Accounting Association (http://www.bham.ac.uk/EAA/) site contains information about the EAA, its publications, conferences, and links to other resources. European Court of Auditors (http://europa.eu.int/ca/intro.html). Organization that monitors the European Unions finances and points out areas where management improvements are needed. Page provides all the details on organization and duties of this body. Federation of Tax Administrators (http://www.taxadmin.org/) provides information about the organization, publications, electronic commerce, and more. Financial Management Association International (http://www.fma.org/). The FMA is a professional association of finance practitioners, academicians, and students founded to develop a continuing relationship between financial theory and practice. The site includes a one-stop shopping guide to finance on the Internet. Financial Management of the Firm (http://garnet.acus.fsu.edu/~ppeters/fin3403/) provides all the material for a course on financial management. The site contains lecture material, in-class and practice problems, and exams. There are also tables for the time value of money, using a financial calculator, and Web-based information. Financial Managers Society (http://www.fmsinc.org/index.htm) Web site for the only not-forprofit professional society dedicated to serving the technical and professional needs of bank, thrift, and credit union financial officers. Site includes information about the organization, regulatory issues, employment opportunities, and more. Florida Institute of CPAs (http://www.ficpa.org/) Web site provides legislative updates, job links, and other sites of interest to Florida CPAs. 190 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Government Finance Officers Association (http://www.gfoa.org) Web site for the GFOA, the professional association of state/provincial and local finance officers in the United States and Canada that has served the public finance profession since 1906. Resources include organization history, job listings, publications, articles, chapter information, and more. Healthcare Financial Management Association (http://www.hfma.org) professional association for financial professionals in the healthcare field. Provides information about the association, publications, special interest groups such as a CFO forum, professional certification programs, and more. ICAA (http://www.icaa.org.au). The Institute of Chartered Accountants in Australia maintains a site on the Web and a site on CompuServe. There is general information about the Institute, membership, student news, and more. Illinois CPA Society (http://www.icpas.org/). Home page of the state professional association representing Certified Public Accountants. Includes financial management information, articles from Insight Magazine, and links to accounting-related resources. Some areas of this site are restricted to members. Information Systems Audit and Control Association (ISACA) on the Internet. The Central Indiana Chapter ISACA created a list for information systems auditors called CISACA-L. The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe, send a one-line message to [email protected] with the message SUBSCRIBE CISACA-L (yourname). Leave the subject line blank. Messages sent to [email protected] will be distributed to all subscribers. Information Systems Security Association (http://www.issa-intl.org) site of the ISSA provides information about this international organization of information security professionals. There are links to security-related sites, security tools and utilities, and security-related listservers. Institute of Chartered Accountants of England and Wales (http://www.icaew.co.uk) Web site provides information about the organization, news, and more. Institute of Chartered Accountants of Ontario (http://www.icao.on.ca) site provides information about the Institute, upcoming events, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 191 Institute of Internal Auditors (IIA) Resources on the Internet: The Institute of Internal Auditors established e-mail addresses for the headquarters staff. Address e-mail by using the first initial of the staff member’s first name plus their last name, followed by @theiia.org. General inquiries can be sent to [email protected]. Institute of Internal Auditors Inc. (http://www.theiia.org) - The IIA’s home page provides information about The Institute, its mission, programs, and services. The site is organized under the various centers for business, learning, and practices. The global audit resource center has links to industry and audit specialty groups, discussion groups, forums, and a site for IT auditors. Institute of Management Accountants (http://www.rutgers.edu/Accounting/raw/ima/). This site provides comprehensive information on IMA programs and services. Includes Cases from Management Accounting Practice, Statement on Management Accounting 4 P, Practices and Techniques for Implementing Activity-Based Costing, and more. Institute of Management and Administration (IOMA) (http://ioma.com/) the leading publisher of business and management information. Each month their newsletters bring actionable, productive articles to managers and executives in virtually every industry sector, all at the same high editorial standards that challenge the popular cliches that fail to address today’s new and pressing problems. The Administration section includes an Accounting and Taxation category with links to a number of other sites mentioned in the ARL. Institute for Professionals in Taxation (http://www.ipt.org/) Web site for a professional organization dedicated to minimizing the cost of tax administration and compliance for ad valorem and sales and use taxes. Site provides information about the organization, employment opportunities, research links, reference materials, and more. International Computer Security Association (http://www.icsa.net). ICSA is an authority on computer network security. Resources include white papers on security, publications, Security Magazine, and more. The Tech Zone provides up-to-the-minute information on products and services related to Internet and computer security. International Federation of Accountants (http://www.ifac.org/) home page of the worldwide organization for the accountancy profession. Site provides information about the organization, standards, discussion papers, and more. ISACA Foundation (http://www.isaca.org) home page of the organization provides information about membership, audit programs, internal control guidelines, certification, education, publications, and more. The site provides links to all local chapters that have Web sites. 192 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Maryland Association of Certified Public Accountants (http://www.macpa.org/) site includes information about the association, a comprehensive listing of resources, and CPE opportunities. Massachusetts Society of CPAs (http://www.mscpaonline.org/). Well-organized Web site for the state society includes information about the organization, a record retention guide, Internet from A to Z (links and resources for business), and more. Minnesota Society of Certified Public Accountants (http://www.accountingnet.com/society/ mn/) MNCPA online site provides information about the organization, articles from their newsletter, CPE opportunities, and more. National Association of Enrolled Agents (http://www.naea.org/) site provides information about the association and its members, how to find a tax advisor, tax links, tax news, and electronic commerce resources. National Association of Financial Services Auditors (http://www.nafsa.com/index.htm) Web site provides information about the organization, conferences, membership, and more. National Association of Local Government Auditors (http://www.nalga.org/) home page for NALGA, the organization formed to bring together professional local government auditors. The site includes information about the organization, annual conferences, and excerpts from the Local Government Auditing Quarterly. National Association of Purchasing Management (NAPM) (http://catalog.com/napmsv/) Silicon Valley Chapter maintains a World Wide Web page on the Internet. Includes resources for purchasing and supply management professionals. Purchasing articles include topics such as Software Licensing Flexibility, Paperless Purchasing, and Getting Started With EDI. The site also includes a library collection of books, video, and audio cassettes on purchasing, materials, operations, and business management. National Association of State Auditors, Comptrollers and Treasurers (http://sso.org/nasact/ nasact.htm) Web site for the organization, which includes public financial management, treasury, and audit reports. Provides links to state auditors and treasurers on the Web, state comptroller, and state auditor issues. National Association of State Boards of Accountancy (http://www.nasba.org/). This Web site provides information about the organization, a listing of individual state boards of accountancy, a national registry of CPE sponsors, and more. Some areas are restricted to members only. National Association of State Budget Officers (http://www.nasbo.org/) Web site for the professional organization for state finance officers. The site includes a list of available publications, links to budget-related links, and more. The Budget Links page also includes sites related to performance measurement. ___________________________________ Chapter 6 — Internet Resources for Auditors 193 National Association of State Information Resource Executives (http://www.nasire.org/). Clearinghouse of state government information on the Internet. Selectable categories include auditors, finance and administration, and information resource management. Categories provide links to related information servers. National Association of Trust Audit and Compliance Professionals (http://www.natacp.org) Web site provides information about the organization, membership, career opportunities, and more. National Health Care Anti-Fraud Association (http://www.nhcaa.org/) is an organization composed of private health insurers and federal/state law enforcement officials dedicated to the detection, investigation, and prosecution of healthcare fraud. National Society of Insurance Premium Auditors (http://www.nispa.org/) Web site includes background information, industry news, publications, and more. National Society of Public Accountants (http://www.nspa.org) site provides information about the NSPA, a national organization representing local practitioners and small businesses. Includes information about publications, course availability, membership, and more. Ohio Society of CPAs (http://www.ohioscpa.com/) - CPA access site provides information about the organization, news, information exchange, CPE, links to the Top Ten Web Sites for Accountants, and more. Organization of Local Government Auditing (OLGA) (http://www.olga.org/) is an initiative of Scandinavian auditing firms responsible for auditing local government entities in their respective countries. The Web site provides information about the organization and their members as well as links to other audit organizations. Pennsylvania Institute of Certified Public Accountants (http://www.picpa.com/) site contains information on education, government relations communications, including the table of contents for its journal, and pointers to its officers and chapters. Rhode Island Society of CPAs (http://www.riscpa.org/) site of this professional society provides links to Internet resources and information about the organization. SANS Institute Online (http://www.sans.org/). The System Administration, Networking and Security Institute is an education and research organization for system and network administrators and security professionals. They provide resources and tools for professionals in related fields. Their e-mail newsletters are a valuable knowledge resource for IT auditors. 194 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Society of Management Accountants (http://www.cma canada.org/) home page for the organization that represents Canadian Certified Management Accountants. Site has information about the designation, a library including articles from current and past issues of CMA Magazine, member news, and more. Texas Society of Certified Public Accountants (http://www.tscpa.org/) site provides information about the organization, including the CPA Yellow Pages, National Job Search, Government Resources, and more. Utah Association of CPAs (http://www.uacpa.org/) home page of the Utah Association of CPAs. Provides links to local and national accounting firms, CPE events, a CPA referral service, and more. Virginia Local Government Auditors Association (http://www.co.chesterfield.va.us/ ManagementServices/InternalAudit/vlgaa.htm) home page for the statewide organization dedicated to promoting the local government auditing profession. Provides information about the organization and upcoming training. Western Canadian Auditing Roundtable (http://www.wcar.org) Web site for a nonprofit organization dedicated to the advancement of Health, Safety, and Environmental auditing. Site provides their mission and goals, a waste facility environmental review, and more. Quality, BPR, and TQM Resources Internet resources on quality issues, including Business Process Redesign (BPR) and Total Quality Management (TQM), have become an important resource for auditing. These sites cover a broad spectrum on the topics related to quality issues. These also reflect the nature of business in the information age, where change has become a normal occurrence that organizations and the auditors who work for them must accept. American Productivity and Quality Center (http://www.apqc.org) site is devoted to TQM and benchmarking issues. There is information about the Center, membership details, and services offered. The site also includes selected articles on benchmarking, reengineering, and total quality from their publication, Continuous Journey Magazine. For more information, send message to [email protected]. Benchmark Auditing in the Federal Audit Community (http://www.hhs.gov/ignet/faec/ bmrk.html) is an initiative from the Federal Audit Executive Council and resides on the IGNet server. The site provides information about benchmarking, including a definition, the reasons, and the auditor’s role. There is a list of references, a Code of Conduct, and links to other benchmarking sites. ___________________________________ Chapter 6 — Internet Resources for Auditors 195 Benchmarking and Best Practices (http://www.tbs-sct.gc.ca/tb/iqe/bmrkg_e/indexe.html) Web site for the Treasury Board of Canada provides benchmarking and best practices information useful for auditors. The main page for their site also includes links to quality service guides for various aspects of government operations. Benchmarking Human Resources (http://www.wa.gov.au/gov/psmo/pubs/directory/guides/ hrpp/wdu/benchmk.html) is a navigation guide from the Western Australia State Government. This discussion paper provides an overview of HR benchmarking and strategies for identifying meaningful HR performance indices. Business Process Resource Centre (http://bprc.warwick.ac.uk/index.html) at the University of Warwick provides links to other sites on the topics of reengineering business processes, discussion forums, a glossary of terms, articles, reports, and documents. Business Researcher’s Interest (http://www.brint.com/BPR.htm). Comprehensive site of links to business process reengineering and innovation. Includes papers, handbooks, projects, tools, and links to other BPR resources and related sites. Continuous Quality Improvement Server. The CQI Server (http://deming.eng.clemson.edu) at Clemson University’s Department of Industrial Engineering supports global efforts in quality improvement and education in quality. CQI includes tutorials on CQI, links to the Deming Electronic Network, the Community Quality Electronic Network, discussion lists on TQM, and other quality-related sites. Inter-Agency Benchmarking and Best Practices Council (http://www.va.gov/fedsbest/ index.htm). Site created as a central resource for sharing information on benchmarking and best practices. Includes a code of conduct for benchmarking, databases for best practices and BPR, links to other related sites, and more. International Organization for Standardization (http://www.iso.ch/) (ISO) online Web site of the organization that developed standards for quality management and established an online support unit to provide facts on ISO 9000. The ISO 9000 Forum provides answers to various FAQs as well as background information on the standard. Quality Auditor Home Page (http://www.geopages.com/WallStreet/2233) resource page for quality auditors. Includes links to the ASQC, the Quality Auditor division, listserv for Good Laboratory Practices, newsgroups, and more. Quality Network (http://www.quality.co.uk/quality/index.htm) site provides links to resources on quality management, ISO 9000, environmental and safety management. Will include environmental and safety management auditing advice. 196 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Quality Online Forum (http://www.qof.com/) is a subscription service available via dial-up or the Internet. There are links to proprietary databases, resources, and other quality sites. Quality Resources Online (http://www.quality.org/) Web site provides links to TQM, business process reengineering, and other quality resources. Risk Management and Assessment Resources Risk-based resources on the Internet cover issues that auditors reviewing the risk function should appreciate. Identifying and managing risk in today’s business environment can be critical in business continuity planning. International Finance and Commodities Institute (IFCI) (http://Finance.Wat.ch/ifci) - Foundation promoting the understanding of financial risk management instruments and commodities. Site includes links to financial and derivative-related Web sites. The home page includes a query box to locate specific information within the site. Timely reports, research papers, listings of education, and information products make this a worthwhile site for auditors, accountants, and financial professionals who need information on financial instruments. Risk Assessment and Risk Management (http://www.mc2consulting.com/riskpage.htm) Web site for a project that provides tools and articles on risk-related subjects. There is a risk glossary and internal audit risk bibliography that professionals will find useful for research and background on the subject. Risk Assessment Do’s and Don’ts (http://www.jebcl.com/riskdo/riskdo.htm) - Professor Boritz provides guidance on risk assessment for internal auditors. Risk Management and Internal Auditing (http://www.rpi.edu/dept/rmia/webpage/rmia.html) site at Rensselaer Polytechnical Institute includes loss prevention policies and procedures, Internal Control Manual, Conflict of Interest Policy Statement, and more. Most files are in Adobe Acrobat (PDF) format which requires the Adobe Acrobat reader, available free by download. Risk Ranking and Security Controls (http://ourworld.compuserve.com/homepages/JerArdra) Web site of Jerry FitzGerald and Associates. Access a downloadable working copy of RANKIT(R) (and 16-page manual), a DOS-based risk ranking program and methodology that automates the ranking process. Information is also available on other information systems books and software. ___________________________________ Chapter 6 — Internet Resources for Auditors 197 Risk Standards for Institutional Investment Managers (http://www.cmra.com/riskpress.htm) Web site from an industry working group containing guidelines that institutional investors and institutional investment managers may use when planning their own risk measurement and risk management practices. The Risk Standards are grouped into three categories: Management, Measurement, and Oversight. Excellent resource for auditors reviewing investment risk within organizations. RiskList is a KPMG moderated mailing list forum for discussions on control and risk management issues. Join RiskList by sending an e-mail message to [email protected] with the words “subscribe risklist” in the body of the message. (Knowledge Assembly Resource) RISKWeb (http://www.riskweb.com). Information resource for academics and professionals interested in risk management and insurance issues. The RISKNet WWW server is a service of the RISKNet mailing maintained at the University of Texas at Austin. The RISKNet mailing list provides individuals around the world with a forum for open discussion of risk and insurance issues. Software Resources (Accounting, Auditing, and Security) The following sites provide links to software management tools, data extraction and retrieval tools, audit management software, and more. They also provide links to audit and accounting resources available on the Internet. Look for demos of the programs available for download as well as Internet-based customer support for their products. ACL (http://www.acl.com) is an integrated system of software providing complete control over data access, management, analysis, and presentation. The site offers information about their products, trade shows, seminars, and training schedules as well as online support and the Audit Central page - A Guide to Web Audit Sites. For more information, send e-mail to [email protected]. ADM PLUS for Windows (http://www.admplus.com/) Web site of Joseph Plier & Associates provides information about their audit automation software. There are links to a newsletter, conference announcements, and a full-featured, 90-day Evaluation Version or a Production Version of ADM PLUS for Windows is available for downloading. AllCLEAR – SPSS Inc. (http://www.spss.com/allclear) allCLEAR is ideal for quality, auditing, IS, training, and human resources. allCLEAR turns a simple text outline into a flowchart automatically. Audit Sentry – HIS Financial Products (http://www.ihsfinancial.com/products/audit/ audit.html). AUDIT SENTRY is a user-friendly Lotus Notes® or Windows 95®-based system that streamlines the audit process, from planning and performance to reporting. 198 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ AuditMasterPlan (http://www.jebcl.com/). AMP is a computer-based risk assessment, planning, and work tracking system for internal auditors. The site provides information about the product, and a downloadable demo is available. Auditor Assistant (http://www.auditorassistant.com/) is a teamwork-based audit system using Lotus Notes. The site includes a description of how the system works, requirements, and a downloadable preview version of the program. AutoAudit – Paisley Consulting (http://www.paisleyconsulting.com). Business Ethics Resources on WWW (http://www.ethics.ubc.ca/resources/business/) provides links to sites related to the subject. Barefoot Auditor (BFA) (http:/www.thebarefootauditor.com/) site with information about the Barefoot Auditor, a software auditing program. Downloadable demo is available from this site. BrainTree Security Software (http://www.sqlsecure.com/) vendor Web site provides information about their products for security solutions for relational databases. White papers available on PeopleSoft data security and more. CaseWare (http://www.caseware.com/). CaseWare International is a producer of engagement and reporting software. CRA Wiz – PCI Services Inc. (http://www.pciwiz.com) CRA Wiz™ is a family of Windows™ based software tools for compliance professionals in the CRA and Fair Lending fields. The three tools are the Database Analyzer, the Geocoder, and the Mapper. All are Windows™ based and can be operated and purchased as an integrated system or independently of each other. Crystal Reports – Seagate Software (http://www.crystalinc.com/crystalreports). Directorate of Counter Fraud Services (http://www.doh.gov.uk/dcfs/index.htm) Web site provides information about healthcare fraud in the United Kingdom, the types of fraud, and a fraud strategy. IDEA Software Users Discussion List. IDEA-LIST is a non-moderated discussion list and forum to exchange ideas and information among users of IDEA (Interactive Data Extraction and Analysis). IDEA is a productivity tool for auditors, accountants, and financial managers that can help display, analyze, manipulate, or extract data from other computer systems. Send subscription requests to [email protected] with one line in the body of the letter: SUBSCRIBE IDEA-LIST. Micrografx, Inc. (http://www.micrografx.com/flowcharter). FlowCharter is a business drawing, diagramming, and charting tool. It can be used to create organization charts, network diagrams, statistical control charts, and flow diagrams of any type. ___________________________________ Chapter 6 — Internet Resources for Auditors 199 Paisley Consulting (http://www.paisleyconsulting.com) provides products and services that improve the efficiency and effectiveness of internal auditing departments. Site includes the AutoAudit software, which is a complete workflow automation system designed to increase the productivity and effectiveness of medium and large-sized audit firms. QSAK (http://www.optimumtechnology.com/pages/QSAK.htm) software used to schedule, manage, analyze, and conduct internal audits, assessments, tests, and inspections. This management tool is designed to organize, direct, document, and report on internal and external audits. Free limited version is available for download from Optimum Technology’s site. Seagate Crystal Reports accesses more than 30 data sources, has powerful data analysis capabilities and report type options, and produces presentation-quality output. Software Information Industry Association (http://www.siia.net/). The Software Information Industry Association (SIIA), formerly the Software Publishers Association, home page on the Web has information available on SIIA publications, anti-piracy programs, and more. This is a great resource for software compliance auditing. Accounting and Tax Resources The following sites provide a wide range of accounting-related resources that you can utilize. All of the major public accounting firms have sites on the Internet and provide a wide variety of information about their organizations and services offered. The International Accounting Network (Anet) has various sites around the world and provides a comprehensive database of accounting-related resources. Connect to the closest available location to speed up access to their information. Accounting Resources Academy of Accounting Historians (http://weatherhead.cwru.edu/Accounting) organization that encourages research, publication, teaching, and the interchange of ideas for accounting history and its relationship to business and economic history. Site provides information about the Academy, its organization, and services offered. There is also a publication section with links to research papers and abstracts. Accountant’s Home Page (http://www.computercpa.com/) includes resources for accountants, financial and business professionals. Resources include governments, professional organizations, corporations, and universities. Accountants Online (http://www.ppn.com.hk/accountantsonline.html) Pacific Professionals Network accounting page of information and resources. Includes What’s Hot for Accountants and Accounting Web sites. 200 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Accounting: A Virtual History (http://www.acaus.org/history/) Web site from the Association of Chartered Accountants in the U.S. provides an excellent historical background on the roots of accounting. ANet Mailing Lists (http://www.csu.edu.au/anet/lists/). One of the major services provided by ANet is mailing lists in a range of areas. The principal mailing list is ANews-L that provides information on a variety of coming events, new publications, and important developments on the Internet. Archives of the various ANet lists are maintained on the site. Accounting (BIG 5) Firms on the Internet. Arthur Andersen (http://www.arthurandersen.com/) Web site provides information about the firm and its history as well as sections for global best practices, interactive tools, and business links. Deloitte & Touche (http://www.dttus.com) site provides information about D&T as well as an excellent Hot Topics section (http://www.dttus.com/dttus/hot/hotlist.htm) with timely information on software products, surveys, and breaking news items of interest to accountants and auditors. Deloitte Touche Tohmatsu TAXNET (http://www.deloitte.com.au) Deloitte Touche Tohmatsu Australian division is now on the World Wide Web. Site includes information about Deloitte, Tax Publications, career information, and more. Touche Ross UK (http://www.deloitte touche.co.uk/) site for the UK Division of Deloitte Touch. Includes a hot topics area, information about the firm, and Inside Fraud, the quarterly fraud bulletin. Ernst & Young (http://www.ey.com) U.S. site provides financial reporting briefs, a financial reporting and accounting 1995 Update, gateways to other E&Y sites, and career opportunity information. Ernst & Young (http://www.eycan.com) E&Y Canada provide information about the firm’s services and career opportunities. Includes news releases, tax briefs, links to the Department of Justice of Canada (French or English) and links to other business resources. E&Y England (http:/ /www.ernsty.co.uk/welcome.htm) include the complete publication of Cadbury Corporate Governance: Reporting on Internal Financial Control. E&Y Africa (http://www.mbendi.co.za/ernsty) provides information on their services. KPMG - Peat Marwick Web Sites KPMG US (http://www.us.kpmg.com) provides updates on KPMG, services, employment, and a library that contains links to accounting and tax-related sites. KPMG Online Canada (http://www.kpmg.ca) includes industry studies and links to business resources. KPMG Australia (http://www.kpmg.com.au) includes tax information for Australia and links to other resources. PricewaterhouseCoopers (http://www.pwcglobal.com) Web site contains firm history, insights and solutions, and career information. ___________________________________ Chapter 6 — Internet Resources for Auditors 201 ProfessionalCity.com (http://www.professionalcity.com/) is a vertical industry portal that provides research material and information regarding related products and services for specific professions. There are currently “neighborhoods” for law, marketing, and accounting. Tax Resources Tax-related resources are readily available on the Internet. The Internal Revenue Service maintains an excellent site with up-to-date tax information. Some sites maintain archives of tax-related discussion lists as well as links to other tax resources. Like the saying goes, the only things that are certain are death and taxes. Look at some of the following sites for the tax information to stay up to date. Research Institute of America (http://www.riatax.com) is a publisher of U.S. federal, state, and local tax information and analysis. Weekly updates on tax information, product reviews, demos, and employment opportunities. Tax & Accounting Professional Network (TAPNet) (http://www.tapnet.com) provides information on the selection and implementation of accounting software systems. Professionals can also subscribe to five e-mail discussion groups of various tax and accounting topics and search for past articles published in Management Accounting magazine via the subject index linked to abstracts of all articles published after October 1994. Tax and Accounting Sites (http://www.taxsites.com). An extensive list of tax, accounting, law, finance, economics, and government sites maintained by Dennis Schmidt, Associate Professor of Accounting, University of Northern Iowa. Taxpayers Against Fraud (http://www.taf.org/) is a nonprofit public interest organization devoted to fighting fraud against the federal government. The site includes information about the False Claims Act, news releases, resources, healthcare information, and more. TaxWeb (http://www.taxweb.com/) Web site for federal, state, and local tax-related developments. Includes tax forms, filing extension information, federal and state legislation, tax research, enforcement, tax publishers, discussion groups, professional organizations, and more. World Tax (http://www.doingbusinessin.com/) is Ernst & Young’s site for international business, tax, and accounting. The site features Tax News International, a “quarterly digest of tax information in more than 50 countries,” the 1997 Worldwide Corporate Tax Guide, and the 1997 Worldwide Executive Tax Guide, which provides a summary of the corporate and personal tax systems in more than 130 countries. 202 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Training – Continuing Professional Education All auditors, accountants, and financial managers have to keep up to date with changes taking place in their respective professions. The Internet provides opportunities for staying current on professional issues by continuing professional development or training. Some sites are providing training opportunities via the Internet while other sites use the Internet to announce conferences and courses. Determine your training needs and explore the following sites to see whether they are providing courses that will meet current and future needs. Becker CPA Review (http://www.beckercpa.com/) site provides details about their CPA review course. There is an excellent description of careers in accounting and pay scales that would be useful for students exploring accounting-related positions. Bisk Publishing Company (http://www.bisk.com/) site for the provider of educational materials for auditors and accountants. Site search engine available to locate information. Canaudit (http://www.canaudit.com/) Web site for continuing education/training for internal audit and information systems audit. Features include information about their services, a newsletter, and more. CPEInternet (http://www.cpeinternet.com/) provides continuing professional education for accountants and auditors via the Internet. Course catalog includes training in business, accounting/auditing, taxation, consulting, and more. Free demos and course previews available. CPENet (http://www.cpenet.net) a nonprofit, online continuing education service designed by a group of certified financial professionals, all of whom have been active as practitioners and trainers for many years. CPENet originates from our concern that outsourcing, downsizing, and slashed training budgets are making high quality CPE more and more difficult for CPAs, CIAs, CISAs, CMAs, CFEs, and CGFMs to obtain. The purpose of CPENet is to reduce the cost of high-quality, continuing professional education. CPENet is a National Association of State Boards of Accountancy (NASBA) continuing education sponsor (#95 000739 97). E-mail comments to: [email protected]. CPE-Tracker (http://www.cpe-tracker.com/) Web site for Continuing Education tracking and resources for professionals provides various services for auditors and accountants. Services include searching for CPE, tracking, CPE requirements, CPE providers, and more. Gleim Publications, Inc. (http://www.gleim.com/) - Publisher of accounting and auditing examination preparation material. ___________________________________ Chapter 6 — Internet Resources for Auditors 203 Government Audit Training Institute (GATI) (216.1.143.50/programs_services/auditing/ gatp.cfm) Web site provides information about the organization, available courses, details on registration, and more. Graduate School USDA (http://grad.usda.gov) provides information about courses offered by the organization, including the Government Audit Training Institute (GATI). For more information, send message to [email protected]. Lambers CPA Review (http://www.lamberscpa.com/) - site of the publisher of professional exam review guides for CPA, CIA, and CMA. MicroMash Accounting Reviews (http://www.micromash.com/) provides information about their review courses for the CIA, CPA, CMA, CISA, CFM, and more. They offer tutors, indicators (practice exams), and downloadable demos of their programs. MIS Training Institute MISTI (http://www.misti.com/) Web site contains information on seminar offerings and links to other Internet sites. The MISTI curriculum includes courses in modern internal auditing and information systems audit and security. They also offer a variety of products and services, including topical conferences, video training, publications, and more. Training and Seminar Locator (http://www.tasl.com) - free access database to help find resources for training and professional development. Search U.S. training providers by type of resource, subject, location, and date range. Eventually this service will provide online registration. Wiley CPA Exam Review (http://www.wiley.com/cpa.html). This site features the Wiley/Delaney review materials for candidates preparing to take the CPA exam. Site also includes FAQs on preparing for and taking the exam and sample review questions. World Training Institute (http://worldtraining.com) Web site for CPE training in taxation, telecommunications industries, internal controls, COSO, and communication skills. Yipinet Knowledge Hub (http://www.yipinet.com/) offers CPE courses for the accounting profession using an easy-to-navigate, full-solution Web destination for professionals who seek continuing education. They provide CPE tracking, and the site also includes an Industry Watch that users can customize to their interests. 204 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Vendor and Consultant Resources Vendors and consultants marketing audit-related goods and services on the Internet have provided auditors with an effective way to find help. The following sites provide a sample of the types of services available on the Internet. The inclusion of these sites is not meant as an endorsement of the goods or services they offer but merely as an example of how audit-related consultants are using the Internet to reach potential customers. Audimation (http://www.audimation.com) is a distributor of IDEA software. The site has links to information about the product, its uses, training, upcoming events, and demo downloads. Audit Serve Inc. (http://www.auditserve.com) site provides technical articles on audit and security, discussion topics, question postings, system software release tracking, and job postings. A section of the home page is also devoted to year 2000 software issues. Issues relating to the century date change problem are described and a tracking system is provided which identifies whether software and hardware platforms are year 2000 compliant. The home page also contains a description of products and services offered by Audit Serve. For more information, send message to [email protected]. AuditForce (http://www.auditforce.com/). Consulting organization that provides internal audit and compliance expertise. Site has an e-zine with articles on topics of interest to auditors, including internal auditing and controls in the reengineered company. Canaudit (http://www.canaudit.com/) Web site for continuing education/training for internal audit and information systems audit. Features include information about their services, a newsletter, and more. Carratu International (http://www.carratu.com/) Web site of a fraud and security consultant. Includes a description of services offered and bulletins (in Adobe Acrobat format) on corporate fraud, risk analysis, and more. Enterprising Associates (http://members.aol.com/EAlimited/OURPAGE/index.htm) is an information technology audit, computer security, and consulting practice. The site includes The Computer Advisory with articles on computer security and auditing. A free ram resident utility providing a fix to the year 2000 problem for PCs is also available for download. New Technologies Inc. (http://www.forensics-intl.com/intro.html) is a security consulting firm that offers training and tools for computer forensics. Site provides articles, software, visual aids, and more. ___________________________________ Chapter 6 — Internet Resources for Auditors 205 NJH Security Consulting, Inc. (http://www.njh.com/) Web site for a security consultant specializing in Internet penetration testing and Web security. Items of interest to auditors include articles on security-related issues and problems. Veris Social Security Number Verification Services (http://www.ssn-locate.com/) provides methods for validity checking Social Security numbers for invalid, never issued, and deceased. The services include standalone application programs and software libraries for a variety of computer systems as well as a mail-in-processing service. SSN databases are obtained from the Social Security Administration and updated monthly. Interview: Charles Lawver, President, CPENet (http://www.cpenet.net) CPENet was the first distance education provider to offer National Association of State Boards of Accountancy (NASBA) certified, continuing education credit on the Web. In 1994 when they started, many of their students in the United States and overseas and did not have separate word processing applications (many overseas still do not), so they chose to deliver their courses via email. They had only one payment option, which was for the student to mail his or her tuition payment to a post office box. Over the years the look and feel of the site has constantly changed. Today they offer more courses than ever; they are constantly adding the new and dropping the old. They try to keep their courses up to date to mirror current issues and concerns but also limit the number so the student is not overwhelmed. Their students (in 12 countries) can now register for one or any number of courses online at the same time. Since they keep full records on each of their students (as required by NASBA and by their affiliate, Global Online University), any of their students can request at anytime a free transcript of all the courses he or she has ever taken. This can be a help at reporting time when you’ve waited until the last minute (as many of us have) to report hours to a state chapter or certification board. They now offer the option of allowing students to pay their tuition with VISA and/or MasterCard using secure Cybercash technology. But the vision of their editorial board has remained consistent from the beginning…they are an allvolunteer, nonprofit organization with only one mission. They want to offer their students, who for one reason or another (physical distance or location, job-related travel, downsizing, dumb-sizing, reduced training and travel budgets, etc.) cannot obtain traditional training, worthwhile continuing education, and skills updating experience at a reasonable cost. Whatever monies they take in as tuition are expended on new course development and to cover the cost of operating their Web site. 206 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. Why was CPENet created? CPENet was created in reaction to the downsizing and organizational reengineering wave that hit the Richmond, Virginia, audit community very hard beginning in 1993. I was on the board of the local chapter of The IIA at the time as well as serving as president of the Richmond Chapter of the Certified Fraud Examiners. Many state and federal government agencies and private firms eliminated training budgets for their internal audit shops entirely. Even worse, many highly qualified auditors of all kinds found themselves out of work. As president of the local CFE chapter, I would get phone call after phone call from auditors whose organizations weren’t paying for training anymore as well as from colleagues whose jobs had simply been eliminated, all looking for low cost, but high quality, continuing education credit. It occurred to me that one way to make training available on a low cost basis to a large number of potential students was to make short courses available over the Internet via e-mail. I organized a board of directors and obtained NASBA certification as a continuing education provider for what we decided to call CPENet. As you know, CPENet is nonprofit; all monies received from students are plowed back into the development of additional courses and/or used to defray the costs of operating the Web site. To my surprise I found not only a very brisk demand among auditors between jobs from all over the United States but from American auditors and accountants working or residing in remote or overseas venues where CPE simply was not available from the local chapters of their certifying organizations. By the end of our first two years of operation, CPENet had students in 12 countries. Q. How do you see the Internet changing the delivery of continuing professional education? I think there is an opportunity to provide CPE to folks on their own time as they need it. The advantage to CPE over the Internet is that it is available right when the student needs it, or wants to take it, in a wholly convenient format. When a site adds forum and chat capability, there is really no end to the possibilities for information sharing. Q. What has been the response of the audit community to accepting this new method of CPE delivery? Auditors tend to be a conservative lot and usually adopt a “show me” attitude of skepticism at first to the idea of CPE online. I think the success CPENet had in its first years derived from the fact that those using the service were in remote locations and had to break down their normal reluctance by necessity. I have found that the best way to introduce auditors who are not in remote venues to CPE online is to involve them through their local professional organization chapters. For example, in Richmond the CFEs have tripled our membership since we started holding virtual meetings online featuring a downloadable lecture for two hours of ___________________________________ Chapter 6 — Internet Resources for Auditors 207 CPE credit. We hold such virtual meetings every two months year round and invite the membership of a different professional organization (IIA, ISACA, the Governmental Accountants, the Association of Investigative Officers, etc.) to each of our meetings. We have never failed to pick up several new members from each of the organizations we invite to our online meetings. The Richmond CFEs make 12 hours of CPE credit available online each year to each of our members for the price of the annual membership fee ($15.00). Q. What types (industry) of auditors are benefiting from this new way to earn CPE? I would have to say that students from just about every major industry have taken CPENet lectures and courses at one time or another... we have had governmental types, bankers, people in finance, lots of auditors from all over, information systems people, etc. I think the industrial classification is less important in distinguishing our students than the type of individual who is attracted to CPE online in the first place. As I said, these folks tend to be in remote locations but also tend to be less afraid to try something new… they are generally innovative and curious by nature. As time goes by I think we can attract more conventional folks to online CPE through use of the Internet as a professional chapter building device. Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? As a CISA, I have been involved with information systems from the earliest days of my career. I guess my years as a systems developer in the mainframe environment were what initiated my interest in PCs as a way to bring computing to the desktop. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? Here in Virginia state government, auditors at all levels are using the Internet (mainly e-mail) as a communication device. As folks have gotten more comfortable with e-mail, the chat rooms, forums, and bulletin boards have followed and have all found a place as ways to enhance communication. Q. How has your organization integrated the use of the Internet into auditing? My staff and I use the Internet constantly as a source of information but also as a communications channel. We use our intranet to publish audit findings and to get updates to those findings from customers. We also use our intranet as a vehicle to educate our clients on controls and to establish a presence for the audit function within the organization. 208 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. What Internet resources do you use, and how have they helped you and your organization? Of course we use e-mail constantly. We use the World Wide Web for information and an intranet to publish and update findings. We also have created a Y2K archive online (using the intranet) as a way to organize documentation on the project for the many folks who are auditing that project. We have also found that digital storage is less expensive than filing cabinets and so all our workpapers are slowly but surely being converted to storage in private pages on the intranet as well. What using the intranet as a data storage device does for us is to speed the work of the external auditors. Now they can find literally hundreds of documents about our organization on our intranet, saving them time and our staff from having to answer so many repetitive questions. Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? Our agency today is unrecognizable in comparison to what it was six or seven years ago. This is due to our use of LANS, WANS, and the Internet. Paper has not disappeared but it is used in a wholly different way. Q. What effect have the Internet and the World Wide Web had on the auditing profession? I think the auditing professional has ridden the wave with the other functions in the organization. It has been my experience that auditors in general are not particularly creative or innovative, and I am not sure that many of our colleagues are as comfortable with technological change as perhaps they should be if they are going to not just survive but thrive. As time goes by and folks who have been raised with computers enter the profession, hopefully we will see the same level of innovation as we have seen in some other professions. Unfortunately, I think that many auditors use these new tools because they feel they have to, not because they like them or want to do innovative things with them. Q. What Internet skills do you see as the most critical for new auditors? I think new auditors need to know how to set up audit relevant Web pages and to incorporate databases into them so that control-related information can be shared dynamically on a real time basis. No one is interested in yesterday’s news anymore. Auditors can use the many tools of the Internet (as of intranets) to review more concurrently and to be true management consultants on controls. To do so they must go beyond elementary skills like e-mail and the Web to the design of databases to convey control information on systems when and where it can do the most good. Above all, new auditors have to know the systems design and development process thoroughly if they are going to make a relevant control contribution to the modern organization. The Internet is only one small piece of all this. ___________________________________ Chapter 6 — Internet Resources for Auditors 209 Q. What role do you see for the Internet in the future of internal auditing? The Internet is just a tool, albeit an important one. As with any tool, its usefulness is only limited by the creativity and imagination of those who use it. If the internal auditing function can remake itself as constantly as its parent organizations of today have to remake themselves, then the Internet will be a critical tool in internal audit survival. If new tools are used to continue old ways of doing things, then these tools really won’t matter very much at all. Q. Any other thoughts on how auditors could be using the Internet that you would like to share? Just to say that the Internet can be an isolating experience for folks and so they resist it sometimes... although we have used it to build our CFE chapter in Richmond, we do not simply have online meetings. We try to get the membership together several times a year so folks can see and get to know each other in the flesh. It’s important to remember the human element. For those times when schedules and distance do not permit, the Internet is truly a wonderful tool to do just about anything anyone is imaginative enough to think up. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 211 Chapter 7 Practical Applications for Using the Internet as an Auditing Tool While there has been much written about how others use the Internet, I thought it would be valuable to provide practical examples of how auditors are actually using the technology. Its true value comes from how you use it as an auditor in both your professional and personal life. This chapter should be considered a work in progress. The examples provided are a starting point for how to use the Internet from a professional perspective. Auditors who are using the Internet were asked to offer their experiences and suggestions for your benefit. Messages were also posted on numerous mailing lists for feedback on how other audit and accounting professionals use this resource. The responses are included in the section called “Heard from the ‘Net.” The following ideas come not from a theoretical background, but from practical experiences in using the Internet for audit-related purposes. They cover many of the tools, applications, and resources that are included in this book. Areas that may seem to be duplicated should be considered carefully as many auditors may use the same tool but in different ways. I have found uses for the Internet in every audit project and special assignment in which I have participated. At the beginning of each new project I send out an e-mail message to each of the relevant discussion groups and newsgroups. If the subject deals with a topic that is relevant to local government, my contact list includes e-mail discussion groups covering state and local government audit issues. If the subject deals with reengineering or security, I contact appropriate lists for those subjects. I also conduct searches of Web sites using several of the search tools. The reason for this is that different search tools give differing results. I have found that different search tools use different types of logic, so you need to review the query logic prior to structuring and submitting the request. Remember that the object is to find the information in the most efficient and effective way possible. I use the available audit resource lists to locate appropriate sites, and have managed to put together contact distribution lists in my e-mail program so that I have a network of human resources. Marketing the Audit Function An effective method of marketing the audit function is by creating a home page for the internal audit office. As discussed in Chapter 6, a number of audit departments have created home pages. Those pages contain a great deal of valuable information, but most importantly they give the audit department exposure. Creating a home page can also provide some structure as to how the audit department uses the Internet. If an audit director has concerns about staff inappropriately browsing the Internet, the best course of action may be to create a home page with links to “useful” Internet resources. Many browsing software programs allow the auditors to save a home page created on 212 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ another system for modification and use on their own system. Auditors can find HTML references from the Internet such as the ones at http://lcweb.loc.gov/global/html.html. View and save the source of a page that looks fairly simple and start from there. Begin with a text only as you may have initial difficulty with graphic images. Once you get the hang of the text editor commands, try adding some graphics GIF files. There are several HTML (and freeware HTML) editors available for download from the Internet (also listed in the URL above), but you may prefer just a plain ASCII text editor. Saving a home page created by another audit organization is efficient because it provides a foundation for your own audit office. This feature allows you to open a local file (the home page) on your computer. Because the URL is a universal address for the sites, you can then access the audit resources directly from a local home page rather than connecting to the remote site home page. The ability to save pages to a local computer and modify them for your office means that you can create and share useful HTML audit pages rather than starting from scratch. By combining useful resources for staff along with information about the department, you can create a tool that serves both internal and external customers to the internal auditing function. Professional Organizations on the Internet Professional accounting and audit organizations are establishing home pages on the Internet to meet the needs of their members and to attract new members. The Institute of Internal Auditors (http://www.theiia.org/), the American Institute of Certified Public Accountants, AICPA (http:// www.aicpa.org), the Information Systems Audit and Control Association (http://www.isaca.org), the National Association of Local Government Auditors, (http://www.nalga.org/), the Association of Government Accountants (http://www.agacgfm.org/), and the Association of Certified Fraud Examiners (http://www.cfenet.com) all have established sites on the Internet. Some organizations originally created their Web sites on other organizations’ servers such as FinanceNet or the Rutgers Accounting Web and then moved to their own servers. Regardless of how these organizations choose to present their Web site, they all have one common theme — sharing information about their association, training opportunities, professional certifications, standards, and more. Professional associations on the Internet provide an important service by promoting professionalism and encouraging networking with peers regardless of where they are located. Where are the Auditors? If only I knew someone who had the answer to that question. Sometimes it is a matter of finding another peer who may have already found an answer. So the question becomes where can I find other audit professionals in my area to network with? One way is simply to ask someone for their e-mail address when you meet them. Including your e-mail address on your business card helps this process along. Another way is to post a message on a discussion list or audit-related newsgroup to connect with other auditors with similar interests. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 213 There is also an online directory of auditors, accountants, and financial professionals who have registered their e-mail addresses along with other pertinent information. The AuditNet Accounting/Audit/Finance E-mail Directory is the most comprehensive listing of auditors, accountants, and financial professionals available on the Internet. Financial professionals voluntarily e-mail a registration form to [email protected] for listing in the directory. The format for submitting a request is included in the resources section of this book. If you are trying to locate an e-mail address and you know the person’s name but not their phone number or address, you have a number of alternatives. An excellent place to start is one of the Web sites such as AnyWho (http://www.anywho.com/). Fill out the form with the name and state and AnyWho will provide you with all the people who meet those criteria that are listed in the telephone directory. Another option is the Four11 Online User Directory, which is like an Internet White Pages. This is a free subscription-based service. Send an e-mail to [email protected] and they will send a registration form. As more people register, there is a greater likelihood of finding other auditor e-mail addresses. Another possibility for finding auditors is the PeopleSearch site at http://www.peoplesearch.com/. The site provides a simple form asking for the name of the individual you are looking for. It will then launch multiple search tools to find matches, including the e-mail address. PeopleSearch located two of my three e-mail addresses using the name Jim Kaplan even though my e-mail username was jmkaplan and jkaplan. If the auditor you are looking for has posted a message on a Usenet newsgroup recently (within the last six months), you can use the DejaNews page (http://www.deja.com). The site searches Usenet postings under the auditor’s name and retrieves the message they wrote or are mentioned in. You can then get their Internet address. Finally you could post a message on one of the audit-related discussion lists asking other auditors if they know the e-mail address of the auditor. Professional organizations are already beginning to include e-mail addresses on new member and renewal applications. Member directories will be a primary resource for finding peers. These directories will eventually be available online, providing an easy-to-reach resource for auditors looking to connect on the Auditbahn. Internet address books have become a standard tool for auditors as the Internet matures as an important communications medium. CPE Options for Auditors on the Internet One thing that all professional auditors and accountants have in common is the need to stay up to date on professional developments and the latest methodologies. Professional standards and certifications include minimum requirements for continuing professional development or education (CPE). While CPE requirements are mandated by each organization such as the AICPA, IIA, IMA, or the federal government, the ways to obtain CPE are varied. The Internet provides several options for efficiently locating training materials or actually obtaining training from the convenience of your home or office. 214 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Auditors may use the Internet for finding audit-related course offerings, ordering catalogs via email, and registering online. The USDA Graduate School Government Audit Training Institute provides online course listings along with descriptions at http://216.1.143.50/programs_services/ auditing/gatp.cfm. Auditors may view course schedules and descriptions, obtain late-breaking news on courses, and pre-register for classes. Another Internet site with course listings is MIS Training Institute (http://www.misti.com/). Course offerings include modern internal audit and information systems audit and security. Other CPE options include books and audio and video training cassettes on audit/accounting topics. Using Webcrawler (http://webcrawler.com) and CPE Accounting for the query, I located the following sites for obtaining CPE material: • Bisk Publishing Co. (http://www.bisk.com) describes itself as “a pioneer in the development of alternative teaching methods for tax, accounting, and business law education.” Their inventory includes accounting and auditing CPE programs, including the CPA Review and CPEasy (a library of CPE programs). The site includes a demo of their CPE program, catalog, state board of accountancy requirements, and other professional information. • CCH Inc. (http://www.cch.com) is a global provider of tax and business law information, including CPE programs. The site provides many tax and accounting online CPE courses available for a $25 flat grading fee. • Gleim Publications (http://www.gleim.com) is a name familiar to accountants and auditors who have prepared for the CPA, CIA, or CMA exams. Their material includes study guides and questions from past exams, sections providing information on the CPA, CIA, and CMA exams, how to pass the exams, and order forms for their books and software. The most exciting and innovative way to obtain CPE is over the Internet (online). Some CPE providers realize that it is becoming more difficult to obtain quality training, given current budget and time constraints. An article in The Wall Street Journal estimated that it costs professionals between $50-$75 for each hour of CPE, taking into consideration travel costs, time away from work, etc. The following sites provide an opportunity for professional auditors to earn CPE on the Internet: • CPENet (http://www.cpenet.net/) is a nonprofit online continuing education service providing accounting, tax, and auditing training to professionals. The purpose of CPENet is to reduce the cost of high-quality, continuing professional education. CPENet is a National Association of State Boards of Accountancy (NASBA) continuing education sponsor. Examples of course offerings include auditing automated applications, EDI, operational auditing, management controls for personal computers, and auditing efficiency of operation. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 215 • Another option is CPEInternet at http://www.cpeinternet.com/, which provides continuing professional education for accountants and auditors via the Internet. The course catalog includes training in business, accounting/auditing, taxation, consulting, and more. There are free demos and course previews available. The course fees average $15 per CPE unit. The trend of providing new ways of delivering continuing professional education and training will continue. As the number of auditing and accounting professionals using the Internet increases, so will this method of meeting CPE requirements. Using the Internet to Find Audit Jobs Finding a job can be a daunting task for auditing professionals. Using the Internet for this purpose provides auditors with another method of approaching career-enhancing moves. According to the 1998-1999 Occupational Outlook Handbook (OOH), employment of accountants and auditors is expected to grow about as fast as the average for all occupations through 2006. Furthermore, the OOH states that “accountants and auditors who have earned professional recognition through certification or licensure should have the best job prospects.” This does not take into consideration the impact of downsizing and restructuring. There is therefore no guarantee that the job held by an auditor or accountant today will be there next week or next year. This makes it imperative that auditors do some career planning just in case they find themselves on the short end of a corporate restructuring exercise. Making a career move requires the same type of planning performed by an auditor when approaching a new assignment. The planning process begins with obtaining background information for the project. In this case an auditor should begin by brushing up on the essential tools for a career move. The basics for resume preparation, job search techniques, and interview tips are available in books or directly online via the Internet. Auditors should begin by checking out the Online Career Center at Monster.com (http:// www.occ.com/) for tips on career assistance. The site includes career advice from nationally syndicated columnists, articles from The Wall Street Journal National Business Employment Weekly, publication recommendations, resume tips, and do-it-yourself outplacement. Career Magazine (http://www.careermag.com/) also contains tips and links to other career-related sites on the Internet. Auditors looking for specific job search strategies using the Internet should check out The Riley Guide Employment Opportunities and Job Resources on the Internet by Margaret F. Riley (http://www.dbm.com/jobguide/). This comprehensive site provides tips on using the Internet to find a job. When completing the planning portion of the career search, auditors must then focus on job opportunities. Robert Half of Atlanta (http://www.roberthalf.com) provides job listings for information systems, accounting, and financial professionals. JOBS-ACT is a moderated mailing list of em- 216 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ ployment opportunities for accounting and finance jobs, including cash management, audit, and tax. To subscribe to this mailing list, send an e-mail message to [email protected] with the message SUBSCRIBE in the subject line and body. There is also an archive file available that may be obtained by sending the command ARCHIVE JOBS-ACT to the list address. There are also some general sites available that auditors can use for their job search. America’s Job Bank (http://www.ajb.dni.us) is a cooperative effort of individual State Employment Services. The State Employment Service has long recognized the need to help individuals and jobs connect. Using the technology of the Internet, this program provides auditors with nationwide access to employment opportunities in the public and private sector. There is no cost for employers who list jobs or for financial professionals who use the service to find employment. Funding for the program comes from unemployment insurance taxes paid by employers. Using a self-directed search, auditors may locate opportunities for jobs. CareerMosaic also provides a self-directed search page (http://careermosaic.com/cm/usenet-help.html). There is a form for auditors to complete using a simple text query for job description, title, organization, city, state, and zip code. Auditors must understand that this is another means of locating opportunities and is not meant to replace other strategies. As more employers and financial professionals become comfortable with this method of conducting a career search, the number of opportunities and candidates using the service will expand. Practical Applications from Auditors on the Internet As I travel the Auditbahn, I meet auditors from around the world. This global cyber community of auditors is forging a path for future auditing professionals through their utilization of the Internet. I asked fellow professionals whom I met in my travels over the Internet to write about their experiences using the Internet. As you read you will recognize tools, applications, and resources covered in previous chapters. This is not meant to be a duplication, but rather to illustrate how these savvy auditors are utilizing those tools in an auditing environment. You should use these experiences as a starting point for your own methodology for incorporating the Internet as an audit tool in your professional environment. The Internet: A Tool for Practical Auditors by Slemo Warigon, University Auditor, Webmaster, and List Coordinator The Internet needs little by way of introduction. It radically changed the way we do things or approach audit projects. The Internet offers every auditor the means to visit a wide variety of places across the world, make an infinite number of stops, and browse the vast expanse of cyberspace for as long as he/she wishes. Every auditor can do this for professional research or general curiosity, conveniently and inexpensively. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 217 I use my Internet access primarily to communicate with the customers during the course of an audit. After conducting an in-person entrance conference with the customers, I tend to carry most of the discussions, interviews, and follow-up with them via e-mail. The use of e-mail greatly improves record-keeping and reduces paper waste. When I have some audit questions to ask, I simply e-mail the questions to customers. The customers can, at their earliest convenience, respond to the questions. They don’t necessarily have to be physically in their office to respond to the questions. Once I receive their e-mail messages in response to my questions, I simply print and file the printout in the audit working papers with appropriate cross-references. Additionally, I maintain electronic records of all contacts with the customers. The majority of customers I worked with using this method have indicated that this method of communication is both convenient and appropriate. It gives them the time and flexibility to think over the questions very carefully and respond to each question with enough detail in a straightforward manner — knowing that their messages will be kept as audit records. Certain customers who feel “threatened” by the presence of an auditor find this method extremely helpful. In addition, I use my Internet access to conduct professional research and network with other auditors. Scholarly publications and literary materials on the Internet are limitless. Numerous educational institutions and corporate entities have digitized practically all their library resources in such a way that they can be accessed electronically by anyone with Internet access. Thus, if I need to conduct research on a topic of interest (e.g., prudent business practices related to credit card sales and refunds), I can locate relevant information by browsing WWW, Gopher, and FTP sites using various search engines and services. Alternatively, I can post an inquiry on various professional discussion lists such as AUDIT-L and get some practical suggestions from other auditors as to how to find the needed information or how best to approach the research. Auditors generally embrace The IIA’s motto of “Progress Through Sharing” by freely sharing their experiences and viewpoints on a variety of topics. In this information age, an effective auditor cannot be an island unto himself. My Internet access is also invaluable to the performance of computer-assisted auditing. I can issue a job control language (JCL) command to have an output (e.g., year-end cash disbursement transactions) downloaded to my account in a customized format (e.g., fixed or variable length). This can be done conveniently without asking or waiting for the computer center personnel to send me the output. I can then download the output to my desktop computer where I can unleash the full power of my generalized audit software (e.g., ACL or IDEA) not only to manipulate the data for comparative analysis, but also to perform substantive audit tests. This affords me the best opportunity to effectively and efficiently examine almost all the transactions for propriety and compliance with established policies, procedures, regulations, and prudent business practices. With special access privileges, I can use my Internet access to review the individual accounts of other Internet users within our organization. I review these accounts to determine: (1) whether users are using easily guessed passwords, (2) the last time users changed their passwords, (3) that 218 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ authorized accounts are used for business or specifically designated purposes, and (4) that different classes of access privileges given to all users are commensurate with their official positions and responsibilities as defined in the organization-wide Information Security Policy. Using my Internet access, I can also monitor network traffic on all local area networks (LANs) to determine how computing resources are being utilized by various departments. This provides the needed input to make a practical recommendation on prioritizing the computing resources usage by all departments to achieve optimal performance during both peak and non-peak periods. These are just few examples of the practical applications of the Internet as an invaluable audit tool. Auditing effectiveness is significantly improved when a competent auditor is married to the Internet in a happy matrimony of productivity and innovation. It is a tool that can innovate various auditing processes and improve human relations with the customers as well as improve your productivity. Use the Internet to further broaden your horizons and explore new frontiers in your auditing career. The sky is the limit. Using the Internet as an Audit Tool at Edith Cowan University by Tony Lazzara, Senior Auditor, Edith Cowan University, Australia The Management Review and Audit Branch at Edith Cowan University (ECU) have undertaken a number of highly successful audits within the University, which were significantly influenced by incorporating the Internet as a research and information gathering tool. The Internet enabled us to consult the world, enhancing the quality of our reports and proving that “internal audit” can and does “add value” to the organization. The audit of ECU’s human resources division provides an example of how the Internet was used on a project. The ECU Approach Management Review and Audit’s Approach Our approach to audit is undoubtedly similar to most audit units where customer focus is a highly held value. Supporting the process: 1. All members of the team believe in being open and consultative with client staff. 2. Management are considered partners in the audit process. The Internet is primarily used during the Pre-Audit Research, Best Practice Research, and Reporting phases of our audit. How the Internet Was Used — Human Resources Pre-Audit Research We began the review of human resources (HR) by performing pre-audit research so the team could gain an understanding of the issues impacting the client. This provided us with an opportunity to _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 219 gain a shared understanding with the customer and enhance our credibility. The Internet was utilized in the following ways. We found a number of useful HR sites with searches on the World Wide Web, which added to our knowledge of the HR issues. Examples of sites visited include the National Association of College and University Business Officers (NACUBO) that benchmarks HR functions, the Canadian Association of Human Resource Systems Professionals, and various University Human Resource home pages. We conducted archive searches on various “audit” discussion lists, including Audit-L, AAudit-L, IntAudit-L, and ACUA-L. We sent requests for information to “audit” discussion lists and some HR discussion lists that we identified. We used the information gained during this phase during the strategic analysis. At the completion of the strategic analysis, we selected four issues for detailed review. Best Practices Survey Along with the client, the audit team developed a best practices survey focusing on the four issues selected. We dispatched the survey to hundreds of auditors via the audit discussion lists, and also to organizations and individuals identified during the pre-audit research. In addition, we sent specific segments of the survey to targeted “specialist” discussion lists. For example, training and development questions were sent to an Australian discussion list serving staff development specialists; human resource management information systems questions were sent to a closed list of information technology practitioners tackling the same issues within Western Australia. Responses to the survey not only provided invaluable benchmarks, but also a range of options/solutions to the problems we were encountering during our detailed testing. The major advantage of these options was that they were practical solutions successfully applied in other organizations. We summarized the survey responses and made them available to participants. Reporting The audit discussion lists again proved their value when we arrived at findings to which we wanted to make practical and appropriate recommendations. We provided scenarios to the list and found we were inundated with suggestions, advice, and offers of help. These proven solutions involved less risk and were much easier to sell to management as viable alternatives to “doing nothing.” This project illustrates how the Internet has become an integral component of a successful audit approach adopted at Edith Cowan University. Before working at Edith Cowan University, I was an auditor whose knowledge of the Internet was limited to what I saw on the news and read in the papers. I never imagined it could become such an integral component of a successful auditing approach. Through the use of the Internet we also feel we are contributing to achieving The Institute of Internal Auditors’ motto of “Progress Through Sharing.” 220 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ The Internet as an Audit Tool by Raymond M. Cochran ([email protected]), Director of Internal Audit, Columbia University Besides using the Internet as a research tool to find answers to your many audit questions, have you thought of it as an audit tool? Here are several examples of how to accomplish this. 1. Educational programs. Many audit departments today are developing internal control and other training programs. The World Wide Web and e-mail programs can be used as supplements to these educational programs and may some day become mainstays of the educational programs. At Columbia University, we promote internal control training and use the Web to supplement it. None of our internal control policies and procedures is confidential, so they are all published on the Web. Any user at Columbia University may access these policies and procedures at any time. Also, because none of it is protected by security devices, it is openly available to the public (http:/ /www.columbia.edu/cu/ia/). Further, since these policies and procedures are now published in “HTML” format (hypertext), they can easily be woven together with and linked to policy and procedure manuals which will be published electronically by other offices such as controller, personnel, and purchasing. 2. Interactive Forms. We are also developing a control self-assessment (CSA) program at Columbia University. CSA is an exciting current topic for internal auditing departments, and while we are not at the cutting edge of this subject, we have put our Control Self-Assessment Questionnaire on the Web (http://www.columbia.edu/cu/ia/guide/self.html) for all departments and units to access and browse. At the moment the entire form can be downloaded, printed out, completed, and sent back to internal auditing in hard copy. In our vision of the future, this form (and many other forms) will be accessible by our users, filled out online, and returned electronically. Just think of the possibilities this technology will enable. The limitation today, of course, is that security on the World Wide Web is not reliable, so no confidential material can be handled this way. But it is not too far in the future that the Web will provide interactive and confidential information to auditors. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 221 The Internet as an Audit Tool by Dyan G. Hudson, CISA, EDP Audit Supervisor, Texas Office of the Attorney General The Internet is the newest innovation in audit tools and has become the premier forum for networking with auditors around the world. Through the vast resources of the Internet, audit programs and expertise can be shared and research on laws, regulations, standards, and new technologies can be conducted. The two most useful audit tools available via the Internet are electronic mail (e-mail) and search engines and catalogs. E-mail provides a quick and convenient means to communicate with auditors around the world. The sender and receiver can handle mail at their convenience, without concern for time zones, toll charges, and work interruption. E-mail also provides a means to simultaneously distribute information to a large number of people worldwide. Electronic mailing lists provide this service by allowing a sender to mail a message to one receiver (a “list server”), which then automatically distributes the mail item to any individuals “subscribed” to the mailing list. Although similar to magazine or newspaper subscriptions in some ways, subscriptions to these mailing lists are free. Several mailing lists have been developed to promote the sharing of information among auditors. Typical “postings” to these mailing lists include questions, requests for audit programs, and sharing of audit experience and expertise. The following case study illustrates the use of e-mail and mailing lists in an audit environment. A recent posting on a mailing list discussed audit programs for CICS, a mainframe transaction control system. As a result, not only was a CICS audit program distributed to several list subscribers, but another related audit program for MVS (mainframe operating system) was distributed as well. Matt Thompson, an information systems auditor, noted that his audit manager “was really impressed by the MVS audit program” obtained through the mailing list. “It was the best that he had ever seen.” Matt went on to say that “using the Internet as a resource tool is new for our department. This took much work to get approved. After seeing the valuable resource, my boss now KNOWS that he made the right decision in supporting the use of the Internet.” In addition to the use of e-mail, significant improvements in research and audit planning can be gained through the use of Internet search engines. Because millions of resources exist on the Internet, efficiency is the most notable concern of executive management where the Internet is concerned. Unless the auditor knows how to effectively search the Internet, hours or even weeks can be wasted searching for a specific item of information. 222 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Therefore, search engines and online catalogs are crucial to an auditor’s effective use of the Internet. Search engines allow the user to enter a key word or phrase, which results in a list of resources that include that key. Connecting to each resource is then accomplished with only a click of the mouse. Numerous search engines exist and each varies slightly in the scope of the search performed. The Internet Sleuth (http://www.thebighub.com/) and search.com (http://search.cnet.com/ ) are two of the more comprehensive search tools currently available because they provide interfaces to several other search engines. Online catalogs and targeted resource lists can also be vitally important in audit research. Catalogs operate somewhat differently than search engines. They include a catalog of Internet sites usually indexed by topic or industry. Resource lists are targeted catalogs of resources specific to a profession or industry. For example, the AuditNet Resource List is an example of a targeted catalog. The following case study illustrates the use of search tools and catalogs in an audit environment. An EDP auditor was recently tasked with “selling” digital signature technology for internal approval processes to executive management in her organization. Naturally, the first step was research. And the first resource for researching this technology was the Internet. Using search engines, literally hundreds of pages of supporting material were located, including legal issues, controls, technological definitions, and security considerations. This research, accomplished within a few hours’ time, would have taken weeks and been far less thorough without the Internet. In conclusion, the Internet is becoming a highly valuable audit tool. Between e-mail and mailing lists for networking and search engines for efficient research and audit planning, the Internet may become one of your most valuable audit tools. Electronic Mail — The Cheap and Cheerful Way to Surf the ‘Net by Denis Kelly ([email protected]), Senior Computer Auditor, Electricity Supply Board, Dublin, Ireland Looking at all the computer and audit journals these days one would believe that the only way to harness the power of the ‘Net was by the World Wide Web (WWW) option. This is bolstered further by the great hype around multimedia. What many auditors forget is that plain old electronic mail (POEM) or e-mail was one of the first and probably, in my opinion, the most useful service on the ‘Net. Using e-mail, I have been able to exploit many if not all the popular services on the ‘Net. In addition to one-to-one communications with my colleagues and friends in the auditing profession, I have been able to use other services such as: • • • • Listservers and Newsgroups. FTP. Gopher. Archie and Veronica. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 223 You can even access the WWW if you wish. Unlike online access, e-mail links to the ‘Net via gateways or mailservers. These do not pose the same security risk as direct links so it should be easier to make the case to your employer. With e-mail you can have a permanent presence on the ‘Net without being online all the time. As I will explain later, searches and file transfer requests can be submitted at any time and will be processed in the background. Background processing is less intrusive in your daily schedule by allowing you to prioritize tasks more easily and still respond quickly once a high priority message is received. Replies from colleagues at the other side of the planet in 30 minutes or less is not uncommon. Getting into a daily routine of clearing down your inbox keeps the mail under control and helps you to get the best from the service. How Can E-Mail be Used to Get at the ‘Net? There are two main ways of exploiting the ‘Net using e-mail. The first is based on one-to-one contact with colleagues and discussion forums by subscribing to discussion groups or journals distributed over the ‘Net (many are free). The second is to search for information using many of the servers that provide e-mail access to services such as FTP and Archie. 1. Discussion Forums. Contacts with colleagues will be built up over time. Listservers and newsgroups are the best point to start. A few of my favorite audit lists are CISACA-L, a forum for information systems auditors; INFSEC-L, a forum for information systems security; and AUDITL, a general audit forum (details and subscription information for these forums are included in the next section on discussion groups). Listservers are systems that are used to distribute copies of all e-mail received to everyone who has subscribed to that list. Newsgroups operate in a similar way. Lists may be moderated, so much of the “junk mail” or “noise” seen on more open forums such as newsgroups is filtered out. Many lists keep archives that can be searched for previously posted material. There are many interesting and free publications available on the ‘Net. These are distributed to all those who subscribe or can be picked up via FTP (explained later in this section). Try a few of these for size: • Double Entry - a regular publication dealing with financial and accounting issues. Subscribe to Accounting News by sending an e-mail to [email protected]. • Internet-on-a-Disk is a newsletter of public domain and freely available electronic texts. To subscribe, send an e-mail to [email protected]. • Disaster Recovery - A regular publication dealing with disaster recovery issues. Available by sending a SUBSCRIBE message to [email protected] for disaster-recovery. These will provide you with a regular source of information and many contacts in the profession. What’s so nice about all this is that you can simply sit back and get all this by sending only one mail message to each server. However, these forums depend on individuals contributing and sharing experience and information. So do play your part. 224 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ 2. Searching the ‘Net. The ‘Net is the largest “bookstore” in the world but the indexing is a problem. So you need to know where to look to find what you want. The tools most widely used are Archie, Veronica, Listserver Digests, and a whole lot of online databases. To access these you simply send an e-mail to the appropriate server with a list of commands. The server interprets the commands, runs them, and mails you the outcome and any output produced. There are e-mail servers for all the main services such as FTP, GOPHER, WAIS, Archie, and Veronica. One of the most useful servers is the RFC Request for Comments) Store, which provides a wealth of information on how to use the Internet. Two RFC that are very helpful to us are: RFC 1402 and RFC 1580. To find out how to use the store, simply send an e-mail to [email protected] with HELP:HELP in the message. Top 10 Tips for Audit E-Mail Surfers 1. Get to know the ‘Net. Explore it. The ‘Net is the future. 2. Build up a good contact list of colleagues. Look out for the best contributors to discussion forums and put their addresses in your address book. 3. Use the AuditNet Resource List (ARL) and make sure you get the up-to-date list monthly. 4. Subscribe to a few good discussion groups and contribute even if it is only to ask a question. Don’t oversubscribe or your mailbox will get overloaded. Be selective and remember: it’s as easy to unsubscribe as it is to subscribe. 5. Harvest the gems of knowledge as you come across them and build up your own mini information store. This is particularly useful with discussion groups where useful material can come up at any time. 6. Most servers have a “Help” facility, so use it. Just send a mail message to the server with Help in the body. 7. Be inventive and persistent with your searches. Sometimes the gems are slow to find but well worth the wait. 8. Some servers can be very slow; it’s worth trying around to find the fastest ones. 9. If you are using FTP over e-mail and you visit a site for the first time, send a “dir” command to get a directory listing. It can be very revealing and useful for finding more information later. 10. Be courteous on the ‘Net and be familiar with Netiquette. Use of the Internet as an Audit Tool by Bradley Carroll ([email protected]), Internal Auditor, Carter’s Childrenswear “Emerging Issues.” “Current Practices.” “Technology.” “World Class.” These are all common buzzwords in the auditing profession. One of the newest tools to fit these buzzwords is the use of the Internet as an audit tool. The use of the Internet has allowed me to gain immediate insight to other auditors’ points of view from across the world. Not only do I not have to limit my discussion to my local chapter of The IIA, I also do not have to wait for a monthly publication to summarize the emerging issues or _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 225 current practices. The instant feedback on discussion topics provides me with ideas to introduce to my organization’s audit group, as well as issues to be aware of during an audit. The willingness of auditors to share information and provide ideas to one another is truly exhibited through the Internet. I have been able to exchange ideas with auditors literally from around the world. I have been able to implement some ideas from those auditors into my audits, and have provided information that I hope others have been able to use. The exchange of ideas and audit programs is facilitated through many home pages on the Internet, especially the Auditors Sharing Audit Programs (ASAP). Auditors may contribute audit programs to this page, and other auditors may review these programs and apply them to their audits. The AuditNet Resource List (ARL) has been extremely valuable in “surfing the net.” The listing of Audit/Accounting/Finance pages on the Internet not only lists the URL for the page, it also gives the auditor a description of the information found on the page. Through using the ARL, I found four newsgroups of interest to me. I receive daily updates on emerging issues, and auditors from around the world contribute their personal opinions on the subjects. I have also been able to review resumes and classifieds posted online. Reviewing these allows me to understand the supply and demand in the field of auditing. In a world that is technologically changing daily, a good place to start reviewing resumes for a position would be the Internet. Someone with the skills and knowledge to post a resume online gives the appearance that they will be able to move ahead in the technological world as it changes. In short, the Internet has greatly facilitated communication among auditors. It allows for quicker responses and feedback on issues than do the traditional methods. Also, because connection to the Internet is through a local phone number, the cost of communications is reduced. We now have a faster, more economical way to communicate with colleagues. Welcome to the future. Internet Usage to Assist an Audit Consulting Project by David A. Crowell, CISA, ([email protected]), Phillips Petroleum Company The vice president of a large staff function determined a letter was needed to detail acceptable Internet usage in his department. The executive asked the information technology section of the internal audit organization to research the subject and provide a first draft of proposed guidelines. Having been assigned the task, it seemed appropriate to access the Internet to identify what policies other organizations may have posted as examples. To start, “search engines” were used with various combinations of words that might lead to sites with this information. Words such as “Internet,” “policy,” “acceptable,” “usage,” and “corporate” were used in various combinations for this search. In actuality, this process turned up limited useful information. While a few university policies were identified, little was found from a corporate point of view. 226 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ The next option pursued was contacting “electronic acquaintances” with whom I had communicated in the past. Having seen their names as respondents to inquiries over a “list server” to which I subscribe, I had been in touch with them previously regarding common areas of interest. From these contacts I obtained copies of their organization’s policies as well as the location of an online repository for policies. Finally, we found useful information from Web sites identified in an article on this subject appearing in ComputerWorld. Through using three approaches to locate data on one resource (Internet usage policies), I obtained information that proved to be instrumental in developing a set of acceptable guidelines for our legal department and the requesting vice president. One last observation, obtaining the exact information needed from the Internet is like many other problems: it helps to come at it from multiple angles. Where one approach may not be successful, another might well be right on target. It is important to brainstorm various keywords to be used in Web searches as they are instrumental in the retrieval process and will yield differing results. In addition, multiple “search engines” should be used as they can also produce significantly different results. Utilizing the Internet to Assist in a Business Process Reengineering by Richard B. Lanza, Assistant Audit Manager, U.S. Lafarge Corporation Business process reengineering and the Internet are two issues likely to be on the front burners of most auditors’ minds. The following discussion should provide a direction to those embarking on this type of study or who want to understand that portion of the ‘Net related to this topic. At my organization, the internal auditing department believed the purchasing and stores inventory functions could be improved. We needed to locate data sources to not only support our initial concerns but to also supply fresh ideas to the process. Although these sources came to us in many forms (internal questionnaires, telephone interviews, discussions with other companies), we found the Internet provided an ample supply of new thoughts and firsthand experiences. As we reviewed our organization’s processes, we found that computer-assisted audit software could prove to be an invaluable tool. The data files provided a palette from which to paint a picture of health or disease with relation to our vendor and stores management. For example, by stratifying and summarizing expenditure data, we were able to determine that our payment mix was weighted toward small vendors, invoices, and checks. Through other analysis we found our payment terms and frequency were surprisingly not at optimal levels. You may begin to ask yourself, “How does this relate to the Internet”? Well, my department maintained a mailing list on the Internet for users of ACL (Windows or DOS-based software used to produce auditing-related reports), which acts as a means for exchanging “war stories” using the software. This list led to _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 227 new thoughts on how to use the software for the purposes of this study and elsewhere, and acts as a sounding board for any concepts our department is developing. We also found that through accessing the following sites, many doors have been opened and new contacts made regarding the subject of our search — business process reengineering. After each resource, we provided our personal experiences with the sites to assist auditors in their search on this subject. Business Process Improvement Online (http://www.dtic.dla.mil/dodim/bpr.html) is a Department of Defense site devoted to business process reengineering. Reference materials (over 200 documents), software tools, and frequently asked questions can be reviewed. We found this site supplied all of the most common literature related to reengineering. It not only had each publication’s title and author, but it provided summary information which we included in our final product. In summary, if you want to review every noteworthy publication on the subject of process improvement and access all the buzzwords necessary for your final product, review this site. The GAO Report Database (http://www.access.gpo.gov) houses GAO reports with a useful search utility (which yielded 24 reports related to best practices). These reports provided real-life experiences and, in many cases, dollar amounts that were easily applied to our organization. We were especially impressed with their work on inventory turnover of spare parts in their Army base facilities. The American Society for Quality Control (http://www.quality.org/) maintains information, but we found it was best as a home page for quality-related sites. There is something for everyone, depending on your needs. The Business Process Resource Center (http://bprc.warwick.ac.uk/index.html) at the University of Warwick provides links to other sites on the topics of reengineering business processes, discussion forums, and a glossary of terms, articles, reports, and documents. Although this site appears to be interesting, we weren’t able to review it prior to our final report. The Internal Auditing World Wide Web (http://www.bitwise.net/iawww) was established to act as a warehouse of internal auditing knowledge with electronic discussions, professional people lists, and professional interest groups. The lists and groups were useful in contacting others working on related projects. The Internal Audit Newsgroup (Alt.business.internal-audit) was formed for the discussion of internal auditing related subjects. We found this site to be a bit sparse, but no rock should go unturned. The Anet mailing lists are a forum for discussions regarding auditing, financial and managerial accounting, accounting systems, and technological advancements. We found these lists most useful, mostly due to the breadth of professionals they reach. Based on one e-mail for information 228 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ regarding a procurement credit card system, we received three policy statements from other audit departments and related advertisements from banks offering the cards. An Auditor’s Use of the Internet — Lost in Cyberspace by George Valente ([email protected]) The Internet and its related tools and resources — to name a few, Usenet, chat, search engines, bulletin boards, FTP sites, and World Wide Web pages — provide the auditor with a rich source of information and software. If this is truly the information era, and the Internet with its tools provides access to the information superhighway, doesn’t it follow that the auditor needs to use the information superhighway to succeed during this information revolution known as the Internet — the auditor’s on-ramp to the information superhighway? What follows is one auditor’s personal experiences and perspective based on an ancient Japanese philosophy known as ying and yang. The philosophy is based on one’s ability to see both good and bad... the rice and the chaff. Similarly the Internet holds both good and bad tools and information. Many inexperienced in this philosophy consider hackers, their software tools, and knowledge of computer security vulnerabilities as bad (ying). The ethical and professional auditor believe both hacker software and their knowledge is worthless and bad (ying). For example, there is a keystroke capturing software program coded by a hacker that was solely designed to silently run and steal user IDs and passwords — the ying. The software tool was meticulously coded in assembler language and loads automatically upon boot-up, contains stealth characteristics, captures both successful and unsuccessful log-on attempts noting date, time, user ID, and password. Only a hacker would create a bad (ying) software tool to record user IDs and passwords. This certainly has no real application for a professional auditor! Or might I say, What a great audit tool — Yang! The stealth password stealing software was used on a special security investigation of a regional stock brokerage office. The controller was suspicious that information was being leaked concerning junk bond ratings. The software was loaded on all the DOS-based PCs for one month. The log files were then retrieved and analyzed for many situations (i.e., for unsuccessful log-on attempts, log-on attempts after normal business hours, and access by inappropriate people). The analysis led to Saturday afternoon log-ons to the junk bond files by the secretary for a vice president (so we thought)! The secretary was cleared of involvement, but a review of the building access log found that the regional vice president frequently visited the office on Saturday afternoons. Yes, this hacker software certainly has no place in a professional auditor’s bag of tools. Hacker’s Tool? (Ying) or Auditor s Tool (Yang)? Another hacker tool acquired on the information superhighway is the war dialer. This is another one of those software programs that a professional auditor would deny having possession. Hackers use the software to systematically dial phone numbers in search of a computer. The phone numbers are later used by the hacker to attempt unauthorized entry. Ying. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 229 This was acquired from the Internet and used in a unique way. We set it up to dial the full range of known organizational phone numbers to determine if employees were connected to the Internet through a local phone line. The audit concluded that during normal business hours only those employees with express permission were using the Internet for approved business use. We then ran the software after normal business hours and found one instance where a contractor was leaving a computer on all night. Using PC Anywhere, the machine was being access from his office after business hours to gain access to the organization s network of databases. Both of the tools were downloaded from the Internet using FTP (file transfer protocol). When assigned to do a post implementation review of Novell 3.x, I used Web search engines (software used to search the Internet for information) to find known security weaknesses and more importantly the fix or software patch. The audit checklist/program was created by using the information found on the information superhighway regarding known Novell security weaknesses. The audit steps were performed, recommendations made, and solutions implemented. All the information was found on the Internet using a search engine. Heard from the ‘Net! In the time that I have been using the Internet I have found it to be a very useful tool for audit purposes. In order to understand how useful it is from other auditors’ perspectives, I posted a request on audit-related discussion groups, including mailing lists and Usenet newsgroups. I requested information on how auditors, accountants, and other financial professionals are using the Internet. I posted the message on various discussion lists and asked how auditors are using the Internet to help in their jobs and the benefits of using the Internet. I received the following responses. We use the Internet mainly for e-mail for client communications and more and more between our staff “in the field” and our office. For our EDP audit department, the Internet is a main source for our knowledge on EDP affairs. The Creditanstalt-Bankverein (CA), one of the largest Austrian Banks (and a KPMG client) has started a program that allows their customers to use the Internet for financial transactions. The transaction records have to be encrypted with PGP, Phil Zimmerman’s program “Pretty Good Privacy,” which uses RSA and IDEA cryptographic algorithms for encrypting and signing messages. These messages can then be sent via Internet mail to the bank in the same way bank statements are sent back to customers. PGP, although not an Internet standard, is currently the most popular way for encryption and digital message signatures used in Internet e-mail. It is available for a number of platforms and in (at least) three different versions, which are all interoperable: one for non-commercial use within the U.S. and Canada, one for commercial use within these countries, and one for use outside the U.S. and Canada. This is due to U.S. patent law and export restrictions. The U.S. non-commercial version and the International version (which is used by CA) 230 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ are free software and available on many Internet FTP-servers. This seems to be the first time that a large bank depends on free software for the security of financial transactions over the Internet. — Ronald Bron <[email protected]> 1. Helping a Big 6 accounting firm with a problem — e-mailed me in the morning re an encryption problem. I was able to dig out the article that discussed the problem and convey it to them that afternoon where it raised some controversy but was able to solve their problem. 2. Internal auditors in Australia (for Australian Universities) have their own discussion group. They use this as a synergistic means to leverage and share knowledge, e.g., questions re how much savings in external audit fees have been made as a result of IA doing extra or normal work for the EA at various times during the year (very interesting response - not much if at all!!!). So how can we lobby as a group to change this. 3. Danger - same audit discussion group as in 2 above — One university’s auditor asked for help for appropriate software to carry out a surprise software copyright audit of his university’s PCs. Anyone listening in on the group (say, myself) could have rung my colleagues at that university and warned them to clean up their machines. As it was I reiterated to my colleagues that this process was happening at another university and that they should ensure that all software that they are running is legal!! 4. Searching the Internet for information on a particular technical topic. 5. Requesting help from the many news/discussion groups that are on the ‘Net. 6. Undertaking technical training online (refer Ben Wright’s latest seminars on EDI). — Rodger Jamieson <[email protected]> I use the Internet to: 1. Access professional information and tools, such as audit guides. 2. Get suggestions as to how to proceed with professional problems. 3. Obtain preliminary information, such as relevant sections of the CFR. 4. Keep in touch with what is occurring in other college auditing departments. 5. Keep up to date on computer security issues. I have found it of immense use to be able to communicate with colleagues when I want to start an audit in an unfamiliar area; others are quite willing to offer help in getting me pointed toward the right texts, audit aids, etc., some of which can be downloaded directly to my site. I frequently get ideas for areas that might be auditable and that may need an independent mind to look out for them, from questions and answers posted. I save some messages for their value as standards, pointers to law or precedent, or starting points for developing financial or other policy. Access to such resources as a searchable copy of the CFR, policy pages at other colleges and universities, state and federal forms and publications, and general information databases is very useful. It is beneficial to me and my employer that I have quick access to many related professional organizations and the information they freely provide as content at their pages. — Ted Agresta [email protected] _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 231 The use of e-mail has allowed me to obtain fresh new ideas that others may have or audit techniques that others may have used on a specific topic that I am currently auditing above and beyond those that I have considered myself. The Internet has been useful as a resource to examine to obtain information on where to search for information on various auditing subjects. — Michael Garcia <[email protected]> CPA, Director of Internal Audit, Seton Hall University In response to your posting, I wanted to point out my audit resource page at http:// ourworld.compuserve.com:80/homepages/bfelmly/audit.htm. It contains many URLs pertaining to auditing and network security and is quite extensive. You might want to use it as an example (or maybe an example of what not to do <g>). Our IA organization at Bellcore uses an internal home page containing links to internal and external reference and auditing resources as our default Netscape home page. It has proven useful in cutting down the time required for audit pre-work. In another successful (while unrelated to your inquiry) attempt to facilitate research, we have placed all audit reports and workpapers for the past five years on a local Netware server and indexed them using text indexing software. Hence a keyword search on any subject will find all prior audits that contained that subject. The indexing software can open the selected documents in MS Word (among many other WP formats) where they can be read, printed, or pasted into a current audit document. Our pre-fieldwork time has decreased by a factor greater than 50% overall. — Bradford Felmly <[email protected]> CISA, Staff Manager, IS Audits, Bellcore At ECU, we have integrated the NET as part of the audit process. The resource list that you have prepared is a critical component of our research on the ‘Net. Basically, our approach is: 1. 2. 3. 4. 5. Pre-audit Research: Homework on the activities about to be audited. Consultation and informal interviews with various stakeholders, literature review, search on the ‘Net and on CDROM... etc... at the end of this phase, we have the entry interview. Establish a project team with management. Strategic Analysis: Risk assessment of activities within the area (e.g., faculty). Includes SWOT analysis. From that document, choose with management. 3-4 critical issues. Best Practice Research: Develop questionnaire with our client. Separate surveys for staff, stakeholders. For worldwide input, use various stakeholders. For worldwide input, use various mailing lists from the AuditNet Resource List. Most important one to us is typically ACUA. Fieldwork: Carry out standard auditing techniques to confirm information and gather sufficient, appropriate evidence. Reporting: Findings and recommendations. Recommendations are based on Best Practice Survey. Developed with management to ensure ownership. Concise report with a one-page action plan. 232 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ 6. Quality Assurance: Best Practice Survey sent to our client to measure satisfaction of audit work by the client. — Denys Martin <[email protected]> Two years ago, I began to study management controls programs and responses (annual report) to OMB. Using the Internet and the contacts established, I recommended various methods to strengthen management controls at the Institution in an effort to reduce the risk of fraud, waste, and mismanagement of resources in our day-to-day business. One particular accomplishment to note was a referral I received for an instructor for our senior managers. That referral led to my auditing a course at a local training organization and the subsequent contracting of a man with exceptional qualifications and demeanor who will assist us in “rolling out” the Institution’s revised policy and instructing the directors of our museums, research facilities, and offices about their responsibilities under the Integrity Act, including a risk assessment and annual letter of assurance. I have also been able to respond to the calls for help from others including the comptroller for U.S. Central Command, an internal audit manager with the Royal Melbourne Inst. of Tech. in Australia, and an official at the Ontario Ministry of Labor in Canada....all requesting sample documentation in their quest to do as I have done. As part of my work with cross-functional teams, I’ve introduced myself and the team goal (the latest one being our development of an SI-wide document management system), and gotten feedback on what types of products agencies are using, cautions about things that don’t fall within the parameters of certain regulations, and offers to site visit. So, one e-mail on a list saves me unbelievable time in making cold calls. — Regina Zalewski <[email protected]> Through the use of mailing lists such as those provided by ANet and by TAPNet and Internet sites provided by the Auditor’s Resource List, I am able to communicate questions or discover people who appear to have resources that I am missing as a sole practitioner in South Central Washington. The Internet has provided me with a network of “co-workers” that has enabled me to expand my knowledge base and ability to serve my clients. Thus, I am able to consult with others in the field. Being able to search government and regulatory sites for up-to-date legislative and regulatory information has enabled me to familiarize myself with external restraints on clients’ businesses. This awareness has helped me alert clients to potential restraints of which they may not have been aware, thereby increasing the value of my services to them. This enables me to consult resources that were not previously available to me, or that were not cost-effective for the limited use to which they were put. Analytical review has been enhanced by the ability to Telnet into the Federal Reserve and other sources that provide contemporary information as to the operating environment that existed dur- _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 233 ing the period under audit. Prior to Internet, I had to subscribe to services that gave information that was stale. I was comparing current year information to information from the prior year both from the client’s records as well as external information. With EDGAR and other resources, there is more up-to-date information available to use for analytical review purposes. Specialized mailing lists and newsgroups provide other resources for gathering information or determining potential new members for my “network of sources.” — Earl Hall, Coordinator of the Washington Accountant’s Network ([email protected]) From a local government auditor: 1. Part of standard audit procedures to obtain information in audit planning. 2. Accessing shared audit programs. 3. E-mail to others in profession. 4. Use Yahoo and other search engines for special project research. 5. Keep informed of changes in standards (GASB, FASB etc.). 6. Mechanism to market audit services and inform citizens of county auditing. From another local government auditor: Since we currently have access only to Internet mail functions, our use of the Internet is restricted to mailing lists and document servers. We use these resources primarily as networking and research tools. In the past I found numerous sites on the Web to be valuable resources for technical information that helped me in audit planning. From a university professor: I use the ‘Net to discover what issues are being discussed in the “real world” (on information systems, information systems audit, and government/not for profit listservs), to increase my knowledge of the issues, to look for a new job(!), to find financial information on firms and government entities (primarily for my students), for “recreation” (like learning about foreign countries, languages, golf, etc.), to keep abreast of higher education issues and curriculum development, to see what conferences are “happening,” to download software, etc., etc., etc.!! From a Defense Department auditor: I use the Internet to screen for information and topics of interest to my organization pertaining to IG/audit/financial issues. For example, the information regarding the legal case pertaining to electronic government records destruction was of interest to our legal department. From several DOD auditors: My partner and I use the Internet to send and receive data (messages and files) from field offices and clients. From our desks, we can only access the Internet through e-mail. I have subscribed to several mailing lists and this sometimes provides useful information. The organization has two PCs with WWW access. We sometimes use those to retrieve laws, regulations, and other information. 234 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ I subscribed to 11 areas of FinanceNet to receive up-to-date information regarding changes that affect us. I intend to participate in some of the financial groups you provided 9/5/95. I am also a CGFM and a member of AGA, ASMC, and the Finance Corps Assn (I’m former military). I’ve forwarded messages to various committee members of AGA, AGA education chairperson, the mentor chairperson, and our newsletter chairperson/editor. I am extremely interested in the CPE opportunities offered through the Internet as I am unable to participate in some of our center’s CPE classes. Once I figure out how to get lists of e-mail subjects I plan to download what I believe will be extremely timely data that affects my job every day. I also intend to use Internet for research for a few papers I want to write and try to get published. As I stated, I’m a newbie and feel that I’ll obtain valid, timely information that can only increase my skills, my accuracy, and professional development. (OK, OK I know I sound like a commercial - but I believe it.) From a government agency auditor: I got access to the Internet about a month ago. Thus, I am still exploring new ways to use the Internet for my work. So far, I have used it mostly to establish criteria for possible findings. There are numerous laws and regulations that are online. I’ve used it to get the latest news on auditing standards such as FASAB. Specifically, I am using the Internet to find the status of the exposure draft issued by FASAB on Property, Plant, and Equipment. This would ensure that I’ve addressed such topics when the audit report is issued and it might prevent some embarrassment. From a state auditor: In the last six months, I’ve used WWW, FTP, Gopher, and e-mail extensively as research tools for finding Unix and Internet standardization & security information, and for collecting sample policies on Internet usage and governmental WWW home page development. I have also used these tools to refer to various federal laws and regulations, and to link to the IGnet to determine how my internal audit and investigative function might benefit from meetings, training sessions, and other activities sponsored by the federal Inspectors General. Finally, I have subscribed to several different audit, security, and technology-related mailing lists. On a limited basis, I also tried to use a few Usenet newsgroups with mixed success. From a government agency auditor: As an auditor, I frequently make inquires for information through the Internet, both domestically and internationally. I have found it to be a very efficient and effective tool to communicate with. I have also used the Internet to have information (such as OMB regulations, agency memos, and letters) delivered to my address very expeditiously. I have found that as I am performing an audit, I can easily jot down critical ideas and questions and receive an immediate response from the source. I don’t know what to do without it! _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 235 From several college and university auditors: I just found out about a few sites on the Internet where I can receive news from other auditors and accountants. WWW to get irc code cites; various hardware & software Web sites for financial information and downloads; investment information; samples of information on various comparable cities; keep up to date on GFOA and other professional organizations. • • • • Gopher to do research (Michigan has most helpful Gopher). FTP to download software updates. Mail via ‘Net to communicate directly with peers & suppliers. Home page as means of disseminating info. From an internal auditor: I find the Internet extremely useful in being able to discuss issues with fellow colleagues in the same profession. The Web has also been great for looking up any sort of information regarding any topic. From a retail auditor: As a real estate auditor, there is a need for audit-related information in construction, mall operations, joint ventures, real estate taxes, etc. I used the Internet to search the Internal Revenue Code that the federal government has put online. There are taxes or credits a J.V or corporation can take in real estate transactions. Also, other government Internet sites provide info on environmental remediation (which is part of our responsibility). Other areas we review are insurance charged to properties we lease/rent or pay a pro-rata portion of. Each state has a state insurance board that publishes the unique ranges of liability you can expect to pay based on criteria for their respective state. We are always on the lookout for new types of audit approaches and are willing to upload audit programs, guides, and some procedures related to real estate/construction auditing. Have not been able to find a location where these can be accumulated. From several internal auditors: 1. To poll fellow audit professionals on practices their companies employ. 2. To source internal audit literature/articles. 3 To keep abreast of internal audit seminars and conferences. • Subscription of Mailing-Lists ACL-L, AUDIT-L, INFSEC-L • Temporarily subscription of EDI-L 236 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ • • • • Auditors sharing audit programs NIST, NASA, COAST sources Security and policy handbooks available within the ‘Net Investigation of software products Important findings: • Internet is useful for “quick & dirty” information requirements and in most cases without any fees. • Not all information sources are “valid,” time to find out “good” sources can be time consuming. • Internet “service access points” (brokers) that means dedicated people within audit department with Internet skills are recommended to support their colleagues and avoid “surfing.” • For complete information with a high precision and recall I will still recommend to use information scientist within libraries or commercial information brokers with access to commercial database providers such as DIALOG, DATA*STAR, or others. And finally, for the 1999 IIA International Conference in Montreal, Quebec, Denys Martin asked for input from the global audit community on audit uses for the Internet. The following are excerpts from the submission by S. Ramakrishnan of Chennai, India, selected by Denys as one of the best. How can Internet be used for audits? The possibilities are audit resources, books, articles, etc., through Internet; value addition in audits - obtaining relevant, useful information; e-mail for timely reporting, feedback, etc., of reports and transfer of files; jobs through the Internet and many more; audit resources, articles, etc., through Internet: Value Addition to Customer Here is a sample of what we do: We set up meetings with client executives that we can supplement their efforts at locating information that will be vital to them. They share their concerns with us and then we “go for it.” Instances where we have helped clients are: One of our clients said they have hardly any literature on “vanilla planting.” By our continuous efforts we were able to locate excellent sources of information on the topic. Also by searching for relevant books in Amazon.com, we also told them the books that are available on the topic. The great thing about Amazon is that you can give them a topic and tell them to keep you informed as and when a book on that topic arrives. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 237 Another client wanted information on scrap reduction in his industry and the latest information on new scrap reduction methodologies. By posting a question on the WWW board on the concerned product (through the WWW virtual library) we were able to generate enough information for them to proceed further. The value addition comes from : General information on cost reduction/cost containment efforts. E-Mail E-mail is the most common application of all on the Internet. There are a lot of e-mails that are free. We use e-mail to: • Keep the client informed of planning/starting of audit. • Keep in touch on the progress of audit. • Transfer draft reports, comments. • Transfer files containing information, including Excel /Word/Powerpoint files and comments thereon. • Send final reports. • Respond to client queries. The time that is saved is enormous and one is able to send the reports to even another corner of the world almost free and instantaneously. E-mail can also be used to share information among fellow professionals. Another advanced form of communication is chat. Here you can chat in real time with fellow professionals and colleagues. There is no ceiling on size of files you can transfer. Try ICQ (for I seek you) at http://www.mirabilis.com. Doing Audits through Internet: The time is not far off when we should be able to handle jobs in U.S. or Australia sitting in Chennai. In view of differing time zones, it will save much time and cost for auditors abroad to get their jobs done in Asia while they sleep, much like offshore software. If a person in India uses ACL or IDEA and uses the same Microsoft products, it should not be difficult to do the audit work anywhere. We had recently done a job for a Canadian firm of CAs entirely through the Internet. They transferred the files over the ‘Net and we finished the job and sent it back to them back over the ‘Net! Problems When you have posed any problems in a discussion forum, you have to go and check often whether there has been any response. There are so many forums of interest to everyone - locating the one which interests you is a tough job sometimes. The potentials of Internet audit have not just been realized. Imagine writing an article like this from India in the pre-Internet days. Just impos- 238 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ sible! The starting point is for every auditor is to realize that there is so much that can be done through Internet. Author’s Note: What I have provided here are examples of how you can use the Internet in an audit environment. There is little doubt that the Internet has matured into an important tool for auditors. As it continues to grow and more auditors and audit organizations connect, the Auditbahn will be an effective resource for the profession. The Internet as an audit tool will be integrated into the audit process for the next generation of auditors. I have also provided the basics of how the Internet can be used as an audit tool. It is time for you to get behind the wheel and head out for the Auditbahn. Rest assured that whatever applicability the Internet has for you as an auditor today, the future will provide you with even greater opportunities. Be creative and look for ways to integrate the Internet into your work and use it as an audit tool. I welcome your ideas on how you have found the Internet useful to you as an auditor. Share those ideas with others and you and the entire profession will benefit. Interview: Michael Awad, President, IAD Solutions (http://www.auditleverage.com) IAD Solutions’ main product is AuditLeverage. Based in Microsoft Access, Audit Leverage is a flexible, user-friendly software package that integrates and automates the entire internal audit process: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Automated workpapers (including online, tailored audit programs, as well as live links to Web sites and workpapers prepared in Excel, Word, ACL, scanned images, etc.). Staffing and scheduling of audits. Timekeeping and department-wide time summaries. Budget-to-actual comparisons for audit time and expenses. Audit Location Risk Assessment. Annual audit planning & budgeting. Database searches of your audit findings, enabling you to research the audit history of a particular organization location or control issue across the entire enterprise. Audit committee reporting and statistical summaries of audit activities and recommendations. Automated follow-up log, which keeps management accountable and flags repeat findings. Remote replication capability, meaning that auditors can work remotely on laptops, off-line, and then dial in (to either the corporate server or an ISP) to synchronize their data with the server’s version back at the office. (This enables auditors and managers to review workpapers remotely.) _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 239 Q. As a relatively new player in the audit software market, why did you choose the Internet as a medium to reach the audit community? As a former internal auditor myself, I have seen auditors’ increased awareness and use of the Internet to search out answers to their real-world business challenges. The importance of an appealing, informative Web site has definitely surpassed that of an expensive, glossy brochure, which usually ends up in the trash or filed away somewhere. Print media rely on the “push” method of data transfer, which makes less and less sense in this era of information overload. A Web site, on the other hand, relies on the “pull” method of data, i.e., auditors go and get the information when they want it; it is not thrust upon them before they are ready to process it. Any audit software organization without a professional, appealing, and informative Web site would definitely not be taken seriously by potential customers in today’s audit software market. Q. What role will the Internet play in the future of departmental management systems for auditors? The Internet will play an increasingly significant role in internal audit department automation in several ways: (1) Electronic workpapers. In audit department management systems such as Audit Leverage, hyperlinks to Web sites can now become part of electronic workpapers just as easily as a Word or Excel document can. Some examples would include: a) An intranet page containing background information on a particular organization location or product line. b) An extranet page containing background information on a particular industry or on the financial markets. 2) Using the intranet to give non-auditors limited access rights to the department’s database. Sure, it’s nice for all of the auditors to have LAN access to the department’s database. But what’s even nicer is for non-auditors to have some access rights to this database as well, not only to satisfy their own information needs, but also to eliminate work for the audit department. For example, instead of asking a customer to type up responses to an audit report, an internal control questionnaire, a location risk assessment, or customer evaluations of auditor performance — only to have an auditor reenter this data into the database — why not just have the customer enter this data directly into the database? Of course, this was possible before the days of the intranet, but only by relying on drive mapping using the organization’s LANs and WANs. For those of you who have attempted to convince a non-technical customer in your organization’s Thailand office that it is worth one frustrating hour of his time to set up a drive mapping over the WAN so that he can save the auditors some duplicate data entry, you know that he’ll want to continue doing things the old way: using paper — or, at best, e-mailing documents back and forth. However, if you tell that same customer that he can reliably and instantly access the audit department’s database using his Web browser, he might very well be convinced. 240 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ To this end, both of the major technology platforms in use today for audit department management software — Microsoft Access (in the case of Audit Leverage) and Lotus Notes — recognize the emerging importance of the intranet and are providing development tools to enable auditors to phase out their reliance on their organizations LANs and WANs. In the case of Lotus Notes, the answer is Domino, and in the case of the Microsoft platform, the answer is Active Server Pages. Both of these technologies enable the user to access the convenience and power of industrial-strength database applications — with the ease and familiarity of the good old-fashioned Web browser. (3) Shared library of useful hyperlinks. It is now possible to use tools such as Audit Leverage to build and organize a dynamic virtual library of useful hyperlinks for the whole department to share — pointing to Web sites ranging from corporate policies and procedures, to www.AuditNet.org, to the Web sites of the major airlines. (4) Rescuing Lotus Notes applications that would otherwise have to be abandoned. Some internal auditors who have successfully been using Lotus Notes to manage their department are being put on notice that their own IT departments intend to phase out technical support for all Lotus Notes applications in the organization. These audit departments need not abandon their well-functioning Lotus Notes systems, however, thanks to a new revenue stream discovered by several Lotus Notes-based software providers: offering the use of their own hardware and Lotus Notes software (at a remote site) to host an audit department’s entire Lotus Notes database. The auditors then access this database exclusively on the Internet using their Web browser, without even needing Lotus Notes installed on their laptops. This way, all the parties end up happy: - Corporate IT achieves its objective of moving to a Microsoft standard and no longer has to provide Lotus Notes technical support or to administer the dedicated hardware that Lotus Notes requires. - The auditors don’t have to abandon the Lotus Notes system they’re already using. - If the size of the audit department increases, no additional costs are incurred. In contrast, a department not utilizing a remote Lotus Notes hosting service would have to pay a user license fee of $80 or more for each additional auditor needing a copy of the Lotus Notes software on his or her laptop. Q. How will you determine the effectiveness of using the Internet to market to audit professionals? For each request that we receive from potential customers for more information about our software, we track the source of the referral in order for us to determine the relative effectiveness of our various publicity efforts: conference exhibits (such as IIA, ISACA, and MIS), print ads in Internal Auditor magazine, Web search engine, and (coming soon) Web advertising on such sites as www.AuditNet.org and www.ITAudit.org. In addition, by looking at the log file of our Web page, I can tell which internal auditing departments have browsed our site. I then _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 241 categorize these companies by size, industry, and country in order to determine the relative effectiveness of our promotional efforts in each market. Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? Internal auditors are fortunate in that most of them work for organizations that are very willing to invest in their professional development. On-site training classes at my employer provided me with an introduction to the Internet as well as to other technologies, such as Microsoft Access, upon which I eventually built Audit Leverage. Only after founding the organization and beginning to market the software, however, did I become aware of the vast array of audit resources that were available. Just as reading or math is most effectively taught to youngsters in the context of the things that they care about more than school — such as counting change at the candy store, or reading Star Wars books — so digital literacy and Internet search skills are most effectively taught (and self-taught) to auditors in the context of things that they care about more than auditing — such as vacation planning Web sites or sports discussion groups. Such personal-interest Web sites brought me to the point a couple of years ago where I was comfortable searching the Internet, and it was then that I began to use the Internet more in my work as an internal auditor. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? Our use of the Internet is not limited to reaching potential customers. As we promote our software, we also leverage our Web presence as a strength. For example, we plan on providing Web-based technical support, including postings of frequently asked questions and firsthand accounts from our customers concerning the creative ways in which they have used the Audit Leverage software to accomplish their business objectives. Also, we draw attention to the fact that we use the Web creatively to do such things as post an online library of custom-made reports that the various Audit Leverage clients have designed, so that other Audit Leverage customers can benefit from their creativity. Along these same lines, we are in the process of setting up a virtual community, on the Internet, of Audit Leverage users. In the days before the Internet, users of a particular software package had to travel across the country to meet and interact with each other, and even then, such conferences were usually not held more than once per year. In today’s world, virtual communities on the Web enable users to interact with each other much more easily, with the convenience of their own schedules and within their own offices, without the need to travel to yet another auditors’ conference. 242 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. What Internet resources do you use, and how have they helped you and your organization? a) Because I travel so frequently to internal auditing conferences all over North America, I have saved thousands of dollars and untold hours using discount travel sites such as priceline.com, travelocity.com, cheaptickets.com, bestfares.com, and lowestfare.com, to name a few. In addition, Internet maps and driving directions have saved me countless hours; I’ll never buy an atlas again. b) In my recent efforts to hire a computer programmer to help me with enhancements to the Audit Leverage software, I posted a help-wanted ad to an Internet job-posting service (www.wji.com) focused exclusively on computer programming-related jobs. In response, I received 60 resumes via e-mail within the first week alone, many of which were from very experienced candidates who comprise an extremely high-quality applicant pool from which I can hire. As recently as five years ago, I might have had to spend lots of money and time advertising in a number of different magazines (and the response time would have been dismal), or worse yet, spend a couple of thousand dollars on a headhunter. Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? Because I keep in touch with my customers almost exclusively through e-mail, my printing and postage costs have been reduced almost to zero. Similarly, because my demo can be downloaded from the Web, I didn’t have to spend $500 on a CD-burning machine or incur the additional expense of the demo CDs themselves, as well as the time commitment and the delay involved in send them via postal mail. Q. What effect have the Internet and the World Wide Web had on the auditing profession? It has enabled auditors to embrace change and take risks in trying new audit approaches and technologies (such as department management software), because the Internet has made it much easier than before to find out from other auditors (through auditor newsgroups, for example) whether or not such things are prudent and worthwhile risks. Q. What Internet skills do you see as the most critical for new auditors? You’ve got to know how to use Web search engines to find “exactly” what you’re looking for. There’s such a huge sea of online audit resources out there that it’s all too easy to spend hours sifting through search results that aren’t exactly what you’re looking for. _________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 243 Q. Any other thoughts on how auditors could be using the Internet that you would like to share? The Internet offers a wide array of online seminars on topics ranging from Microsoft Office training to specialized classes on audit-related topics. These can be particularly useful for internal auditors with a CPA or other professional designation that requires a certain number of continuing education hours each year. Continuing Internet Education The following books cover additional subjects with which auditors should be familiar. 1. Business on the Internet, Vince Emery, Coriolis Group Books. 2. Firewalls and Internet Security, William R. Cheswick and Steven M. Bellovin, Addison Wesley Publishing Company. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 245 Chapter 8 Troubleshooting Internet Error Messages (or What Do Those Error Messages Mean?) “Well, everybody in Casablanca has problems. Yours may work out.” — Humphrey Bogart Dealing with Common Internet Error Messages Due to the volatile nature of the Internet, auditors are sure to encounter the inescapable error message. The cacophony of Internet error messages is one of the more frustrating, but ever present, issues that auditors have to deal with when connecting to Internet resources. Auditors spend a great deal of their time considering how to say things the right way so that audit comments and reports deliver the right tone. It is no wonder then that when confronted with messages like “Bad Request!” “Unauthorized!” “Forbidden!,” auditors take offense and lose patience with the online experience. While the tone of these Internet error messages may be inappropriate, it is their lack of clarity and void of any semblance of assistance that drives most auditors crazy. Auditors should approach these error messages as they would like to see their customers react to the first reading of an audit report — calmly and with reason. There is really nothing personal about these cryptic messages. In fact the messages and dialog boxes are providing you with answers that may be valuable in helping you troubleshoot the problem. The following is a list of some of the more common error messages that you will, at one time or another, encounter while traversing the Auditbahn. Along with a description of what each error message means, suggestions have been provided on what action you can take to deal with them. It may take some time for you to become comfortable with the implications of each message or choice, but once you do, you can view them as “recommendations” and learn how to accept and use or discard them. Numerical Error Messages 400 - Bad Request What it means — This error message means that there is something wrong with the address you typed. It could be that the server you are contacting does not recognize the document you asked for, perhaps it no longer exists, or maybe you are not authorized to access it. It could also be due to incorrect syntax in the Uniform Resource Locator (URL). 246 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ What you can do about it — If you typed the address, check to make sure you entered it correctly. Pay special attention to case (uppercase and lowercase letters), colons, and slashes. Try to type the URL again. If the error message is still displayed, try backtracking through the URL by deleting the final segment of the URL and hitting the Enter (or Return) key. If you continue to receive an error message, it is possible that the document no longer exists or the URL is incorrect. If possible, try contacting the site administrator to get more information about that particular document and its availability. 401 - Unauthorized or Authorization Required What it means — Do you normally access the site with a password? Password protection is a way of controlling access to certain Web sites or pages within sites. This error usually occurs when an Internet site is protected and the server did not receive the correct encryption ID or password for entry. You may be accessing a site that is protected by a password or some means of encryption identification. Either you have not registered for the site, or you used the wrong information, or you typed your username or password incorrectly. There are sites that also prohibit access from certain domains. The system administrator may have a block on certain domain types. What you can do about it — Check to make sure that the address you are trying to reach is correct. If you are sure that you are a registered user of the site and have a username and password, reenter your information in case you made a mistake and pay attention to the keyboard when you type. Passwords and usernames (like URLs) may be case sensitive, so if your Caps Lock is on, take it off. If this still does not work, you may want to contact the site administrator by e-mail and ask if your username and password were disabled for some reason. The site administrator’s name is usually listed on the home page of the Web site. If there is no site administrator identified, send an e-mail to whatever contact is listed on the home page. 403 - Forbidden or Connection Refused by Host What it means — This is similar to the 401 error because it is a denial of service. Sometimes site administrators do not want certain documents to be accessible and may have set a flag for “read permissions” or dedicated access privileges only. There are also occasions when a site administrator has incorrectly configured the server’s “read permissions.” The document or the site may be either blocked for certain domains or there may be password protection enabled. This error could also appear because the site requires registration for access. Finally, it is also possible that the server is not properly configured. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 247 What you can do about it — Make sure you have entered the correct Web address. If there is a password and you know the password, try again. If you do not know the password but think you should have access, contact the site’s Webmaster and ask for the password. If you are sure that you do not have privileges to access that site or the document that you are trying to obtain, go no further. Trying to hack a site because you cannot obtain a document is both risky and foolish. 404 - File Not Found What it means — This is a common error that occurs when a host server is unable to locate the HTML (Hypertext Markup Language) document requested. The Internet world is constantly changing, and documents are moved from one location to another. This usually means the document that was requested no longer exists at the address you provided. It may simply be a mistyped URL, the name of the document could have changed, or it could mean that the document no longer exists. It is possible that the page may have been moved to a new address. Perform a Web search for the site’s name to see if still exists. If the individual that maintains the Web site cancels their account with their ISP and moves to another, their site will no longer be available. Both educators and college students frequently set up audit-related Web sites only to have them disappear upon job changes for the former and graduation for the latter. To protect against loss of these pages I would recommend seeking approval from the document originator to save the specific HTML documents to your hard disk. What you can do about it — Begin with the assumption that you typed the document name incorrectly. Try moving one level up by deleting the last part of the URL to the nearest slash. If the site is still active, check to see if a link to the document you are looking for exists in the parent directory. Check to make sure that the capitalization is correct, every word is spelled properly, and punctuation is in the right places. Common errors include periods, slashes, and spaces (which are not allowed in Web addresses). If this fails, contact the site administrator and ask if the document is still available and what the new address (URL) is. 500 - Server Error What it means — This is one of those errors over which you have no control. It means that the server is either not configured properly or there is an internal software error. 248 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ What you can do about it — Short of contacting the site administrator there is little that you can do when you receive a 500 Server Error. If you continue receiving this error message, try again later to see if the problem has been resolved by the server’s administrator. If you know the e-mail address of the administrator, send him or her a message. 501 - Not Implemented What it means — This error message appears when a Web site is unable to support certain features in your browser. This occurs, for example, when a site has Web pages with forms that you complete and send to a third party. Basically, the server does not support the specific feature that you requested. What you can do about it — Contact the site administrator and request that the server be upgraded to accommodate your needs. If enough users make the request, there is a chance that the host organization will comply. 502 - Service Temporarily Overloaded What it means — The Web site’s lines are all being used and it cannot process your request. It could also be that maintenance is being done to the server. What you can do about it — Try again later when the server is not so busy. At certain times of the day or night, traffic may be lighter. This is one of those situations where persistence is a virtue. 503 - Gateway Timeout or Service Unavailable What it means — This type of error can originate from several sources: connection timing out, server problems, Net problems, or client problems. Your Internet service provider’s server could have gone down during your connection session, preventing you from accessing any Web site. Another reason for this error could be that the gateway connection (the one between the LAN and the Internet) is not functioning properly. Finally, something may have happened to your PC causing the timeout — perhaps something as easy as a lost modem connection or something internal to your system. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 249 What you can do about it — Wait a short time and try again. If the error persists, identify the source of the problem (access provider, gateway, or your system) by process of elimination. If you are trying to access a Web site and the error message appears, try connecting to your mail server. If you are able to get your mail, you are still connected and can eliminate a lost connection as the cause. Access provider and gateway causes may be temporary, but perhaps a message to the Web administrator could help if the problem is continuous or persistent. Non-Numerical Error Messages Connection Refused by Host What it means — This error message is similar to the 403 – Forbidden error message. You may be prevented from accessing the document because it is blocked for your domain or password protection may be enabled. When the network connection is refused, it could also mean that too many users are trying to access the same page. Try back in a few minutes or during non-peak hours. What you can do about it — If you suspect a password-protection problem, try the normal password access troubleshooting routines. If you do not have a password but feel you should have one, contact the Web administrator or access the main page and apply for a password. You could also try again in a few minutes or during non-peak hours if the problem is too many users. Failed DNS Lookup What it means — This is similar to the 404 – File Not Found error message, except that it applies to an entire domain rather than just a single document. It means that the Domain Name System (DNS) is unable to translate the address you provided into a valid Web address. DNS errors are sometimes caused by traffic congestion or if the server is temporarily unavailable. It is also possible that the domain no longer exists. What you can do about it — Retype the address again to make sure it is right. Click the “reload” or “refresh” button as it could just be a temporary DNS lookup problem. Try again later. It is possible that the server is not responding due to a large number of requests (busy signal). If the server is temporarily down or 250 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ offline for some reason, there is not much you can do except to try again later. Contact the site administrator to report the problem. File Contains No Data or Document Contains No Data What it means — You have accessed the right site but there is no Web document there. It is possible that the site is in the process of being updated. What you can do about it — Look for the document somewhere else on the site by deleting the HTML document reference. Recheck the site for the document you are looking for. Contact the site administrator for assistance in locating the document. No Helper Application Defined What it means — Helper applications are separate programs that deal with files that your Web browser is not set up to handle. Helper applications define certain file types and the associated applications that run them. When you access a Web site or try to run a file from a Web site, it looks at your system to locate the appropriate application to launch and run the file. This error message means you have accessed a file that requires a helper application, and you either do not have the application or your browser cannot find it. What you can do about it — The dialog box will usually tell you the file type that is missing. Some Web browsers allow you to select helper applications in the “Preferences” or “Options” menu item, where you should see an option to choose “Programs,” “Helpers,” or “Viewers.” You can also add or modify helper applications using Microsoft Explorer. Each file type provides a description, including the file extension (like .txt for text file), a content type (called the MIME type, which is server information that tells the browser what kind of information it is, like “text/plain”), and then the location and name of the helper application used to process that file. Your browser allows you to modify existing helper applications, add new ones, and remove old ones. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 251 Following is a partial list of common file extensions and MIME-types. Again, the MIME-type tells the Web server how to send the file and tells the Web browser what kind of application to use to open the file. You should be able to set up a helper application to view any of these file types with the Helper Application button. For example, PDF files require the Adobe Acrobat Reader Program freely accessible from http://www.adobe.com. Download and install the program and the next time you access a PDF file on the Internet, the application will automatically launch and open the PDF file. User tip: If a file extension ends in .doc, Web browsers will recognize this as a Microsoft Word document. Because Word documents can contain Macro viruses, auditors should consider downloading Microsoft’s free Word Viewer. This application, freely available from the Microsoft Web site at http://www.microsoft.com, provides added protection from Macro viruses that may reside in a Word document. .gif = image/gif .htm = text/html .html = text/html .jpe = image/jpeg .jpeg = image/jpeg .jpg = image/jpeg .js = application/x-javascript .ls = application/x-javascript .mocha = application/x-javascript .mov = video/quicktime .pbm = image/x-portable-bitmap .pdf = application/pdf .ps = application/postscript .qt = video/quicktime .rtf = application/rtf .tif = image/tiff .tiff = image/tiff .txt = text/plain .wav = audio/x-wav .zip = application/zip See also: No Helper Application Defined or Viewer Not Found 252 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Host or Site Unavailable What it means — The computer is telling you that it either cannot locate what you are asking for or the site could be undergoing routine maintenance. What you can do about it — Recheck the address and try again or wait and try accessing the site later. Check the URL for possible typographical errors, including case sensitivity. You can also hit Control/Refresh or Reload and see if the Web site comes up. See also: Unable to Locate Host, Failed DNS Lookup Unable to Connect to <Web Address> What it means — When your browser cannot reach the Web site that you want, this message may pop up. This could occur for any number of reasons. It is possible that you typed in the address incorrectly. The site may have moved to a new address. The site may no longer be available. It could even result because of network problems or a busy Web server. What you can do about it — Make sure that the Web address (or URL) that you typed exactly matches the address you were given. Ensure that the capitalization matches, that all words are spelled properly, and that all the punctuation, like dots (.) and slashes (/), are correctly placed. If you are sure that you have the right address entered in your browser, there might be a Web server problem. If the server is down or there is too much traffic, wait a moment, click the Reload button, and try again. You should try to connect to other Web sites as well. If you can connect to other sites, the problem rests with that one site, so try again later. If you cannot connect to any sites, you might be having a problem with your connection or your computer. Reboot your computer and try connecting again. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 253 The Requested URL Was Not Found What it means — When your browser cannot find a Web site with the address you gave, this message could appear. Certain browsers might display a “cannot open” or “cannot retrieve” message including the address you provided. What you can do about it — Use the Refresh or Reload button to try to connect to the site again. If that does not work, wait and try again later. You should also clear out the disk cache for your browser. Depending on the browser, you will choose a menu item called “Preferences” or “Options.” Choose one or more of the following commands; Delete the “Temporary Internet Files,” “History Files,” “Purge Cache,” “Clear Cache,” or “Empty Cache.” Try connecting to other Web sites. If you can connect to other sites, the problem is with that site, so try again later. If you cannot connect to any sites, you might be having a problem with your connection or your computer. Reboot your computer and try connecting again. Can’t Parse HTTP What it means — This is another case of your Web browser being unable to recognize the Web address you entered. What you can do about it — Some older browsers may require the “http://” before the Web address, so if you omitted it, reenter the address including the “http://.” As in other situations, make sure you entered the Web address correctly. Spelling, punctuation, or capitalization errors will affect your browser’s ability to find the page you are looking for. Use the Reload or Refresh button to try and reconnect to the site, or wait and try again later. Clear your Web browser’s disk cache or history files. Try connecting to another Web site. If you can connect, the problem is probably with that one site, so try again later. The problem could also be with your computer so as a last resort, reboot and try again. 254 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Network Connection Was Refused by the Server What it means — When a server encounters more traffic than it can handle, the system will generate this message. What you can do about it — Wait and try again at a later time. See also: Too Many Connections — Try Again Later NNTP Server Error What it means — This error occurs when you are trying to log on to a Usenet newsgroup, but you are unable get to it. The Usenet server is something that is made available by your Internet service provider or your site administrator. If your ISP or site administrator disabled access to the Usenet or the newsgroup is not available, you will get this message. What you can do about it — Ensure that you typed the Newsgroup name correctly. If that does not help, try again later. If the problem persists, contact your access provider or site administrator and report the problem. If your organization prohibits Usenet access, there is little you can do. The only alternative would be to try using a Web-based Usenet service. Permission Denied What it means — File Transfer Protocol (FTP) directories use “permissions” defining who can read and write to the FTP site directories. If you try to perform an action for which you do not have “permission,” you will receive this error message. Anonymous FTP sites may allow you to download files but not upload files to the site directory. Some anonymous FTP sites may only permit uploading to a special directory. It could also be that you issued an improper command or the site is too busy to complete the upload or download. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 255 What you can do about it — Try again at another time when there is less traffic (late at night or early in the morning). If you can determine where the FTP server resides (county or time zone), this may affect when it is best to connect. Send a message to the site administrator to report persistent access problems. Unable to Connect to <FTP Site> What it means — This error message indicates that your browser (or FTP program) cannot get to the FTP site you want. Various situations could cause this error. If you typed in the FTP address incorrectly or if the site moved or was disconnected, this error message would pop up. Perhaps the FTP server is temporarily down for maintenance or too many users are trying to access it at the same time. Sometimes anonymous FTP sites limit the number of users that can access simultaneously. What you can do about it — Make sure that you typed the FTP site address correctly. Ensure that the capitalization matches, all words are spelled properly, and all the punctuation, such as dots (.) and slashes (/), are correctly placed. If you are sure you have the correct address, wait and try accessing the site again later. You could also try connecting to a different FTP site. If you can connect to other sites, the problem is probably with that one site, so try again later. If you are experiencing connection problems to other sites, the problem could be with your connection or your computer. Reboot and try again if you want to confirm that your connection or computer is not the problem. Too Many Connections — Try Again Later What it means — This is a common error message with FTP servers that have a volume of users. If there is too much network traffic, the server could be busy or actually have gone “down.” What you can do about it — Use the Reload/Refresh function or try to connect to the site later. You could also clear the cache where temporary files are stored to speed up your computer. Try connecting to other sites. If you can connect to other sites, then the problem exists with that one site. 256 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Sometimes displayed as “Too Much Network Traffic “ or “Network Connection Was Refused by the Server.” See also: Network Nonnection Was Refused by the Server Too Many Users What it means — It means exactly what you would expect. Too many users are trying to access the server and it is unable to handle the overload. What you can do about it — Try again later. This is one of those situations where you should consider connecting during offhours if the site is popular. Remember to factor in time zones, both domestic and foreign. If it is an FTP site you are trying to access, check and see if they have any mirror sites, perhaps in a different time zone. Unable to Locate Host or Server What it means — Usually accompanied by “Server Does Not Have a DNS Entry.” This error indicates that the site either does not exist or the ISP connection is down. Your browser cannot find the host (server) for the site you are trying to reach. What you can do about it — Hit the Reload/Refresh button. Check the address to make sure that you did not type it incorrectly. Try accessing another Internet site. If the error message persists, most likely there is something wrong with the connection. Perhaps if you empty the browser cache and try again, you will be able to establish the connection. Viewer Not Found What it means — This error is similar to the “Helper Application Not Found” error message. Basically the browser is trying to launch an application for a file you requested from the server — perhaps a PDF file or other application that you need installed on your computer. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 257 What you can do about it — Usually the error will also provide information about the viewer needed for the file. Follow the onscreen instructions in the dialog box. If you are unable to locate the viewer for the file, perhaps you could send a message to the site administrator asking for assistance. You Can’t Log On as an Anonymous User What it means — This error refers to FTP sites that do not allow unregistered or unauthorized users. What you can do about it — This message covers a multitude of sins. Some FTP sites allow access to people who are not members, some do not. Others may allow nonmembers, but limit the number of visitors. Another possibility is that your browser does not support anonymous FTP access. The way most browsers handle this is to submit “anonymous” as the user ID and your e-mail address as the password. What you can do about it — Either try again later after the rush hour or enter your user ID and password manually (using FTP software such as WS-FTP). Remember: your ID is anonymous and your password is your e-mail address. See also: Too Many Users Not Found The requested object does not exist on the server. The link you followed is either outdated or inaccurate, or the server has been instructed not to let you have it. See also: 404 – File Not Found 258 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ 10 Tips for Troubleshooting Internet Error Messages The following tips for troubleshooting Internet error messages should cover most of the situations. Treat them as general problem-solving guidelines that should be followed as part of any troubleshooting scenario. 1. If you physically typed in the address, review it for errors. The most common errors are spelling typos. If you accessed the Web site via a link from another site, look at the link properties to determine if perhaps the Webmaster made an error in entering the link. Remember that Webmasters are only human and sometimes address errors start with them. If you find that the Webmaster has an incorrect link, let him or her know so the error can be corrected. This not only helps you but also all the other auditors trying to connect to that site. 2. Check that the case of the letters in a URL is correct. Unix programs can distinguish the difference between uppercase and lowercase letters. Browsers will not translate these for you. 3. Use the Reload/Refresh feature of your browser. Often, error messages result from temporary situations or “hiccups” in the network. The Reload/Refresh feature may help establish the connection. Temporary delays and errors on the Internet are a common occurrence. 4. Clear the history file or clean the cache. Files residing in your computer cache may prevent you from connecting to the most current page in the Web site. Each browser handles cache, history, or temporary files differently. They are used to speed up access to Web sites, but in certain scenarios they may in fact slow down or prevent you from establishing a current connection. 5. Try backing out the HTML document reference. Webmasters often relocate documents on their Web sites. Documents ending in “htm”- “html”- “pdf” - or other file formats may have just moved to a different directory. Backing out these documents may put you in the main page (or sub-page) of the site and you can determine the new location for the reference. 6. Make sure you typed the Web address correctly. Punctuation or capitalization errors may prevent a browser from finding a page you are looking for. 7. If you believe that you have the correct address for the Web site, the problem may reside with the Web server where the Web page exists. The server could be down for routine maintenance, upgrade, or other service-related reasons. It may also be possible that too many people are trying to access the server at once. As the number of people using the Internet grows without a concurrent increase in the network bandwidth, this problem may persist. The best thing to do may be to try again later in the day. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 259 8. If you are connected via a modem, disconnect and then reconnect. A bad connection can impact your ability to reach Web sites. 9. Rebooting your computer is a final resort before contacting the site administrator or Webmaster. Shutting down the system and then reestablishing the connection may help determine whether your system or connection was part of the problem. 10. If you still cannot reach a site, send an e-mail to the Webmaster at that site with the error message you are receiving and the circumstances under which it occurred. Try to be as specific as possible. In order to determine the cause of the error, the Webmaster will need all the relevant facts such as the site address and document, what you did (or didn’t do) before the error message came up, and any other pertinent information you might have. Interview: Alan McCafferty, Founder and President, OPTIMUM Technology (http://www.optimumtechnology.com) Since 1993 OPTIMUM Technology has developed custom and standard software solutions for both public and private sector organizations. OPTIMUM Technology markets a series of advanced but easy-to-use software tools under the banner of QS3 technology. QS3 technology has been designed to operate in a Windows 9X/NT environment. The tools are used for implementing robust, functional and efficient business information systems that compliment MRP or ERP systems and combine the ISO requirements and other international standards such as automotive and aerospace. Configuration options give the organization freedom of choice with an open architecture that is scalable from a single user to an enterprise user. QS3 is comprised of four core components QSAK (rated Editor’s Pick by ZDNet), QSCK, QSDK, and the QS3 Communicator. OPTIMUM Technology’s Internet Strategy They see the Internet as a tool to freely and securely communicate via systems both locally or across vast boundaries such as provinces, states, and countries. Q. Why is QSAK important for auditors and how will they be able to use it through the Internet? QSAK without the QS3 communicator allows the user to generate audit findings and reports rapidly and with minimal user input. These reports can then be transferred to an Internet format (HTML) with a click of a button thus reducing the need to reenter or reformat the report line by line. By adding the QS3 Communicator, QSAK then becomes a fully interactive tool that can take full advantage of the Internet as a means of communication between users. 260 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Q. Why did you decide to provide your software freely to the audit community? In the same fashion that other items (not necessarily software) have become standards, we see electronic auditing as requiring a global standard. In order to provide the best possible product and service, we decided to offer QSAK freely as a means of getting international feedback about the product and to increase the user base. Our choice to deliver it primarily via the Internet was to allow a primarily invisible market to sample and experiment with our product without the constraints of time or training. It is our interest to unite auditors globally under a familiar easy-to-use system at their own pace. Where QSAK starts by sharing itself, we hope that users will follow by sharing resources with each other via the vehicle that is QSAK. Q. What impact has the Internet had on the delivery of your product? The Internet has been the main mechanism for international marketing and sales of the QSAK product. The Internet also allows for a global distribution of the product at a much lower unit cost as compared to a traditional model. Internet marketing does not properly fit into the traditional method as it is based more heavily on delivering the proper solution to every user instead of the traditional “high profile” clientele. For this reason, Internet marketing seems to be more focused on word-of-mouth to advertise products. Along that line is the Internet’s ability for users to freely give and share true testimonials of the product without interference by manufacturers or corporate entities. Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”? Just like all other departments, an organization’s audit group has been shrinking steadily since the beginning of the 1990s. At the same time, the level of work has increased dramatically with the introduction and acceptance of standards such as ISO 9000 and 14000. Auditor rules and practices will remain the same regardless of which standard is implemented. Therefore the introduction of new tools and techniques such as the Internet should not be intrusive but intuitive. It is the responsibility of software designers and developers to integrate the technology in such a way that it allows users to use it without requiring retraining. Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has your organization contributed to this philosophy through the use of the Internet? The Internet is home to an entire community of users covering every aspect of technology available. It has fostered a haven for all users to share and participate in equally and its scalability allows for any depth of concentration or specialty. We have provided QSAK as the vehicle to unite auditors on a global scale. ____________________________ Chapter 8 — Troubleshooting Internet Error Messages 261 Q. How has your organization integrated the user of the Internet into auditing? QSAK with the QS3 Communicator takes advantage of the Internet to allow auditors the ability to share information rapidly with minimum user intervention. The final step is to fully integrate the Internet’s globability into the product. Q. What Internet resources do you use, and how have they helped you and your organization? Resources that are relied upon for information and continued self-learning within the organization are the Internet’s newsgroups and WWW resources that can be located by performing rudimentary searches via major channels on the WWW. Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors? In the same manner that business is moving to an e-commerce model using the Internet as a mechanism for connecting clients, business, and suppliers, auditors will be able to take advantage of the same technology. The electronic world is faster, more efficient, and easier to master than the traditional model. By using the tools made available by the computer and the Internet, we are saving auditors time, money, and resources by significantly reducing once critical - now obsolete functions associated with traditional auditing models (paper trails, for example). Sharing information freely is the key to learning. By openly teaching others the specific skill that one has acquired, it opens for the exchange where the teacher becomes the student. This role-sharing environment is essential to the progress and development of ideas on a global scale. Q. What Internet skills do you see as the most critical for new auditors? Those new to the Internet should make themselves comfortable with its main channels. Learning to use search engines and navigate the WWW would be fundamental skills required. Next would be the ability to utilize the newsgroups as an interactive tool for creating and solving problems. Q. What role do you see for the Internet in the future of internal auditing? The future of auditing will continue on its path of fewer auditors with more audits. It will be the responsibility of the auditor to have a competent tool set that will allow a single auditor to perform like today’s entire team. _____________________________________ Appendix A — Auditor’s Internet Glossary 263 Appendix A Auditor’s Internet Glossary Internal auditors who tour the Internet need a digital vocabulary guide to help navigate the terrain. While they may not need a glossary of every Internet term, an understanding or familiarity with basic terminology will certainly help. This glossary is specifically geared to auditing professionals. ACUA (Association of College and University Auditors) - Active professional association with listservs, a Web site, and numerous audit-related resources. ANet - Part of the International Accounting Network. Site is centered at Southern Cross University in New South Wales, Australia. Maintains extensive mailing lists devoted to accounting and auditing topics. ANet is a cooperative venture of a number of individuals and primarily academic institutions around the world. It seeks to provide a networked, electronic forum for the exchange of information and the discussion of issues in the broad accounting and auditing discipline and provides a repository for a range of information in the discipline. It includes a variety of electronic mail discussion groups and an online database of information. ANet is run as a joint venture with the School of Business at Bond University. AOL (America Online) - A commercial online service popular because of its ease of use. Archie - A tool (software) that allows searching indexes of files stored on anonymous FTP servers. Requires knowing the file name. ARPANet (Advanced Research Projects Administration Network) - The precursor to the Internet. Developed in the late 60s and early 70s by the U.S. Department of Defense as an experiment in wide area networking. Article - An e-mail message sent to a mailing list and distributed to subscribed members. Also a posting to a Usenet newsgroup. ASAP (As Soon As Possible or Auditors Sharing Audit Programs) - A service of AuditNet that allows auditors to share audit programs with peers by allowing them to be posted on a FTP site. ASCII (American Standard Code for Information Interchange) - Describes files that are stored in clear text format. Sometimes referred to as DOS text. AuditNet - A conceptual model for a central electronic resource for the audit community that would provide a link for auditors worldwide. The initial concept has evolved into a network of resources available for auditors. The AuditNet concept now has the auditor as the hub of a 264 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ wheel. The spokes of that wheel represent resources available for professional auditors. Some of those spokes are connected by pointers via the Internet, while some are islands unto themselves. A listing of those electronic resources is maintained, updated, and distributed monthly via the Internet and is available as an Internet home page. AuditZine - Compendium of articles about the Internet written by auditors and accountants. Available on the AuditNet home page. Browser - Client-based software program providing capability to view Internet resources. Examples include Netscape Navigator and Microsoft Internet Explorer. BTW - Short form of “by the way” used in e-mail messages. Bulletin Board System (BBS) - Computer system providing capability to connect via phone or network for the purpose of sharing files and information; forum for discussions and announcements. Able to operate from small standalone computer systems or larger systems. Caching - A method of automatically saving copies of files in the computer’s memory or on the hard disk. Caching enables you to recall previously visited Web sites quicker than downloading new Web pages. CIS - CompuServe Information Service is a commercial online service that has a variety of business resources and forums. Client - Software program for contacting and obtaining data from server software programs located on a remote computer. Client programs work with server programs and server programs require specific client programs. Commercial Online Service - Online service providers where users pay a fee to dial into a large centralized computer system. These providers offer conferences, forums, files, news, and other information. Examples include America Online, CompuServe, Prodigy, and others. These services also offer a wide range of Internet services as part of their monthly fee. Crawler - see Spider. Crossposting - Posting one message to multiple discussion groups in order to cover a wider audience. Cybernaut - Individual that spends time traveling online in the electronic world. Cyberspace - Range of information resources available from computer networks. _____________________________________ Appendix A — Auditor’s Internet Glossary 265 Cyberspeak - Terms and speech style used by cybernauts. Dead Link - An Internet link that does not lead to a page or site, most likely because the server is down or the page has moved or no longer exists. Digest - Accumulation of mailing list articles sent to list subscribers periodically (daily, weekly, or monthly). Domain Name - Unique naming system that identifies an Internet site. Download - Transferring information from a remote computer to your local computer. E-Mail - Electronic mail or text messages sent from one individual to another over a computer network. FAQ - Documents that provide answers to frequently asked questions on Internet-related topics or specific subjects. Provides easy means to avoid answering the same questions over and over. FAQs are Frequently Asked Questions. Because the Internet covers so many new and unique areas, FAQs provide a way to capture questions of a recurring nature that first-time users may need answered. There are FAQs for just about everything you can imagine on the Internet. They represent a worthwhile means of finding out what specific terms mean without having to ask questions that may prove embarrassing. There are no “stupid questions,” but on the Internet, some questions may incur the wrath of a globally insensitive family. Finger - Software tool on the Internet for locating individuals at other sites. Firewall - A computer or server set up to monitor traffic between an Internet site and the Internet. The purpose is to keep unauthorized persons from tampering with a computer system. Flame - Caustic or obscene message of disagreement for an opinion or statement included in an email message or posting to a newsgroup. FTP (File Transfer Protocol) - An Internet protocol that allows users to download files from specific accessible file servers. Users can search FTP archives for specific files using a software application called Archie. The ASAP FTP site is an example of audit applicability. GIF - Picture file used in Internet documents such as World Wide Web pages. Gopher - Menu and text-based system on the Internet for sharing information. Client and server program that requires using a client program on the local computer (or connecting to a client program on a remote computer) which connects to a Gopher server on a remote system. Developed at the University of Minnesota whose mascot happens to be a gopher. 266 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ History Log - A list of document titles and URLs that browsers automatically store in memory. These are dynamic logs that document all the Web sites visited while browsing the Web. Home Page - The opening page of a World Wide Web site. Acts as a guide by providing links to the other pages associated with that particular site. Host - Computer on the network that provides services to other computers on the network. HTML (Hypertext Markup Language) - Formatting language used to create documents for use on the World Wide Web. HTML documents are used by client browser programs to link to other sites or documents on the Internet. HTTP (Hypertext Transport Protocol) - Protocol or language used for moving hypertext files over the Internet. IAWWW - The Internal Auditing World Wide Web was the first Web resource on the Internet devoted to internal auditing. The IAWWW was established in June 1994 and continues as a valuable electronic resource for auditors. IMHO (In My Humble Opinion) - Used in electronic forums, newsgroup and discussion list postings. IMO (In My Opinion) is a less humbling cyberspeak. International Accounting Network - Providers of information on the Internet about accounting and auditing. The providers are the University of Exeter in the UK which hosts the Summa Project, Rutgers University in New Jersey which hosts the Rutgers Accounting Web (RAW), Southern Cross University in Australia which hosts A Net, School of Accountancy (SOA) at the University of Hawaii, and the Nordic Accounting Network (NAN) maintained by the Department of Accounting at the Swedish School of Economics and Business Administration in Helsinki, Finland. Each service provider runs a World Wide Web server with a wide variety of information. Each of the providers is working to mirror the other two services in order to build a truly international resource of accounting and auditing knowledge. Summa, RAW, NAN, SOA, and ANet will be working to build expertise and sources of information in particular areas and sharing this knowledge with the other providers. Internet - Global interconnected network of computers using the TCP/IP protocol. Internet Explorer - Web browser developed by Microsoft Corporation. Intranet - Connection of two or more networks. ISP (Internet Service Provider) - A commercial entity that provides Internet access to individuals usually via a dial-up connection. _____________________________________ Appendix A — Auditor’s Internet Glossary 267 Java - A computer programming language whose programs can run on different types of computers and/or operating systems. Keyword - A word by which subjects can be searched on online services and databases. List Owner - Individual in charge of a mailing list. Listserv - A widely used type of mailing list software. Other types of list server software include majordomo and listprocessor (listproc). The software runs automated mailing lists by recognizing commands received via e-mail messages. Login - Account name used to access a local or remote computer system (noun). Can also be used as a verb (as in login to a computer system). Lurker - Usenet or discussion group member that posts occasionally but reads the group posting on a regular basis. Mailing List - System providing capability to send a message to a single address, which in turn is forwarded to all members of the list. Provides discussion capability to a large group of individuals at different locations. Meta Search Engine - A server that passes queries on to many search engines and/or directories and then summarizes the results. Mirror - Internet site containing a copy of information located at another site in order to distribute the number of individuals accessing the site or reduce the response time for users. Moderated - Mailing list or newsgroup monitored by one or more individuals to ensure that the topics and messages posted are relevant to the topic for which the list was created. Mosaic - First developed WWW browser program for accessing the resources of the World Wide Web. Netiquette - Acceptable behavior in network applications and tools such as e-mail, discussion groups, mailing lists, newsgroups, etc. Netscape - Commercial browser program for accessing the resources of the World Wide Web. Newbie - New user to the Internet. All computer users were newbies at some point. Newsgroups - Organized by subject matter, newsgroups are forums where anyone can ask and answer questions, debate given issues, and discuss current or past events. 268 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ OSP (Online Service Provider) - Commercial online services that provide members with access to the Internet. Packet Switching - Method used to move data around on the Internet. Breaks data down into packets or chewable bytes providing network capability to move large amounts of data with minimum impact on the transmitting lines. Password - Security access code for entering a computer system. Accompanied by a user name, allows security for logging in to a remote (or local) computer system. POP (Post Office Protocol) Mail - POP Mail is used to provide a way for e-mail programs to retrieve mail from another computer. PPP - Internet protocol (language) allowing a computer to use a modem dial-up for a TCP/IP connection and act as an Internet host. Query - Word or phrase used in conducting a search on the Internet. RAW (Rutgers Accounting Web) - Part of the International Accounting Network. RFC (Request for Comments) - Process used to establish standards on the Internet. RFC documents are proposed and distributed online for feedback. The discussion is facilitated by the IETF (Internet Engineering Task Force) which assigns official numbers to the RFCs. Router - Computer or software package that handles network computer connections. Routers review destination address instructions received and determine the route for forwarding. Search Engine - A server or group of servers dedicated to indexing Internet Web pages, storing the results, and returning lists of pages that match specific queries. Server - A server is a computer that, when asked to, sends information to another computer. Smiley - Keyboard symbol combinations that express emotions. Sometimes known as emoticons. Spider - Part of a search engine that surfs the World Wide Web, stores the URLs, and indexes the keywords and text of each page it finds. TCP/IP (Transmission Control Protocol/Internet Protocol) - Standard software language that allows different types of computers with different operating systems to communicate on the Internet. _____________________________________ Appendix A — Auditor’s Internet Glossary 269 Telnet - Connecting from one computer site to another remote computer on the Internet. Telnet is a command and a client program. Thread - Entire discussion in a newsgroup from the original article on a topic to the last response for that topic. Upload - Upload means to transfer information from a local computer to a remote computer. URL (Uniform Resource Locator) - Standard method of addressing on the Internet. Similar to a channel on a television set. The major parts of the URL identify the type of resource (i.e., WWW, Gopher, FTP) and physical location of the server. Usenet - Also referred to as newsgroups. A system of discussion groups or forum allowing a wide variety of individuals to post and read messages on various topics. Veronica (Very Easy Rodent Oriented Netwide Index to Computerized Archives) - Textbased search tool that queries Gopher servers and provides ability to link for successful hits. WAIS (Wide Area Information Servers) - Text-based search tool that queries databases of information providing ranked results of hits. Allows refining the query to fine-tune the search. WWW (Web or World Wide Web) - An Internet interface based on a hypertext technology that links graphics and sound with text files. The Web consists of documents that can be linked to other documents, applications, or other sites. Like a spider’s web there is more than one way to get from one place to another on the Web. Continuing Internet Education The Internet Glossary and Quick Reference Guide, Alan Freedman, Alfred Glossbrenner, Emily, Emily Glossbrenner, Amacom. _____________________________ Appendix B — The AuditNet Resource List (KARL) 271 Appendix B The AuditNet Resource List (KARL) Copyright 1994-2000 by James M. Kaplan. Single copies of this list from its networked sources or of specific entries from their networked sources may be made for internal purposes, personal use, or study by an individual auditor, an individual auditing department, or an educational or research institution. The list may not be otherwise reproduced or republished in its entirety, in print or electronic form, without permission from James M. Kaplan, [email protected]. The information on this list is the most current available and selected on the basis that it may be helpful and useful. The author of this list makes no claims as to the accuracy of the information contained in any of the resources and is not responsible for the content of the information provided. The author is also not responsible for any costs associated with connecting to those resources or the electronic distribution of this list. The appearance of a resource here should not be construed as an endorsement. Send any updates or changes to: [email protected] To subscribe to AuditNet-L, which includes the monthly updates to Internet Resources for Auditors, send an e-mail to [email protected] and, in the body of the message, put SUBSCRIBE AUDITNET-L. To subscribe via a form, go to http://www.itaudit.org/auditnet_area/subscribe.htm. Academy of Accounting Historians (http://weatherhead.cwru.edu/Accounting) - Organization that encourages research, publication, teaching, and the interchange of ideas for accounting history and its relationship to business and economic history. Site provides information about the academy, its organization, and services offered. There is also a publication section with links to research papers and abstracts. Accountancy Edition-Sift (http://www.sift.co.uk) - Web search site for accounting professionals. The accountancy edition of Sift draws together a wide collection of relevant Internet resources for an accountant doing business in the UK. Includes access to accountancy news and organization directories (ICC, Infocheck, Dun & Bradstreet, and others), as well as a wide collection of financial, news, and market research databases from DataStar. Maintains a set of links to other relevant Web sites. Subscription service available. Accountant-Finder (http://www.angelfire.com/biz/AccountantFinder/index.html) - An Internet directory for locating accountants and accounting professionals worldwide. 272 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Accountant’s Home Page (http://www.computercpa.com/) - The Accountant’s home page includes resources for accountants and financial and business professionals. Resources include governments, professional organizations, corporations, and universities. Accountants’ Ledger (http://www.accountantsledger.com/) - Online magazine for accountants. Includes feature articles, online resources, reviews, and more. Accountants on Call (http://www.aocnet.com/) - Staffing service specializing in accounting and financial personnel placement. This recruiting and job search Web site includes articles on hiring for employers, career articles for job seekers, a list of FAQs, salary guide by request, and access to the searchable database of jobs and candidates. Accountants Online (http://www.ppn.com.hk/accountantsonline.html) - Pacific Professionals Network accounting page of information and resources. Includes What’s Hot for Accountants and Accounting Web sites. Accountemps (http://www.accountemps.com/jobsAT/) - Web site for an international temporary financial staffing placement firm. The site provides an excellent career advisor, salary survey, and more. Accounting: A Virtual History (http://www.acaus.org/history/) - Web site from the Association of Chartered Accountants in the U.S. provides an excellent historical background on the roots of accounting. Accounting and Audit Resources (http://www.disastercenter.com/audit.htm) from the Disaster Center - Provides a comprehensive list of links to related sites. The links to accounting and audit associations and organizations is especially useful. Accounting and Finance Employment Opportunities (JOBS ACT) - This is a moderated mailing list of employment opportunities for accounting and finance jobs, including cash management, auditing, and tax (no entry level positions). To subscribe, send a message to JOBS [email protected] with the word SUBSCRIBE in the subject line and the body. Do not include your name, address, or additional text in the subject line or the body of the message. Subscribers can obtain an archive file, which gives information on several employment BBSs around the nation by sending the command ARCHIVE JOBS ACT to the list address. Accounting and Finance in Hong Kong and China (http://www.cityu.edu.hk/afdragon/) The AF Dragon home page, a voluntary and independent home page on the region, provides links to a number of accounting, auditing, and business resources. _____________________________ Appendix B — The AuditNet Resource List (KARL) 273 Accounting and Finance Jobs (http://www.accountingjobs.com) - A national database of accounting and finance-related jobs. This joint project sponsored by AccountingNet and CareerMosaic focuses on employment opportunities in the accounting and finance professions. Accounting and Tax Professionals in Public Practice and in Industry Discussion Lists. The following lists are jointly owned and managed by Kent Information Services, Inc. and TAPNet. If you have questions or need additional information about these lists, e-mail John Graves at [email protected] or Jim Snell at [email protected]. Subscribe to these lists at http:// www.kentis.com/listsub.html. AA-STDS APP - Discusses actual accounting and auditing problems and how current standards should be applied in those circumstances. Participants must agree that (1) names of the companies that are the subject of discussion will not be identified, and (2) opinions offered by participants will not be relied upon as authoritative, but only as a starting point for further research. All accounting and auditing professionals are welcome to join this list. CPA-INET USE - Focuses on (1) how CPAs in public practice are using the Internet to improve client service, lower costs, and enhance revenues, and (2) how CPAs in industry are using the Internet to enhance administration and productivity. The Internet is a new tool being used by CPAs in innovative ways not predicted even a year ago. This discussion group will share new ideas and lessons learned from successful implementations as well as those that were not as successful. Home pages will be submitted to this group for evaluation and comment. All accounting and tax professionals are welcome to join this list. CPA-MGMT MRKTG - The CPA Management and Marketing list is dedicated exclusively to subjects on managing and growing a CPA firm. The goal of the list is to be a forum for discussing ideas, sharing problems, and communicating successes about firm management and marketing. By participating in this group, practitioners will have a place to turn for access to the most current ideas and trends and to sound out ideas and plans in a supportive atmosphere. All tax and accounting professionals in public practice are welcome to join this list. MGMT-ACCT - The Management Accounting list discusses new issues and ideas relevant to financial professionals working for both large and small companies. This list will help management accountants cope with the increasing corporate demands for greater organization efficiency. Relevant topics will include a range of practical issues from “strategies used to decrease lead times for order fulfillment” and “choosing the right combination of organization benefits” to “strategies used in downsizing, strategic planning and financial re engineering.” Tax and accounting professionals with an interest in management accounting are welcome to join this list. 274 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ TAX-PRCT ISSUES - The Tax Practice Issues list is a discussion among tax professionals working in industry and public practice. The discussion focuses on how companies and tax practitioners are dealing with current tax issues. Members agree not to identify organization names during these discussions or use the content of this list as a basis for taking a position before the IRS. By participating in these discussions, tax professionals will be able to support each other by sharing information and to become more efficient and productive. Tax and accounting professionals with an interest in taxation are welcome to join this list. Accounting and The Year 2000 (Y2K) Problem (http://www.bus.orst.edu/faculty/brownc/ year2000/index.htm) - Web site for accounting professionals and students to keep up to date on the issue. Accounting, Auditing & Accountability Journal (http://www.mcb.co.uk/cgi-bin/mcb_serve/ table1.txt&aaaj&journal1.htm) - Provides information about the journal and selected articles. Subscription information provided. Accounting Discussion List and Newsgroup - FinanceNet established a discussion list ([email protected]) for news, notices, announcements, and accounting standards of interest to public accountants. They also set up a corresponding newsgroup (fnet.accounting) to encourage posting of comments, questions, best practices, and more between accountants in the public and private sector and educators. Send message to e-mail [email protected] for more details. Accounting Education (http://www.accountingeducation.com/) - Web site for academic accountants provides access to news, reviews, jobs, events, journals, links to sites, and a library of articles. Accounting Education Ideas (http://www.swcollege.com/vircomm/gita/gita.html) - from SouthWestern College Publishing. Provides ideas from accounting professors for teaching the subject. Topics include classroom management tips, icebreakers, management accounting ideas, statement preparation and analysis, assets, liabilities, and equity. There are also spreadsheet, internal control, and other project ideas. Accounting Faculty Directory (http://rarc.rutgers.edu/raw/hasselback/) - Web site of the Prentice Hall On-line Accounting Faculty Directory, a database compiled by James R. Hasselback. The site provides search capability based on name, school, or location. Accounting (Big 5) Firms on the Internet Arthur Andersen (http://www.arthurandersen.com/) - Web site provides information about the firm and its history as well as sections for global best practices, interactive tools, and business links. _____________________________ Appendix B — The AuditNet Resource List (KARL) 275 Deloitte & Touche (http://www.dttus.com) - Site provides information about D&T as well as an excellent Hot Topics section (http://www.dttus.com/dttus/hot/hotlist.htm) with timely information on software products, surveys, and breaking news items of interest to accountants and auditors. Deloitte Touche Tohmatsu TAXNET (http://www.deloitte.com.au) Deloitte Touche Tohmatsu Australian division is now on the World Wide Web. Site includes information about Deloitte, tax publications, career information, and more. Touche Ross UK (http:// www.deloitte touche.co.uk/) site for the UK Division of Deloitte Touch. Includes a hot topics area, information about the firm, and Inside Fraud, the quarterly fraud bulletin. Ernst & Young (http://www.ey.com) - U.S. site provides financial reporting briefs, a financial reporting and accounting 1995 update, gateways to other E&Y sites, and career opportunity information. Ernst & Young (http://www.eycan.com) E&Y Canada provide information about the firm’s services and career opportunities. Includes news releases, tax briefs, links to the Department of Justice of Canada (French or English), and links to other business resources. E&Y England (http://www.ernsty.co.uk/welcome.htm) includes the complete publication of Cadbury Corporate Governance: Reporting on Internal Financial Control. E&Y Africa (http:/ /www.mbendi.co.za/ernsty) provides information on their services. KPMG - Peat Marwick Web Sites KPMG US (http://www.us.kpmg.com) - Provides updates on KPMG, services, employment, and a library that contains links to accounting and tax-related sites. KPMG Online Canada (http://www.kpmg.ca) includes industry studies and links to business resources. KPMG Australia (http://www.kpmg.com.au) includes tax information for Australia and links to other resources. PricewaterhouseCoopers (http://www.pwcglobal.com) - Web site contains firm history, insights and solutions, and career information. Accounting Research Network (http://www.ssrn.com/) - Publisher of the Journal of Financial Abstracts and other documents. After the startup phase this will become a fee-based service. Accounting Research Tools (http://www.rutgers.edu/Accounting/raw/aaa/facdev/research/ indexed.htm) - Provides access to scholarly journals, databases, and publications maintained by the American Accounting Association. Accounting Studies on the Internet (http://www.rutgers.edu/Accounting/raw/miklos/ study.htm) - A publication that covers a basic understanding of the Internet, the issues of security, online auditing, advertising opportunities, and more. AccountingNet (http://www.accountingnet.com/) - Site is designed as a complete utility on the Web for accounting-related information, products, and services. Serves as a communication network between CPAs and state societies, and as a marketing tool for CPAs. Includes a job search database and a well-organized page with links to accounting resource material. 276 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ AccountingNet Forum (http://www.accountingnet.com/) - Provides the opportunity for accounting and auditing professionals to communicate with others on various topics of interest, including technology and the Internet. AccountingStudents (http://www.accountingstudents.com/) - Web site for accounting students provided by AccountingNet. Links to scholarships and discussion forum listings, tips on taking the CPA exam, job information, a research library, accounting firms, GAAP and GAAS guides, and more. AccountingWeb Newswire (http://www.accountingweb.co.uk/email_lists.html) - Free twice weekly digest of all the recent news and developments on the Web site sent to subscribers to AccountingWEB. It keeps you up to date with all the important events of relevance to the world of accounting. To add or remove your name from this mailing list, go the URL provided above. To subscribe to by e-mail, send a message to [email protected] and in the BODY of the message type: SUBSCRIBE ACCOUNTINGWEB-NEWSWIRE youremailaddress. (Knowledge Assembly Resource) AccountingWEB (US) Newswire (http://www.accountingweb.com/) - The AccountingWEB Newswire is a free weekly digest of all the recent news and developments on the Web site sent to subscribers of AccountingWEB. It keeps you up to date with all the important events of relevance to the world of accounting, giving you an edge on those less well informed. (Knowledge Assembly Resource) AccountNetGuide (http://www.accountnetguide.com/) - Page of Internet information resources for accountants. Includes mailing lists, newsgroups, and more. AcctInfoPlus (http://www.bs.ac.cowan.edu.au/acctinfoplus/) - An accounting resource metacenter developed for the academic and professional community. Site includes the Summa Project, and the Nordic Accounting Network, among others, links users with the latest Internet resources and conferences in accounting. Links are organized by general topics covering academic, regulation, and professional interests. ACL (http://www.acl.com) - An integrated system of software providing complete control over data access, management, analysis, and presentation. The site offers information about their products, trade shows, seminars, and training schedules as well as online support and the Audit Central page - A Guide to Web Audit Sites. For more information, send e-mail to [email protected]. Acquisition Best Practices (http://[email protected]/BestP/BestP.html) - Web site provides links to Office of Federal Procurement Policy Best Practice guides. _____________________________ Appendix B — The AuditNet Resource List (KARL) 277 Acquisition Reform Network (http://[email protected]/index.html) - Joint Project of the National Performance Review, Office of Federal Procurement Policy, and others, focuses on procurement-related issues. There is an Acquisition Best Practices area where auditors may find ideas on reinventing procurement within their organization. Activity-Based Costing Resources (http://www.saffin.hq.af.mil/FMC/ABC/index.htm) - Web site provides links to an ABC dictionary, bibliography, software models, periodicals, and more. ACUA Homepage (http://www.acua.org) - Homepage of the Association of College and University Auditors, an international professional organization focusing on internal auditing in higher education institutions. Site includes information about the organization, scheduled events, links to document libraries, and other interesting Web sites. ACUA-L - List Association of College and University Auditors on Bitnet. ACUA-L is a listserv on Bitnet for college and university auditors. Closed list for college and university auditors. ADM PLUS for Windows (http://www.pleier.com) - Web site of Joseph Plier & Associates provides information about their audit automation software. There are links to newsletter and conference announcements. Also, a full-featured, 90-day Evaluation Version or a Production Version of ADM PLUS for Windows is available for downloading. Advanced Technology Program (ATP) Audit Guidelines (http://www.atp.nist.gov/atp/psagco.htm) - Provided by the Office of Inspector General, U.S. Department of Commerce. The ATP is a cost-sharing program between government and industry to pursue high-risk, enabling technologies with significant commercial and economic potential. Affiliated Conference of Practicing Accountants (http://www.acpaintl.org) - Web site provides information about the organization and the programs offered. Air Force Audit Agency Headquarters AFAA Home Page (http://www.afaa.hq.af.mil) - Contains links to audit and accounting information, downloadable files, government sites, and Web reference sites, including a dictionary, thesaurus, and the CIA World Factbook. Air Force FAR Site (http://farsite.hill.af.mil/) - Web site set up by the Air Force for Federal Acquisition Regulations. Alabama State Auditor’s Office (http://agencies.state.al.us/auditor/) - Web site provides information about the office, staff, press releases, and more. Alaska Division of Legislative Audit (http://www.legis.state.ak.us/legaud/web/default.htm) Site provides summary and full text of audit reports. 278 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ All Business Network Accounting and Taxation (http://www.all-biz.com/accountg.html) Includes links to accounting courses and educational initiatives, working papers, articles, professional and academic accounting associations, as well as other accounting-related resources. The Resource Directory includes links to accounting firms, tax and computerized accounting information, and newsgroups. AllCLEAR – SPSS Inc. (http://www.spss.com/allclear) - Ideal for quality, auditing, IS, training, and human resources. allCLEAR turns a simple text outline into a flowchart automatically. Alliance for Redesigning Government the National Academy of Public Administration - Established the Public Innovator Learning Network with the goal of building an information network for people making government work. American Accounting Association Auditing Section (http:/raw.rutgers.edu/raw/aaa/audit/) - Site provides background information, announcements for accounting conferences and paper deadlines, links to accounting and auditing sites, and technical resources. American Accounting Association Government and Nonprofit Section (http:// www.bs.ac.cowan.edu.au/aaagnp/) - Web site provides information about the organization, research papers, and teaching material. American Accounting Association Government & Nonprofit Section mailing list (AAAGNPL) - The purpose of this list is to share information of specific interest to AAA GNP members, including notice of upcoming AAA GNP meetings and their agenda, and to facilitate discussions on a various topics of interest to AAA GNP members. In general, this newsgroup is of interest to anyone in the government or nonprofit areas of accounting, especially those interested in academic research in areas such as governmental auditing and finance, public choice, public interest and the U.S. Governmental Accounting Standards Board standard-setting process, and behavioral accounting research relating to governments. To subscribe to the AAA GNP newsgroup, sponsored by the International Accounting Network (ANet), simply send the following e-mail message: subscribe AAAGNP-L your first name your last name to [email protected]. American College of Forensic Examiners (http://www2.acfe.com/acfe/) - This is a not-forprofit organization for professionals involved in forensic examinations and consultation. There are links to criminal justice sites and other forensic links that provide information about forensic accounting (Zeno’s Forensic Page). Certain areas on this page are restricted to members. American Health Information Management Association (http://www.ahima.org/index.html) - Web site provides background on the organization, searchable clinical and non-clinical library databases, online publications and articles, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 279 American Institute for Chartered Property Casualty Underwriters (http://www.aicpcu.org) - Provides information about property and liability insurance. American Institute of Certified Public Accountants (http://www.aicpa.org/) - The AICPA home page includes general information, member matters, catalogs, conference notices, research links, a Newsflash of professional happenings, and more. American Institute of Certified Public Accountants Online (http://www.aicpa.org/forums/ index.htm) - the Web site for the Forums, an interactive resource for CPAs and other accounting professionals. There are online discussion areas where professionals can exchange ideas and share concerns with other members of the accounting community. Registration is required to access the forum. The Web site provides instructions on how to use the forum, usage policy, and a directory of topics which includes audit, accounting, information technology, and more. American Payroll Association (http://www.amerianpayroll.org/) - Contains articles on payroll topics, information about the organization, and more. American Productivity and Quality Center (http://www.apqc.org) - Site is devoted to TQM and benchmarking issues. There is information about the center, membership details, and services offered. The site also includes selected articles on benchmarking, reengineering, and total quality from their publication, Continuous Journey Magazine. For more information, send message to [email protected]. American Society for Quality Control (http://www.quality.org/) (ASQC) - Professional organization for persons employed or interested in the field of quality science. American Society of Military Comptrollers (http://www.asmconline.org) - The professional organization for military controllership (professions of financial management in the Department of Defense and Coast Guard). The site includes information about the organization, local chapters, membership, career opportunities, professional development, and more. The links section provides access to many additional resources for DoD financial professionals. American Society of Women Accountants (http://www.aswa.org/) - Site provides information about the organization, membership, scholarships, and a directory of chapter presidents. This organization represents a good networking tool for auditors. Ameritech Internal Audit Services (http://www.ameritech.com/corporate/internalaudit/ index.html) - Web site provides information about the office and the services offered. Auditors will find information on self-directed work teams, benchmarking, and more. Anchorage Internal Audit (http://www.ci.anchorage.ak.us/Services/Departments/Audit) - Web site provides information about the office, their annual audit plan, and links to reports. 280 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ ANet (http://www.csu.edu.au/anet) - A cooperative venture of a number of individuals and academic institutions around the world seeking to provide a networked, electronic forum for information exchange and the discussion of accounting and auditing issues. The site includes a variety of electronic mail discussion groups and an online database of information. ANet Mailing Lists (http://www.csu.edu.au/anet/lists) - One of the major services provided by ANet is mailing lists in a range of areas. The principal mailing list is ANews-L, which provides information on a variety of upcoming events, new publications, and important developments on the Internet. Subscribe to the ANews-L list by sending e-mail to [email protected]. In the subject line of the message, type SUBSCRIBE. Archives of the various ANet lists are maintained at http://www.csu.edu.au/lists/anet/lists. ANet mailing list subscriptions should be sent to [email protected] with the subject line “subscribe” and the message body left blank. Replace listname with the name of the list to which you would like to subscribe. For example, subscribe to AAudit-L by sending your request to [email protected]. For general information on subscribing, go to http://www.csu.edu.au/anet/lists/list_protocol.html. AntiOnline (http://www.antionline.com/) - A megasite devoted to the subject of computer security. Site includes a virtual library based on user level, archives, special reports, a local file search engine, and more. ANZ Internal Audit Group Mailing List (http://www.curtin.edu.au/curtin/audit/ mailing%20list.htm) - Allows for the free exchange of ideas for internal auditors of Australian and New Zealand universities and other interested participants. The site provides information for subscribing to the ANZUIAG-L list. This list was previously called INTAUDITL). ANZUIAG (http://www.curtin.edu.au/curtin/audit/anzuiag1.htm) - Web site for the Australian & New Zealand Internal Audit Group at the University of South Australia. This page provides links to other Australian and New Zealand Universities. Application Review Questionnaire (http://www.umanitoba.ca/admin/internal_audit/html/ application.html) for an environmental controls system. Appraising Your Auditors (http://www.icas.org.uk/members/framewk7.pdf) - A report from the Institute of Chartered Accountants of Scotland. The report provides a framework for the review and appointment of auditors by listed companies. Arizona Auditor General (http://www.auditorgen.state.az.us/) - Web site provides a navigation guide that explains about the office and its reports. There are links to performance, financial, and investigative audit reports issued by the office. The Services section includes manuals, forms, and newsletters issued by the office. They also have employment information and links to other related audit sites. _____________________________ Appendix B — The AuditNet Resource List (KARL) 281 Arizona Society of Certified Public Accountants (http://www.ascpa.com/) - Site provides information about the society, accounting information, links to other sites, and the Newsledger. Arkansas State Auditor Home Page (http://www.state.ar.us/auditor/auditor.html) - Provides information about the office and its services. Arthur Andersen KnowledgeSpace® for Internal Auditors (http://www.knowledgespace.com) - A customized source of internal audit resources, tools, methodologies, checklists, and selfassessment surveys. The site provides access to Arthur Andersen’s Global Best Practices knowledge base for business process improvement. You can sign up online for a free 30-day trial of this subscription-based Web site. AS/400 Security Page (http://home.earthlink.net/~vleveque/) - An excellent resource for security and disaster recovery information. The site has links toAS/400 and IBM sites, general resources for security and disaster recovery, security vendors, and more. Association for Computing Machinery (ACM) (HTTP://www.acm.org) - Largest and oldest international scientific and educational computer society in the industry. ACM provides members with a forum for sharing knowledge on developments and achievements. There is a Special Interest Group (SIG) for Security, Audit, and Control. Association of Certified Fraud Examiners (http://www.cfenet.org/) - Site for the organization of professionals who investigate fraud. Provides information about the association, the certification program, the Code of Professional Ethics, and more. Association of Certified Fraud Examiners - Central Pennsylvania Chapter (http:// www.paonline.com/cfe/) - Web site provides chapter information, news, links to the National Association, and other related sites. Association of Chartered Accountants in the U.S. (http://www.acaus.org/) - Home page for the professional organization representing U.S.-based chartered accountants. Includes information about the organization, an accounting bookstore, a history of accounting, and links to other sites. Association of Chartered Certified Accountants (http://www.acca.ca) - Web site provides information about the organization, news, events, links to resources, and more. Association of College and University Auditors Audit Exchange Library (http://www.acua.org/ library.htm) - This resource contains audit programs, audit reports, questionnaires, guides, program reviews, etc., focusing on audits for institutions of higher education. An index is available showing a list of all files available and a brief description of each file. 282 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Association of Credit Union Internal Auditors (http://www.acuiainc.org) - International organization for internal auditors in the credit union industry. Site provides information about membership and more. Association of Government Accountants (http://www.agacgfm.org/) - The official site of the educational organization dedicated to the enhancement of public financial management. Web site provides information about the organization, links to local chapters, publications, conferences, education and training, news, and more. Association of Government Accountants Austin Chapter (http://members.aol.com/ AGAAustin/main.html) - Web site provides information about the AGA, the chapter, employment opportunities, and more. Association of Government Accountants Dallas Chapter (http://members.aol.com/ AuditorDeb/agadal.htm) - Site includes information about the AGA, the chapter, and more. Association of Government Accountants New Mexico Chapter (http://www.whiptail.com/ aga/) - Site includes information about the chapter, the organization, training and conferences, and more. Association of Healthcare Internal Auditors (http://www.ahia.org/) - Professional organization for healthcare internal auditors dedicated to the advancement of the healthcare internal auditing profession. Site provides information about AHIA, Code of Ethics, position papers, and a planned audit library Association of Inspectors General (http://www.lib.jjay.cuny.edu/ig/) - Web site provides information about the organization representing state and local Inspectors General and other public inspection and oversight entities. There are links to IG offices and various Internetbased professional development initiatives. Association of Practicing CPAs (http://www.ap-cpa.org/) - A forum for CPAs to network with other CPAs by mentoring, teaching, learning, and sharing business opportunities. Includes links to their newsletter, a CPA directory, and related resources. Association of Public Pension Fund Auditors, Inc. (http://www.appfa.org/) - An organization whose members are responsible for internal auditing of public pension funds. The site provides information about the organization, conference schedules, audit programs, their listserv, and more. Auburn University Internal Audit Department (http://www.auburn.edu/~auaudit/) - Home of the Internal Audit Department. Provides information about the department, Frequently Asked Questions, a Guide to Internal Controls, Ask an Auditor, the Fraud Hotline, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 283 Audimation (http://www.audimation.com) - A distributor of IDEA software. The site has links to information about the product, its uses, training, upcoming events, and demo downloads. Audit Commission (http://www.auditcommission.org/) - An independent government body in England and Wales responsible for appointing auditors in local government, setting standards, preparing special studies, and defining comparative performance measures. Audit Exchange Library (http://www.acua.org/library.htm) - Inventory of audit programs from the Association of College and University Auditors. Audit Manual (http://iron.utsystem.edu/home/AUD/manual/tab_cont.htm) - From the UT Systems Audit Office includes details on organizational structure, office policies and procedures, and sample documents. Audit Methodology Manual (http://www.sao.state.tx.us/Manuals/meth.htm) - From the Texas State Auditor’s Office. Represents their comprehensive guide on audit-related topics, techniques, and methods. The Manual is an excellent resource for state and local government audit offices looking for guidance on a broad range of audit issues. The Manual is in Adobe Acrobat PDF format and auditors may download individual sections or the entire manual. Audit Process Handbook (http://www.hhs.gov/progorg/oas/tap.pdf) - The DHHS OIG Audit Process Handbook in PDF format was developed to give auditors tools to conduct audits and prepare reports. It lays out a systematic approach designed to keep the audit focused, involve all team members throughout the process, and facilitate report preparation. Audit Program Guides (http://www.ci.tampa.fl.us/audit/audit_guides.htm) - From the City of Tampa’s Internal Audit Department. Available in Adobe Acrobat PDF format. The audit guides cover many functional and program areas of local governments such as fixed assets, inventory, cashiering, and more. Local government auditors should bookmark this site for future reference. Audit Programs (http://iron.utsystem.edu/home/AUD/programs/programs.htm) - From the UT Systems Audit Office. Includes programs and questionnaires for internal controls, information technology, payroll, and more. Audit Report Search Site (http://www.osc.state.ny.us/nsaa/) - From the National State Auditors Association. Provides audit reports from state auditors around the United States. There are summary paragraphs describing key information and a link to the complete report. Audit Report Writing Guide (http://www.psc-cfp.gc.ca/audit/metod1-e.htm) - From the Public Service Commission of Canada. Provides guidelines for the design, style, and content of the reports they publish. This document is an excellent resource for audit organizations developing their own guide. 284 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Audit Sentry - HIS Financial Products (http://www.ihsfinancial.com/products/audit/ audit.html) - A user-friendly Lotus Notes® or Windows 95®-based system that streamlines the audit process, from planning and performance to reporting. Audit Serve Inc. (http://www.auditserve.com) - Site provides technical articles on audit and security, discussion topics, question postings, system software release tracking, and job postings. A section of the home page is also devoted to year 2000 software issue. Issues relating to the century date change problem are described and a tracking system is provided which identifies whether software and hardware platforms are year 2000 compliant. The home page also contains a description of products and services offered by Audit Serve. For more information, send message to [email protected]. Audit Software and Security Utilities (http://www.rawnet.co.uk/) - Site provides downloadable demos of audit-related software and security programs, including a Random Password Generator, NT and Netware Security, Software Inventory, and more. Audit Survival Guide (http://www.stanford.edu/dept/Internal-Audit/docs/guide/) - From Stanford University. Provides information for staff on the audit process. This is a great resource for internal marketing of the audit function through demystification of the audit process. Audit Techniques Guide (http://www.irs.ustreas.gov/prod/bus_info/mssp/index.html) - I.R.S. market segment specialization program provides audit guides uses by examiners for 11 different industries. Good reference material for auditors reviewing air charters, architects, tobacco industry, and more. Auditbahn Glossary (http://www.auditnet.org/tag.htm) - Glossary of Internet terms for auditors, accountants, and financial professionals. The glossary is part of the AuditNet Project. For more information, contact [email protected]. AuditForce (http://www.auditforce.com/) - Consulting organization that provides internal audit and compliance expertise. Site has an e-zine with articles on topics of interest to auditors, including Internal Auditing and Controls in the Reengineered Company. Audit-L Discussion List - A generalized audit discussion list open to all auditors irrespective of industries and organizations. The list is intended to have a diverse membership so that broad perspectives from all auditors can be gained through interactive communication. While many specialized lists were created to address unique needs of specific industries or special interest groups, the concept of this list recognizes that many audit issues cross industry/organizational lines. Send subscription request to [email protected] with one line in the body of the letter: SUB AUDIT-L yourname. _____________________________ Appendix B — The AuditNet Resource List (KARL) 285 Auditing Government Funding (http://www.dhfs.state.wi.us/grants/Audit/IntroAud.htm) Web site from the Wisconsin Department of Health and Family Services provides information related to grants and contract audits. Auditing the Human Resources Function (http://www.auxillium.com/audit.htm) - Audit program provided by a Human Resource Consulting Firm outlines the basic approach as well as information that should be included to cover a regulatory compliance review. Auditmall (http://www.vfauditmall.com/) - Web site for VF Internal Audit: The internal audit department of VF Corporation, a Fortune 500 apparel company. Topics include our internal audit philosophy, internal controls, control self-assessment, employment opportunities, links to related sites, and much more. AuditMasterPlan (http://www.jebcl.com/) - AMP is a computer-based risk assessment, planning, and work tracking system for internal auditors. The site provides information about the product, and a downloadable demo is available. AuditNet Auditors Sharing Audit Programs (ASAP) - In the interest of “Progress Through Sharing,” auditors began submitting audit programs to listservs to share with their peers that requested assistance. The audit programs are those submitted by auditors in the worldwide community of AuditNet. If you would like to contribute a program, send it via e-mail to [email protected], or those auditors with AOL access may send the file to [email protected] using the attach file feature. AuditNet Communication Network for Internal Auditors (http://www.auditnet.org/ acnia.htm) - An electronic bulletin board providing internal auditors with a place to communicate with other professionals. Areas include internal auditing best practices (AuditBest), conferences and training seminars (AudiTrain), Internet books of interest to internal auditors (AuditBooks), job notices (AuditJobs), and other timely information. AuditNet E-mail Directory (http://www.ecu.edu.au/mra/resources/auditnet.html) - The AuditNet E-mail List was established for the purposes of fostering electronic communications among audit professionals in government, industry, and academic institutions. Listing in the AEL is by request. The e-mail directory is being maintained at Edith Cowan University ( http://www.cowan.edu.au/mra/home.htm) . E-mail the following request to [email protected] 286 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Please include me in a directory of e-mail addresses of auditors. I understand that this information will be used as a networking tool for auditors to maintain a communications link. Full Name (your REAL name, please): E-mail Address: Occupation: Company/Organization Name: Organization’s Web Page Address (if applicable): Industry Title: City: State: Country: Your Personal Web Page Address (if applicable): AuditNet Home Page (http://www.auditnet.org/) - This site contains information about the components of AuditNet, including the ARL, ASAP FTP site, AuditNet E-Mail Directory, and more. Links to the ARL and indexed pages facilitate connecting to related resources. AuditNet Internet Use Policy Resources for Internal Auditors (http://www.auditnet.org/ iupaudit.htm) - Site provides links to policy resources for Internet use, security, e-mail, and other related topics. AuditNet Resource List Home Page (http://www.auditnet.org/karl.htm) - The official hypertext version of the AuditNet Resource List that provides the most recent version of KARL, including links to each of the resources. AuditNet Year 2000 Resources for Auditors (http://www.auditnet.org/y2kaudit.htm) - Site provides links to year 2000 resources for auditors. AuditNet-L is a monthly mailing from AuditNet that provides the latest additions to the AuditNet Resource List, new audit programs added to Auditors Sharing Audit Programs, and more. To subscribe to AuditNet-L, which includes the monthly updates to Internet Resources for auditors, send an e-mail to [email protected] and in the body of the message put SUBSCRIBE AUDITNET-L (your name). Auditor Assistant (http://www.auditorassistant.com/) - A teamwork-based audit system using Lotus Notes. The site includes a description of how the system works, requirements, and a downloadable preview version of the program. Auditor General of Canada (http://www.oag-bvg.gc.ca) - The Annual Reports of the Auditor General of Canada are available on the Internet. The reports contain detailed information about the office and are organized based on the results of studies and audits completed. There _____________________________ Appendix B — The AuditNet Resource List (KARL) 287 is a searchable index built into the reports. There is also information about the office and publications and other materials. Auditor of the Commonwealth of Massachusetts (http://www.state.ma.us/sao/) - The Office of the State Auditor Web site provides information about the office and its divisions. Audit-Y2K Discussion List ([email protected]) - Discussion list devoted to year 2000 issues for auditors. This non-moderated list is open to all auditors interested in the year 2000 issue. Dyan Hudson, University of Texas at Austin, is the list owner. Subscribe by sending an e-mail request to [email protected] with the message Subscribe Audit-Y2K (your name). AuditZine (http://www.auditnet.org/aud_zine.htm) - A compilation of articles related to audit and accounting uses of the Internet. Provides links to articles or a bibliography entry of the article for ease of location. Australian Computer Emergency Response Team AUSCERT (http://www.auscert.org.au) is funded by the Australian Academic Research Network (AARNet) for its members. Located at The University of Queensland within the Prentice Centre, AUSCERT is a full member of the Forum of Incident Response and Security Teams (FIRST). AUSCERT maintains an anonymous FTP service at ftp://ftp.auscert.org.au. This archive contains past SERT and AUSCERT Advisories, and other computer security information. Australian National Audit Office (http://www.anao.gov.au/anaohome.html) - Web site of Auditing for Australia provides audit reports, audit strategy, better practices guides and publications, and more. Australian Society of CPAs Online (http://www.cpaonline.com.au) - Site includes information about the society, membership, regulations, professional development, services available through the Microsoft network, and available information resources. AutoAudit - Paisley Consulting (http://www.paisleyconsulting.com) - Paisley Consulting provides products and services that improve the efficiency and effectiveness of internal audit departments. Site includes the AutoAudit software, which is a complete workflow automation system designed to increase the productivity and effectiveness of medium and large-sized audit firms. Bank Administration Institute (http://www.bai.org/) - Provides information about BAI, links to emerging issues, and Certified Bank Auditor training material demo. 288 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Bank Internal Auditing (http://members.xoom.com/bankauditing/) - An e-library for bank internal auditing with links to related resources. Bankers Trust Software (http://www.bankerstrust.com/soft/) - Site provides information about financial and risk management systems. One system that may interest auditors is The Auditor’s Workstation, a Lotus Notes-based system. for streamlining the audit process. Barefoot Auditor (BFA) (http:/www.thebarefootauditor.com/) - Site with information about the Barefoot Auditor, a software auditing program. Downloadable demo is available from this site. Becker CPA Review (http://www.beckercpa.com/) - Site provides details about their CPA review course. There is an excellent description of careers in accounting and pay scales that would be useful for students exploring accounting-related positions. Benchmark Auditing in the Federal Audit Community (http://www.hhs.gov/ignet/faec/ bmrk.html) - Is an initiative from the Federal Audit Executive Council and resides on the IGNet server. The site provides information about benchmarking, including a definition, the reasons, and the auditor’s role. There is a list of references, a Code of Conduct, and links to other benchmarking sites. Benchmark Project Guide (http://www.dtic.mil/c3i/bprcd/0135.htm) from the DoD Electronic College of Process Innovation is a tutorial on How to Prepare for and Conduct a Benchmark Project. Excellent resource for auditors looking at organizational analysis issues. Benchmarking and Best Practices (http://www.tbs-sct.gc.ca/tb/iqe/bmrkg_e/indexe.html) Web site for the Treasury Board of Canada provides benchmarking and best practice information useful for auditors. The main page for their site also includes links to quality service guides for various aspects of government operations. Benchmarking Human Resources (http://www.wa.gov.au/gov/psmo/pubs/directory/guides/ hrpp/wdu/benchmk.html) - A navigation guide from the Western Australia State Government. This discussion paper provides an overview of HR benchmarking and strategies for identifying meaningful HR performance indices. Benefits-L Internet Resource is a comprehensive list of benefits resources for human resource professionals. This is an excellent point of reference for auditors and financial professionals to research and obtain background for reviews in the benefits area. Coverage includes health management, human resource information systems, payroll, ERISA, unemployment insurance, workers compensation, and other benefits-related issues. URL is http://www.mtsu.edu/ ~rlhannah/employee_benefits.html. The coordinator also maintains an employee benefits list. To subscribe, send a message to [email protected]. Leave subject blank and type in the message area: subscribe BENEFITS-L (your name). _____________________________ Appendix B — The AuditNet Resource List (KARL) 289 Best Practices Procurement Manual (http://www.fta.dot.gov/fta/library/admin/) from the Federal Transit Administration provides recipients of Federal Transit Administration (FTA) funds suggested procedures, methods, and examples for conducting third-party procurements to assist them in meeting FTA standards. Beta Alpha Psi (http://www.bap.org/index.htm) - Web site of the National Accounting Fraternity has information about the organization, scholarships, chapter links, student pages, and more. Better Practice Guides (http://www.anao.gov.au/bpgs.html) from the Australian National Audit Office are reports on specific areas of interest to auditors along with best practice information. Includes guides for selecting suppliers, travel, effective control, performance information, and more. Binomial International (http://www.binomial.com) - Site for Disaster Recovery Planning contains valuable information for auditors. Also includes links to over 400 DRP sites. A free monthly newsletter is available by sending a message “subscribe disaster recovery” to [email protected] or via the homepage. Bisk Publishing Company (http://www.bisk.com/) - Site for the provider of educational materials for auditors and accountants. Site search engine available to locate information. Board of Audit of Japan (http://www.jbaudit.admix.go.jp/engl/) - Web site provides status and history of the office and their audit activities. Boston College Internal Audit (http://www.bc.edu/bc_org/fvp/ia/home/home.html) - The Information Security and Internal Control Awareness home page from the Boston College Internal Audit Department. Site includes information about the office, network security, software copyright information, end-user computing, and AuditNews that covers articles of interest to auditors compiled from other journals. BrainTree Security Software (http://www.sqlsecure.com/) - Vendor Web site provides information about their products for security solutions for relational databases. White papers available on PeopleSoft data security and more. Brevard County Internal Audit (http://199.241.8.81/pages/interaud.htm) - Provides information about the office and online versions of recent audit reports. British Columbia, Office of the Auditor General (http://www.oag.bc.ca/) - Site provides information about the office and the reports produced. Also includes links to other related sites. 290 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Building and Auditing a Trusted Network Environment with Netware 4.x (http:// developer.novell.com/research/appnotes/1994/april/a1frame.htm) - Online guide from Novell includes a security overview, security basics, and audit guidelines for Novell networks using Netware 4.x. Bureau of Economic Analysis (http://www.bea.doc.gov/) - Web site for the nation’s economic accountant. Business English Online (http://eleaston.com/biz/bizhome.html) - This wide and varying index covers all matters of business language. Business English Online links to sites that help users with their language in business presentations, multi-lingual assistance, and business writing. Resources range from glossaries of accounting definitions to vocabulary quizzes of real estate terms. Business Ethics Resources on WWW (http://www.ethics.ubc.ca/resources/business/) - Provides links to sites related to the subject. Business Finance (http://www.businessfinancemag.com) - Provides practical information for the financial manager. Selected sections of the magazine will be available online. Includes a comprehensive list of Web Resources for Controllers. Business Fraud Detection Services (http://getzoff.com/business_fraud/business_fraud.html) - Site of a fraud examination consultant. Includes a checklist of 20 ways to detect fraud. Business Netiquette International (http://www.bspage.com/1netiq/Netiq.html) - Provides a guide for business to business e-mail. Auditors new to the online world will find this a useful resource for proper business communication formats for new technology. Business Now (http://www.ey.com/idea/real/bus_now.ra) - A television news magazine in online in Real Audio which is available for download at http://www.real.com Business on the Web Management Guide (http://www.butlergroup.co.uk/) - Go to free publications section. This is an excellent guide that auditors can use in evaluating the organizational decision to establish a Web site. The Guide includes a chapter on security issues. Business Process Resource Centre (http://bprc.warwick.ac.uk/index.html) at the University of Warwick provides links to other sites on the topics of reengineering business processes, discussion forums, a glossary of terms, articles, reports, and documents. Business Research on the Internet (http://www.intellifact.com/tutorial.htm) - A tutorial on doing business research. It covers online research basics, finding company information, keeping up with business news, researching markets and industries, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 291 Business Researcher’s Interest (http://www.brint.com/BPR.htm) - A comprehensive site of links to business process reengineering and innovation. Includes papers, handbooks, projects, tools, and links to other BPR resources and related sites. Business Resources on the Internet (http://lib-www.lanl.gov/infores/bus/bus.htm) - Web site provides a comprehensive list of business resources useful for auditors such as business information databases, directories, electronic publications, and more. Business Software Alliance (http://www.bsa.org/bsa/) - A worldwide organization charged with fighting software piracy on behalf of their members, the industry’s leading publishers of productivity software. Site provides statistics on software piracy, reports, and an FTP archive of files. There is a comprehensive guide to software management available, which includes all of the elements to set up a software management program. Business Tools (http://www.toolkit.cch.com/tools/tools.htm) - Web site from CCH that provides a comprehensive list of ready-to-use templates, checklists, and model business documents. You never know when one of these documents may come in handy! Business Upshot (http://www.ey.com/upshot/) - A business magazine and newsletter from Ernst & Young. There are articles and ideas from more than 200 E&Y publications as well as an idea clearinghouse, career information, and more. Business Week Enterprise (http://enterprise.businessweek.com/) - A resource center for small business owners from Business Week. Site includes a News Center covering current issues from the small business owner’s perspective. Also contains advice columns, site recommendations, financial calculators, and more. CA-Xchange (http://www.cax.org/) - Web site that is described as a meeting place for Canadian chartered accountants and friends. There is information about the organization, links to other relevant sites, and members-only links. California Institute of Technology Internal Audit Department (http://www.cco.caltech.edu/ ~iaudit/~iaudit.html) - Web site provides information about the office, internal control descriptions, the audit process, and more. California State Association of County Auditors (http://www.co.sanmateo.ca.us/controller/ auditchf.htm) - Web site provides a list of California counties and their auditors, a list of audits performed with contacts, and links to other sites. California State Auditor (http://www.bsa.ca.gov/bsa/) - Site provides information about the office, employment opportunities, audits reports issued by both the Bureau of State Audits as well as the Auditor General. Audit reports may be ordered from this Web site. 292 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ California State Controller’s Office (http://www.sco.ca.gov/) - Details about the office, including responsibilities and functions. The home page provides links to the Controller’s Monthly Revenue Updates, Controller’s Quarterly Reports, and a response to the May 1995 Performance Audit. The response is an excellent example of a detailed plan with corrective action identified. Can-AccTech (www.can-acctech.com) - The Canada-Accounting Technology centre features a discussion list where Canadian accountants, financial professionals, accounting technology developers, and resellers can swap ideas, problems, and experiences in an open exchange of views. Can-AccTech - Discussion list where Canadian accountants and financial professionals can swap ideas, problems, and experiences in an open, unmoderated exchange of views and comments. The Can-AccTech discussion forum may lead to the development of further information sources and assistance in technology matters specifically geared to the needs of accountants and financial professionals. To join Can-AccTech, send an e-mail message to: [email protected]. and, in the e-mail message body state: subscribe can-acctech. You will receive, via return e-mail, an acknowledgement of your free subscription, along with information on how you can participate in Can-AccTech. If you have any questions about Can-AccTech, please e-mail the list owner, Richard Morochove, at: [email protected] Canadian Environmental Auditing Association (http://www.mgmt14k.com/ceaa/) - Organization dedicated to development of the practice of environmental auditing. Site provides background on the organization. Canadian Institute of Chartered Accountants (CICA) established a Chartered Accountants of Canada Web homepage (http://www.cica.ca). The site will contain links to the provincial institutes. There are also links to accounting and consulting practices of accounting firms, national and international accounting organizations, and activity areas including accounting and audit. While much of the site is under construction, there are excellent links to environmental accounting resources and activities. Canaudit (http://www.canaudit.com/) - Web site for continuing education/training for internal audit, and information systems audit. Features include information about their services, a newsletter, and more. Carratu International (http://www.carratu.com/) - Web site of a fraud and security consultant. Includes a description of services offered and bulletins (in Adobe Acrobat format) on corporate fraud, risk analysis, and more. CaseWare (http://www.caseware.com/) - CaseWare International is a producer of engagement and reporting software. _____________________________ Appendix B — The AuditNet Resource List (KARL) 293 CCH Incorporated (http://www.cch.com/) - Site for the publisher of tax, accounting, and auditing materials. Cellular Telecommunications Industry Association (CTIA) Antifraud Internet Mailbox The CTIA Fraud Task Force set up a hotline tip box for reporting incidents of cellular phone hacking. CTIA is soliciting information on any type of illegal phone activity. The mailbox is administered by Decision Strategies International (DSI), a Washington, DC-based investigative consulting firm. Send Task Force messages to cell [email protected] or anonymously [email protected]. Encrypted messages can also be sent using PGP. The PGP public key for Decision Strategies can be obtained by sending an e-mail message to [email protected], with [email protected] in the body of the message. Center for Performance Measurement (http://www.icma.org/abouticma/programs/performance/index.cfm) - Web site from the International City Manager’s Association is dedicated to helping local governments measure, compare, and improve municipal service delivery. The site contains sample performance measures for selected services and a library of articles on the topic of performance measurement. CERIAS (http://www.cerias.purdue.edu/index.html) - Web site for the Center for Education and Research in Information Assurance and Security. There are links to the various programs supported by the Center including COAST. CERT (http://www.cert.org/) - The Computer Emergency Response Team Coordination Center site is a focal point for computer security concerns of Internet users. There are links to CERT advisories, the CERT ftp archives, FAQs, and more. Certified General Accountants’ Association of British Columbia (http://www.cga bc.org/) Site provides information about the association, tax tips, links to accounting associations, and more. Certified General Accountants’ Association of Canada (http://www.cga canada.org) - Provides information about the CGA structure, programs, publications and more. CFO Council (http://financenet.gov/cfo.htm) - Link to the organization of the chief financial officers and deputies of the largest federal agencies, OMB, and treasury officials that work together on improving federal financial management. CFO Publishing Online (http://www.cfonet.com/) - Web site for CFOs, treasurers, controllers, and other financial executives. Current and archived issues of Treasury & Risk Management and CFO Magazine. 294 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ CGA Magazine (http://www.cga-canada.org/eng/magazine/defaults.htm) - Web site of the monthly bilingual journal of the Certified General Accountants’ Association of Canada. Professional journal with informative and timely articles on various accounting-related subjects. Chartered Institute of Management Accountants (http://www.cima.org.uk/) - Web site provides information about the CIMA and describes management accounting. Chartered Property Casualty Underwriters Society (http://www.cpcusociety.org/index2.htm) - Web site of insurance professionals containing information for consumers covering areas such as insurance law, finance, ethics, and management. CharterNET - Web server for the Institute of Chartered Accountants in Ireland (ICAI). This site (http://www.icai.ie/) provides information about the ICAI services and online library of materials. There is also a description of the business network reaching out to chartered accountants working in industry, commerce, and the services sector. Check Fraud: A Guide to Avoiding Losses (http://www.occ.treas.gov/chckfrd/contents.htm) from the Office of the Comptroller of the Currency provides guidance on a major organizational issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check-cashing guidelines), and more. Chesapeake Audit Services Department (http://www.chesapeake.va.us/services/depart/audit/audit.html) - Web site provides contact information for the office. Chesterfield County Internal Audit (http://www.co.chesterfield.va.us/ManagementServices/ InternalAudit/iahome.htm) - Web site provides information about the office and an e-mail contact. Chicago Housing Authority Inspector General (http://www.thecha.org/Inspect_Gen.htm) Web site provides information about the office, job opportunities, and more. Clark County Internal Audit (http://www.co.clark.nv.us/intaudit/Intaudit.htm) - Web site provides information about the office, audit process, audit plan, audit programs, and more. Clerk’s Internal Audit Department (http://www.clerk.collier.fl.us/internal_audit.htm) - Web site of the Collier County Clerk of the Circuit Court Internal Auditor provides information about the office, audit plan, reports issued, and more. Client Satisfaction Measurement Questionnaire (http://www.psc-cfp.gc.ca/audit/metod2e.htm) from the Public Service Commission of Canada provides a format for measuring audit customer satisfaction. This questionnaire is an excellent resource for audit organizations interested in measuring customer satisfaction. _____________________________ Appendix B — The AuditNet Resource List (KARL) 295 CoActive Connection (http://www.coactiveconnection.com) - The Tongren and Associates Web site provides information on CoActive Audit, CoActive Control, CoActive Governance and CoActive Risk as well as a library of articles on the above principles. COBIT (http://www.isaca.org/ct_dwnld.htm) - The Control Objectives for Information Technology from ISACA. The Executive Summary, the Framework, and the Control Objectives are available for download in Adobe Acrobat (PDF) format. COBIT Listserv (COBIT-List) - Created to facilitate discussion about COBIT among members. By exchanging knowledge through the listserv, subscribers are sure to find answers to their questions and advice for improving implementation procedures. Subscribe to the COBIT listserv by sending the following e-mail message to: [email protected], SUBJECT SUBSCRIBE cobit-list, and leave the MESSAGE BODY blank. Code of Federal Regulations on the WWW (http://www4.law.cornell.edu/cfr/34cfr.htm) The Code of Federal Regulations is the official, subject matter order, compilation of the federal regulations of a general applicability and legal effect that are currently in force. In accordance with section 1510(d) of title 44 of the U.S. Code, the Code of Federal Regulations is compiled by the Office of the Federal Register of the National Archives and Records Administration. The Code is divided into 50 titles by subject matter. Each title is divided into sections. Sections within a title may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions. Titles may also have appendices that may be divided into sections, rules, and/or forms. Colorado State Controller’s Office (http://www.state.co.us/gov_dir/gss/acc/) - Web site for the organization that manages the financial affairs of the state by providing financial information, issuing fiscal policies, ensuring timely recording of the budget, and providing accounting consulting services to state agencies. The site includes general information as well as reports and publications. Columbia University Internal Audit (http://www.columbia.edu/cu/ia/) - The Columbia University Web site has a section devoted to their internal audit department. The section includes A Guide to Internal Controls, Internal Control Issues, and Auditing at Columbia University: A Service to Management. The last document is an excellent guide that other audit organizations could follow to educate management and departments about internal auditing. Commonwealth of Australia Department of Finance (http://www.finance.gov.au/) - Provides information about the Australian Department of Finance including mission statement, organization structure, and links to other organizations. There is also a link to the Commonwealth Budget, which could assist auditors in reviewing budgets for their own organizations. 296 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Compliance Desk (http://www.compliancedesk.com/) - Provides news and resources for the compliance professional. There are links to year 2000 resources, articles, news, and reference for the banking industry. Hot links are provided to the Top 100 Banks and the Top 100 Bank Holding companies and more. Comprehensive Info-Surety Database (http://pc31.ca.sandia.gov/) - Site maintained by Dr. Frederick Cohen contains a potpourri of security-related information, including numerous articles related to IT audit, lists of attack and defense methods, studies of emerging information protection technologies, national infosecurity technical baselines, and other information to aid the auditor in keeping current and effective on leading edge security issues. Computer and Network Security (http://www.netsurf.com/nsf/index.html) - Netsurfer Focus addresses the issue of computer and network security. This electronic magazine is available on the Web site and also via e-mail. To obtain Netsurfer Focus directly via e-mail, send message to nsdigest [email protected]. In the body of the message type: subscribe nsdigest html or subscribe nsdigest text . Computer-Assisted Audit Tools and Techniques (CAATT-L) - A forum for exchange of ideas, experiences, and information related to automated audit tools and techniques, such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and automated audit workpapers. It is a closed discussion list hosted by RAIN, a regional networking services provider. To subscribe, include “subscribe” in the body of your e-mail message to [email protected] Computer Control and Audit Guide (http://arts.uwaterloo.ca/ACCT/acct.html) - Prepared by Professor J. Efrim Boritz, a recognized accounting scholar. It is an overview and reference source pertaining to computer control and audit issues with which an accountant or financial manager should be familiar. This guide can be used as a text in a course or for self-study. This guide is organized into three logically related parts as follows: risks and exposures in computer-based information systems; computer controls, objectives, standards, and techniques; and computer auditing issues. Go to People-Faculty-J. Efrim Boritz for the Guide. Computer Operations, Audit, and Security Technology (COAST) (http:// www.cerias.purdue.edu/coast/) - Project Computer security research project in the Computer Science Department at Purdue University. Exploring new approaches to computer security and computer system management. COAST has a comprehensive archive containing tools, papers, technical reports, documentation, announcements, alerts, security patches, and newsletters. Areas of interest include, but are not limited to, access control, authentication, criminal investigation, e-mail privacy, firewalls, and incident response. _____________________________ Appendix B — The AuditNet Resource List (KARL) 297 Computer Security Awareness Training (http://wwwoirm.nih.gov/sectrain/index.html#intro) - A computer-based training course. There is also an accompanying document available for download with an overview of basic computer and information security practices. Computer Security Institute (http://www.gocsi.com/) - Web site of the oldest international membership organization for training information security professionals. This site provides excellent information on computer security issues, including current issues and trends, technology links, and valuable Guides to Computer Security for Managers in the areas of e-mail security, Internet security, computer viruses, communications fraud, and computer security awareness. Free registration required for online access to the Guides. Computer Security Publications from NIST - send e-mail to [email protected] with the message “send index” for a list of NIST computer security publications. To retrieve copies of the publication via e-mail, send message “send <document filename>. The NIST also distributes a Computer System Security Laboratory Newsletter via the Internet. Send e-mail message to [email protected] with the message “subscribe csl newsletter”. Computer Security Resource Clearinghouse (CSRC) (http://csrc.ncsl.nist.gov/) - The NIST Computer Security Division maintains an electronic clearinghouse to encourage the sharing of information on computer security. The CSRC contains computer security awareness and training information, publications, conferences, and software tools as well as security alerts and prevention measures. The CSRC system is available 24 hours a day, seven days a week. NIST does not charge a usage fee for this service. Access the CSRC system via the Internet (http, gopher, and ftp). To connect via Gopher and FTP, use the following: gopher csrc.ncsl.nist.gov or 129.6.54.11 ftp csrc.ncsl.nist.gov or 129.6.54.11. For users with internet accessible e-mail capability, send e-mail to: [email protected] with the following message: send filename</ em>, where filename is the name of the file you wish to retrieve. Users can also use a http client by dialing into the CSRC at 301 948 5717. Computerized Accounting Home Page (http://www.accounting.org/) - Site maintained by SBT Accounting Systems as a courtesy to accounting users and professionals. Provides analysis of computerized accounting software and reviews of current systems. Also contains links to audit, accounting, and business-related sites. For more information, send e-mail to [email protected]. Confederation of Asian and Pacific Accountants (http://www.capa.com.my) - Web site for a professional organization provides information on projects, articles, publications, links to other CAPA bodies, an Accountant’s Forum, and more. Conference Audit Guide (http://www-tradoc.monroe.army.mil/irac/guides/g-conf.html) Provides information and guidance for performing audits of conferences, symposiums, and workshops. 298 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Connecticut Auditor of Public Accounts (http://www.state.ct.us/apa/) - Web site provides information about the office, types of audits performed, reports, employment information, and more. Connecticut Office of the State Comptroller (http://www.state.ct.us/otc/) - Home page provides an overview of the office, press releases, reports, manuals, and an excellent page of links to other State Comptrollers on the Net. Construction Financial Management Association (http://www.cfma.org/) - Site provides information about the organizations, publications, a job bank, and more. Continuous Quality Improvement Server - The CQI Server (http://deming.eng.clemson.edu) at Clemson University’s Department of Industrial Engineering supports global efforts in quality improvement and education in quality. CQI includes tutorials on CQI, links to the Deming Electronic Network, the Community Quality Electronic Network, discussion lists on TQM, and other quality-related sites. Control Co-Assessment (http://www.vfauditmall.com/CCA/ccashop.HTM) - Provides the VF Corporation’s approach to control self-assessment. Control, Risk and Governance (http://www.cica.ca/) - from the Canadian Institute of Chartered Accountants provides an overview of the Criteria on Control, the exposure draft CoCo report, newsletters, publications, and articles from CA Magazine. Look under Studies and Standards in What’s New July-September 1998. Great resource for auditors implementing CSA. Control Self-Assessment (http://vpf-web.harvard.edu/audit/home/CSA_frame_bot.html) From Harvard University provides an introduction, questionnaire, guidance on completing the questionnaire, and reference material. Control Self-Assessment Center (http://www.theiia.org/csa/csa.htm) at The IIA provides comprehensive information and material on CSA, including qualification, certification, conferences, seminars, and educational products. Control Self-Assessment (CSA-L) Mailing List - An unmoderated discussion list devoted to Control Self-Assessment and open to anyone with an interest in discussing issues related to CSA. CSA is a process that allows work groups to identify or refine the business and quality objectives that they should be fulfilling, while assessing the adequacy of plans and controls in place to meet those objectives. To join the list, send a message to [email protected] with the text SUBSCRIBE CSA-L. You will receive an acknowledgment and a message with administrative issues. _____________________________ Appendix B — The AuditNet Resource List (KARL) 299 Control Self-Assessment Resource Center (http://www.jhw.com/~jhw/csa/) - Web site provides links to CSA resources available on the Internet. Control Self-Assessment Workshop (http://iron.utsystem.edu/home/AUD/OTHERINF.HTM) - Participant Manual is available from the UT System Audit Office. The manual serves as an excellent example of a training document for the CSA process. Controls Assessment Tool (http://oig.ufl.edu/cat.htm) - Comes from the University of Florida Office of the Inspector General. The survey consists of questions that address controls in a variety of business processes, such as Planning and Policy Making, Budgeting and Performance Measurement, Procurement, Personnel and Fiscal Management, and more. Corporate Credit Card Best Practice Guide (http://www.audit.nsw.gov.au/corpcd98/ crdtcard.htm) - From the Australian Government provides a policy, controls over card issues, operational controls, and more. Corporate Governance (http://www.corpgov.net/) Web site covers issues related to management accountability within organizations. There are links to sample policies, library reference materials, forums and more. Corporate Review, Evaluation and Audit (http://www.ncr.dfo.ca/communic/cread/english/ index_e.htm) - Web site of the Canadian Department of Fisheries and Oceans audit organization which access to their service standards and reports and links to other sites. Corporate World Wide Web Strategy: Development, Implementation and Audit (http:// ourworld.compuserve.com:80/homepages/bfelmly/webdoc.htm). This is an excellent guide for information systems audit professionals for understanding auditing issues associated with the Internet and the Web. Cost Accounting Discussion List - The Southeast Conference on College Cost Accounting sponsors this list dealing with cost accounting issues, OMB Circulars A 21, A 110, A 128 and other related issues. To subscribe, send message to [email protected] Cost Estimating Handbook (http://www.jsc.nasa.gov/bu2/PCEHHTML/pceh_c.htm) - An excellent resource tool for auditors and accountants. The Handbook provides statistical techniques and development guidelines for cost estimation, acceptance criteria for cost estimation, guidelines for auditing and analyzing a cost estimation relationship, elements of good estimating practice, and more. 300 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Cost Performance Model for Assessing WWW Service Investments (http:// www.ctg.albany.edu/projects/inettb/SpreadSheets.html) - A set of tools designed to assist organizations in estimating the likely costs and benefits of developing a Web-based service. This is an excellent tool for auditors looking to evaluate the organizational cost and ROI for Web-based services. Cost Principles - Procedures for Developing Cost Allocation Plans (http://www.hhs.gov/ progorg/grantsnet/state) - An implementation guide for OMB Circular A-87. Council of Higher Education Internal Auditors (http://www.wlv.ac.uk/ias/cheia/ welcome.html) - Web site provides information about the organization, newsletter, internal audit links, and an e-mail discussion list. Count (http://www.count.org/) - Web site dedicated to providing tips and resources for accounting students, educators, and professionals. The site includes a job center, articles, and a software section. County Auditor’s Association of Ohio (http://www.caao.org) - Professional organization Web site provides a directory of county auditors, a virtual tour, and fiscal responsibilities. CPA Exam Home Page (http://www.ais cpa.com/) - Site sponsored by Accounting Institute Seminars provides information about changes in the CPA exam, the exam structure, applying to take the exam, and answers to recent exams. This is a good resource for auditors planning for the CPA exam. They also include a schedule of upcoming AIS seminars for candidates. CPA Journal (http://www.cpaj.com/) - A subscription publication directed at public practitioners, management, educators, and other accounting professionals. The Web site provides access to the lead story as well as a comprehensive collection of links to Internet resources for CPAs. CPAnet (http://www.cpalinks.com/) - Site includes links under categories such as the Audit Zone, CPA toolbox, Tax Zone, Government, Orgs and Firms, an articles archive, and more. CPANews (http://www.webnetcpa.com/cpanews/) - A weekly electronic newsletter dedicated to reporting events, developments and news for CPA firms, and financial professionals. CPAonline.net (http://www.cpaonline.net/) - Web site for professional accountants provides a free subscription to the Accountant’s Ledger magazine, a free e-mail account, a free Web page, a free listing in the Accountants Referral Service, and access to the Accountants Conference Center. Registration required. _____________________________ Appendix B — The AuditNet Resource List (KARL) 301 CPAS-L Internet Accounting List/Forum for CPAs is a free list/forum for CPAs in public practice, private industry, and government. The list, hosted by Loyola University Department of Accounting, provides an unmoderated forum for discussion of all aspects of the practice of accounting. Subscribe by sending an e-mail to [email protected] and leave the subject line blank. Message should read SUBSCRIBE CPAS-L first_name last_name firm/company/organization. cpaSPAN (http://www.cpaspan.com/index.html) - Web site forum for trustees and administrators of multi-employer employee benefit plans. The 1040 Corner and employee benefit news section includes related articles on fraud, Year 2K, derivatives, and more. CPA Wire (http://www.calcpa.org) - Home page of the California Society of CPAs. Provides information about the organization, meeting information, links to other state societies, and more. For more information, send message to [email protected]. CPEInternet (http://www.cpeinternet.com/) - Provides continuing professional education for accountants and auditors via the Internet. Course catalog includes training in business, accounting/auditing, taxation, consulting, and more. Free demos and course previews available. CPENet (http://www.cpenet.net) - A nonprofit, online continuing education service designed by a group of certified financial professionals, all of whom have been active as practitioners and trainers for many years. CPENet originates from our concern that outsourcing, downsizing, and slashed training budgets are making high quality CPE more and more difficult for CPAs, CIAs, CISAs, CMAs, CFEs, and CGFMs to obtain. The purpose of CPENet is to reduce the cost to the individual professional of high quality, continuing professional education. CPENet is a National Association of State Boards of Accountancy (NASBA) continuing education sponsor (#95 000739 97). E-mail comments to: [email protected]. CPE-Tracker (http://www.cpe-tracker.com/) - Web site for Continuing Education tracking and resources for professionals provides various services for auditors and accountants. Services include searching for CPE, tracking, CPE requirements, CPE providers, and more. CRA Wiz – PCI Services Inc. (http://www.pciwiz.com) - CRA Wiz™ is a family of Windows™ based software tools for compliance professionals in the CRA and Fair Lending fields. The three tools are the Database Analyzer, the Geocoder, and the Mapper. All are Windows™ based and can be operated and purchased as an integrated system or independently of each other. Creative Financial Staffing (http://www.cfstaffing.com/index.html) - Web site for an accounting and financial placement firm. Includes articles for companies about staffing, human resources, and accounting industries. There are resume, job search, and interviewing tips for job seekers. There is also a financial and accounting salary guide. 302 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Credit Union Internal Auditors Association (http://www.cuiia.org/MainPg.htm) - Web site provides information about the CUIAA, a useful discussion forum, and more. Credit Union Internal Auditors Mailing List - Discussion list for credit union internal auditors. To join this Internet mailing list, send an e-mail to [email protected] and include the following: “subscribe cu-ia” in the body of the message. Crystal Reports – Seagate Software (http://www.crystalinc.com/crystalreports) - Seagate Crystal Reports accesses more than 30 data sources, has powerful data analysis capabilities and report type options, and produces presentation-quality output. CTI-CCC-AUDIT - Auditing and accounting mailing list sponsored by the CTI Centre for Accounting, Finance and Management at the School of Information Systems, University of East Anglia, UK. The list is open to anyone interested in auditing who wants to be in contact with others with similar interests. This is a listserv. To subscribe, send an e-mail message to [email protected] and state in the message Join cti-acc-audit Firstname Lastname. Curtin Control Assessment (http://www.curtin.edu.au/curtin/audit/iad7b.htm) - A management tool utilized at the university enabling managers to informally assess their control processes. Curtin University Internal Audit Department (http://www.curtin.edu.au/curtin/audit/ index.htm) - Web site includes their charter, mission, resources, and links to other Internet locations. Customer Service Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/cus_ser.e.html) - from the Treasury Board of Canada provides information for conducting a review in this area. Cybercop Home Page (http://www.well.com/user/kfarrand/index.htm) - Site provides a number of links to crime prevention and investigatory resources. The training schedule for the Financial Fraud Institute at the Federal Law Enforcement Training Center. For more information, contact [email protected] Dallas City Auditor (http://www.ci.dallas.tx.us/html/city_auditor.html) - Web site provides information about the office, FAQs, and a program description. Data Collection and Analysis Site (http://www.deakin.edu.au/~agoodman/sci101/) - Web site from Deakin University in Australia provides a comprehensive guide on the scientific process of collecting and analyzing data. Particularly useful chapters for auditors on surveys, sampling, and techniques. _____________________________ Appendix B — The AuditNet Resource List (KARL) 303 Data Extraction and Analysis Mailing List. Established March 1, 1995, on America Online to be a moderated discussion forum for the exchange of ideas related to the use of ACL, IDEA, Microsoft Access, and any other data extraction and analysis software. ACL, IDEA, and Microsoft Access are PC-based software that allow users to easily read, analyze, and report on data. On a biweekly basis, the moderator sends a summarized document that organizes the ideas sent during the previous two-week period. The mailing list is not a forum for technical questions (other than idea questions such as “Is it possible to use ACL for accounts receivable test work and does anyone have a good way to do this?”). All technical assistance questions should be directed to ACL, IDEA, Microsoft Access, or other software technical support. All messages and subscriptions should be sent to [email protected] with one line in the body of the letter: SUB DE&A. It would be appreciated by the moderator if the person’s real name, organization, software type, and number of years’ data extraction and analysis has been used be included in the message. Day Timer Resource Library (http://www.daytimer.com/resource/library/) - Provides online articles on time management. D.C. Inspector General (http://www.dcig.org/) - Provides information about the office, media releases, reports, and more. Decision Strategies (http://www.dsfx.com/) - International investigative consulting and business intelligence firm serving a worldwide corporate, legal, government, and financial industry clientele. The Decision Strategies home page contains an electronic newsletter on topics of interest to the audit community. Defense Contract Audit Agency (http://www.dcaa.mil/) - Web site for the agency responsible for performing all contract audits for DoD and providing all accounting and financial advisory services for contracts and subcontracts in DoD organizations. Site includes background information about the organization, vision and goals, audit guidance, and more. Auditors involved in reviewing contracts will find useful guidance at this site. Delaware Auditor of Accounts (http://www.state.de.us/auditor/index.htm) - Office of the Auditor of Accounts for the State of Delaware. Provides information about the office and links to economy and efficiency reports issued by the office. Denver Auditor’s Office (http://www.denvergov.org/dephome.asp?depid=228) - Provides information about completed audits, city budget, technology update, and more. Department of Accounting, Finance, & Information Systems (http:// www.afis.canterbury.ac.nz/acct.htm) - University of Canterbury, Christchurch, New Zealand. This is a WWW site with subjects on accounting, finance, and information systems. 304 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Department of Commerce Inspector General (http://www.oig.doc.gov/) - Web site provides information about the office, online reports, and more. Dial-Up Auditor (http://www.InfoProtect.com/) - A PC-based communication and database software risk identification tool that quantifies exposure to unauthorized dialup access. The site has information about the product as well as a downloadable demo. Directorate of Counter Fraud Services (http://www.doh.gov.uk/dcfs/index.htm) - Web site provides information about health care fraud in the United Kingdom, the types of fraud, and a fraud strategy. Disaster Recovery Journal (http://www.drj.com/) - Home page for a magazine dedicated to business continuity. Links are available to a variety of disaster recovery sites, disaster recovery service providers, and selected articles and highlights from past issues. Double Entries. To receive this list, register your name and e-mail address via the Register option on the AccountingEducation.com Web site. Go to http://www.accountingeducation.com. To be removed from this list, please send e-mail message to: [email protected]. Dr. Solomon’s Audit (http://www.drsolomons.com/) - Vendor of a PC auditing solution. Also includes useful information about the subject of PC auditing. Duke University Internal Audit (http://www.duke.edu/web/iaudit/audit.html) - Web site provides information about the office, a self-assessment survey, and more. DuPage County Auditor’s Office (http://www.co.dupage.il.us/auditor/index.html) - Local government audit office that includes the role of the county auditor, summaries of revenues and expenditures, and abstracts of audit reports issued the county auditor. Contains links to federal, state, and local government sites and specifically sites of interest to local government professionals. East Texas State University - ETSU established a Gopher home page which includes the Audit Resources List, Contingency Planning/Disaster Recovery Planning Guidelines, Information Security Standards, Information Security & Risk Management (Policy, Standards and Guidelines) gopher://etsuodt.etsu.edu:70/11/Administrative%20Departments/Internal%20Audits. Economic Crime Prevention (http://www.rcmp-grc.gc.ca/html/ecbweb.htm) - Web site that provides information about current criminal behavior trends in such areas as fraud, computer crime prevention, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 305 Economic Indicators (http://www.gpo.ucop.edu/catalog/econind.html) - from the Government Printing Office provides access to the monthly federal economic indicators. Great site for statistical economic analysis information. Economics, Essential Principles (http://william-king.www.drexel.edu/top/prin/txt/ EcoToC.html) - A hypermedia text on the subject. The comprehensive text covers both micro and macroeconomic principles and is a good refresher for auditors on economic principles and theories. Economics of the Internet (http://www.sims.berkeley.edu/resources/infoecon/) - Web site provides data on the economics of the Internet, Information Goods, Intellectual Property, and Related Goods. Worthwhile site for auditors looking for background information for Internet audits. EDI Implementation Guide (http://www.pa.gov.au/ec/ediguide/editoc.htm) - from the Australian Government. Provides control audit and security issues, implementation plans, standards, and more. EDIFICAS Schwiez (http://www.firmnet.ch/edificas/) – An awareness group formed to establish EDI accounting and auditing guidelines. Includes an excellent article, “The Auditor in the EDI Environment,” which discusses the auditor’s role, answers to new requirements, and the auditor’s use of information technology. Edith Cowan University Management Review and Audit (http://www.cowan.edu.au/mra) ECU MRA site includes information about the function and their audit plan. Also includes articles written by staff, links to other Internet audit resources, e-mail discussion lists, and search tools. Effective Control Guide (http://www.anao.gov.au/bpg_framework/home.htm) from the Australian National Audit Office covers the control issues and provides a control framework for a government organization. Electronic Accountant (http://www.electronicaccountant.com/) - An accountant’s Web magazine and resource guide. This e-zine includes reviews of accounting software, a buyer’s guide, and online discussion groups, including accounting and auditing. Emory University Office of Internal Audit (http://www.cc.emory.edu/IAD/home.html) - Web site provides background information, staffing, mission, and more. Employment Opportunities in Public Financial Management - FinanceNet established a discussion list ([email protected]) for notification of Federal, state, and local employment opportunities in public financial management. A corresponding newsgroup (fnet.fin.jobs) en- 306 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ courages discussion and dialog on employment issues in the public financial management profession. Send message to e-mail [email protected] for more details. Enterprising Associates (http://members.aol.com/EAlimited/OURPAGE/index.htm) - An information technology audit, computer security, and consulting practice. The site includes The Computer Advisory with articles on computer security and auditing. A free ram resident utility providing a fix to the year 2000 problem for PCs is also available for download. Environmental Accounting Project (http://www.epa.gov/opptintr/acctg/) - Mission is to encourage and motivate business to understand the full spectrum of their environmental costs, and integrate these costs into decision making. The site provides links to many resources, case studies, and other information on environmental issues. Environmental Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/envguid.e.html) from Consulting and Audit Canada provides information for reviews in this subject. Environmental Auditing Program (http://www.pca.state.mn.us/programs/audit_p.html) Provides information from the Minnesota Pollution Control Agency, including audit checklists for above ground tanks, underground tanks, spills, and more. Environmental Finance Financial Tools Guidebook(http://www.epa.gov/efinpage/guidebk/ guindex.htm) - EPA reference guidebook of more than 250 tools for financing environmental programs. Great reference tool for auditors reviewing environmental programs and their respective financing. Environmental Protection Agency Office of the Inspector General (http://www.epa.gov/ oigearth/) - Web site provides information about the office branches, audit reports, and more. Their customer service rules and strategic plan provide excellent sample frameworks for other audit offices. Ethical Business Guide (http://nt1.ids.ac.uk/eldis/hot/ethics.htm) - Web site with links and material covering non-financial benchmarks of institutional/corporate activity, including social and environmental impacts and anti-corruption measures. Ethics and Security Site (http://www.unm.edu/~dave) - University of New Mexico Security Administrator Dr. David Grisham established a comprehensive FTP site ([email protected]) of policies for ethics and security. European Accounting Association (http://www.birmingham.ac.uk/EAA/) - Site contains information about the EAA, its publications, conferences, and links to other resources. _____________________________ Appendix B — The AuditNet Resource List (KARL) 307 European Court of Auditors (http://europa.eu.int/ca/intro.html) - Organization that monitors the European Unions finances and points out areas where management improvements are needed. Page provides all the details on organization and duties of this body. Exec (http://www.unisys.com/execmag/framesets/resources.htm) - An electronic journal for senior managers from Unisys. The publication includes timely articles on subjects like electronic commerce. Facilitation Skills Course (http://www.dtic.mil/c3i/bprcd/4122.htm) from the DoD Electronic College of Process Innovation is a complete workshop on the topic. Excellent resource for auditors implementing a CSA approach in their organization. Fairfax County Internal Audit Office (http://www.co.fairfax.va.us/gov/audit/) - Web site provides information about the organization, a local government audit survey, annual audit plan, Internal Audit Manual with forms (Adobe and WordPerfect format), links to fraud, performance and audit related sites, and more. FDIC Bank Examination Manual (http://www.fdic.gov/regulations/compliance/manual/ index.htm) - The table of contents of this Federal Deposit Insurance Corporation Compliance manual links the auditor with files in Adobe Acrobat format. This could be a useful resource for bank auditors. FDIC Information Systems Handbook (http://www.fdic.gov/regulations/information/ informationindex.html) - The Interagency guide for regulatory examiners for examining information systems operations in financial institutions and service bureaus. The Handbook includes an overview of IS concepts, practices, IS controls, and sample audit programs. This is a valuable resource for IS auditors. The files are in Adobe Acrobat format. Federal Financial Accounting Concepts and Standards (http://www.gao.gov/policy/ volume.pdf) - The General Accounting Office (GAO) has posted an electronic version of Volume I, Original Statements of Federal Financial Accounting Concepts and Standards, on its home page. The document is in Adobe Acrobat PDF format. Federal Government Information on the Internet (http://wwwnhc.nhmccd.cc.tx.us/public/ lrc/gov/gov.html) - Provides links to agencies, departments, and more. Federal Grants Management Publications (http://www.thompson.com/tpg/fed_gts/) - Thompson Publishing Group’s federal grants management publications provide news and regulatory information about topics including compliance and audits. Publications of interest to auditors include Federal Grants Management Handbook, Resource Guide To Federal Program Compliance Audits, Section 504 Compliance Handbook, and Single Audit Information Service. The site includes newsletter articles related to each of the above subjects. 308 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Federal Information Processing Standards (http://www.nist.gov/itl/lab/fips/) - Online access to the FIPS, developed by NIST for government use. FIPS have been developed for information processing areas such as hardware, software, security, telecommunications, data, and operations standards, and are widely accepted by private industry. Auditors have found them useful for research, comparison, and audit planning. Federal Register (http://www.access.gpo.gov/su_docs/aces/aces140.html) - Web site for the official daily publication for Rules, Proposed Rules, and Notices of Federal Agencies and Organizations. Contains archives going back to 1995. Federal Reserve Economic Data (http://www.stls.frb.org/fred/) - Provides historical U.S. economic and financial data such as daily interest rates, monetary and business indicators, exchange rates, and regional economic data. Another great resource for audit projects involving financial analysis based on key economic indicators. Federal Sentencing Guideline Manual (http://www.ussc.gov/1997guid/tabcon97.htm) from the United States Sentencing Commission provides the most recent guidelines and policy statements on the guideline sentencing process. Federal Trade Commission Inspector General (http://www.ftc.gov/oig/oighome.htm) - Web site provides their mission, a statement of reinvention principles, audit reports, and links to other resources. Federation of Tax Administrators (http://www.taxadmin.org/) - Provides information about the organization, publications, electronic commerce, and more. FedStats (http://www.fedstats.gov/) - Site maintained by the Federal Interagency Council on Statistical Policy provides access to statistical information produced by more than 70 agencies. Fedworld (www.fedworld.gov) - Over 135 Federal Government BBSs, including Office of Management and Budget. FinanceNet (http://financenet.gov) - Professional governmental financial management network of organizations, agencies, and departments. Share information and ideas for improving financial management throughout all levels of government. Accountants, auditors, and financial managers participate and share financial management information, ideas, news, experiences, software, comments on financial documents, best practices, resources, etc. Gopher to [email protected]. FinanceNet Mailing Lists and a FinanceNet Newsgroup are now available. For more information on FinanceNet mailing lists, send e-mail to e-mail [email protected]. Point your newsreader to news.financenet.gov for this new Usenet news group. _____________________________ Appendix B — The AuditNet Resource List (KARL) 309 Financial Accounting Foundation (http://www.fasb.org/) - The FAF site contains information on how to obtain Financial Accounting Standards and Government Accounting Standards as well as current press releases of both organizations. Financial/Accounting/Insurance Jobs Page (http://www.nationjob.com/) - NationJob Network provides list of accounting, audit and financial positions available across the U.S. Financial Action Task Force (http://www.oecd.org/fatf/) - An inter-governmental body dedicated to the development and promotion of policies to combat money laundering. The policies aim to prevent proceeds from being used in future criminal activities and from affecting legitimate economic activities. The site provides annual reports on money laundering, an evaluation of preventive measures, recommendations from members, and more. Financial Data Finder (http://www.cob.ohio state.edu/dept/fin/fdf/osudata.htm) - Ohio State University Department of Finance site provides links to over 140 finance-related Web sites, including financial news sources, economic databases, financial data, a database of financial criminals, and more. Financial Management Association International (http://www.fma.org/) - The FMA is a professional association of finance practitioners, academicians, and students founded to develop a continuing relationship between financial theory and practice. The site includes a one-stop shopping guide to finance on the Internet. Financial Management of the Firm (http://garnet.acus.fsu.edu/~ppeters/fin3403/) - Provides all the material for a course on financial management. The site contains lecture material, inclass and practice problems, and exams. There are also tables for the time value of money, using a financial calculator, and Web-based information. Financial Managers Society (http://www.fmsinc.org/index.htm) - Web site for the only notfor-profit professional society dedicated to serving the technical and professional needs of bank, thrift, and credit union financial officers. Site includes information about the organization, regulatory issues, employment opportunities, and more. Financial Ratios (http://www.americanexpress.com/smallbusiness/resources/managing/ ratios.shtml) page from American Express provides a guide for understanding 10 key financial ratios. Auditors who perform financial statement analysis should consider bookmarking this page. Financial Reporting in Government (http://www.pwc.gmu.edu/course/govt490/) - Pilot online course focusing on a critical analysis of current governmental accounting and financial reporting at the state and local level as well as a presentation of the main tenets of the current model for financial accounting and reporting. This document is a work in progress by Dr. John Sacco of George Mason University in Fairfax, Virginia. 310 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Financial Scandals (http://www.ex.ac.uk/~RDavies/arian/scandals/) - Page provides links to sources of information on the subject. Includes general sources on corruption, bank scandals, insurance fraud, forensic accounting, and more. Auditors may find the links to resources to finding people useful in conducting fraud audits. Financial Times (http://www.ft.com/) - Site of the publication that provides business, economic, and political news. Free service after registration. FINWeb (http://www.finweb.com) - Financial Economics WWW server managed at the University of Texas at Austin. Provides a list of Internet resources with substantive information concerning economics and finance-related topics. Includes the Financial Economics Network, the Journal of Finance, the Financial Executive Journal, and Resources for Economists on the Internet. Also includes services such as EDGAR providing SEC reports and statements on publicly traded companies. Firewalls FAQ’s (http://www.v one.com/pubs/fw faq/faq.htm) - As organizations establish Internet connections, auditors are asked to review security issues associated with connectivity. Frequently Asked Questions (FAQs) may help auditors address some of the issues. This Web site provides answers to commonly asked questions. Firewalls Mailing List - This is a listserv devoted to the subject of firewalls and internet security. Any auditor concerned with information security and the issue of firewalls should subscribe to this list. Subscriptions should be sent to [email protected] with the message subscribe firewalls digest. I would recommend the digest version rather than the direct mail (nondigest) version. Florida Auditor General (http://sun6.dms.state.fl.us/audgen/) - Web site provides information about the office, report summaries by subject, a report listing, and the rules of the auditor general. Florida Comptroller (http://www.dbf.state.fl.us/index.html) - Web site provides an overview of the organization, financial highlights, comptroller’s newsletter, consumer alerts, and more. Florida Government Accountability Report (http://www.oppaga.state.fl.us/government/) Free Internet service for legislators and the public to monitor the activities and performance of about 400 state government agencies and programs. Florida Inspectors General Network (http://fcn.state.fl.us/dms/sec/fignet/fignet.html) - Web site created to provide a central information resource for the Florida IG community. Includes IG related state statutes, audit reports from state agencies, and Web information references. _____________________________ Appendix B — The AuditNet Resource List (KARL) 311 Florida Institute of CPAs (http://www.ficpa.org/) - Web site provides legislative updates, job links, and other sites of interest to Florida CPAs. Florida Legislature Office of Program Policy Analysis and Government Accountability (http:/ /www.oppaga.state.fl.us/) - In addition to reports and manuals, the site contains F-GAR, an electronic encyclopedia, and search engine covering 400 state programs, performance measures, and accountability ratings. Florida Progress Corporation Audit Services (http://www.fpc.com/audits) - Web site is provided as a service to the audit community. Includes audit programs and internal control questionnaires, an Excel statistical sampling routine, and more. Forensic Accounting and Litigation Support (http://www.forensicaccounting.com/) - Web site provides information about this field of business-related investigations. Forensic Investing (http://www.bus.lsu.edu/accounting/faculty/napostolou/forensic.html) Web site created by two University professors that covers forensic accounting issues, including Red Flags, SAS Number 82, and other useful information for auditors reviewing financial statements. Framework for Internal Control Systems in Banking Organisations (http://www.bis.org/ publ/bcbs40.htm) from the Bank for International Settlements is available for download from their Web site. Franklin County Auditor (http://www.co.franklin.oh.us/Auditor/) - Local government Web site provides information about the office and the services they offer. Fraud Control Policy (http://www.law.gov.au/aghome/commprot/olec/LECD/fraud2.html) is part of a report from the Australian Commonwealth Law Enforcement Board. The report includes a section on best practice for fraud control with the policy, reporting of fraud information, case handling, and fraud training. Auditors should check the attachments on criteria against which fraud risks can be measured and quality assurance guidelines. Fraud Defense Network (http://www.fdn.net/) - Provides resources for insurance fraud investigators. Fraud Report (http://www.hm-treasury.gov.uk/pub/html/docs/fraud/9596fr/main.html) - A report from the United Kingdom that analyzes reported fraud in Government Departments. The report provides details on the types and causes of the frauds, how they were discovered, and more. Auditors should check out the section of the report for guidance on managing the risk of fraud. 312 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Fraud Report Newsletter (http://www.fraudreport.com/) - Provides users with anti-fraud articles, legislative updates, and upcoming events. Free subscription available on the site. Full Cost Initiative Implementation Guide (http://ifmp.nasa.gov/codeb/fullcost/) - Developed by NASA provides a comprehensive accounting and management approach to costing services. Gainesville City Auditor’s Office (http://www.afn.org/~auditor/) - Web site provides a profile, annual audit plan, recent audit reports, peer review information, and policies and procedures. Gallaudet University Management and Advisory Services (http://www.gallaudet.edu/ ~auditweb/index.html) - Web site provides information about the office, audit programs and review kits, links to other resources, and more. GASB (http://www.gasb.org) - Site for the Government Accounting Standards Board. Provides information about GASB, GASB Happenings, documents, publications, and standards. GASP PC Auditing (http://www.attest gasp.com) - Home page of Attest Systems, the publisher of GASP Software for PC software and hardware auditing. Site includes a downloadable demo of the product used for conducting enforcement audits for the SPA and software publishers. Send e-mail to info@attest gasp.com. General Accounting Office Resources on the Net General Accounting Office (http://www.gao.gov) - The site includes GAO reports and testimony, decisions of the Comptroller General of the U.S, GAO policy and guidance materials, special publications, and more. GAO Daybook - The U.S. General Accounting Office, Congress’ watchdog agency, has a mailing list service for a daily electronic posting of the GAO Daybook. The “GAO Daybook” is the daily listing of released GAO reports and testimony. Subscribe to the GAO Daybook by sending an e-mail message to: <[email protected]> with the message “subscribe daybook” (NO quotes). For additional info about GAO services, send an e-mail message to [email protected] with “info” in the body. GAO Federal Information Systems Control Audit Manual (http://www.gao.gov/policy/ 12_19_6.pdf) from GAO provides guidelines for auditing information systems. GAO Financial Audit Manual (http://www.gao.gov/policy/fam/fam.htm) - GAO manual (Volumes 1 and 2) for conducting audits includes the methodology and tools. The manual is in Adobe Acrobat format. _____________________________ Appendix B — The AuditNet Resource List (KARL) 313 GAO General Policies/Procedures and Communications Manual (http://www.gao.gov/ policy/gppm-cm.pdf) - Provides guidance on their methodologies, including sampling, workpapers, reporting, and more. GAO Report Database on the Internet (http://www.access.gpo.gov) - General Accounting Office reports are now available on the Internet through the Government Printing Office Access Service. General Services Administration Inspector General (http://www.gsa.gov/staff/ig/audit/ httoc.htm) - Site provides a straightforward audit plan for the office. Generally Accepted System Security Principles (http://web.mit.edu/security/www/ gassp1.html) - from The International Information Security Foundation (I2SF) provides uniform organizational guidance for security issues. Georgia Department of Audits (http://www.state.ga.us/Departments/AUDIT/) - Home page of the State Auditor for Georgia. Includes a description of the department and each of the divisions. The Performance Audit Operations Division has a list of completed report topics, reports in progress, sources of related information, employment opportunities, and more. Gleim Publications, Inc. (http://www.gleim.com/) - Publisher of accounting and auditing examination preparation material. GNA Internal Controls and Procedures (http://www.gnacademy.org:8001/uu-gna/admin/finance/newpages/page8.htm) - Web page provides an excellent description of a financial control system, including goals for control procedures and general and specific procedures. GovBot (http://ciir2.cs.umass.edu/Govbot/) - Database was developed by the Center for Intelligent Information Retrieval and includes more than 500,000 searchable pages from U.S. government and military sites. GovCon Discussion Groups (http://www.govcon.com/) - Government contractors site that includes discussion groups for audit, accounting, and financial management issues. KPMG Peat Marwick is moderating a new discussion group on Government Audit and Reviews. If you have a question on issues affecting the performance and resolution of government contract audits (DCAA, IGs, etc.), post it online. Access to the site is free but registration is required. Government Audit Training Institute (GATI) (http://216.1.143.50/programs_services/auditing/gatp.cfm) - Web site provides information about the organization, courses available, details on registration, and more. 314 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Government Auditing Standards (http://www.ignet.gov/ignet/internal/manual/yellow/ yellow.html) - Web site for the GAO Government Auditing Standards or Yellow Book. Government Auditor’s Resource Page (http://www.trib.infi.net/~zsudiak/GARP.html) - U.S. Department of Education Office of Inspector General home page which provides information on resources for government auditors. Includes links to Thomas (legislative information on the Internet), Internet search tools, audit resources, sources for government documents, and links to other government resource indexes. Government Contractor’s Glossary (http://www.govcon.com/) - Site provides a reference guide for professionals dealing with government contracts. Also contains an acronym table. Source documents for this guide include Federal Acquisition Regulations (FAR), Armed Services Pricing Manual (ASPM), and the DCAA Contract Audit Manual (DCAAM). Access to the Glossary is free but site registration is required. Government Executive Magazine (http://www.govexec.com) - Electronic version of an independent business magazine of government. Includes discussion of leading edge information on budgets, procurement, technology, and virtual government. The Reinvention Center has information of interest to auditors. Government Finance Officers Association The following information related to the GFOA is available on the Internet: GFOA (http://www.gfoa.org) - Contains links to “Happenings in Financial Management,” “Documents, Publications, and Standards,” and “GFOA Policies and Recommended Practices. GFOA Employment Opportunities (http://www.gfoa.org/employ/empann.htm) - Employment opportunities from the GFOA Newsletter are now posted in the Personal, Training, and Employment Opportunities section of the GFOA Web page. GFOA Mailing List - The GFOA has an electronic Internet mail list on FinanceNet. The GFOA will post announcements and other important information via this mailing list. For information on this and other FinanceNet mailing lists, send e-mail to e-mail [email protected]. To post information to the GFOA mailing list, send message to [email protected]. Government Reinvention Center (http://www.govexec.com/reinvent) - This Web site from Government Executive Magazine includes full text articles on government reform, links to agencies and organizations involved in reinvention, background documents, and a conference calendar. _____________________________ Appendix B — The AuditNet Resource List (KARL) 315 GovNews (http://www.govnews.org/) - The International GovNews Project is a topical-based news discussion service providing auditors with information on various financial areas. The discussion groups are also available via Usenet. There are discussions on performance measures, internal controls, audits, and more. Graduate School USDA (http://grad.usda.gov) - Provides information about courses offered by the organization, including the Government Audit Training Institute (GATI). For more information, send message to [email protected]. Grant Administration and Audit Resources (http://www.dhfs.state.wi.us/grants/Resources/ IntroRes.htm) - Web site from the Wisconsin Health and Family Services Department provides links to federal sites, audit requirement sites, department resources, and more. Group of 100 (http://www.group100.com.au/home.htm) - Web site for an association of senior accounting and finance executives representing major public companies and government owned enterprises in Australia includes commentary on relevant policies and issues. Guide to Cost-Based Decision Making (http://www.sao.state.tx.us/manuals/cost.htm) from the Texas State Auditor’s Office, is designed to assist management in developing more comprehensive cost accounting information to enhance the ability of decision makers to identify, analyze, and control the causes of costs, as well as establish links between cost information and program efficiency and effectiveness. Guide to Minimizing Computer Theft (http://www.rcmp-grc.gc.ca/html/ccprev.htm) - Provides information on methods to safeguard computer assets. Guide to Performance Measurement (http://www.fpm.com/journal/mattison.htm) from the Foundation for Performance Measurement provides non-financial indicators. Guide to the World Wide Web for Research and Auditing (http://www.tetranet.net/users/ gaostl/guide.htm) - David Henry of GAO provides auditors with the basic instructions on using the Web as an auditing/research tool. Hacked (http://www.2600.com/hacked_pages/) - Provides reproduced copies of hacked Web sites. This is a good site for auditors who are looking at the risks of connecting to the Internet and setting up organizational Web sites. Handbook for Audit Committee Members (http://www.gt.com/resources/assurance/role/ roletoc.html) - Good reference from Grant Thornton for auditors who need to provide guidance to the audit committee. Includes sections on reviewing internal controls and working with internal auditors. 316 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Harcourt Brace Professional Publishing (http://www.hbpp.com/) - Site provides information about their accounting and auditing research material and services. Site sponsors the CPA’s Weekly News Update and each week highlights the top five accounting Web sites. Harris County, Texas Auditor’s Office (http://www.co.harris.tx.us/auditor/default.html) Site includes information about the office, staff, organization charts, and financial information. Harvard University Internal Audit (http://www.harvard.edu/internal_audit/HUIA.html) Site provides information about the office, audit tools and techniques, policies and procedures, and publications on passwords and software copyright. The questionnaire for conducting a departmental review is a useful document that can be customized by other audit organizations. Health and Human Services Office of Audit Services (http://www.hhs.gov/progorg/oas/ index.html) - Web site provides reports, manuals and guides, employment opportunities, and more. Health and Human Services Office of the Inspector General (http://www.dhhs.gov/progorg/ oig/) - Web site provides information about the office, audit and inspection reports, and a link to the HHS Redbook, a compendium of OIG recommendations that have not been substantially implemented. Healthcare Financial Management Association (http://www.hfma.org) - Professional association for financial professionals in the healthcare field. Provides information about the association, publications, special interest groups such as a CFO forum, professional certification programs, and more. Henrico County Internal Audit (http://www.co.henrico.va.us/audit/) - Web site contains information about their mission, staffing, audit committee, audit charter, e-mail contacts, external audit, and the office history. Hiring Policies and Procedures Manual (http://vms.www.uwplatt.edu/~pers/contents.htm) from the University of Wisconsin Platteville provides a good example of guidelines for a human resources department. Home Office Computing (http://www.smalloffice.com/) - Site contains resources and information for running a successful small business. Hong Kong Audit Department (http:/www.hk.super.net/~audskli/welcome.htm) is one of the oldest departments in the Hong Kong Government. The site includes information about the office, types of audits performed, links to audit reports, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 317 Howard County Auditor’s Office (http://www.co.ho.md.us/auditor/index.htm) - Web site for this Maryland local government jurisdiction includes background information, charter, links to audit reports, and more. HR Links (http://www.shrm.org/hrlinks/) - The Society for Human Resource Management maintains this home page of human resource links on the Internet. The site includes links to information on compensation and benefits, diversity, flexible work arrangements, labor relations, safety and health, and more. H.U.D. Audit Guides (http://www.hud.gov/oig/oigguide.html) - Provides a link to their consolidated audit guide. HUD OIG (http://www.hud.gov/oig/oigindex.html) - The U.S. Department of Housing and Urban Development Office of the Inspector General Web page includes a mission statement, hotline information, list of IG offices, testimony from the IG, the semiannual report to Congress and audit reports covering management of programs by HUD and others, technical assistance and useful information about audit requirements, and links to other audit-related information and search tools. Human Resource Management Self-Assessment Guide (http://www.hr.state.tx.us/cfdocs/apps/ hrsag/icg-f.html) from the Texas State Auditor’s Office serves as a tool for evaluating areas to improve. Shows organizations how to address identified deficiencies in human resource management. Human Resources and the Internet (http://www.ilr.cornell.edu/library/reference/GUIDES/ HRI_Manual/default.html) - Site provides human resource professionals links to Web sites, articles, and programs on how the Internet can aid in their work. Topics such as Diversity in Employment, Retirement, and Benchmarking and Best Practices link to a multitude of information from sources, including the U.S. government, the International Personnel Management Association, and the Institute for Global Communications. There are also links to online human resources magazines; Internet, Intranet, and HTML guides; and more. Hyperstat Online (http://www.ruf.rice.edu/~lane/hyperstat/contents.html) - An introductory hypertext statistics book that auditors will find useful as a refresher text. The site also provides links to other related statistics sites. ICAA (http://www.icaa.org.au) - The Institute of Chartered Accountants in Australia maintains a site on the Web and a site on CompuServe. There is general information about the Institute, membership, student news, and more. Idaho Legislative Auditor (http://www.state.id.us/legislat/audit.html) - Web site provides online executive summaries of legislative fiscal audits for the various departments, boards, and commissions of the Idaho state government. 318 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ IDEA Software Users Discussion List - IDEA-LIST is a non-moderated discussion list and forum to exchange ideas and information among users of IDEA (Interactive Data Extraction and Analysis). IDEA is a productivity tool for auditors, accountants, and financial managers that can help display, analyze, manipulate, or extract data from other computer systems. Send subscription requests to [email protected] with one line in the body of the letter: SUBSCRIBE IDEA-LIST. For more information, you can e-mail him at [email protected]. IFCI Risk Watch (http://risk.ifci.ch/) - Guide to Regulation and Control of Financial Risk provides an Introduction to Risk, Key Risk Concepts, a Risk Library, and Glossary. The site also provides an overview of the 13 key risk concepts. IGNet (http://www.ignet.gov) - Internet-based electronic communications network dedicated to improving the effectiveness of the inspector general community and to provide public access to IG reports. Site includes links to IG home pages, Internet resources via a virtual library, the IGNet Internet Search list, related organizations, and more. The site includes the Interactive Yellow Book, a valuable tool for government and non-government auditors. The Job Opportunities home page lists IG vacancies and links to other sites related to career planning and job search strategies. IGNet Mailing List - IGNet distributes a number of mailing lists to the IG community. Audit information is available to auditors based on prior registration and approval by the IGNet Coordinator. Interested parties must register with IGNet by e-mail to <[email protected]>. Send the following registration information in the first message and save a round trip: name, organization, position, mailing address, voice number, fax number, e-mail address. Upon approval, IGNet will send a welcome message telling about the features of IGNet, including the mailing lists. Illinois Auditor General (http://www.state.il.us/auditor/audhome.htm) - Web site provides information about the auditor general’s office, agencies audited and audit reports, career opportunities, and more. Illinois CPA Society (http://www.icpas.org/) - Home page of the state professional association representing Certified Public Accountants. Includes financial management information, articles from Insight Magazine, and links to accounting related resources. Some areas of this site are restricted to members. Importer Audit Program (http://uls.tradecompass.com/ecs/demo/imports/comptools/catkit/ exhibit2.html) - Provides audit procedures and steps used by regulatory auditors for conducting compliance audits of importer’s customs systems. _____________________________ Appendix B — The AuditNet Resource List (KARL) 319 Independent Commission Against Corruption (http://www.icac.nsw.gov.au/) - Exposes and minimizes corruption involving the New South Wales public sector through investigation, corruption prevention, and education. Site features include background information on the commission, publications, reports, and more. Indiana State Auditor (http://www.state.in.us/acin/auditor/index.html) - Web site provides information about the office, staff, and more. Indiana State Board of Accounts (http://www.ai.org/sboa/) - Web site provides information about the office, guidelines, manuals, reports, job opportunities, and more. Indiana University Internal Audit (http://www.indiana.edu/~iuaudit/main.html) - Web site provides information about the staff, organizational structure, information and publications, and more. Indirect Cost Guide Web Page (http://www.usia.gov/abtusia/legal/icguide/intro.htm) - The Office of the Inspector General at the U.S. Information Agency posted a downloadable copy of OMB Circular A122-A Guide for Establishing Indirect Cost Rates for Nonprofit Organizations. For more information, send message to [email protected]. Information Management Forum (http://www.infomgmtforum.com/) - International association of information and business executives. Site provides information on strategic uses for information technology and implementation planning and management. Discussions include current trends, year 2000 issues, and more. There are abstracts of reports on technology research, technology management, and transcripts of CIO presentations. Information Professionals Network (IPN) (http://www.best.com/~jcook) - The IPN is a worldwide network of information and investigative professionals. These professionals include licensed private investigators, business intelligence analysts, legal, court & public record researchers, Certified Fraud Examiners, information brokers, and law/corporate librarians. This is a private network designed to provide a forum suited to international professional networking and news. IPN also publishes an electronic journal. Message areas include information on financial fraud and forensic accounting. (Note: use of these services is available only to IPN members.) Information Security Discussion List - INFSEC-L is a non-moderated Internet discussion list intended to foster open and constructive communication among information security and auditing professionals in government, industry, and academic institutions. Discussion is encouraged on a broad range of topics and issues related to information security. Initial subscriptions to the list are screened by the list owner to ensure addition of only appropriate individuals. Send subscription request to [email protected] commerce.edu with one line in the body of the letter: SUB INFSEC-L your name. 320 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Information Security SWAT Team (http://www.axent.com/swat/swat.htm) - A compendium of security resources for the advanced user from a security vendor, Axent Technologies. Categories include Attack Signatures, Threats, Security Tasks, Security Resources, and Hacker Links. Information Security Zone (http://www.information-security-zone.co.uk/) - Web site from a corporate training organization with a multitude of links to sites on topics such as general security, viruses, cryptography, firewalls, and more. Information System Audit and Control Association (ISACA) on the Internet CISACA-L. The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe, send a one-line message to [email protected] with the message SUBSCRIBE CISACA-L (yourname). Leave the subject line blank. Messages sent to [email protected] will be distributed to all subscribers. If you have any problems, please send e-mail to [email protected]. ISACA Central Indiana Chapter (http://www.adpc.purdue.edu/CISACA/main.htm) Provides information about chapter events and links to other Web sites. For more information, contact [email protected] ISACA Central Maryland Chapter (http://ubmail.ubalt.edu/~gfilomena/isaca/ isacatop.html) - Provides information about monthly meetings, newsletter, membership, certification, conferences, technical articles, and more. For more information, contact [email protected]. ISACA Chicago Chapter (http://www.isaca chicago.org) - Provides information about monthly meetings, newsletter, conferences, job opportunities, auditing resources, and more. For more information contact [email protected]. ISACA Foundation (http://www.isaca.org) - Home page of the organization provides information about membership, certification, education, chapters, and more. ISACA Houston Chapter (http://www.isacahouston.org) - Web site provides information about the chapter, events, officers, and more. ISACA Illinois Chapter (http://www.cnsnet.net/org/isaca/) - Site of the Central Illinois Chapters of ISACA includes information about the organization, career opportunities, professional education, and audit and research links. ISACA London Chapter (http://members.aol.com/isacalondn/) - Web site provides information about the chapter, certification, chapter meetings, and links to audit resources. _____________________________ Appendix B — The AuditNet Resource List (KARL) 321 ISACA National Capital Area Chapter (http://isaca washdc.org) - Provides information about monthly meetings, newsletter, membership, certification, conferences, technical articles, and more. For more information, contact [email protected]. ISACA New England Chapter (http://challenge.tiac.net/users/isacane/index.html) - Provides calendar of events, information about the New England chapter, and a history of ISACA. For more information, contact [email protected]. ISACA New York Metropolitan Chapter (http://www.isacany.org/) - Site includes local chapter information, the CISA program, and links to sites of interest, including audit and unique security resources. ISACA Philadelphia Chapter (http://www.libertynet.org/~isaca/) - Home page of the Philadelphia chapter of ISACA provides information about the organization, local events, newsletter, links to other related resources, and more. ISACA Puget Sound Chapter (http://www.isaca psc.org) - Provides information about monthly meetings, newsletter, membership, certification, conferences, and links to other sites. ISACA St. Louis Chapter (http://www.iwc.com/isaca/) - Web site provides meeting information, job listings, a chapter history, links to other related organizations, and more. ISACA Toronto Chapter (http://www.isaca.toronto.on.ca/auditres.html) - The Toronto chapter of ISACA includes a page of links to audit resources on the Internet, including Usenet news groups. Information Technology Performance Measures (http://wwwoirm.nih.gov/itmra/ perform.html) - Web site from the National Institutes of Health provides performance measures for help desks, LANs, links to other sites, and more. InformationWeek Interactive (http://www.iweek.com) - IW is a weekly newsmagazine oriented to business and technology managers. Frequently covers issues of interest to auditors on topics such as security and software management. Good resource for auditors to stay current on information technology hot issues. Provides WAIS search for back issues. InfoSec Heaven (http://all.net) - Web site of Dr. Fred Cohen provides a comprehensive database of information security links and articles separated into categories of attacks and defenses and viewpoints. There is also a link to the InfoSurety Database at Sandia Labs. Infowar.com (http://www.infowar.com/) - Winn Schwartau’s comprehensive Web site on information security. Premier site for information security resources and links. Categories include tools, utilities & jobs, resources, survey & studies, discussion and chat groups, the Journal of Infrastructural Warfare, and more. 322 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Inside Fraud Bulletin (http://www.maximag.co.uk/) - A publication from Maxima Group that focuses on all aspects of fraud, including embezzlement, management fraud, audit, and more. The Web site has links to past issues. Inspector General Social Security Administration (http://www.ssa.gov/oig/oig1.htm) - Web site provides information about the office, audit reports, job announcements, and more. Institute for Business and Professional Ethics (http://www.depaul.edu/ethics/) - Web site at DePaul University devoted to the subject of ethical behavior. Includes professional and ethics resources, an ethics calendar, Ethics Beat, and more. Institute of Chartered Accountants of England and Wales (http://www.icaew.org.uk) - This is the site of the ICAEW Summa Project Accounting Information Service World Wide Web information server for accounting academics, students, and professionals. The project is funded by a grant from research committee of the ICAEW. The WWW site is at the University of Exeter, Devon, UK. Provides access to a number of accounting, auditing, and finance-related resources such as FINWeb, EDGAR, the Security and Exchange Commission’s online database, the Financial Executive Journal, Global Network Navigator (source of information about Internet resources), and more. Institute of Chartered Accountants of Ontario (http://www.icao.on.ca) - Site provides information about the Institute, upcoming events, and more. Institute of Internal Auditors (IIA) Resources on the Internet. IIA - The Institute of Internal Auditors established e-mail addresses for the headquarters staff. Address e-mail by using the first initial of the staff member’s first name plus their last name followed by @theiia.org. General inquiries can be sent to [email protected]. Institute of Internal Auditors Inc. (http://www.theiia.org) - The IIA home page provides information about The Institute, its mission, programs, and services. The site is organized under the various centers for business, learning, and practices. The global audit resource center has links to industry and audit specialty groups, discussion groups, forums, and a site for IT auditors. IIA Central New York Chapter (http://sumweb.syr.edu/internal_audit/iia.htm) - Home page includes list of meetings, conferences, and seminars, links to IIA, ISACA, and Audit/ Security home pages. IIA Charlotte Chapter (http://www.charweb.org/organizations/professional/iia/iia.htm) - Site provides information about the local chapter, dinner meetings, seminars, and links to other sites. _____________________________ Appendix B — The AuditNet Resource List (KARL) 323 IIA DC Chapter (http://www.dciia.org/) - Web site provides information about the organization, chapter officers, and links to other related sites. IIA Hawaii Chapter (http://hei01.hei.com/~iia/) - Site provides a history of the chapter and links to audit-related sites. The chapter’s newsletter, The Bottom Line, containing articles on internal auditing is also available. IIA New York Chapter (http://www.nyiia.org) - includes information on meetings, membership, Statement of Responsibilities, Objectives, Code of Ethics, and more. IIA Salt Lake City Chapter (http://www.viphosting.com/~slciia/) - Site provides information about the chapter, newsletters, seminars, and dinner meetings, and links to other IIA chapters and headquarters. IIA San Jose Chapter (http://www.sjiia.org/) - Site provides a calendar of events, seminar schedule, newsletter articles, employment information, links to audit sites, and more. For more information, send message to [email protected]. IIA Twin Cities Chapter (http://www.iiatc.com/) - Home page of the Minneapolis/St. Paul IIA chapter provides the newsletter and other information about The IIA. IIA United Kingdom (http://www.iia.org.uk/) - Site provides information about the organization from an international perspective. Includes links to publications, training, recruiting, and more. Institute of Management Accountants (http://www.rutgers.edu/Accounting/raw/ima). This site provides comprehensive information on IMA programs and services. Includes Cases from Management Accounting Practice, Statement on Management Accounting 4 P, Practices and Techniques for implementing Activity-Based Costing, and more. Institute of Management Accountants ILLOWA Chapter (http://www.netexpress.net/~ima) is the Iowa and Illinois chapter Web site for this professional association. Includes information about the chapter, the Institute, educational opportunities, newsletters, and more. Institute of Management and Administration (IOMA) (http://ioma.com/) - The leading publisher of business and management information. Each month their newsletters bring actionable, productive articles to managers and executives in virtually every industry sector, all at the same high editorial standards that challenge the popular cliches that fail to address today’s new and pressing problems. The Administration section includes an Accounting and Taxation category with links to a number of other sites mentioned in the ARL. 324 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Institute for Professionals in Taxation (http://www.ipt.org/) - Web site for a professional organization dedicated to minimizing the cost of tax administration and compliance for ad valorem and sales and use taxes. Site provides information about the organization, employment opportunities, research links, reference materials, and more. Insurance Fraud Bureau of Massachusetts (http://www.ifb.org/) - A unique and multifaceted investigative agency dedicated to the systematic elimination of fraudulent insurance transactions. Features include their quarterly publication, FocusFraud, and links to other law enforcement, crime prevention, and research organizations. Insurance Fraud Fightback Site (http://www.geocities.com/ResearchTriangle/1528/) was designed to stimulate discussion among auditors and fraud examiners about ways of expanding our toolkits via the inclusion of state-of-the-art electronic tools to proactively seek out insurance fraud activities. Site includes articles written by the site developer and links to other related resources. Insurance Fraud Management Advisory Panel (http://www.aisg.org/ifm/ifm.html) is an organization that brings together property/casualty fraud units and claims management to share information and build effective anti-fraud programs. Interactive Data Extraction & Analysis (http://www.cica.ca/idea/) - Home page for IDEA, an audit automation package. Provides information about the product, a downloadable demo, Guidelines for Requesting Computer Data, and an article dealing with the year 2000 issue. What’s New provides updates about the product, training opportunities, and links to IDEArelated topics. Inter-Agency Benchmarking and Best Practices Council (http://www.va.gov/fedsbest/ index.htm) - Site created as a central resource for sharing information on benchmarking and best practices. Includes a code of conduct for benchmarking, databases for best practices and BPR, links to other related sites, and more. Internal Audit Newsgroup (Alt.business.internal-audit) - Internal audit newsgroup formed September 5, 1994, for discussion of internal auditing-related subjects. Open forum to share ideas, proposals, experiences, hopes, fears, and vulnerabilities. Access via Usenet newsreader, or on America Online Internet Center, or GO Usenet on CompuServe. Internal Audit Stakeholders (http://athens.bitwise.net/iawww/) - A database of internal audit professionals that have voluntarily listed their names, areas of interest, and e-mail addresses on the Internal Auditing World Wide Web site. This is a great resource for auditors looking for peer professional contacts. Look in the People Section. _____________________________ Appendix B — The AuditNet Resource List (KARL) 325 Internal Auditing and Fraud Investigation (http://users.aol.com/marksimms/mrsweb/ index.htm) - Site focuses on topics dealing only with internal auditing or fraud investigations. Includes links to relevant articles and Web resources. Internal Auditing Resource Center (http://members.tripod.com/~sisaac/index.html) - Web site from Automation Consulting links to auditing software, auditing sites, and more. Internal Auditing World Wide Web (IAWWW) http://www.bitwise.net/iawww - Developed as a prototype demonstration project, the site functions as a warehouse of information and knowledge pertaining to the internal auditing profession and functions across associations, industries, and countries. This is a premier source of information on the internal auditing profession. Send e-mail to [email protected]. Internal Control (http://137.21.52.50/CTRL.HTM) from the State University of New York at Brockport provides information about their program. The site includes a definition, human resource internal controls, general and specific standards, and more. Internal Control and Financial Management Manual (http://www.state.ct.us/otc/accdir1/ acctitl.htm) is Connecticut’s Accountability Directive issued jointly by the Office of the State Comptroller, Office of Policy and Administration, and the Auditor of Public Accounts. Internal Control Guide (http://www.icaew.co.uk/internalcontrol/) - Draft from the ICAEW provides internal control guidance for directors of listed companies incorporated in the United Kingdom. Internal Control Guide (http://www.jhu.edu/~oams/guide/guide.htm) developed by Johns Hopkins University. The Guide focuses on the policies and procedures of the University but could easily be adapted to other organizations. Internal Control Guide (http://www.state.ma.us/osc/homeview/CONTROL/Contents.htm) - Massachusetts Comptroller General guide for state departments. Straightforward format that could be adopted by other auditors. Internal Control Resources (http://pw1.netcom.com/~jstorres/internalaudit/index.html) - Web site has a comprehensive set of links to articles, books, organizations, resources, and more. Internal Revenue Service (http://www.irs.ustreas.gov/) - Site of the IRS Digital Daily, providing access to tax forms and publications for businesses and individuals, and more. There is a text-only version at http://www.irs.ustreas.gov/plain/ for auditors with slower connections. Internal Review Guide (http://www.asafm.army.mil/ir/irgd/ir-gd.htm) from the U.S. Army provides details of the process used in conducting audits of their operations. Excellent example of a comprehensive audit program targeted toward meeting customer needs. 326 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ International Computer Security Association (http://www.ncsa.com) - ICSA (formerly NCSA) established a site on the WWW for Information Security, Reliability, and Ethics. NCSA manages this site in addition to the CompuServe forums which host online training seminars, public forums, and libraries. NCSA’s InfoSecurity Resource Catalog provides information on books, guides, training, and tools. This site provides an overview of why the issue of computer security is important. Highlights include NCSA’s role and services offered. The Computer Ethics and Responsibilities section includes files relating to the basic principles such as Unacceptable Internet Activity, Ten Commandments of Computer Ethics, Privacy Policy for Corporate Electronic Messaging, and Electronic Commerce Business Cybernetics. The Information Security Resource section includes the OnLine Catalog of InfoSecurity Resources, links to other security-related resources, and security vendors. For information about the NCSA, send an e-mail message to [email protected] and you will receive a reply within minutes about services available. International Federation of Accountants (http://www.ifac.org/) - Home page of the worldwide organization for the accountancy profession. Site provides information about the organization, standards, discussion papers, and more. International Finance and Commodities Institute (IFCI) (http://Finance.Wat.ch/ifci) - Foundation promoting the understanding of financial risk management instruments and commodities. Site includes links to financial and derivative-related Web sites. The homepage includes a query box to locate specific information within the site. Timely reports, research papers, listings of education, and information products make this a worthwhile site for auditors, accountants, and financial professionals who need information on financial instruments. International Financial Encyclopedia (http://www.euro.net/innovation/Finance_Base/ Fin_encyc.html) - Web site of an Interactive Financial Encyclopedia. There is also a link to Innovation’s Guide to Management and Technology, an online book that is a professional’s survival guide for technology in the information age. Book sections include Accounting (Control and Monitoring), Finance, and Economics. This is an excellent desktop reference for auditors interested in the impact of technology on the organization. International Group of Accounting Firms (http://www.igaf.org/) - Worldwide organization of CPAs, CAs, or their professional equivalents. International Organization for Standardization (ISO) Online (http://www.iso.ch/) is the organization that developed standards for quality management and established an online support unit to provide facts on ISO 9000. The ISO 9000 Forum provides answers to various frequently asked questions as well as background information on the standard. Internet Administration Policy Guide (http://www.elronsoftware.com/) - Provides an executive overview on the subject and includes an acceptable usage policy template. _____________________________ Appendix B — The AuditNet Resource List (KARL) 327 Internet Guide for Accounting Discussion List (http://www.swcollege.com/acct/inet_acct/ subscribe.html) is for exchanging information relating to accounting professionals’ use of the Internet. Free subscription available from the site. Internet Guide to the U.S. Government (http://www.uncle-sam.com/guide.html) - Web site provides links to all branches of the federal government, independent agencies, and commissions. Internet Learning Materials for MBA Students (http://bized.ac.uk/fme/) - Web guide from BizEd focused on MBA studies. Sections provide links and research tips for accounting and finance, business economics, human resource management, marketing, strategy, and operations management. Internet Prospector (http://w3.uwyo.edu/~prospect/) - A research-oriented Web site for the nonprofit community. The site is updated monthly and provides links to search tools and information that auditors can use. There is a monthly newsletter subscription (free) available on the site so that you can receive the updates via e-mail. (Knowledge Assembly Resource) Internet Research Course (http://www.ffg.com/courses/) - A free subscription e-mail course from ForeFront, a developer of Internet software productivity products. Course includes sections on Effective Search Techniques, Internet Search Engines and How They Work, A Stepby-Step Process for Gathering and Organizing Internet Information, and more. Auditors will find this a useful addition to their Internet audit toolkit. Internet Security Policy Guide (http://csrc.nist.gov/isptg/) from the NIST Special Publication series is designed to help organizations create an Internet-specific information security policy. Internet Security Reference Guide (http://www.tdmi.com/pilot/pilot_guide/introduction.html) - A publication from a security vendor that provides a comprehensive source document on the subject. Topics include the network security policy, firewalls, attack responses, glossary, and more. Internet Security Systems (http://iss.net) is a vendor of network security software. This site provides information on their products and FAQs on security, a list of security discussion groups, and links to other security sites. There are also downloadable free security tools available from ISS. The site contains an article on the threat of hacking, which is worthwhile reading for an understanding of the threats present on the Internet. For more information, send e-mail to [email protected]. Investigations Manual (http://www.ig.navy.mil Publications_Investigations_Manual_Frame. html) - Excellent guide for conducting investigations from the Office of the Naval Inspector General’s office. 328 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Investigators Guide to Sources of Information (http://www.gao.gov/special.pubs/soi.htm) GAO publication that provides a comprehensive list of resources useful in conducting investigations. The guide is downloadable as a PDF file and requires the Adobe Acrobat reader (also available for download). Guide was updated in April 1997 and now includes a chapter on an Investigator’s Guide to the Internet. Auditors will find the selected Internet sites for investigate reference worth reviewing. Investigators Toolbox (http://www.virtuallibrarian.com/it/index.html) - A meta-site of links to researcher resources such as companies, databases, and more. Great information resource for auditors. Iowa Office of the State Auditor (http://www.state.ia.us/government/auditor/index.html) Web site provides information about the office. Ireland Comptroller and Auditor General (http://www.irlgov.ie/audgen/default.htm) - Web site includes organization details, press releases, publications, and areas of interest/current projects. IRS Worker Classification Training (http://www.irs.ustreas.gov/prod/bus_info/training.html) - Guide from the IRS provides help in determining whether workers should be classified as an employee or independent contractor. IS Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/kits.html) from Slemo Warigon at Gallaudet University includes ready-to-use IS/IT audit program and security review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions organized to lead you through the audit or review. This is an excellent site for jumpstarting an IS security review or audit. IS Audit Consulting & Recruiting Services (http://www.isaudit.com/) - Web site with job postings, information on happenings in the IS job market, and more. IS Audit List (isaudit-list) - The IS Audit list server provides IS auditors with a forum to freely discuss topics affecting the profession, including career development issues. The site is sponsored by Gerry Myers Associates, an IS Audit Consulting and Recruiting firm. To subscribe to the list server, address your request to [email protected] with the word SUBSCRIBE in the subject field only. You will receive an acknowledgment welcoming you to the list with important information on using the list server. IS Auditing Business Research Projects (http://www.csupomona.edu/~cis/gallegos/ msbaproj.html) - Web site containing project topics and abstracts for student research going back to 1983. Many recent projects cover Internet-related topics. _____________________________ Appendix B — The AuditNet Resource List (KARL) 329 ISSA (http://www.issa-intl.org/) - Site of the Information Systems Security Association provides information about this international organization of information security professionals. There are links to security-related sites, security tools and utilities, and security-related list servers. ITAudit.org (http://www.itaudit.org/) - The IIA Web site dedicated to information technology (IT) information needs of auditors at all levels. Features include a forum for timely, interesting articles on IT topics, a reference section containing links to useful information resources on the Internet, including AuditNet, a conference section with threaded and interactive discussions, and a Yellow Pages section containing links to technology products and services auditors need. Jefferson Laboratory Internal Audit Department (http://www.jlab.org/div_dept/audit/ index.html) - Web site provides the charter, strategy, methodology, reports and work plans, and more. Journal of Accountancy (http://www.aicpa.org/pubs/jofa/joahome.htm) - The professional journal of the American Institute of Certified Public Accountants. The site includes articles and indexes from 1977 to current. Journal of Financial Abstracts published by the Financial Economics Network and devoted to the electronic publishing of abstracts in research in financial economics and related topics. The JFA is free and distributed electronically via the Internet. To subscribe, send e-mail to Wayne Marr at the following address: [email protected]. Kansas City Auditor’s Office (http://www.kcmo.org/auditor) - Site provides information about the office and the type of audits performed. Kansas Legislative Division of Post Audit (http://skyways.lib.ks.us/kansas/kslegPAUD/ homepage.html) - The audit organization of Kansas government. The site provides information about the organization, its functions, missions, goals, and performance measures. There are links to other audit organizations, search engines, and more. Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (http://csrc/ nist.gov/nistpubs/800-10/) - NIST Special Publication 800 10 provides auditors with an excellent introduction and overview of firewall issues. Useful document in planning audit reviews of Internet connections. Kelley Blue Book (http://www.kbb.com/) - Provides vehicle values for new and used cars and motorcycles. Good industry standard resource for auditors looking at inventory valuation guidelines for fleet vehicles. 330 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Kentucky Auditor of Public Accounts (http://www.state.ky.us/agencies/apa) - Web site provides information about the office, reports, an employee index, and more. King County Auditor’s Office (http://www.metrokc.gov/auditor/) - Home page provides information about the office, e-mail addresses for the staff, a list of current projects, an index of audit reports issued including the executive summaries (organized by agency, topic and year issued), and links to other audit-related sites. Knowledge Base (http://trochim.human.cornell.edu/kb/index.htm) - An online textbook for an introductory course in research methods. Auditors conducting any sort of online research will find this site useful. Knowledge World (http://www.ec2.edu/kworld/index.html) - A comprehensive Web site covering issues on knowledge management, including a small business advisor, education center, white paper, and more. Korean Board of Audit and Inspection (http://www.bai.go.kr/) - Web site for the agency that monitors the performance of Korean government operations. Information available includes a history of the organization, annual report, and links to other Korean sites. Lambers CPA Review (http://www.lamberscpa.com/) - Site of the publisher of professional exam review guides for CPA, CIA, and CMA. LAN Security Guidelines (http://www.utoronto.ca/security/) - Go to LAN Security Guidelines. Site provides checklists for administrators to evaluate and adjust LAN security. This is a comprehensive document that covers everything from access controls to virus protection. Includes a section on LAN audit considerations. LeaseAudit (http://www.leaseaudit.com) - Web site contains the role of a lease audit, lease language, court decisions, and links to other related sites. There is also information about Lease Audits: The Essential Guide available from the sponsor of the site. Legal/Accounting Web (http://www.cloud9.net/~kvivian/html/legal_accounting_web.html) Site from Kaye Vivian, a marketing communications consultant, provides comprehensive information on marketing and practice development for professional firms. Includes links to sites, articles, jobs, marketing tips, and more. Legal Investigator Links (http://www.teleport.com/~pagrue/) - The private [email protected] page provides links to sites of interest to investigators. There are resources such as the Detective Information Network, Criminal Justice Links, Computer Network Security, the FBI, and others. There is also a link to several privacy-related sites. _____________________________ Appendix B — The AuditNet Resource List (KARL) 331 Legal Services Corporation Audit Guide (http://oig.lsc.gov/lscpages/aud1.htm) - Provides guidance to auditors and recipients of LSC grants. Legal Services Corporation Office of Inspector General (http://oig.lsc.gov/aud/cs3recov.htm) - Web site provides a link to their Audit Guide and Compliance Supplement, and allowable cost/cost principles. Legislative Analyst’s Office (LAO) (http://www.lao.ca.gov/) - The LAO provides analysis to the California legislature on financial and policy issues. As an independent legislative oversight body, the LAO advises lawmakers on the financial impact of policy issues, including state and local government implications and the use of information technology as a tool to make government more effective. Documents include budget analysis, reports, policy briefings, and special publications. LGNet (http://www.ig.org/) - The Local Government Network sponsored by the Innovations Group on the WWW provides information services for local government professionals. Valuable resource for local government auditors and accountants with information on performancebased measurements, document imaging, reinvention projects and more. The Innovations Group issues a quarterly newsletter called Local Government Online that highlights ways cities and counties are using electronic communication to improve productivity, save money, and provide excellent service to citizens. Licensing and Software Management Guide (http://www.microsoft.com/piracy/licensing/ samguide.asp) - Provides an effective system for software acquisition, distribution/use, copyright law, and more. Includes sections on software audits, audit tools, audit resources, preparing for an audit, initial analysis, conducting, and reporting. Litigation Cost Control Resource Center (http://www.tiac.net/users/svoltz/freebies.htm) Web site dedicated to information on controlling the cost of litigation. A free Litigation Cost Control Manual and other advice is available by e-mail. Locating Canada’s Incorporation Records (http://w3.uwyo.edu/~prospect/caincorp.html) Web site with contact information for national, provincial, and territorial public records. Locating U.S. Incorporation Records Online (http://w3.uwyo.edu/~prospect/secstate.html) Web site provides links to secretaries of state sites, official state corporation databases, IRS nonprofit data, and more. Lorain County Auditor (http://www.loraincounty.com/auditor/) - Local government Web site provides information about the office and the services they offer. 332 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Louisiana Inspector General (http://www.state.la.us/oig/inspector.htm) - Web site provides a history of the office, mission statement, public reports, and more. Louisiana Legislative Auditor (http://www.lla.state.la.us/) - Web site provides information about the office, types of audits performed, reports issued, and more. Louisiana State Division of Administration (http://www.state.la.us/doa/doa.htm) - Site of the organization that oversees the management of state financial administration. Maine Office of Program and Legislative Audit (http://www.state.me.us/legis/opla/ reports.htm) - Web site of the Maine legislative audit function provides access to reports issued. Majengo Software (http://www.majengo.com/) - Vendor of audit productivity solutions that will speed up audit work, cut costs, and provide a new quality standard for audits. Demos available for download from their Web site includes AUDITJOB, which lets you recycle workpapers from previous years and jobs and publish standard template forms, audit programs, and check lists; INSIDE OUT, a trial balance processor, and HORSE’S MOUTH, which automates workpapers. Management Control (http://www.mc2consulting.com/govpage.htm) - Web site for corporate governance, accountability, and management control provides information and articles on the subject for internal auditors. The site advocates a collaborative approach involving various disciplines and stakeholders. This site provides excellent information on control self-assessment and coactive control topics. Management Control Concepts (http://www.mc2consulting.com/) - Home page for audit-related consulting and training services. Includes a description of services offered and books authored by the consultant (David McNamee), and links to audit-related sites. Management Link (http://www.inst-mgt.org.uk/external/mgt-menu.html) - A comprehensive site developed by Information Researchers at the Institute of Management’s Management Information Centre. There are links to sites on management skills and management sources. Managerial Auditing Journal (http://www.mcb.co.uk/cgi-bin/journal1/maj) - Provides links to illustrative articles and subscription information. Managerial Cost Accounting Guide (http://www.va.gov/cfo/pubs/CostGuide/default.htm) Available on the Veteran’s Administration Web site. The Guide includes tools and techniques for implementing a managerial cost accounting system. There is an introduction to project management, implementation strategies, organizational analysis, costing methodologies, team charters, position descriptions, statements of work, and more. The Guide, in Word97 format, provides a free viewer download for those professionals that do not have the program. _____________________________ Appendix B — The AuditNet Resource List (KARL) 333 Manatee County Internal Audit (http://www.clerkofcourts.com/internal.htm) - Web site provides information about the office, services provided, published audit reports, and more. Maricopa County Internal Audit (http://www.maricopa.gov/internal_audit/default.html) Provides information about the department and an index of audit reports issued. Maryland Association of Certified Public Accountants (http://www.macpa.org/) - Site includes information about the association, a comprehensive listing of resources, and CPE opportunities. Maryland Comptroller of the Treasury (http://www.comp.state.md.us/main.htm) - Provides information about the office, services offered, and links to general taxpayer assistance for Maryland residents and businesses. Massachusetts Office of Inspector General (http://www.state.ma.us/ig/ighome.htm) - Web site for the state watchdog agency. Site provides information about the office, publications issued, and more. Massachusetts Society of CPAs (http://www.mscpaonline.org/) - Well-organized Web site for the state society includes information about the organization, a record retention guide, Internet from A to Z (links and resources for business), and more. Massachusetts State Auditor (http://www.state.ma.us/sao/) - Web site provides information about the office and its divisions. Massey University Accountancy Department. (http://cc server6.massey.ac.nz/0/massey/depts/ ac/dp.htm) - This site provides discussion papers from 1981 on a variety of accounting/audit topics. This is a great resource from New Zealand for background material in preparing for or researching audit methodologies or new potential audit areas. Measure.net (http://measure.net/index.htm) - Web site dedicated to improving corporate performance measurement systems provides an Idea Exchange, a Resource Center, and information about performance measurement audits. Medina County Auditor (http://www.medinacountyauditor.org/) - Local government Web site provides information about the office and the services they offer. Methodware Ltd. (http://www.methodware.com/) - Web site for Advisor software products which automate international frameworks such as COBIT and COSO, and assist organizations perform control self-assessment, quality reviews, risk evaluations, and more. The web site also includes examples of customized solutions. 334 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Metro Office of the Auditor (http://www.metro-region.org/glance/auditor/dow.html) - Helps the Portland Metro regional government achieve honest, efficient management and full accountability to the public. Links to reports, a newsletter, and more. Metropolitan Water District of Southern California (http://www.mwd.dst.ca.us/audit/docs/ audhome.htm) - Audit department home page includes information about the department, charter, work plan summaries, and more. Michigan Office of the Auditor General (http://www.state.mi.us/audgen/) - Home page includes information about the office and their reports. Micro-Computer Security Checklist (http://www.fis.ncsu.edu/audit/selfaccs/intcont/ selfeval.htm) - Web site from the North Carolina State University internal audit department provides a guide for department managers. Micrografx, Inc. (http://www.micrografx.com/flowcharter) - FlowCharter is a business drawing, diagramming, and charting tool. It can be used to create organization charts, network diagrams, statistical control charts, and flow diagrams of any type. MicroMash Accounting Reviews (http://www.micromash.com/) - Provides information about their review courses for the CIA, CPA, CMA, CISA, CFM, and more. They offer tutors, indicators (practice exams), and downloadable demos of their programs. Microsoft Network Industry Accounting Forum (http://www.microsoft.com/industry/acc/) Site includes articles and products of interest to accountants. There is a downloadable version of Microsoft’s Software Auditing Resource Kit for designing software audit applications. Milwaukee County Department of Audit (http://www.co.milwaukee.wi.us/depart/daudit.htm) - Web site provides information about the office and the services offered. Minnesota Office of the Legislative Auditor (http://www.auditor.leg.state.mn.us/) - Web server for the Legislative Auditor’s Office. The OLA server includes history of the office, information about the Financial Audit Division, and Program Evaluation Division. Copies of audit reports, including a report on Performance Budgeting. Provides links to the Minnesota legislature Gopher server, and federal, state, and Internet information resources of interest to auditors. Minnesota Office of the State Auditor (http://www.osa.state.mn.us) - Web site provides information about the office, online access to reports, and downloadable files from prior periods. _____________________________ Appendix B — The AuditNet Resource List (KARL) 335 Minnesota Society of Certified Public Accountants (http://www.accountingnet.com/society/ mn/) - MNCPA online site provides information about the organization, articles from their newsletter, CPE opportunities, and more. MIS Metrics and Benchmarks Scoreboard (http://mis.tqn.com/blbench.htm) - Provides staffing, budget, salary, and spending information from MIS executives. MIS Training Institute MISTI (http://www.misti.com/misti) - Web site contains information on seminar offerings and links to other Internet sites. The MISTI curriculum includes courses in modern internal audit and information systems audit and security. They also offer a variety of products and services, including topical conferences, video training, publications, and more. Mississippi Joint Legislative PEER Committee (http://www.peer.state.ms.us/index.html) Web site for the Mississippi Performance Evaluation and Expenditure Review Committee provides access to reports from 1974 to present in Adobe Acrobat format. There are also FAQs and links to other sites of interest. Mississippi Office of the State Auditor (http://www.osa.state.ms.us/) - Web site provides information about the function, public documents, press releases, and links to other sites of interest. Missouri State Auditor’s Office (http://www.auditor.state.mo.us/) - Site includes information about the office, details on reporting fraud, waste and abuse, summaries of reports, and more. For more information, send e-mail to [email protected]. Montana Legislative Audit Division (http://www.mt.gov/leg/audit/) - Site provides information about the organization, access to reports, goal, audit standards, employment opportunities, and more. Multnomah County Auditor’s Office Home Page (http://www.multnomah.lib.or.us/aud) First county auditor’s office to establish a home page on the Web. Includes summaries of recent auditor’s reports, an index of past reports, a profile of the office, and an auditor’s column. The page is directed at Portland citizens with access to the Internet, to let them know about the county auditor’s office. Municipal Bond Scandals (http://lissack.com/) - Site provides overview of scandals and problems affecting the municipal bond industry in the U.S. Includes definitions and common terms, search capability, and a large index of relevant articles. MuniNet Mailing List - FinanceNet mailing list targeted to municipal and township financial managers and clerks. The list will be a distribution and discussion list for issues relating to financial management of municipalities, townships, and counties within larger geopolitical 336 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ jurisdictions. To subscribe, send e-mail to [email protected] and include message “subscribe MuniNet (FirstName LastName). NALGA Local Government Auditing Quarterly Audit Abstract Database (http:// www.execpc.com/~milcoaud/) - Provides the listing of audits performed by local government auditors that appeared in their newsletter, the Local Government Auditing Quarterly. The Local Government Audit Newsletter (LGAQ) contains abstracts of audits performed by members of the National Association of Local Government Auditors. This database contains information about those abstracts, including reference to the newsletter containing the abstract. The program searches the database for selected keywords and displays information about the abstracts that match those keywords. The information includes where to find the abstract in the newsletter and who produced the audit so that you may contact them. The downloadable database is available in both DOS and Windows format. An older copy of the database is available as a zip file on the ASAP FTP site. Retrieve and extract the file and follow the installation instructions. NARA IG (http://www.nara.gov/ig/) - The National Archive and Records Administration Inspector General’s Office homepage provides a wealth of resources for IG offices. The site provides information about the role of the IG and the audit and investigation units. There are links to other related sources and a Guide to Internet Legal Research with links to areas of special interest to IGs, statutes, case law, regulations, legislative history, and more. NASA Office of Inspector General (http://www.hq.nasa.gov/office/oig/hq/) established a home page on the WWW. Provides the mission statement, information on their hotline, and summaries of the audit and investigation sections, including sample audit findings. National Association of Enrolled Agents (http://www.naea.org/) - Site provides information about the association and its members, how to find a tax advisor, tax links, tax news, and electronic commerce resources. National Association of Financial Services Auditors (http://www.nafsa.com/index.htm) - Web site provides information about the organization, conferences, membership, and more. National Association of Local Government Auditors (http://www.nalga.org/) - Home page for NALGA the organization formed to bring together professional local government auditors. The site includes information about the organization, annual conferences, and excerpts from the Local Government Auditing Quarterly. National Association of Purchasing Management (NAPM) (http://catalog.com/napmsv/) Silicon Valley Chapter maintains a World Wide Web page on the Internet. Includes resources for purchasing and supply management professionals. Purchasing articles include topics such as Software Licensing Flexibility, Paperless Purchasing, and Getting Started With EDI. The _____________________________ Appendix B — The AuditNet Resource List (KARL) 337 site also includes a library collection of books, video and audio cassettes on purchasing, materials, operations, and business management. National Association of State Auditors, Comptrollers and Treasurers (http://sso.org/nasact/ nasact.htm) - Web site for the organization which includes public financial management, treasury, and audit reports. Provides links to state auditors and treasurers on the Web, state comptroller, and state auditor issues. National Association of State Boards of Accountancy (http://www.nasba.org/) - This Web site provides information about the organization, a listing of individual state boards of accountancy, a national registry of CPE sponsors, and more. Some areas are restricted to members only. National Association of State Budget Officers (http://www.nasbo.org/) - Web site for the professional organization for state finance officers. The site includes a list of available publications, links to budget related links, and more. The Budget Links page also includes sites related to performance measurement. National Association of State Information Resource Executives (http://www.nasire.org/) Clearinghouse of state government information on the Internet. Selectable categories include Auditors, Finance and Administration, and Information Resource Management. Categories provide links to related information servers. National Association of Trust Audit and Compliance Professionals (http://www.natacp.org) - Web site for trust, audit, and compliance professions provides information about the organization, membership, career opportunities, and more. National Audit Office (http://www.open.gov.uk/nao/home.htm) - Home page for the independent public sector audit organization in the United Kingdom. This office reports on the economy, efficiency, and effectiveness of departments and related parts of the government. The NAO publishes up to 50 value-for-money audits annually. A listing of the reports available is on the site as well as press notices that provide an abstract for each report. The Annual Report summarizes their work and results achieved. National Council on Compensation Insurance (http://www.ncci.com/index.html) - The largest workers’ compensation data, statistical and research corporation. Web site contains information about products and free publications. National Credit Union Administration (http://www.ncua.gov/) - Web site of the independent federal agency that oversees federal and state credit unions. Online information for auditors includes guidelines for operations, an accounting manual, the FFIEC IS Examination Handbook, and Financial Performance Report Guide. 338 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ National Criminal Justice Reference Service (http://www.ncjrs.org) - The NCJRS established a Web site containing various resources from the National Institute of Justice, the research and development agency of the U.S. Department of Justice. Includes updates from the Office of Justice and the Office of National Drug Control Policy. Also provides information about products and services sponsored by NCJRS. National Health Care Anti-Fraud Association (http://www.nhcaa.org/) - An organization composed of private health insurers and federal/state law enforcement officials dedicated to the detection, investigation, and prosecution of healthcare fraud. National Library of Australia Department of Finance (http://www.finance.gov.au/) - Site provides Australian government information from the Department of Finance. The Information Technology and Systems area includes IT Acquisition Council Guidelines as well as information on publications such as Implementing Financial Management Information Systems. National Society of Accountants (http://www.nsacct.org/) - Web site provides information about the association, job links, legislative issues, and more. National Society of Insurance Premium Auditors (http://www.nispa.org/) - Web site includes background information, industry news, publications, and more. National Society of Public Accountants (http://www.nspa.org) - Site provides information about the NSPA, a national organization representing local practitioners, and small businesses. There is information about publications, course availability, membership, and more. Naval Inspector General (http://www.ig.navy.mil/New_Look.html) - Web site provides information about the office, online publications, and more. Nebraska State Auditor of Public Accounts (http://www.nol.org/home/auditor/index.html) Home page that provides information about the organization, including the Special Audits and Evaluation Unit which operates a hotline. Includes examples of complaints and concerns. Netherlands Court of Audit (http://www.rekenkamer.nl/en/index.htm) - The official audit organization for the government. The site includes performance and regularity audit manuals, summaries of audit reports, the legal basis for the office and more. Network 1 Security Related Links (http://www.network 1.com/) - Consulting firm with links to security-related Web pages and security-related newsgroups. Network-list, the official CPA Guide discussion list, is provided for immediate discussion of accounting topics by interested parties. To subscribe to Network, send an e-mail message to _____________________________ Appendix B — The AuditNet Resource List (KARL) 339 [email protected], with the words “subscribe network” in the message body. Note: you must send your request from the e-mail account you wish to use. If you do not, your e-mail message must read “subscribe network other_email_address”, with the e-mail address you wish to use substituting “other_email_address.” Send mail to Network recipients via [email protected]. Note: you must be subscribed in order to send messages. Network Risk Assessment Users Manual (http://wwwoirm.nih.gov/security/) is available in either Word or WordPerfect format from the NIH Information Systems Security page. Nevada Legislative Counsel Bureau Audit Division (http://www.leg.state.nv.us/lcb/audit/ audit.htm) - Web site provides information about the office, list of reports issued, organizational structure, and more. New Hampshire Legislative Budget Assistant (http://www.state.nh.us/lba/index.html) - Web site for the audit division provides their mission, staff directory, summaries of reports, and links to other sites. New Jersey Office of the State Auditor (http://www.njleg.state.nj.us/html98/olsaudit.htm) Web site provides information about the office, mission statement, and full text of recent audit reports in Envoy format (free reader available). New Mexico Military Institute Internal Audit (http://www.nmmi.cc.nm.us/audit/Guest.html) - Site provides information about the department, FAQs, and links to other resources. New Mexico State Auditor (http://www.saonm.org/) - Web site of the office responsible for safeguarding New Mexico taxpayers’ money. New Mexico State Treasurer (http://www.stonm.org/) - Web site of the office responsible for accounting for taxpayers’ money. Site provides access to public reports. New South Wales Audit Office (http://www.audit.nsw.gov.au/) - Site includes information about the office, roles and responsibilities, reports and publications, and more. New Technologies Inc. (http://www.forensics-intl.com/intro.html) - A security consulting firm that offers training and tools for computer forensics. Site provides articles, software, visual aids, and more. New York State Office of the State Comptroller (http://www.osc.state.ny.us) - Well-organized Web site provides information about the office, audits of state agencies, local government services and audits, the State Comptroller’s Assistance Network (SCAN), and links to other useful sites and more. 340 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ New Zealand Controller and Auditor-General (http://www.netlink.co.nz/~oag/) - Office of the controller and auditor-general of New Zealand provides general information, recent reports, speeches, and international affiliations. Nijenrode Business Resources (http://library.nyenrode.nl) - Comprehensive list of business resources maintained by Nijenrode University in the Netherlands. Provides links to business resources on the Internet. NJH Security Consulting, Inc. (http://www.njh.com/) - Web site for a security consultant specializing in Internet penetration testing and Web security. Items of interest to auditors include articles on security-related issues and problems. Non-Federal Audits Team Home Page (http://home.gvi.net/~edoig) - Provides a “one stop shopping” for information pertaining to Single Audits and other audits of Education Programs (SFA Audits, Lender Audits, etc). (Non-federal means audits of Federal Funds performed by Non-Federal Auditors). Information is organized by source (GAO, OMB, PCIE, ED, etc.). There are links to other related sites. Nordic Accounting Network (http://www.nan.shh.fi) - Site is part of the International Accounting Network. Includes regional archives of information as well as links to the other network members. For more information, send message to [email protected] North Carolina Office of the State Auditor (http://www.osa.state.nc.us/) - Provides information about the State Auditor’s Office, online access to selected audit reports, e-mail request for other reports, and links to other sites. North Dakota State Auditor (http://www.state.nd.us/auditor/) - Web site provides information about the office, links to audit reports, FAQs, employment information, staff directory, and a fraud hotline. Northeast Insurance Anti-Fraud Group (http://www.geocities.com/WallStreet/Exchange/ 1276/) - An organization of investigative professionals dedicated to finding fraud in the insurance industry. Site includes topics of past and future meeting and links to other related sites. Northern Territory Auditor-General’s Office (http://www.nt.gov.au/ago/) - Web site provides information about the office and their reports. Nova Scotia Office of the Auditor General (http://www.gov.ns.ca/legi/audg/) - Provides information about the office and the services offered. Includes annual reports by the auditor general. _____________________________ Appendix B — The AuditNet Resource List (KARL) 341 NPR Report (http://www.npr.gov) - From Red Tape to Results, hypermedia document. The Federal Reinventing Government report is available with word search capability on the WWW. Go the Library section. NT Bugtraq (http://www.ntbugtraq.com) - A mailing list for the discussion of security exploits and security bugs in Windows NT and its related applications. NYCComptNet (http://www.comptroller.nyc.ny.us) - Office of the New York City Comptroller established an Internet connection and offers other localities ideas on how to improve their financial systems and reporting, internal controls, and performance measures via the Internet. Occupational Safety and Health Administration (OSHA) Web site (http://www.osha.gov) which includes general information about the agency, standards, news releases, fact sheets, publications, OSHA Compliance Assistance Tools, and safety and health related links on the Internet. Auditors with OSHA audit responsibilities should include this site on their hot list. Office of the Auditor General, Alberta, Canada (http://www.oag.ab.ca/) - Web site provides a report on government accountability and links to annual reports. Office of the Auditor General, New Brunswick (http://www.gov.nb.ca/audgen/index.htm) Web site provides information about the office and their publications. Office of the Auditor General, Newfoundland and Labrador (http://www.gov.nf.ca/ag/) Web site provides information about the office, entities subject to audit, reports, and more. Office of the Inspector General EPA (http://www.epa.gov/oigearth/index.htm) - Provides information about the organization, reports, strategic plan, and more. Office of the Inspector General University of Florida (http://oig.ufl.edu/) - This Web site contains a wealth of information for auditors in the college and university environment and others. Includes a checklist for accounting and administrative controls, control summaries for time records and leave, and tax compliance issues. The UF Software Copyright Policy is an excellent model that includes policies and guidelines, resources, and training materials. There are also links to other sites including the Florida Legislature. Office of Management and Budget (http://www.whitehouse.gov/OMB) - Site contains links to selected OMB circulars, bulletins, and regulations. Office of the Provincial Auditor, Ontario, Canada (http://www.gov.on.ca/opa/en/ieng.htm) Web site provides information about the office and links to audit reports by ministry and by program. 342 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Office of the Provincial Auditor, Saskatchewan (http://www.legassembly.sk.ca/provaud/) Web site provides information about the office, reports issued, and more. Ohio, Auditor of State (http://www.ohio.gov/auditor/) - The Ohio State Auditor Office provides information about the office and its division, audit reports released, technical bulletins, publications, links to related sites, and more. Ohio Office of the Inspector General (http://www.ohio.gov/watchdog/) - Web site provides information about the office such as mission and history. There are summaries of investigations, investigation reports, annual reports, FAQs, and more. Ohio Society of CPA s (http://www.ohioscpa.com/) - CPA access site provides information about the organization, news, information exchange, CPE, links to the Top Ten Web Sites for Accountants, and more. Ohio State Internal Audit (http://www.busmgmt.ohio-state.edu/internal_audit/ osuiawww.htm) - Web site provides their mission statement, services and types of audits, information about the staff, and an organization chart. Oklahoma State Auditor (http://www.state.ok.us/~auditor/) - Web site includes agency information, audit reports, and forms. OptionFinder (http://www.optionfinder.com/) - An electronic meeting tool that gets everyone involved and keeps meetings on schedule. This keypad-based group polling system is used by many organizations in the control self-assessment process. Orange County Florida Audit Division (http://www.comptroller.co.orange.fl.us/audit/ audit.html) - Provides information about the office, the audit process, a fraud hotline, and a list of published reports back to Fiscal Year 1987. Orange County Internal Audit Department (http://www.oc.ca.gov/audit/index.htm) - Web site for this California county provides information about the office, control self-assessment, internal control, and more. Oregon Secretary of State Audits Division (http://www.sos.state.or.us/audits/audithp.htm) Web site includes information about the office, report summaries, fraud hotline, and more. Organization of Local Government Auditing (http://www.olga.org) - OLGA is an initiative of Scandinavian auditing firms responsible for the auditing local government entities in their respective countries. The Web site provides information about the organization and their members as well as links to other audit organizations. _____________________________ Appendix B — The AuditNet Resource List (KARL) 343 Orlando Internal Audit Office (http://www.ci.orlando.fl.us/departments/audit/) - Web site provides their mission statement, a list of audit reports available, links to their hotline, revenue auditing, and more. Paisley Consulting (http://www.paisleyconsulting.com/) - Web site for a vendor of products that address the needs of today’s changing internal audit departments. Products include AutoAudit (audit automation software) and Workforce (audit staff scheduling software). Patton & Patton Software (http://www.patton patton.com/) - Home page of the developers of Flow Charting software. Provides information about the organization and its products. There are links to flowcharting resource materials, including application stories, helpful publications and sources, common symbol definitions, and sample charts and diagrams. E-mail support is available. Pennsylvania Auditor General (http://www.auditorgen.state.pa.us/) - Interactive tour of Pennsylvania’s Taxpayer Advocate provides information about the office, audit results, and career opportunities. Pennsylvania Institute of Certified Public Accountants (http://www.picpa.com/) - Site contains information on education, government relations communications, including the table of contents for its journal and pointers to its officers and chapters. PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L) - A listserv devoted to PeopleSoft Security, Audit, and Control. For those of you interested in subscribing to this list, send an e-mail (with your signature feature turned off) to: [email protected]. Include no subject line. In the body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example: subscribe PSSAC-L Jane Doe). Performance Assessment Guide (http://www.dtic.mil/performance/paguide.html) from the Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide for Developing Performance Measures, a Guide For Measuring Customer Satisfaction, Quality and Productivity Self Assessment Questionnaires, and more. Performance Based Management Guide (http://www.itpolicy.gsa.gov/mkm/pathways/ 8-steps.htm) from the General Services Administrations provides eight steps to develop and use information technology performance measures effectively. Performance Based Organizations (http://www.npr.gov/library/pbo/guide1.html) from the NPR Web site provides a conversion guide for organizations that are shifting to a performance-based environment. 344 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Performance Indicators Page (http://www.auditcommission.org) - Provides comparative measures for local government and public safety entities. Results are in Microsoft Excel format with separate spreadsheets for England, Wales, and police data. Performance Management (http://www.ey.com/publicate/pm/) - Download library from Ernst & Young contains practical articles on topic in Adobe Acrobat format. Performance Management (http://www.oecd.org/puma/mgmtres/pac/) - Web site for the Organization for Economic Co-operation and Development (European Countries). The site identifies and explains key performance management issues, performance management publications, work methods, links to other sites, and more. Performance Management Guide (http://www-hr.ucsd.edu/~staffeducation/guide/) is an excellent publication from the UC San Diego on managing employee performance. Auditors reviewing the human resource department for their organization can use this guide as a model for setting up an employee performance management system. Performance Management System Audit Guide (http://www.qao.qld.gov.au/guidelin.html) from the Australian Queensland Audit Office provides an audit approach, methodology, audit considerations, criteria, and more. Performance Measurement Best Practices (http://www.npr.gov/library/papers/benchmrk/ nprbook.html) is a benchmarking study report from the National Performance Review. Performance Measurement Guide (http://www.sao.state.tx.us/) from the Texas State Auditor’s Office provides information about setting up a performance measurement system and detail on how agencies can establish adequate internal controls in measurement systems in order to assist them in reporting accurate information. Performance Measurement Handbook of Tools and Techniques (http://www.orau.gov/pbm/ resources/handbook1/handbook1.html) is an excellent resource for auditors involved in performance measurement. The Handbook is available in HTML format or may be downloaded in PDF format for printing. Performance Measurement Info (http://financenet.gov/financenet/start/topic/perf.htm) FinanceNet has a number of files and reports available on performance measurement. Performance Measurement Office (http://www.qed.qld.gov.au/about/pmo/index.htm) - Web site of the Queensland Education Department includes information about the office, performance information, a school planning and accountability framework, a measurement listserv, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 345 Performance Measurement Office (http://www.qed.qld.gov.au/about/pmo/index.htm) - Web site of the Queensland Education Department includes information about the office, performance information, a school planning and accountability framework, a measurement listserv and more. Performance Measurement Resources (http://www.zigonperf.com/performance.htm) is a set of free resources to help you with performance measurement problems. There are articles, links, and sample performance measures for various job categories. Performance Measures for Procurement (http://www.itpolicy.gsa.gov/perfmeas/pathways/ pp8ahow.htm) is a government task force report that provides best practices and procurement performance measures. Performance Measures List Archives (http://www.mailbase.ac.uk/lists/lis-perf-measures/) lisperf-measures for library and information science professionals maintains an archive of their discussions. The list supports work in performance measurement in the library and information community throughout the world. Subscription details are available from this site. Performance Pathways (http://www.itpolicy.gsa.gov/mkm/pathways/pathways.htm) - Web site from the Office of Government-wide Policy provides a central resource for information related to the development and use of performance measurement. Performance Planning Guide (http://www.ospl.state.nc.us/planning/hcontent.html) from the North Carolina Office of State Planning provides an excellent step-by-step process for setting up a performance management system. Philadelphia Office of the City Controller (http://www.libertynet.org/~citycont/) - Web site provides information about the office, access to city economic information, and a searchable audit database. Point of Sale Discussion List (POS-List) was created for discussions related to business software such of POS, OE, Retail, Mail Order, Accounting, and more. To subscribe to pos-list, send an e-mail to [email protected] with the message subscribe pos-list. Portland City Auditor’s Office (http://www.ci.portland.or.us/auditor/pdxaudit.htm) includes general information about the City of Portland, Oregon Audit Services Division. Includes list of all audit reports issued, abstracts of audits, and links to other resources. Practical Guide to Corruption Prevention (http://www.icac.nsw.gov.au/ pub_corruption_prevention/pub2_27_1cp.htm) prepared by the Independent Commission Against Corruption is an excellent resource for developing a fraud and corruption program within organizations. Modules include risk assessment, ethics, cash handling, purchasing, and more. 346 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Premium Audit Advisory Service (http://www.aisg.org/paas/paas.html) provides publishing resources and training for premium audit departments. Prentice Hall Publishing (http://www.prenhall.com) - Searchable site for accounting, audit, and technology books. Preventing Business Fraud (http://www.ioma.com/newsletters/pbf/) - A newsletter from the Institute of Management and Administration. Provides recent articles on the subject. Princeton Office of Internal Audit (http://webware.princeton.edu/Audit/) - Site provides information about the office, their charter, objectives, audit guidelines, and links to other useful resources. Procurement Policies and Procedures Handbook (http://www.state.ma.us/osd/phand/) for the Commonwealth of Massachusetts includes best value guidelines, role of procurement for managers, contract categories, and more. This is a good reference document for auditors reviewing and comparing best practices. Professional Ethics Resources on the WWW (http://www.ethics.ubc.ca/resources/professional) - Provides links to sites on the subject. ProfessionalCity.com (http://www.professionalcity.com/) is a vertical industry portal that provides research material and information regarding related products and services for specific professions. There are currently “neighborhoods” for law, marketing, and accounting. Professionals Online (http://www.prosonline.com) - Directory of WWW sites organized by profession. Classifications include accounting, finance, business, and more. Resources for accountants are organized into CPA Exam, Theory, Practice, Auditing, Commercial Law, Tax, SEC Accounting, and more. Financial resources include business and personal finance and digital cash. Project Management Institute (http://www.pmi.org) - Web site for the organization for project management professionals includes information about the organization and available resources. The site includes a comprehensive Guide to the Project Management Body of Knowledge. The Guide is in PDF format and requires an Adobe reader (available for free). The Guide alone makes this site a sure bookmark for all auditors, accountants, and financial professionals. Public Service Commission of Canada Audit and Review (http://www.psc-cfp.gc.ca/audit/ internet/recourse.htm) - Site includes information about the PSC, monographs and reports, methodologies used, and links to other related site. _____________________________ Appendix B — The AuditNet Resource List (KARL) 347 Purdue University Internal Audit (http://www.purdue.edu/OOP/AUDIT/index.html) - Web site provides information about the office, a guide to internal controls, links to other resources, and more. QS-9000 Auditor’s Checklist (http://www.isogroup.iserv.net/qslist.html). QSAK (http://www.optimumtechnology.com/OptProdQSAK.htm) software used to schedule, manage, analyze, and conduct internal audits, assessments, tests, and inspections. This management tool is designed to organize, direct, document, and report on internal and external audits. Free limited version is available for download from Optimum Technology’s site. Quality Auditor Home Page (http://www.geopages.com/WallStreet/2233) - Resource page for quality auditors. Includes links to the ASQC, the Quality Auditor division, listserv for Good Laboratory Practices, newsgroups, and more. Quality Digest Magazine (http://www.tqm.com/digest/index.html) - The Quality Digest electronic magazine covers quality management issues. Examples of topics include how to, case studies, benchmarking, reengineering, and more. The site maintains both current and back issues. Quality Network (http://www.quality.co.uk/quality/index.htm) - Site provides links to resources on quality management, ISO 9000, environmental and safety management. Will include environmental and safety management auditing advice. Quality Online Forum (http://www.qof.com/) - A subscription service available via dial-up or via the Internet. There are links to proprietary databases, resources, and other quality sites. Queensland Audit Office (http://www.qao.qld.gov.au/) - Home page includes information about the office and links to other sites. RACF-L ([email protected]) is a discussion list devoted to the topic of Remote Access Control Facility. Auditors in organizations that use this security tool should consider subscribing to this e-mail discussion group. You can join this group by sending the message “sub RACF-L your name” to [email protected]. Note: This is a high volume list specifically designed for audit and security personnel using RACF. Raptor Systems Security Library (http://www.raptor.com/lib/) - Provides links to a variety of security articles. Real Estate Accounting Professionals Forum (http://www.reap.com/reap/) - Site sponsored by a financial products vendor includes a discussions area with topics on software support and managerial issues. There are software reviews, sample products, and links to related Internet resources. 348 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Republic of Singapore Auditor General’s Office (http://www.gov.sg/ago/) - Site provides information about the office, types of audits performed, and the 1994/95 Report. For more information, send e-mail to [email protected]. Research Institute of America (http://www.riatax.com) is a publisher of U.S. federal, state and local tax information and analysis. Weekly updates on tax information, product reviews, demos, and employment opportunities. Researching Companies Online (http://home.sprintmail.com/~debflanagan/index.html) Provides a step-by-step tutorial on finding organization and industry information on the World Wide Web. RespondaNet (http://www.respondanet.com/) is the Web site for the Americas Accountability Anti-Corruption project. The site contains information in English and Spanish including accountability, the quarterly newsletter, links to related sites, publications, event listings, and more. Review Information Network (http://www.tbs-sct.gc.ca/rin/Internal Audit/Index.e.html) Web site provides audit publications and guides from the Treasury Board of Canada. Rhode Island Society of CPAs (http://www.riscpa.org/) - Site of this professional society provides links to Internet resources and information about the organization. Risk Assessment and Control Design WWW Resource Kit (http://www.kpmg.ca/crsa/ main.htm) is a project of KPMG and includes a virtual library on the topic. There are articles and guides and a moderated mailing list on the subject of CSA. Risk Assessment and Risk Management (http://www.mc2consulting.com/riskpage.htm) - Web site for a project that provides tools and articles on risk-related subjects. There is a risk glossary and internal audit risk bibliography that professionals will find useful for research and background on the subject. Risk Assessment Do’s and Don’ts (http://www.jebcl.com/riskdo/riskdo.htm) - Professor Boritz provides guidance on risk assessment for internal auditors. Risk Management Audit Guide (http://www.tbs-sct.gc.ca/pubs_pol/dcgpubs/TB_H4/ RISK_e.html) from the Treasury Board of Canada provides review guidance for auditors including risk identification, compensation, volunteers, and more. Risk Management and Internal Auditing (http://www.rpi.edu/dept/rmia/webpage/rmia.html) - Site at Rensselaer Polytechnical Institute includes loss prevention policies and procedures, Internal Control Manual, Conflict of Interest Policy Statement, and more. Most files in Adobe Acrobat (PDF) format, which requires the Adobe Acrobat reader, available free by download. _____________________________ Appendix B — The AuditNet Resource List (KARL) 349 Risk Ranking and Security Controls (http://ourworld.compuserve.com/homepages/JerArdra) - Web site of Jerry FitzGerald and Associates. Access a downloadable working copy of RANKIT(R) (and 16 page manual), a DOS-based risk ranking program and methodology that automates the ranking process. Information is also available on other information systems books and software. RiskList is a KPMG moderated mailing list forum for discussions on control and risk management issues. Join RiskList by sending an e-mail message to [email protected] with the words “subscribe risklist” in the body of the message. RISKWeb (http://www.riskweb.com) - Information resource for academics and professionals interested in risk management and insurance issues. The RISKNet WWW server is a service of the RISKNet mailing maintained at the University of Texas at Austin. The RISKNet mailing list provides individuals around the world with a forum for open discussion of risk and insurance issues. RMIT Internal Audit Group (http://www.rmit.edu.au/departments/ia/) - Web site for the auditors of the Royal Melbourne Institute of Technology. The page includes information about the department, charter, FAQs, links to other audit sites, and more. Robert Half (http://www.roberthalf.com) - Web site provides resources for job seekers including job openings. Rothstein Associates (http://www.rothstein.com) - Home page for industry’s primary source of information on disaster recovery. Contains an extensive index of material on disaster recovery and links are planned to resources for business continuity and disaster recovery professionals. For more information, send e-mail to [email protected] Rutgers Accounting Web (RAW) Site (http://www.rutgers.edu/Accounting/) - located at Rutgers University and mirrors the ANet WWW site. St. Charles County Auditor (http://www.win.org/county/depts/sccgaud.htm) - Web site provides information about the office, their annual audit plan, links to audit reports, and more. Saipan, Office of the Public Auditor (http://www.opacnmi.com/) - Web site for the official auditor of the Commonwealth of the Northern Mariana Islands provides information about the office, reports issued, government ethics, links to other resources, and more. Sales System Control Objectives (http://www.umanitoba.ca/admin/internal_audit/admin/ internal_audit/html/sales.html) from the University of Manitoba provides system implementation control objectives for this functional area. 350 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Sampling and Surveying Handbook (http://www.au.af.mil/au/hq/selc/smplntro.htm) from the Air University provides guidelines for planning, organizing, and conducting surveys. The site includes guidance on selecting a sample size with a corresponding free program available for download. San Diego Auditor’s Department (http://www.co.san-diego.ca.us/cnty/cntydepts/general/auditor/) - Web site provides information about the department, goals, services, job information, FAQs, and more. San Jose Office of the City Auditor (http://www.ci.san-jose.ca.us/auditor/www.shtml) - Web site provides information about the office, types of audits performed, FAQs, benefits to the city, org charts, and a list of issued audit reports. SANS Institute Online (http://www.sans.org/) - The System Administration, Networking and Security Institute is an education and research organization for system and network administrators and security professionals. They provide resources and tools for professionals in related fields. Their e-mail newsletters are a valuable knowledge resource for IT auditors. Scout Report for Business and Economics is an electronic newsletter from the Internet Scout Project. The Report is published every other week and delivered via e-mail. To subscribe to the Business & Economics Report, send e-mail to [email protected]. In the body of the message type: Subscribe SRBUSECON. Seattle, Office of the City Auditor (http://www.pan.ci.seattle.wa.us/seattle/audit/hpg.htm) Web site for the city’s independent auditor provides audit reports, a description of the audit process, a whistleblower’s page, links to other audit offices, an excellent newsletter with a performance theme, and more. Securities and Exchange Commission (SEC) (http://www.sec.gov/) provides free Internet access to the EDGAR database. EDGAR on the Internet began as a trial project in 1993 with New York University and the nonprofit Internet Multicasting Service. The Internet database makes key financial information available to anyone with Internet access. There are plans to provide e-mail requests for specific EDGAR filing documents and SEC information documents, multiple indexing of SEC information documents, and text search of SEC public information documents. The SEC site menu of services includes corporate financial information from the EDGAR database; information on SEC operations and underlying acts; SEC-produced investor brochures, publications, and alerts; speeches, congressional testimony, press releases, and daily information on commission enforcement actions included in the SEC News Digest; and rulemaking proposals, as well as final rules. Security Alert for Enterprise Resources (http://safer.siamrelay.com/online/) provides a monthly security update for I.T. professionals and executives. E-mail notifications provide links to this Web-based newsletter. Great knowledge resource on information technology security. _____________________________ Appendix B — The AuditNet Resource List (KARL) 351 Security & Hackerscene (http://bau2.uibk.ac.at/matic/) - Web site with a comprehensive set of links to security and hacker information. Covers all aspects of Internet security on Unix, X Windows, articles, hacker sites, security software, newsletters, and files. Security Checklist (http://spider.osfl.disa.mil/cm/security/check_list/check_list.html) - This site from the Defense Information Infrastructure Common Operating Environment (DII COE) includes security checklists for Solaris, Windows NT, Oracle, and more. Files are available in both PDF and MSW versions. Security Magazine (http://www.secmag.com/) is a publication for corporate and commercial buyers of security and other products in business, industry, and government. The site includes an online database of products and articles on security issues. Security Management Online (http://www.securitymanagement.com) - Magazine of the American Society for Industrial Security. Contains information about ASIS, editorial columns, articles, and more. Security Newsletter, authored by noted security expert Winn Schwartau, provides the latest security tips, product news, and analysis to help reduce your network’s vulnerability. Free subscription to this e-mail newsletter is available at Network World Web site (http:// www.nwfusion.com/focus/). Security Policies (http://www.sans.org/newlook/resources/policies/policies.htm) provided by the SANS Institute include templates for computer usage guidelines, acceptable use statements, special access policy, incident handling, and more. Security Resource Net (http://nsi.org/) - Site of the National Security Institute provides information on security-related topics, including computer alerts, products, a virtual security library, and more. Sick Leave Management Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/AuditGuidance/ GUID305S.e.html) from the Treasury Board of Canada provides guidance for reviews in this area. Sections include a model for sick leave management, planning and performing the audit, and more. Site Security Handbook (http://www.net.ohio-state.edu/hypertext/rfc1244/toc.html) - Product of an Internet Engineering Task Force work group. This document provides auditors with guidance on how to deal with Internet security issues. Useful for designing audits and reviews of Internet security. Social Security Death Index (http://www.ancestry.com/ssdi/advanced.htm) is a freely accessible database of the Social Security Administration records of deceased individuals. Handy tool for audits of organization retirees. 352 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Society of Management Accountants (http://www.cma canada.org/) - Home page for the organization that represents Canadian Certified Management Accountants. Site has information about the designation, a library including articles from current and past issues of CMA Magazine, member news, and more. Software Auditing Home Page (http://www.ex.ac.uk/ECU/auditing/welcome.html) - Site provides a review of software auditing systems, evaluations, notes, and implementation plans. Includes links to related audit sites. Software Information Industry Association (http://www.siia.net) - Web site provides information to keep members, developers, and users of computer software aware of SIIA activities and developments. Information available on Publications, Anti Piracy Programs, and more. This is a great resource for software compliance auditing. Software Management Policy Manual (http://www.state.ct.us/otc/softmpm/smpmtoc.htm) from the State of Connecticut provides their policy statements, agency responsibilities, and software use policies. This excellent resource is a model for combating organizational software piracy. Software Program Manager’s Network (http://www.spmn.com/) was created for managers of large-scale, software-intensive development/maintenance projects to more effectively manage by identifying best management practices, lessons learned, and support. Site has a number of useful guides, including The Program Manager’s Guide to Software Acquisition Best Practices. Source Services (http://www.experienceondemand.com/) is the Web site for one of the leading financial employment services. There are articles on career development, a strategic staffing guide, the Salary Survey on Demand, and more. This is a great site for audit departments looking to fill positions or for auditors seeking information on their worth in the job market. South Australia Auditor General (http://www.auditsa.gov.au/) - Government Web site provides information about their office and the reports issued. South Carolina Audit and Certification (http://www.state.sc.us/mmo/audit/audmenu.htm) Web site provides information about the office, audit program, internal control questionnaire, and more. South Carolina Comptroller General (http://www.state.sc.us/cg/news.htm) - Web site provides information about the organization, monthly financial reports, their Comprehensive Annual Financial Report, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 353 South Dakota State Auditor’s Office (http://www.state.sd.us/state/executive/auditor/ auditor.htm) - Web site provides information about the office and the tasks performed. South Florida Water Management District (http://www.sfwmd.gov/gover/2_intaudit.html) Inspector General’s Office Web site has information about the office, charter, audit reports, and more. Span of Control Calculator (http://www.icce.rug.nl/qr/ssocc.html) - Web site that provides a simple formula for determining the size of an organization based on the span of control and the hierarchical levels of management. Spreadsheet Page (http://www.j-walk.com/ss/) - A comprehensive site with information and links on all spreadsheet programs, books, and especially tips on what to do when you need help with a spreadsheet problem. Spreadsheet Research (http://panko.cba.hawaii.edu/ssr/) - A repository for research on spreadsheet development, testing, use, and technology. Sections include reports of errors in practice, audits, development and audit experiments, questionnaire and interview studies, the year 2000 spreadsheet problem, and more. SQL Auditor Pages (http://www.sqlauditor.com/) - Web site for a security analysis solution for SQL Servers. Site includes information about the product, articles, FAQs, and an opportunity for participating as a beta tester for the software. Stanford University Internal Audit Department (http://www.stanford.edu/dept/InternalAudit) - Web site provides information about the department, their audit program, an Audit Survival Guide for management, internal control factors, a Novell Network Security SelfAssessment, and more. State Internal Audit Advisory Board (http://siaab.audits.uillinois.edu) - Auditing solutions, online training, and education resources for the State of Illinois internal audit professionals. Statistical Sampling for Auditors (http://www.hhs.gov/progorg/oas/ratstat.html) - RAT-STATS is a package of statistical software tools used by the Office of Audit Services in the Department of Health and Human Services. It was designed to assist auditors in performing random samples and evaluating the results. This site includes the manual and a self-extracting file for the program. StudyWeb (http://www.studyweb.com/) - A site designed for researching a variety of topics using the Internet. The business and finance category includes topics for accounting, economics, federal reserve banks, finance, glossaries, investing, and newspapers on the WEB. 354 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Subrecipient Audit Guide (http://www.phila.gov/atservice/reports/audit98/auditweb/) - The purpose of this manual is to implement the city of Philadelphia’s audit requirements for organizations and their independent auditors in preparing for and performing audits of organizations that receive financial assistance awards from the city. Swedish School of Economics and Business Administration in Helsinki, Finland, Department of Accounting, has a Web site(http://status.shh.fi/Depts/Redovis) which has tutorials and working papers. The Property of Audit Trail, by Anders Tallberg, analyzes the concept from the perspective of computer security and accounting systems. Includes links to accounting-related sites. Symantec AntiVirus Research Center (http://www.symantec.com/avcenter/vinfodb.html) Web site from an AntiVirus software vendor provides a comprehensive database of computer virus-related information. The site provides updates to their software, information about virus hoaxes, and more. Syracuse University Internal Audit Department (http://sumweb.syr.edu/internal_audit/ index.htm) - Contains useful information for all audit departments. The site includes information on the department, policies, procedures, and more. There is proactive information provided for the department’s customers such as password suggestions, computer security improvement suggestions, self-assessment documents, brochures, videos, and more. There is guidance for university departments on self-audit for computers as well as administrative areas, including cash handling, inventory tracking, revenue, budget, personnel, and computing issues. For more information, send e-mail to [email protected]. System Implementation Review Checklist (http://www.umanitoba.ca/campus/ adminstrative_systems/application_development/internal.htm) from the University of Manitoba provides a comprehensive approach for a review of this area. Tallahassee Auditing Department (http://www.state.fl.us/citytlh/auditing/audhompg.html) - Home page provides information about the office, its staff, and a list of recent audit reports. Tally System Corporation (http://www.tallysys.com/) produces Desktop Asset Management tools. Site provides issues related to software and hardware management, white papers, and links to Desktop Asset Management Associations. The White Paper on How the Internet Affects Your Business provides guidelines on smart Internet use. Tampa Internal Audit Department (http://www.ci.tampa.fl.us/audit/index.htm) - Web site for the city audit office. The site includes information about the office, current audit agenda, audit programs, audit reports, tax information, links to related sites, and more. _____________________________ Appendix B — The AuditNet Resource List (KARL) 355 Tasmanian Audit Office (http://www.audit.tas.gov.au/) - Site includes information about the office, audit reports, and links to other Australian audit sites. Tax & Accounting Professional Network (TAPNet) (http://www.tapnet.com) - Provides information on the selection and implementation of accounting software systems. Professionals can also subscribe to five e-mail discussion groups of various tax and accounting topics and search for past articles published in Management Accounting magazine via the subject index linked to abstracts of all articles published after October 1994. Tax and Accounting Sites (http://www.taxsites.com) - An extensive list of tax, accounting, law, finance, economics, and government sites maintained by Dennis Schmidt, Associate Professor of Accounting, University of Northern Iowa. Tax-Jobs.Com (http://www.tax-jobs.com/) - Web site with job listings for tax professionals provides opportunities for employers, job seekers, and links to other related sites. Taxpayers Against Fraud (http://www.taf.org/) - A nonprofit public interest organization devoted to fighting fraud against the federal government. The site includes information about the False Claims Act, news releases, resources, health care information, and more. TaxWeb (http://www.taxweb.com/) - Web site for federal, state, and local tax-related developments. Includes tax forms, filing extension information, federal and state legislation, tax research, enforcement, tax publishers, discussion groups, professional organizations, and more. Tennessee Comptroller of the Treasury (http://www.comptroller.state.tn.us/) - Web site provides information and reports released for the office that has audit responsibility for all counties in the state. Tennessee Valley Authority Office of the Inspector General (http://www.tva.gov/oig) - Home page with information about the office and links to other audit, finance, and business-related sites. For more information, send e-mail to [email protected]/. Texas A&M University System Internal Audit Department (http://sago.tamu.edu/iaudit/ default.htm) - Web site provides information about the office, internal controls, an overview of the audit process, and more. Texas Comptroller of Public Accounts (http://www.cpa.state.texas.us/) - Window on state government provides news and information, including comptroller publications, e-mail link to the comptroller, and links to other related servers. 356 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Texas Information Resource Standards (http://www.state.tx.us/Standards/) - The Texas state government site includes information security standards as well as a document titled Information Resources Security and Risk Management Policy, Standards and Guidelines. There are also links to the American National Standards Institute (ANSI), Federal Information Processing Standards (FIPS), and more. Texas Society of Certified Public Accountants (http://www.tscpa.org/) - Site provides information about the organization, including the CPA Yellow Pages, National Job Search, Government Resources, and more. Texas State Auditor’s Office (http://www.sao.state.tx.us/) - Site has information about the mission, goal, objectives, and statement of values of the SAO. Key points of reports released since 1994 and the full text of reports released since 04/96 is available online. Resources include Acrobat versions of the Guide to Performance Measurement and the SAO Methodology Manual. Another downloadable file is CAFÉ (Comprehensive Analysis for Efficiency), a visual basic application that contains summary information from various Texas state databases. Audit resource links on the Internet, employment opportunities, and training schedules for Texas State Agency internal auditors are also included on this comprehensive Web site. Thomas Jefferson University Internal Audit Department (http://physres2.uns.tju.edu/ internal.audit/) - Web site provides background about the organization, audit plan, internal control guidance, and more. Timeline Financial Reporting Forum (http://www.timeline.com/) - Site for accounting and business professionals designed by the organization that develops financial management and reporting systems. The site includes a page of links to resources for accounting, financial, professional organizations, tax information, and more. TimeSlips Corporation Web site (http://www.timeslips.com) - Provides information about the organization’s products, including TimeSheet Professional for tracking staff time. Links to accounting, legal, and consulting sites. TipNet (r) - An Internet-based hotline that allows anonymous online reporting of economic crimes such as product tampering, counterfeiting, and intellectual property piracy, available through investigative consulting firm, Decision Strategies International. TipNet(r) designed to help companies and trade organizations obtain valuable information that can reduce fraud and theft. The service is set up to receive anonymous e-mail as well as encrypted e-mail using PGP public key encryption software. For more information about TipNet(r), contact J. Jerome Bullock by e-mail at <[email protected]>. Training and Seminar Locator (http://www.tasl.com) - Free access database to help find resources for training and professional development. Search U.S. training providers by type of _____________________________ Appendix B — The AuditNet Resource List (KARL) 357 resource, subject, location, and date range. Eventually this service will provide online registration. Training Function Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/auditguidance/ GUIDE307.e.html) - from the Treasury Board of Canada provides information for reviews in the staff training area. Transactional Records Access Clearinghouse (http://trac.syr.edu/aboutTRACgeneral.html) - TRAC is a data gathering, research, and distribution organization affiliated with Syracuse University. The site accesses federal enforcement and regulatory agencies such as BATF, DEA, IRS, and the FBI. This is an excellent site for benchmarking information, statistics, and trends on crime and enforcement issues. Treasury Management Pages (http://www.mcs.com/~tryhardz/tmpaa.html) - Set of Internet information resources developed for treasury management professionals. Provides a wealth of information on banking and corporate finance, treasury operations, and other management topics. Tulsa City Auditor’s Office (http://www.webzone.net/philwood/) - Web site provides links to audit reports, audit and accounting resources, and more. UCAR Internal Auditing (http://www.fin.ucar.edu/) - Web site for the University Corporation for Atmospheric Research provides information about the office, FAQs, a guide to internal controls, Ask-An Auditor, and more. UNCW Internal Audit (http://www.uncwil.edu/ia/Index.htm) - Web site of the University of North Carolina at Wilmington includes information about the department, their audit manual, an excellent set of forms for control self-assessment, and more. Union Pacific Corporate Audit (http://www.up.com/audit/) - Provides information about the department and employment opportunities. United Nations Office of Internal Oversight Services (http://www.un.org/Depts/oios/) - Web site for the internal auditing function of this World Wide organization provides information about the office, mandate, mission statement, activities, and reports. University of Arizona Internal Audit (http://w3.arizona.edu/~audit/) - Web site provides information about the office, links to policies and procedures, and related sites. University of Buffalo Internal Audit Program (http://www.mgt.buffalo.edu/departments/ AandL/intaudit/) - Web site for an endorsed Internal Audit Program at the University. Site provides information about internal auditing, career opportunities, program course requirements, certification, student organizations, and more. 358 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ University of California, Berkeley Internal Audit Department (http://www.audit.berkeley.edu) - Web site provides information about the office, planning, process, controls, and more. University of Chicago Office of Internal Audit (http://www uccomp.uchicago.edu/audit/ audit.htm) - Site provides information about software piracy, internal control, the policy on information technology resources, and a link to ACUA. University of Idaho Auditing Services (http://www.uidaho.edu/admin/FnA/audit/) - Web site provides information about the office, an Internal Control Self-Assessment Checklist, and more. University of Iowa Internal Audit Department (http://www.uiowa.edu/~intaudit/index.html) - Site provides audit plans, mission statement, department news, and links to other university internal audit Web pages. University of Manitoba Internal Audit (http://www.umanitoba.ca/admin/internal_audit/ admin/internal_audit/) - Web site provides information about the office, FAQs, resources, review checklists, and more. University of Maryland, Internal Audit Office (http://www.umsa.ums.edu/iao/) - Site provides the IAO charter, procedural guidelines, an electronic brochure, a link to an anonymous re-mailer, and more. University of Massachusetts Accounting and Auditing Information (http://www.umass.edu/ acctg) - This site is designed primarily as an information source for students. There are links to accounting sites, including accounting organizations, public accounting firms, and other sources of information. There is also a section that provides selected course materials, including Introduction to Financial Accounting, Cost Accounting, and Auditing. Besides the syllabus and list of class projects, there are practice exams. The exams are structured like professional exams with a combination of multiple-choice and essay questions. University of Melbourne Internal Audit (http://www.unimelb.edu.au/audit/) - Site includes a strategic planning and management procedures manual. The manual describes a computerbased system used for planning, monitoring, and reporting audit activity. This is an outstanding example of auditors sharing knowledge and techniques in the pursuit of global audit excellence. University of Missouri Internal Audit (http://www.system.missouri.edu/audit/welcome.htm) - Web site provides information about the office and frequently asked questions. University of New Hampshire Internal Audit Department (http://marley.unh.edu/audit/ default.html) - Web site provides information about the department, policies and procedures, FAQ, flowcharts, previously issued reports, and an excellent list of common audit findings. _____________________________ Appendix B — The AuditNet Resource List (KARL) 359 University of Notre Dame Audit and Advisory Services (http://www.nd.edu/~auditing/) Web site describes the office, services, policies and procedures, and more. University of Rochester Office of University Audit (http://listener.uis.rochester.edu/audit/) Home page provides information about the office, a description of internal controls, links to other sites, and more. There is a Top 10 List of Typical Audit Findings that auditors may find interesting. University of Waterloo Internal Audit Department (http://www.adm.uwaterloo.ca/infoia/ index.html) - Site provides background information on audit reviews, information on internal controls (why they are necessary), policies and procedures, and more. University of West Florida Office of Inspector General. (http://www.uwf.edu/~oig/oig.htm) - Site provides information about the office, mission statement, strategic plan, audit and management advisory services. Includes links to auditing resources and more. Unix Network Security (http://www.antionline.com/archives/documents/unix/ network-security.html) - A paper that provides a UNIX network security architecture based on the Internet connectivity model and firewall approach to implementing security. U.S. Army Audit Agency (http://www.hqda.army.mil/AAAWEB/) - Web site provides information about the agency’s mission, vision, values, goals, and strategic plans. There are links to audit-related sites, government sites, and search engines. U.S. Army Financial Analysis Package (http://www.hqda.army.mil/AAAWEB/finance.exe) - Provides applications for Future Values, Current Values, Return on Investment, Inventory Models, Learning Curves, Break Even Analysis, and Lease versus Purchase Analysis. U.S. Army Internal Review (http://www.asafm.army.mil/IR/IR.htm) - Web site has information about their mission, services, training program, internal review guide, audit programs, and links to other resources. U.S. Army Statistical Sampling Program (http://www.hqda.army.mil/AAAWEB/SSS.exe) An application developed and used by the Army. Auditors may download and use this audit program to help in statistical sampling. U.S. Army Training and Doctrine Command Center OIRAC (http://www tradoc.monroe.army.mil/irac/) - The Office of Internal Review and Audit Compliance Web site contains listings of ongoing audits from Army Audit Agency, DoDIG, General Accounting Office, and local internal review audits. There are also past audit reports from GAO, Army Audit Agency, and other select audits. The site also includes pointers to selected audit resources geared to the Internal Review Audit Community. 360 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ U.S. Code on the WWW (http://uscode.house.gov/) - The United States Code is the official, subject matter order, compilation of the federal laws of a general and permanent nature that are currently in force. In accordance with section 285b of title 2 of the U.S. Code, the Code is compiled by the Office of the Law Revision Counsel of the United States House of Representatives. The Code is divided into 50 titles by subject matter. Each title is divided into sections. Sections within a title may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions. U.S. House of Representatives OIG (http://thomas.loc.gov/home/audit.html) - Web site provides Financial Statements and Performance Reports issued. Reports are in PDF format and require the Adobe Acrobat Reader. U.S. Postal Service Inspector General (http://www.uspsoig.gov/oiginfo.htm) - Web site has links to information about the office, hotline, reports, and more. USA Jobs (http://www.usajobs.opm.gov/) - This is the U.S. government’s official site for jobs and employment information. Auditors and accountants may search this site for employment information and online career transition assistance. User’s Guide for the Uniform Bank Performance Report (http://www.ffiec.gov/UBPR.htm) - Guide from the Federal Financial Institutions Examination Council for an analytical tool created for bank supervisory, examination, and management purposes. UT System Audit Office (http://iron.utsystem.edu/home/AUD) - Web site for the University of Texas System Audit Office. The site provides information about the office, the services they offer, various resources including audit programs, and a participant manual for a control selfassessment workshop. Utah Association of CPAs (http://www.uacpa.org/) - Home page provides links to local and national accounting firms, CPE events, a CPA referral service, and more. Utah State Auditor’s Office (http://www.sao.state.ut.us/) - Provides information about the office, a mailing list of local governments, access to audit reports, an audit hotline, and more. Utah’s Legislative Auditor (http://www.le.state.ut.us/audit/lag.htm) - Home page of Utah’s Legislative Auditor General. Provides information about the office, the purpose of performance audits, and abstracts of recent audit reports. UWS Nepean Internal Audit (http://www.nepean.uws.edu.au/dvc/intaudit/) - Web site for the University of Western Sydney Internal Audit Office. Includes their fraud control strategy, audit plan, the role of internal audit, and links to related Internet sites. _____________________________ Appendix B — The AuditNet Resource List (KARL) 361 Value for Money Audit Manual (http://www.oag-bvg.gc.ca/domino/other.nsf/html/ 99cam_e.html) - from the Office of the Auditor General of Canada provides standards, expected and common practices. VassarStats Statistical Computation (http://faculty.vassar.edu/~lowry/VassarStats.html) - Web site provides a comprehensive collection of statistical calculators for many procedures along with examples of key concepts. There is also a table covering the platforms/browsers necessary to run some simulations. Veris Social Security Number Verification Services (http://www.ssn-locate.com/) - Provides methods for checking Social Security numbers for invalid, never issued, and deceased. The services include standalone application programs and software libraries for a variety of computer systems, as well as a mail-in-processing service. SSN databases are obtained from the Social Security Administration and updated monthly. Victoria Auditor General’s Office Australia (http://www.vicnet.net.au/~vicaud1/aghome.htm) – Home page includes information about the office, abstracts of reports, and links to other audit offices and resources. Reports include a performance audit of the office by Price Waterhouse, Privatisation: An Audit Framework for the Future, and more. For more information, send e-mail to [email protected]. Virginia Auditor of Public Accounts (http://www.apa.state.va.us/) - Web site for the commonwealth organization that conducts audit of state agencies and local governments. Site includes audit reports for online viewing, information about the office, a directory, and recruiting information. Virginia Department of State Internal Auditor (http://www.cns.state.va.us/dsia/) - Web site provides information about the office, newsletters, job opportunities, a audit forum to discuss relevant issues, and more. Virginia Evaluation Information Online (http://jlarc.state.va.us/) - The Joint Legislative Audit and Review Commission home page providing information about members, meeting schedules and, most importantly, reports issued back to 1975. There is a chronological list of all reports issued, an annotated index of reports, and online report summaries for selected reports back to 1993. Virginia Local Government Auditors Association (http://www.co.chesterfield.va.us/ ManagementServices/InternalAudit/vlgaa.htm) - Home page for the statewide organization dedicated to promoting the local government audit profession. Provides information about the organization and upcoming training. For more information, send message to [email protected]. 362 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Virginia Polytechnic Institute Internal Audit Department (http://www.ams.vt.edu/) - Provides information about the office, policies and procedures, and an internal control guide for managers. Warren Gorham & Lamont (http://www.wgl.com) - WGL and Auerbach Publications established this Web site. Provides information about their publications on accounting, financial management, taxation, and more. Includes links to related sites. Washington State Auditor’s Office (http://www.saowa.gov/) - Site provides information about the office, links to legal and audit resources. Washington (State) Legislative Budget Committee (http://www.wa.gov/lbc/) - Site for the LBC which conducts performance audits, program evaluations, special studies, and sunset reviews on behalf of the legislature and the citizens of the state of Washington. The committee makes recommendations to the legislature and state agencies that will result in cost savings and improved performance in state government. Washington State University Internal Audit (http://www.wsu.edu:8080/~intaudit/ a_page1.html) - Web site provides the mission and objectives of the office, information about audits, and more. WebEc (http://www.helsinki.fi/WebEc/) is an effort to categorize free information in Economics on the Web. An excellent site for anything related to economics resources on the Internet. West Virginia State Auditor’s Office (http://www.wvauditor.com) - Site provides information about the office, guides, and reports. West Virginia University Internal Audit Office (http://www.wvu.edu/~intaudit/index.html) - This site provides information about the internal audit program at WVU. Includes the charter, types of audits conducted, selection and scheduling, audit policies, other resources available, and links to other audit sites. Western Australia Office of the Auditor General (http://www.audit.wa.gov.au/) - Site provides information about the office and includes an index of reports from 1991. Recent reports are available online. Western Canadian Auditing Roundtable (http://www.wcar.org) - Web site for a nonprofit organization dedicated to the advancement of health, safety, and environmental auditing. Site provides their mission and goals, a waste facility environmental review, and more. Where in Federal Contracting (http://www.radix.net/~ambrose/) - Web site that provides a comprehensive set of links to resources on the subject. “Where in Federal Contracting?” was developed and is maintained by a government auditor. _____________________________ Appendix B — The AuditNet Resource List (KARL) 363 White Collar Crime (http://www.sarnet.co.za/comcrime/index.htm) - Web site is an initiative of a South African White Collar Crime Task Group. Provides an electronic booklet on dealing with white collar crime, recent successes, and more. Wichita State University Office of Internal Audit (http://twsuvm.uc.twsu.edu/~iawww/) Site includes FAQs, their charter, and a link to ACUA. Wiley CPA Exam Review (http://www.wiley.com/cpa.html) - This site features the Wiley/ Delaney review materials for candidates preparing to take the CPA exam. Site also includes FAQs on preparing for and taking the exam, and sample review questions. Windows NT Security Guidelines (http://www.trustedsystems.com/NSAGuide.htm) from Trusted Systems Services provide guidelines for securely configuring the Windows NT operating system. The 110-page guidelines were the result of a one-year project for the National Security Agency (NSA) Research Organization. Wisconsin Legislative Audit Bureau (http://www.legis.state.wi.us/lab/index.html) - Web site provides information about the office and their work products. WizRule (http://www.wizsoft.com/rule.html) - A data auditing and cleansing application that analyzes databases and shows inconsistencies in the data. There is a demo available for download on the site. World Tax (http://www.eyi.com/tITax.htm) - Ernst & Young’s site for international business, tax, and accounting. The site features Tax News International, a “quarterly digest of tax information in more than 50 countries,” the 1997 Worldwide Corporate Tax Guide and the 1997 Worldwide Executive Tax Guide, which provides a summary of the corporate and personal tax systems in more than 130 countries. World Training Institute (http://worldtraining.com) - Web site for CPE training in taxation, telecommunications industries, internal controls, COSO, and communication skills. Wyoming Department of Audit (http://audit.state.wy.us/) - Web site provides information about the organization’s divisions. Year 2000 Audit Program (http://www.cowan.edu.au/mra/approach/year2000.html) is available from the Edith Cowan University Web site. The model covers the issues, control weaknesses and exposures, recommendations, and key controls. Year 2000 Auditing and Accounting Guidance (http://www.aicpa.org/members/y2000/ intro.htm) is provided by the AICPA. The report is available for download in Word, WordPerfect, PDF, and RTF formats. 364 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Year 2000 Business Continuity Plan (http://www.magnet.state.ma.us/y2k/projplanning/ businesscontinuityplan_template.htm) is a comprehensive template from the State of Massachusetts that will help auditors address key issues. Year 2000 Contingency Plan (http://www.magnet.state.ma.us/y2k/projplanning/ contingencyplan_template.htm) is a template from the State of Massachusetts for actions to be implemented in response to a year 2000 hazard. Year 2000 Contingency Planning (http://www.bis.org/ongoing/index.htm) from the Bank for International Settlements provides business continuity planning guidelines for financial institutions. Year 2000 Disclosure Requirements (http://www.auburn.edu/slgacct/hotissue/hotissue.htm) for state and local governments provided by the AICPA and GASB. Year 2000 Information Center (http://www.year2000.com/) - Site covers the issue of the date change to the year 2000. The site includes articles related to the issues, links to vendors that will assist in the process, and links to other date related sites. There is information on subscribing to the Year2000 mailing list. For more information, send message to Peter de Jager ([email protected]). Year 2000 Information Page (http://www.magnet.state.ma.us/sao/edp1yr2000.htm) from the Massachusetts State Auditor Information Technology Audit Division provides a survey, report and links to state, federal, and other Y2K-related pages. Year 2000 Page (http://www.disastercenter.com/year2000.htm) from the Disaster Center provides information and links to many resources for auditors. Site includes general information on year 2000 as well as compliance information. Year 2000 White Papers (http://www.myrickconsulting.com) - Web site provides discussion papers for Y2K Project Guide, Contingency Planning, PC Application Test Report, and an xBase Function Library. Yipinet Knowledge Hub (http://www.yipinet.com/) - Offers CPE courses for the accounting profession using an easy-to-navigate, full-solution Web destination for professionals who seek continuing education. They provide CPE tracking and the site also includes an Industry Watch that users can customize to their interests. ________________________________________ Appendix C — Sample Audit Programs 365 Appendix C Sample Audit Programs The Internet is an ideal environment for “Electronic Progress Through Sharing.” When I began searching for auditing uses for the Internet, I noticed auditors posting repeated requests for audit programs on electronic audit discussion groups (list servers and Usenet newsgroups). I knew that other sites posted information in a Frequently Asked Question (FAQ) format and thought that this should apply to a clearinghouse of audit programs as well. In 1985 the Auditors Sharing Audit Programs Clearinghouse was established as another section of AuditNet. Audit programs contributed by auditors from around the world were posted in the spirit of “Electronic Progress Through Sharing.” The following audit programs are an example of what the Internet can offer auditors in the way of productivity resources. Contingency Planning Audit Internal Control Questionnaire – Deborah Ray Due Diligence: IT Action Plan – Sean De La Rosa Dial-In Audit Program – Sapna Kapil Insurance Audit Programme - Risk Management – Graeme Szetu Third-Party Claims Processing Audit Program – Janet Wiseman The ASAP Inventory is updated with new programs every month. The site is available at http:// www.auditnet.org. Auditors requesting specific audit programs must contribute an audit program of their choosing to have their clearinghouse request added. As of September 1999, there were more than 160 audit programs available. 366 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ CONTINGENCY PLANNING AUDIT INTERNAL CONTROL QUESTIONNAIRE Contributed by Deborah Ray, CISA Prepared by: Date: Reviewed by: Date: GENERAL 1. Do any committees meet concerning disaster recovery plans? POLICY 1. Does the Bank have written policies for disaster recovery? PLANNING AND MAINTENANCE 1. Who is responsible for developing and maintaining the disaster recovery plan? 2. Is the disaster recovery plan reviewed regularly? 3. Has the Bank conducted a risk assessment to measure the potential impact of various disasters? 4. Are the results documented? ANNUAL REVIEW 1. Has the plan been approved by management? 2. Is the disaster recovery plan presented to the board of directors annually for their approval? When was it last presented? DISASTER RECOVERY PLAN 1. How often is the disaster recovery manual updated? ________________________________________ Appendix C — Sample Audit Programs 367 2. When was the disaster recovery manual last updated? Are copies of the plan stored off-site? Where are they stored? 3. Is there a current inventory of items stored off-site? CRITICAL FUNCTIONS AND RESOURCES 1. Is there an inventory of all critical equipment? BACKUP 1. Does the Bank have written agreements with vendors for replacement of all equipment and devises used? 2. Excluding data processing, are there provisions for use of backup equipment? MEDIA INQUIRIES 1. Does the Bank have a formal policy regarding media inquiries? TRAINING 1. Does the Bank provide periodic emergency response training, including evacuation procedures, to all employees? TESTING 1. Does each location conduct periodic tests of disaster recovery plans, including emergency evacuation? 2. Who is responsible for the actual structuring of the tests? 3. When was the plan last tested? 4. Has notification of personnel been tested? 368 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ RESPONSE TO DISASTER 1. Does the Bank maintain a record to document its response to disasters or other emergencies? 2. Who maintains the record? PREPARED BY: ______________________________________________________________ DATE: ______________________________________________________________________ SOURCE: ___________________________________________________________________ ________________________________________ Appendix C — Sample Audit Programs 369 DUE DILIGENCE: IT ACTION PLAN Contributed by Sean De La Rosa Prepared by: Date: Reviewed by: Date: 1. Obtain a copy of the IT strategy plan, security policy, and other relevant policies introduced by senior management. Comment on the procedures management has implemented to ensure that strategy plans are realized and what processes have been introduced to ensure that staff adhere to security considerations. 2. The effects of year 2000 computer problems have been identified and verified by an independent party. Obtain copies of all reports and certificates verifying year 2000 compliance. 3. Comment on the extent of year 2000 testing even if year 2000 compliance certificates were obtained. 4. Evaluate any required or possible system changes that will be needed to meet _____ Group Requirements. An estimation of the costs involved in migrating to _____ Group Standards should be prepared. 5. Obtain copies of recent external/internal audit reports relating to IT systems. Ascertain whether significant concerns were corrected timeously. 6. A complete and accurate hardware and software inventory obtained and verified. Hardware categorized into area, department, usage, processor, peripheral devices, network card, and standalone software. 7. Ascertain what changes are planned (hardware and software) and document the motivation for such changes. All planned changes should reflect the needs as established in the IT strategy plan presented to senior management. 8. Valid licenses or agreements are obtained for all software on site and are verified. 9. _____ specific systems: * Obtain full details of the computer controlled decanting system. If developed specifically for _____, ensure that the considerations identified in point 10 are addressed. * _____ maintain that the current sales processing and delivery system provides an impressive service level in terms of fast turnaround of orders. Obtain proof that service levels are 370 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ satisfactory and meet ____ service levels (e.g., orders placed before 12.00 p.m. are delivered to the customer by the next day). * _____ was created to monitor cylinder movement. Verify the reliability of this system and whether cylinders can be tracked to any locations. 10. For any software developed in-house, the following considerations apply: * Were any people or companies involved in writing the software other than the employees from _____? If so, obtain a copy of all relevant agreements, details of arrangements, etc. * Do any employees have any rights in relation to the software? If so, obtain details of any contractual agreements. * Do any arrangements between _____ and a third party for the development of software exist? If so, obtain copies of any arrangements. 11. Maintenance contracts for routine computer systems, specialized computer equipment, and machinery are identified and details obtained. 12. Warranties for all routine computer systems, specialized computer equipment, and machinery are identified and details obtained. 13. All IT equipment not owned by _____ is identified, and full details on amounts still outstanding obtained. 14. Comment on the extent of long term licenses with software suppliers and the cost of such obligations should _____ no longer require such licenses. 15. Ascertain what new systems (software and specialized hardware) are currently in the process of development and whether an approved system development methodology has been applied. 16. Ascertain whether _____ has granted out any licenses in respect of software it uses. 17. Outsourcing agreements for IT processing are identified and copies of all such contracts retained. This includes consultants and other contract personnel currently involved with _____’s IT operations. 18. Ascertain what precautions management has introduced to prevent computer virus attacks and what monitoring and corrective tools are available to eradicate detected viruses. 19. Software in escrow is identified and details provided. 20. Ascertain whether management has performed a detailed risk assessment of IT-related risks and that the suggested IT strategy plan addresses the risks identified in the risk assessment. ________________________________________ Appendix C — Sample Audit Programs 371 21. Obtain a copy of actual/budgeted IT costs for the past three to five years. Verify that past expenditure was well controlled and that regular report-backs to the steering committee were provided. 22. If possible, obtain a copy of any IT cost forecasts for the next five years. Obtain comments on any significant expenditures and verify that all suggested expenditures are supported by the IT strategy plan. 23. Obtain an organizational chart of the IT reporting structure and a representation of the network topology. 24. Obtain detailed job descriptions and recent appraisals for all IT personnel and ensure that they reflect current operating practices. 25. Comment on the controls implemented to ensure segregation of duties within the IT operations. Verify that segregation of duties has been maintained between the following: * Systems development and maintenance * Systems development and operations * Systems development/maintenance and information security * Operations and data control * Operations and users * Operations and information security 26. Ascertain whether the organization’s senior management has appointed a steering committee to oversee the IT function and its activities. If applicable, obtain copies of minutes of the IT steering committee meetings (if any). 27. Obtain a copy of _____’s system development methodology and change control procedures and ensure that it is compatible with Afrox’s existing framework. 28. Interviews with IT personnel are conducted to determine current operating practices. 29. Additional Concerns: 372 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ DIAL-IN AUDIT PROGRAM Contributed by Sapna Kapil Dial-In Administration 1. Review the process for user dial-in approval, setup on Advantis, and distribution of required software and secure token. 2. Review the administration of the Advantis user database. Review security procedures over dial-in to Advantis. 3. Review dial-in technical support and problem tracking. 4. Review the corporate dial-in policies for adequacy and to ensure they are up-to-date. 5. Review the process for requesting, approving, and documenting the location of all analog lines. 6. Review the security and administration over the Blockade application. Remote Dial-In 1. Review the corporate policy for LAN dial-in by users and vendors for adequacy and appropriate ownership. 2. Review the purchase and administrative procedures for the Security Dynamics SecurID product. 3. Review the administration of SecurID cards for remote/distributed systems. Corporate Dial-In Direction 1. Review the status of the project to provide a centralized dial-in point for all LAN dial-in. 2. Review the corporate direction for providing Internet access. ________________________________________ Appendix C — Sample Audit Programs 373 INSURANCE AUDIT PROGRAMME - RISK MANAGEMENT Contributed by Graeme Szetu Insurance Audit Program Risk Management Objective The purpose of risk management is to reduce the group’s exposure to financial liability as the result of accidental losses or other events causing potential or actual liabilities. Insurance is a subset of risk management and used as a tool to manage specific risks. Audit Objectives a) To assess the effectiveness of the risk management process. b) To ensure that all divisions adequately cover the insurable risks in their respective business units. c) To determine whether the insurance coverage is cost-effective. d) To ensure that the procedures for reporting incidents and making claims are adequate and appropriate. e) To determine whether uninsured risks should be insured. Scope A - Review of the risks identified in divisional strategic planning B - Review of risk management in the group C - Review of insurance policies and contracts D - Review of insurance costs and premiums E - Review of incidents and claims procedures F - Review of uninsured risks A. Risks Identified in Divisional Strategic Planning Audit objectives: To ensure that all risks and their corresponding impact have been properly identified, and that action plans have been appropriately formulated. 1. Examine the process that management undertakes to identify and assess risks. 2. Review the risks identified by divisions and determine whether all risks have been identified. 3. Review the operational and financial impact of each risk and determine whether action plans to manage risks are appropriate. 374 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ B. Risk Management Audit objective: To review the risk management process and procedures to ensure that risks are properly identified and assessed and action plans are correctly formulated. Risks generally fall into the following broad categories: 1 - Property risks 2 - Liability risks 3 - Employee risks 4 - Operational risks * Determine the officers responsible for risk management * Review the procedures for managing risk in terms of: - identification of potential claims (and future projections) - purchase of appropriate coverage - other action programs instituted to decrease losses/risk - review of uninsured risks (and exposure to potential claims and deductions) - approval of the risk management policies and procedures manual * Review strategies used to manage risks: - Avoid (i.e., other alternatives) - Accept (i.e., after they are minimized) - Diversify (i.e., other business activities) - Share/transfer (i.e., through contracts such as insurance and joint venture partners) C. Review of Insurance Policies and Contracts Audit objective: To ensure that insurance policies are cost-effective in terms of adequately covering the group’s exposure to specifically identified risks. 1) Information required Obtain the schedule of insurance that summarizes all policies. The schedule should contain the following information: - Policy period/insurers - Nature of coverage, type, and description - Premiums to be paid - Amount of coverage and applicable limits - Deductibles 2) Description of the business ________________________________________ Appendix C — Sample Audit Programs 375 Audit objective: To ensure that the description of the business is appropriate for insurance purposes. Insurance premiums are determined in part by industry classification. Review the current description of the business to determine whether it is appropriate given the current activities and structure of the business. 3) Review of insured risks Audit objective: To ensure that the group has adequate insurance coverage over significant risks. Review the schedule of insured risks to ensure that all divisions are adequately covering all risks on a cost-effective basis. This can be achieved by comparing insurance coverage from prior years as well as reviewing loss/claim histories. 4) Annual declarations for premium renewal and adjustment purposes Audit objective: To ensure that the relevant insurance company is advised of any material changes in business activities or insurable items during the year that will affect insurance coverage. Obtain memos and schedules that have been supplied to insurance companies on renewal of policies. Specific policies require annual declarations for premium renewal. For example, payroll records are externally audited for workers compensation purposes. Review all declarations made when the contracts of insurance are renewed and during the course of the year. D. Review of Insurance Costs and Premiums Audit objective: To determine whether costs and premiums for insurance can be reduced. Obtain the schedule of insurance premiums by division over the last three years. Investigate the reasons for changes in premium costs as to whether they have occurred because of industry factors (uncontrollable) or company factors (controllable). In the case of company factors, consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence. 376 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ E. Review of Incidents and Claims Procedures Audit objectives: To ensure that all incidents are reported properly, and that claims procedures are being followed correctly. Review the procedures over the reporting of incidents and the procedures for making claims. For example, consider the following categories of claims: 1) Workers compensation claims Obtain the schedule of workers compensation claims. Review the list of current employees who are currently under workers compensation. Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence. - OH&S issues - OH&S audits - Establish an OH&S committee - Change in work practices - Independent advice 2) Motor vehicle accident claims Obtain the schedule of motor vehicle accident claims. Review the policies and procedures for motor vehicle accident claims. Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence. - Advanced driving courses - Accident reporting procedures - Police involvement 3) Property loss or damage Obtain the schedule of property damage claims. Review the policies and procedures for property damage claims. ________________________________________ Appendix C — Sample Audit Programs 377 Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence. 4) Theft or misappropriation claims Obtain the schedule of theft or misappropriation claims. Review the policies and procedures for theft or misappropriation claims. Ensure that where perpetrators can be properly identified that all thefts or misappropriation are reported to the police. Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence. - Increased physical security (incidents versus cost) - Increased internal controls (e.g., management review, reporting, independent review, systems) - Computer security and backup F. Review of Uninsured Risks Audit objective: To determine whether the group should insure some of the risks that are currently uninsured. Review the list of uninsured risks and determine whether it is complete (prior year schedules may be useful for this purpose). Review action plans formulated to manage these risks and assess whether they are appropriate. Determine whether the group should be insuring for any of these risks. 378 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ THIRD-PARTY CLAIMS PROCESSING AUDIT PROGRAM Contributed by Janet Wiseman Prepared by: Date: Reviewed by: Date: C-1 Audit Program OBJECTIVES The objective of the audit is to review and evaluate the administration and claims processing services provided to the employer for the self-funded medical and dental plans in accordance with the (Third-Party Administration) TPA Agreement, the employer Benefits by Design Medical and Dental Summary Plan Descriptions, employer management directives, and industry standards. Audit Steps Field Work Performed by auditor Workpaper Reference A. PRELIMINARY 1. Obtain and review the -TPA Agreement, the -Blue Cross Blue Shield of Arizona Agreement, Benefits by Design Medical and Dental Summary Plan Descriptions, Classified Group Insurance Plan and Unclassified Retiree Medical Plan Summary Plan Descriptions, generated reports to the employer, employer generated reports to others. 2. Using data supplied by ________ to employer for the period January 1, 1998 - December 31, 1998, select a random sample of paid medical and dental claims to test. * 195 Paid Claims * 5 Denied Claims * E-mail the list of claims to be reviewed. * Schedule audit with 3. Using the documentation above, prepare a pre-audit questionnaire to document the administrative and claims processing processes at ______. 4. Perform analytical review procedures. Compare 1998 results to the prior audit. ________________________________________ Appendix C — Sample Audit Programs 379 B. TESTING 1. Interview personnel, review policies and procedures, observe process. a. Document system flow for a claim: * Eligibility determination * Covered service charge determination * * Internal () audit * Payment processing * Inclusion in network fee calculation * Reporting internal & external b. Document’s prevent/detect controls and procedures for: * Non-standard claim forms (superbill, prescription drug receipts, etc.) * Eligibility problems * Employee * Dependent * Covered service issues * Questionable codes/diagnosis * Coordination of benefits * Subrogation * Pre-existing conditions-HIPPA * Refund checks * Adjustments to claims * In the current period * In a previous period * Effect on network access fees calculations * Payment/recovery * Reporting/reconciliation of previously reported information 2. Perform a walk-through of an employer medical and dental claim from point of first receipt through payment and reporting to employer. Determine process is working as documented above. 3. Using the sample of claims selected, review claims for: * Supporting documentation * Eligibility of claimant * Charge agreement to fees schedule * Plan deductible satisfied * Applicable out-of-pocket maximums applied, if applicable * Coordination of benefits with other plans (e.g., Medicare) * Claim is submitted only once 380 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ * Payment is correct * Time from receipt of claim to payment * Correct arithmetic calculations 4. For three test months determine that the expense used for the calculation of employer network access fees is accurate. Determine the effect on the calculation of refunds, adjustments, and pended claims. a. Test the PMPM fees paid by employer to for reasonableness. 5. Judgmentally select a sample of denied claims. * Review the processor’s documentation * Determine why the claim is denied * Determine the denial is per the plan provisions * Determine the beneficiary received written notification within 90 days of the denial. * Determine if special circumstances required an additional 90 days (if so, beneficiary notification on file) 6. Judgementally select a sample of pended claims * Review the processor’s documentation * Determine why the claim is pended * Determine reasonableness of time required to resolve * Determine final adjudication 7. Judgementally select a sample of claims with subrogation * Review processor’s documentation * Review correspondence * Document result 8. Determine the time between receipt of claims and the reporting of denials, Explanation of Benefits (EOB) to participants. 9. Compare ‘s performance with healthcare industry performance standards. C. AUDIT REPORTING Reporting will summarize conclusions and error rates based on the sample of claims tested. Determine reported claims expense at December 31, 1998, and network fee expense is calculated in accordance with the plan document. _____________ Appendix D — Digital Literacy Problem-Solving Approach for Auditors 381 Appendix D Digital Literacy Problem-Solving Approach for Auditors Auditors need an approach for information problem solving in a digital environment. The following position paper from the American Association of School Librarians provides a straightforward approach that auditors can adapt to their own environment. Information Literacy A Position Paper on Information Problem Solving To be prepared for a future characterized by change, students must learn to think rationally and creatively, solve problems, manage and retrieve information, and communicate effectively. By mastering information problem-solving skills students will be ready for an information-based society and a technological workplace. INFORMATION LITERACY is the term being applied to the skills of information problem solving. The purpose of this position paper is to identify the key elements of information literacy and present a rationale for integrating information literacy into all aspects of the K-12 and post-secondary curriculum. Many aspects of both the school restructuring movement and library media programs relate directly to information literacy and its impact on student learning. Today, many different groups are helping to define information literacy. For example, information literacy is one of five essential competencies for solid job performance according to the U.S. Department of Labor Secretary’s Commission on Achieving Necessary Skills (SCANS). The SCANS report makes the case for developing high-performance skills to support an economy characterized by high skills, high wages, and full employment. A high-skill workforce is also called for in President Clinton’s National Technology Policy for America. Educators are recognizing the importance of information literacy. In 1991, the Association of Supervision and Curriculum Development (ASCD) adopted the following statements: Information literacy...equips individuals to take advantage of the opportunities inherent in the global information society. Information literacy should be a part of every student’s educational experience. ASCD urges schools, colleges, and universities to integrate information literacy programs into learning programs for all students. ASCD is one of 60 educational associations that have formed the National Forum on Information Literacy (NFIL). 382 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ Authors Note: I omitted three sections of the position statement covering Restructuring and Information Literacy; Curriculum and Information Literacy; and Library Media Programs. Complete version at http://www.ala.org/aasl/positions/PS_infolit.html. “Ultimately, information literate people are those who have learned how to learn. They know how to learn because they know how knowledge is organized, how to find information and how to use information in such a way that others can learn from them. They are people prepared for lifelong learning, because they can always find the information needed for any task or decision at hand. “ — ALA Presidential Committee on Information Literacy INFORMATION PROBLEM-SOLVING SKILLS INTRODUCTION The ability to access and use information is necessary for success in school, work and personal life. The following steps represent the basic element in an information literacy curriculum. I. DEFINING THE NEED FOR INFORMATION The first step in the information problem-solving process is to recognize that an information need exists and to define that need. The student will be able to: A. Recognize different uses of information (i.e., occupational, intellectual, recreational). B. Place the information needed within a frame of reference (who, what, when, where, how, why). C. Relate the information needed to prior knowledge. D. Formulate the information problem using a variety of questioning skills (i.e., yes/no, open-ended). II. INITIATING THE SEARCH STRATEGY Once the information problem has been formulated, the student must understand that a plan for searching has to be developed. The student will be able to: A. Determine what information is needed, often through a series of sub-questions. B. Brainstorm ideas and recognize a variety of visual ways of organize ideas to visualize relationships among them (i.e., webbing, outlining, listing). C. Select and use a visual organizer appropriate to subject. D. List key words, concepts, subject headings, descriptors. E. Explain the importance of using more than one source of information. F. Identify potential sources of information. G. Identify the criteria for evaluating possible sources (i.e., timeliness, format, appropriateness). _____________ Appendix D — Digital Literacy Problem-Solving Approach for Auditors 383 III. LOCATING THE RESOURCES At the onset of a search a student will recognize the importance of locating information from a variety of sources and accessing specific information found within an individual resource. The student will be able to: A. Locate print, audiovisual, and computerized resources in the school library media center using catalogs and other bibliographic tools. B. Locate information outside the school library media center through online databases, interlibrary loan, telephone, and facsimile technology. C. Identify and use community information agencies (i.e., public and academic libraries, government offices) to locate additional resources. D. Use people as sources of information through interviews, surveys, and letters of inquiry. E. Consult with library media specialists and teachers to assist in identifying sources of information. F. Access specific information within resources by using internal organizers (i.e., indexes, tables of contents, cross-references) and electronic search strategies (i.e., keywords, Boolean logic). IV. ASSESSING AND COMPREHENDING THE INFORMATION Once potentially useful information has been located, the student uses a screening process to determine the usefulness of the information. The student will be able to: A. Skim and scan for major ideas and keywords to identify relevant information. B. Differentiate between primary and secondary sources. C. Determine the authoritativeness, currentness, and reliability of the information. D. Differentiate among fact, opinion, propaganda, point of view, and bias. E. Recognize errors in logic. F. Recognize omissions, if any, in information. G. Classify, group, or label the information. H. Recognize interrelationships among concepts. I. Differentiate between cause and effect. J. Identify points of agreement and disagreement among sources. K. Select information in formats most appropriate to the student’s individual learning style. L. Revise and redefine the information problem if necessary. V. INTERPRETING THE INFORMATION Following an assessment of the information, the student must use the information to solve the particular information problem. The student will be able to: A. Summarize the information in the student’s own words; paraphrase or quote important facts and details when necessary for accuracy and clarity. B. Synthesize newly gathered information with previous information. 384 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________ C. Organize and analyze information in a new way. D. Compare information gathered with the original problem and adjust strategies, locate additional information, or reexamine information when necessary. E. Draw conclusions based on the information gathered and the students interpretation of it. VI. COMMUNICATING THE INFORMATION The student must be able to organize and communicate the results of the information problem-solving effort. The student will be able to: A. Use the search information to identify the important conclusions or resolutions to the problem to be shared with others. B. Decide on a purpose (i.e., to inform, persuade, entertain) for communicating the information and identify the intended audience. C. Choose a format (i.e., written, oral, visual) appropriate for the audience and purpose. D. Create an original product (i.e., speech, research paper, videotape, drama). E. Provide appropriate documentation (i.e., bibliography) and comply with copyright law. VII. EVALUATING THE PRODUCT AND PROCESS Evaluation is the ability to determine how well the final product resolved the information problem and if the steps taken to reach the desired outcome were appropriate and efficient. Students may evaluate their own work and/or be evaluated by others (i.e., classmates, teachers, library media staff, parents). The student will be able to: A. Determine the extent to which the conclusions and project met the defined information need and/or satisfied the assignment (i.e., how well did I do?). B. Consider if the research question/problem, search strategy, resources, or interpretation should have been expanded, revised, or otherwise modified (i.e., what could/should I have done differently?). C. Reassess his/her understanding of the process and identify steps which need further understanding, skill development, or practice (i.e., how can I do better in the future?). Copyright © 1993 Wisconsin Educational Media Association. Adopted by the American Association of School Librarians, 1994. Reprinted with permission of the American Association of School Librarians, a division of the American Library Association.