Chapter 6 — Internet Resources for Auditors

Transcription

Chapter 6 — Internet Resources for Auditors
The Auditor’s Guide to
Internet Resources,
2nd Edition
by Jim Kaplan, CIA
The Institute of Internal Auditors
Disclosure
Copyright © 2000 by The Institute of Internal Auditors, 249 Maitland Avenue, Altamonte Springs, Florida
32701-4201. All rights reserved. Printed in the United States of America. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any form by any means — electronic, mechanical,
photocopying, recording, or otherwise — without prior written permission of the publisher.
The IIA publishes this document for informational and educational purposes. This document is intended to
provide information, but is not a substitute for legal or accounting advice. The IIA does not provide such
advice and makes no warranty as to any legal or accounting results through its publication of this document.
When legal or accounting issues arise, professional assistance should be sought and retained.
Neither the publisher nor the author makes any claims as to the results that may be obtained through the use
of AuditNet or the AuditNet Resource List or any of the sites referenced therein. Neither publisher nor author
will be held liable for any results, or lack thereof, obtained by the use of any links, or any third-party charges,
or for any hardware, software, or other problems that may occur as a result of using links. AuditNet is subject
to change or discontinuation without notice at the discretion of the publisher and the author through its
publication of this document.
ISBN 0-89413-430-2
99218 02/00
First Printing
_________________________________________________________________
Dedication
Dedicated to Robbie Kaplan,
my wife the author and life soulmate,
who provided the inspiration and encouragement
once again to update the book.
Thanks also to my daughters, Samantha and Julie,
who understood how important this project was
and allowed me time on the computer and the Internet.
Contents 3
_________________________________________________________________
Contents v
Contents
About the Author ........................................................................................................................ xi
Preface ..................................................................................................................................... xiii
Acknowledgments ................................................................................................................... xvii
Introduction .............................................................................................................................. xix
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors .................... 1
So Where Did the Internet Come From? .............................................................................. 1
Definition of the Internet ...................................................................................................... 1
The Impact of the Internet on the Auditing Profession......................................................... 3
Internet Competency Skills for Auditors .............................................................................. 3
What Auditing-Related Things Can I Do On the Internet? ................................................ 17
Learning to Cyberspeak ...................................................................................................... 18
Interview: John K. Peterson, Founder, Internal Auditing World Wide Web ...................... 18
Continuing Internet Education ............................................................................................ 22
Chapter 2 — Making the Right Connection ......................................................................... 23
Internet Connection Options ............................................................................................... 23
Direct Connections ....................................................................................................... 23
Dial-Up Connections .................................................................................................... 24
Deciding on an Option ........................................................................................................ 27
Interview: Carolyn Newman, President, Audimation Services Inc. ................................... 27
Continuing Internet Education ............................................................................................ 31
Chapter 3 — Internet Services and Tools for Auditors ....................................................... 33
Internet Addressing ............................................................................................................. 33
Domain Naming System (DNS) .......................................................................................... 34
Electronic Mail ................................................................................................................... 35
Mailing Lists................................................................................................................. 35
Subscribing to Electronic Mailing Lists ....................................................................... 37
Unsubscribing to Electronic Mailing Lists................................................................... 38
Posting (Sending) Messages and Responses to the List ............................................... 38
List Netiquette .............................................................................................................. 39
Usenet Newsgroups ............................................................................................................ 40
File Transfer Protocol (FTP) ............................................................................................... 41
What is Auditors Sharing Audit Programs or ASAP? ................................................. 42
Sample FTP Session for the Auditors Sharing Audit Programs FTP Site ................... 43
FTP Tips ....................................................................................................................... 43
Archie .................................................................................................................................. 43
vi The Auditor’s Guide to Internet Resources, 2nd Edition
__________________________
Telnet ................................................................................................................................... 44
A Sample Telnet Session to CapAccess (The National Capital Area
Public Access Network) ......................................................................................... 44
Client-Server Model ............................................................................................................ 44
Gopher .......................................................................................................................... 45
Veronica ........................................................................................................................ 46
WAIS ............................................................................................................................ 46
World Wide Web .......................................................................................................... 47
Concluding Remarks ........................................................................................................... 49
Interview: Ben Heald, Editor, AccountingWeb UK ............................................................ 49
Continuing Internet Education ............................................................................................ 53
Chapter 4 — The Auditor’s Great Internet Search ............................................................. 55
Introduction to Searching .................................................................................................... 55
How Search Engines Work ................................................................................................. 57
How Web Pages are Developed .......................................................................................... 57
Search Tool Selection ......................................................................................................... 58
Using Site-Specific Search Engines ............................................................................. 59
Finding New Ways for Productive Searching .............................................................. 60
Strategies for Searching ...................................................................................................... 60
The Sherlock Strategy .................................................................................................. 60
The Subject-Oriented Indexes or Directory Strategy ................................................... 61
The Search Engine Strategy ......................................................................................... 61
Offline Search Utilities ....................................................................................................... 62
Research Techniques for Auditors ...................................................................................... 62
The Professional Auditor Search Strategy (PASS) ...................................................... 62
Phase 1 — Identifying the Objective (the Audit Issue) ......................................... 62
Phase 2 — Developing the Audit Search ............................................................... 63
Phase 3 — Choosing Where to Search .................................................................. 63
Search Techniques and Search Queries .............................................................................. 67
Phase 4 — Evaluating the Results of the Search ................................................... 68
Interview: Robert D. Randolph, Communications/Marketing Specialist,
Arthur Andersen KnowledgeSpace .............................................................................. 70
Continuing Internet Education ............................................................................................ 74
Chapter 5 — Look Who’s Talking! Discussion Group Resources ...................................... 75
Tips for Using Mailing Lists ............................................................................................... 76
Auditing and Accounting-Related Mailing Lists ................................................................ 76
Audit Discussion Groups .................................................................................................... 77
Business-Related Discussion Groups ................................................................................. 79
Government Finance-Related Discussion Groups .............................................................. 79
FinanceNet Mailing Lists .................................................................................................... 79
_________________________________________________________________ Contents vii
Jobs and Career Discussion Groups .................................................................................... 90
Privacy Discussion Groups ................................................................................................. 90
Security Discussion Groups ................................................................................................ 90
Tax and Accounting Discussion Groups ............................................................................. 96
Anet Mailing Lists .............................................................................................................. 98
Usenet News Discussion Groups for Auditors ................................................................. 103
Usenet Newsgroups for Auditors ...................................................................................... 105
FinanceNet Discussion Groups ......................................................................................... 109
Instructions for Posting to FinanceNet Newsgroups via E-Mail ................................ 109
How to Post Messages to These Newsgroups via E-Mail .......................................... 109
Tax Usenet Groups ............................................................................................................ 111
Interview: Harald Will, President, ACL Services Ltd. ..................................................... 112
Chapter 6 — Internet Resources for Auditors ................................................................... 117
Auditing Resources ........................................................................................................... 118
Audit Guides, Manuals, and Checklists ..................................................................... 118
Audit Programs ........................................................................................................... 128
Government Auditing ................................................................................................. 131
Internal Auditing ........................................................................................................ 147
College and University Auditing ................................................................................ 151
Information Systems Auditing ................................................................................... 156
Business Resources ........................................................................................................... 158
Control Self-Assessment Resources ................................................................................. 160
Disaster Recovery and Business Continuity Planning ...................................................... 163
Discussion Lists ................................................................................................................ 164
Employment-Related Resources ....................................................................................... 165
Finance Resources ............................................................................................................ 166
Government Resources ..................................................................................................... 168
Human Resources ............................................................................................................. 173
Information Security Resources ........................................................................................ 173
Investigations, Fraud, and Privacy Resources .................................................................. 178
Journals — Accounting, Auditing, and Finance Publications .......................................... 181
Performance Measurement Resources .............................................................................. 183
Professional Associations ................................................................................................. 185
Quality, BPR, and TQM Resources .................................................................................. 194
Risk Management and Assessment Resources ................................................................. 196
Software Resources (Accounting, Auditing, and Security) .............................................. 197
Accounting and Tax Resources ......................................................................................... 199
Training — Continuing Professional Education ............................................................... 202
Vendor and Consultant Resources .................................................................................... 204
Interview: Charles Lawver, President, CPENet ................................................................ 205
viii The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool ........... 211
Marketing the Audit Function ........................................................................................... 211
Professional Organizations on the Internet ....................................................................... 212
Where are the Auditors? ................................................................................................... 212
CPE Options for Auditors on the Internet......................................................................... 213
Using the Internet to Find Audit Jobs ............................................................................... 215
Practical Applications from Auditors on the Internet ....................................................... 216
The Internet: A Tool for Practical Auditors — Slemo Warigon ................................ 216
Using the Internet as an Audit Tool at Edith Cowan University
— Tony Lazzara ................................................................................................... 218
The Internet as an Audit Tool — Raymond M. Cochran ........................................... 220
The Internet as an Audit Tool — Dyan G. Hudson, CISA ......................................... 221
Electronic Mail — The Cheap and Cheerful Way to Surf the ‘Net
— Denis Kelly ..................................................................................................... 222
Use of the Internet as an Audit Tool — Bradley Carroll ........................................... 224
Internet Usage to Assist an Audit Consulting Project — David A. Crowell ............. 225
Utilizing the Internet to Assist in a Business Process Reengineering
— Richard B. Lanza ............................................................................................ 226
An Auditor’s Use of the Internet — Lost in Cyberspace — George Valente ............ 228
Heard From the ‘Net! ........................................................................................................ 229
Interview: Michael Awad, President, IAD Solutions ........................................................ 238
Continuing Internet Education .......................................................................................... 243
Chapter 8 — Troubleshooting Internet Error Messages
(or What Do Those Error Messages Mean?) ...................................................................... 245
Dealing With Common Internet Error Messages .............................................................. 245
Numerical Error Messages ................................................................................................ 245
400 – Bad Request ...................................................................................................... 245
401 – Unauthorized or Authorization Required ......................................................... 246
403 – Forbidden or Connection Refused by Host ...................................................... 246
404 – File Not Found .................................................................................................. 247
500 – Server Error ...................................................................................................... 247
501 – Not Implemented .............................................................................................. 248
502 – Service Temporarily Overloaded ...................................................................... 248
503 – Gateway Timeout or Service Unavailable ........................................................ 248
Non-Numerical Error Messages........................................................................................ 249
Connection Refused by Host ...................................................................................... 249
Failed DNS Lookup .................................................................................................... 249
File Contains No Data or Document Contains No Data ............................................ 250
No Helper Application Defined ................................................................................. 250
Host or Site Unavailable ............................................................................................. 252
Unable to Connect to <Web Address> ....................................................................... 252
_________________________________________________________________ Contents ix
The Requested URL Was Not Found ......................................................................... 253
Can’t Parse HTTP ...................................................................................................... 253
Network Connection Was Refused by the Server ...................................................... 254
NNTP Server Error ..................................................................................................... 254
Permission Denied ...................................................................................................... 254
Unable to Connect to <FTP Site> .............................................................................. 255
Too Many Connections — Try Again Later ............................................................... 255
Too Many Users ......................................................................................................... 256
Unable to Locate Host or Server ................................................................................ 256
Viewer Not Found ...................................................................................................... 256
You Can’t Log On as an Anonymous User ................................................................ 257
Not Found ................................................................................................................... 257
Ten Tips For Troubleshooting Internet Error Messages ................................................... 258
Interview: Alan McCafferty, Founder and President, OPTIMUM Technology ............... 259
Appendices
Appendix A — Auditor’s Internet Glossary ..................................................................... 263
Appendix B — The AuditNet Resource List (KARL) ..................................................... 271
Appendix C — Sample Audit Programs ........................................................................... 365
Appendix D — Digital Literacy Problem-Solving Approach for Auditors ...................... 381
__________________________________________________________ About the Author xi
About the Author
Jim Kaplan, CIA, is the internal auditor for the Fairfax County Public Schools, the 12th largest
school district in the country. He earned a Master of Science in Accounting from the American
University in Washington, DC, and a Bachelor of Arts in Economics from the State University of
New York College at Geneseo.
He is a member of The Institute of Internal Auditors (IIA), the National Association of Local
Government Auditors (NALGA), and the International Computer Security Association. From
1989 to 1995 he served as a contributing editor for Internal Auditor, the professional journal of
The IIA. His column, “Computers and Auditing” (formerly “PC Exchange”), covered how auditors used computers. His writing was featured in the Internet Bulletin for CPAs by Kent Information Services and Internal Auditing Alert by Research Institute of America.
Mr. Kaplan developed an interest in electronic communications for audit professionals in the early
1990s through the use of bulletin boards and online commercial information services such as
America Online and CompuServe. His conceptual model of an AuditNet and his articles on electronic resources for auditors raised professional auditor awareness of electronic communications
for audit productivity.
As founder of AuditNet, he developed a home page on the World Wide Web that links auditors
around the world with audit-related resources. In September 1998, AuditNet became part of The
IIA’s family of Web resources and moved to its own domain at http://www.AuditNet.org sponsored by The Institute of Internal Auditors. To promote the concept of AuditNet, Mr. Kaplan has
spoken at IIA and AICPA conferences, IIA chapters, state CPA societies, fraud conferences, and
intergovernmental audit forum meetings. As a writer, educator, lecturer, and dedicated local government auditor, he has promoted and encouraged the use of technology for audit productivity.
A Note on Links to Internet Sites and Staying Current
As many readers are probably aware, Web sites appear (and disappear) every day. My challenge
as the author of The Auditor’s Guide to Internet Resources is to offer you a method of keeping
current on new audit resources and developments. My mission is to provide you with a book that
increases in value as technology leaps forward. Fortunately, the World Wide Web makes this
possible.
At the AuditNet Web site, sponsored by The Institute of Internal Auditors, you will find a regularly updated copy of Kaplan’s AuditNet Resource List (KARL) including active links to Internet
audit resources. The AuditNet site provides resources and tools that will help you keep up to date
with the online world for auditors. AuditNet is made available at no charge to you as a valued
reader of The Auditor’s Guide to Internet Resources.
xii The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
To Access the AuditNet Resource List:
1. Go to the AuditNet Web page at:
www.auditnet.org
2. Click on the AuditNet links
3. Select the format desired (alphabetical, by subject, or other formats)
Please send feedback, including information about new or nonworking Web sites and other resources, by e-mail to [email protected].
__________________________________________________________________ Preface xiii
Preface
I have overheard conversations where people talked about an event that changed their lives. That
event took place for me in 1989 when I installed my first modem on my computer and started
connecting to bulletin board systems. I downloaded files, participated in electronic discussion
groups, searched databases of information, and began to see how connectivity could benefit the
internal auditing profession. The next step in my divine enlightenment came when I signed up to
test a new online service called America Online. I was no longer confined to dialing local bbs’s. I
could communicate with individuals across the U.S., read newspapers and magazines online, tap
into remote databases, and have access to literally thousands of files.
At this point it was as if a light turned on in my brain and I saw this could become a truly valuable
tool for internal auditors and accountants. While I have never thought of myself as a visionary, I
look back on an article I wrote in 1993 for Internal Auditor, the professional journal of The Institute of Internal Auditors. I wrote about how auditors using computers are only a touch away from
the answers to most questions and access to unlimited amounts of information resources. Audit
planning could include researching databases for background information. I recommended establishing a worldwide online audit information network. That network, which I subsequently called
AuditNet, would function to connect internal auditors globally to resources such as audit reports,
audit programs, and more. Electronic (e-mail) discussion groups would exist where auditors could
share global auditing and accounting issues and concerns. Auditors and accountants could earn
continuing professional education from the office or home at a low per unit cost, as there would be
no travel expense incurred.
I provided my e-mail address at the end of the article. To my knowledge, this was the first time any
professional auditor included an e-mail address for feedback on an article in a professional journal. As I began receiving letters and e-mail from internal auditors around the world in response to
that article, I began to feel that my concept of an electronic communication network for auditors
and other financial professionals could actually work. As I look back, that article was written prior
to my connecting to the explosion of interest in the global information network known as the
Internet. The Internet transformed my concept of AuditNet into a reality. What began as a concept
of how internal auditors could use the Internet and online communications has turned into an audit
revolution. I have included a Chronology of Key Events in the History of the Internet for Internal
Auditing at the end of this preface to give readers a perspective of the time frame in this relatively
new resource for auditors.
As the internal auditing profession moves into the next millennium, the impact of technology is
redefining the role of auditing professionals and the work they perform. During the exploration
phase by internal auditing departments, the Internet was viewed as a “passing fancy” — a novelty
and a productivity inhibitor. The Internet has now matured into a mega-information resource that
internal auditors are increasingly relying on to cope with the rapid pace of technological change.
xiv The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
The Internet is recognized by businesses, government, and educational institutions as a force that
is shaping the future of how we communicate. Continuous learning and digital literacy are important criteria for internal auditing professionals looking to survive in a new technology-driven environment. If you do not embrace and use the changes that are taking place, you will soon find the
changes embracing and overtaking you. When I began developing AuditNet, I firmly believed that
if I built it, auditing professionals would come. The initial concept of a clearinghouse of resources
whet internal auditors’ appetites, and they are coming back for more. The Internet will continue to
provide internal auditors with answers to many questions. Building on The IIA’s theme of “Progress
Through Sharing,” the Internet has expanded the concept to one of “Electronic Progress Through
Sharing.”
New to the Second Edition
·
·
·
·
·
·
Interviews with selected providers of Internet goods and services via the Internet.
More than 100% increase in the Web resources for internal auditors.
New discussion group resources for PeopleSoft, Year 2000, RACF, and COBIT.
Audit programs, audit guides, internal control questionnaires, and audit manuals organized
under separate subject listings.
New section covering digital literacy for internal auditors, including a Competency Checklist
and Content Evaluation Worksheet.
Sample audit programs, e-mail policies, and customer satisfaction surveys.
__________________________________________________________________ Preface xv
Chronology of Key Events in the
History of the Internet for Internal Auditing
August 1993
July 1994
August 1994
August 1994
September 1994
February 1995
June 1995
July 1995
November 1995
February 1996
April 1997
August 1998
September 1998
“In My Opinion” column of Internal Auditor prints article by Jim Kaplan
recommending establishment of an online information network for auditors.
Birth of the Internal Auditing World Wide Web site conceived by John
Peterson at Dartmouth Hitchcock Medical Center. Developed as a prototype demonstration project, the site functions as a warehouse of information and knowledge pertaining to the internal auditing profession
and functions across associations, industries, and countries. (7/1)
IIA publishes an article with e-mail addresses provided by internal auditors from around the world.
Jim Kaplan distributes the first e-mail issue of the AuditNet Resource
List to internal auditors who shared their e-mail addresses.
Alt.business.internal-audit — Internal audit Usenet newsgroup formed
for discussion of internal auditing-related subjects.
AuditNet Resource List begins distribution through accounting and
auditing listservs (discussion groups).
The AuditNet Resource List Hypertext version created by John Mayer,
a student at the University of North Florida, is posted to the University
of North Florida Web site. The Web version of the ARL becomes a
major tool for internal auditors connecting to the Internet. (6/15)
Auditors Sharing Audit Programs (ASAP) FTP site created at the University of North Florida by John Mayer founded on an idea that Jim
Kaplan conceived when observing repeated requests for audit programs
on audit discussion groups. Audit programs contributed by internal
auditors from around the world were posted in the spirit of “Electronic
Progress Through Sharing.”
IIA provides Web information through the Rutgers Accounting Web.
AuditNet Web site established on America Online. The AuditNet Resource List and ASAP move to the newly created site established for
the benefit of the online audit community.
IIA moves its Web site to its own domain at www.theiia.org.
IIA launches ITAudit.org site to focus on Information Technology Auditing.
AuditNet moves to its own domain at www.auditnet.org sponsored by
The IIA.
_________________________________________________________ Acknowledgments xvii
Acknowledgments
The Internet is a technological breeding ground for new ideas and information sharing. A book
like this would not have been possible without the cooperation and assistance of the global Internet
auditing community. The constant advice, counsel, and encouragement I received from the domestic and international auditing community made AuditNet, and this book, a true realization of the
“Electronic Progress Through Sharing” concept. Thanks also to the dedicated staff of The Institute
of Internal Auditors for supporting the idea that if we built it, they would come!
_____________________________________________________________ Introduction xix
Introduction
While there have been many books written about the Internet, none have provided specific information for audit usage. The Auditor’s Guide to Internet Resources, 2nd Edition, provides basic
information about the Internet written from an internal auditor’s perspective. It gives an overview
of the basic Internet competency skills auditors need to become digitally literate, options for accessing the Internet, useful tools and services for audit professionals on the Internet, and a comprehensive list of available resources. It provides specific real-life examples of how auditors use the
Internet for audit-related work. What this book will not do is go into detailed technical discussion
of the mechanics of how the Internet works. It will also not address Internet-related issues such as
privacy and security considerations of connecting to the global network. While these subjects are
truly important, there are many books currently available that provide comprehensive coverage.
The breadth of resources available for internal auditors is constantly growing. Due to the dynamic
nature of information on the Internet, there will be resources included in this book that have changed
or are no longer available after this book goes to press. There will also be new resources that will
replace those that have become obsolete. The most up-to-date listing of audit and accounting
resources is available on the Internet at the AuditNet Home Page (http://www/auditnet.org). Kaplan’s
AuditNet Resource List (KARL), the source of the resources in this book, is the only list available
via e-mail as well as through a Web home page. The most recent version of KARL available at the
time of writing this update is included as Appendix B. Remember, the most current version of
KARL is available at the AuditNet Web Site or by sending an e-mail to [email protected].
How to Use This Book
The book should be used as a desktop reference guide. It is written as much as possible in plain
English so that you can easily understand what is needed to connect to the Internet, the options for
connecting, and where to go for helpful information. Each chapter stands alone and is organized so
that more experienced professionals can go directly to a chapter to locate a site or find information
needed immediately.
The book is divided into eight chapters as follows:
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors. This chapter
explains where the Internet came from as well as its importance to and impact on the internal
auditing profession. Auditors who have experience using the Internet and online services should
read this chapter. Everyone, regardless of their Internet skill level, should read the Internet Competency Skills section. While most auditors are audit literate, many are not digitally literate. This
section introduces the concept of digital literacy and explains why it is important to audit professionals who rely on cyberspace as a research and audit tool.
xx The Auditor’s Guide to Internet Resources, 2nd Edition
_________________________
Chapter 2 — Making the Right Connection. Auditors with experience using the Internet will
find this chapter useful. It discusses the options for connecting to the Internet via Internet service
providers, online service providers, or direct connections.
Chapter 3 — Internet Services and Tools for Auditors. This chapter provides the tools and
services that are available to auditors via the Internet, including e-mail, file transfers, and the
World Wide Web. Auditors with limited experience in Internet services and applications should
consider reading this chapter, which helps explain unfamiliar areas.
Chapter 4 — The Auditor’s Great Internet Search. This chapter covers search tools and techniques for auditors to find information in the most efficient and effective manner. The Professional
Auditor Search Strategy (PASS), search engine tips, and Web design coverage will help auditors
locate relevant and useful Web sites. The chapter has been expanded in this edition to include
more information that will help in using search tools more effectively.
Chapter 5 — Look Who’s Talking! — Discussion Group Resources. This chapter shows auditors how to take advantage of the communication capabilities of the Internet to help solve internal
auditing problems, discuss professional issues, and find resources via e-mail discussion groups
and Usenet newsgroups.
Chapter 6 — Internet Resources for Auditors. Organized into topical subject areas, this chapter
represents a major expansion from the first edition of the book, as the number of resources grew
from approximately 300 to over 850. This growth in the number of audit-related sites is a clear
indication of business and the audit community’s integration of the Internet into their business
practices.
Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool. This chapter
provides examples of how auditors around the world have used the Internet in order to foster
creative thinking and discussion on new ways of using this powerful technology.
Chapter 8 — Troubleshooting Internet Error Messages (or What Do Those Error Messages
Mean?). This chapter is new to the 2nd Edition and covers those annoying error messages that
auditors see on the Internet. It helps explain the messages, what they mean, and actions to take
when they appear.
Appendix A — Auditor’s Internet Glossary. A handy reference tool for auditors who need to
learn the language of the Internet. It covers the major terms, words, and phrases needed to navigate
the Auditbahn.
Appendix B — The AuditNet Resource List (KARL). This is the latest version of the document
that was first distributed via e-mail on the Internet in August 1994. The ARL was the foundation
for the AuditNet concept and now includes over 850 Internet resources for auditors.
_____________________________________________________________ Introduction xxi
Appendix C — Sample Audit Programs. This provides examples of audit programs submitted
by AuditNet users as part of the Auditors Sharing Audit Programs (ASAP) section of AuditNet.
Appendix D — Digital Literacy Problem-Solving Approach for Auditors. The ability to access and use information is necessary for success in school, work, and personal life. This appendix
includes the steps that represent the basic approach for auditors solving digital information problems.
Interviews
New to the 2nd Edition are interviews with individuals who are considered to be Internet leaders
and trendsetters in reaching their audit customers or providing audit-related goods or services via
the Internet. They were selected because the product or service they provide to the global audit
community has had a significant impact on the profession and how professionals do their jobs.
Each person was asked specific questions about their organization, product, or service. They were
then asked general questions relating to the Internet and its impact on the internal auditing profession. These interviews show how important the Internet has become, not only from the perspective
of the end user, but also the audit-related service provider.
The Questions
1. As the Internet enters the new millennium, auditors are becoming more “digitally literate.”
How did you acquire “digital literacy”?
2. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How has
your organization contributed to this philosophy through the use of the Internet?
3. How has your organization integrated the use of the Internet into internal auditing?
4. What Internet resources do you use, and how have they helped you and your organization?
5. How has the Internet changed the way your organization does business, and what impact has
that change had on auditors?
6. What effect have the Internet and the World Wide Web had on the internal auditing profession?
7. What Internet skills do you see as the most critical for new auditors?
xxii The Auditor’s Guide to Internet Resources, 2nd Edition _________________________
The Participants
John K. Peterson, Founder, Internal Auditing World Wide Web. The Internal Auditing World
Wide Web (IAWWW) was conceived at Dartmouth by John K. Peterson as a production prototype
demonstration project to act as a warehouse of information and knowledge pertaining to the internal auditing profession and functions across all associations, industries, and countries.
Carolyn Newman, President, Audimation Services Inc. (ASI). Audimation Services Inc. (ASI)
was formed in 1992 to distribute IDEA (Interactive Data Extraction & Analysis) software to internal auditing departments in industry and government. IDEA is a PC-based file interrogation package that allows accountants, auditors, and financial managers to view, sample, and analyze data
from any other system. The product is developed under an exclusive license by the Canadian
Institute of Chartered Accountants (CICA). The CICA granted exclusive U.S. distribution rights
for IDEA to ASI in October 1997.
Ben Heald, Editor, AccountingWeb UK. AccountingWeb, launched in June 1997, is a virtual
community of accountants. It was voted European Information Product of the Year at the Online
Information ’97 show at Olympia (December 1997). With over 30,000 members, AccountingWEB
is now established as the largest Internet hub for the UK accounting sector and growing by over
1,000 members per month.
Robert D. Randolph, Communications/Marketing Specialist, Arthur Andersen
KnowledgeSpace Internal Audit Community. Arthur Andersen KnowledgeSpace® is a subscription-based, customized Web tool for internal auditors. The purpose is to focus, in a single
Web site, on the news, resources, and connections that internal auditors need to stay on top of their
profession.
Harald Will, President, ACL Services Ltd. ACL, a global company dedicated to providing an
integrated solution for the internal auditing professional, is based in Vancouver, Canada, with
offices in Brussels and Singapore and representatives in over 30 countries worldwide. Since 1987
ACL has provided market-leading technology and services for data inquiry, analysis, and reporting.
Charles Lawver, President, CPENet. CPENet, an all-volunteer nonprofit organization started in
1994, was the first distance education provider to offer National Association of State Boards of
Accountancy (NASBA) certified continuing education credit on the World Wide Web.
Michael Awad, President, IAD Solutions. Michael Awad, a practicing internal auditor, created a
department management software application for internal auditors. Audit Leverage is Microsoft
Access-based and provides features such as automated workpapers, budget-to-actual hours comparisons, annual audit planning, automated follow-up log, location risk assessment, and auditor
performance evaluations.
_____________________________________________________________ Introduction xxiii
Alan McCafferty, Founder and President, OPTIMUM Technology. Since 1993 OPTIMUM
Technology (O.T. Inc.) has grown from a local management consulting and custom software developer to an internationally recognized supplier of advanced business information systems. By
1997 OPTIMUM Technology was a full-service supplier to the private sector and to state and
federal governments around the world. OPTIMUM Technology’s services include IT solutions,
software development, business management, process engineering, and ISO consulting with a full
range of off-the-shelf and custom business information tools marketed under the QS3 banner. One
of the company’s products is QSAK, a management tool designed to organize, direct, document,
and report on internal and external audits.
As the internal auditing profession enters a new millennium, the Internet is having a profound
impact on how we communicate and accomplish our mission. It is not only affecting individual
auditors and internal auditing departments, but also providers of audit-related goods and services.
The Internet is changing the way we are selecting, delivering, and using those products and services. As new technology has been introduced to the business community, auditors have cautiously approached integrating these new tools into their daily work.
There are some aspects of the Internet that are not covered in this book because they do not
directly pertain to professional auditors. A Continuing Internet Education (CIE) section that provides additional reference resources has been included at the end of some chapters for readers who
would like to explore Internet basics in greater detail. The focus of this book is to provide information that internal auditing professionals need, from an internal auditing professional’s perspective,
so that they can learn how to use the Internet as an auditing tool. I trust that readers will find the
information useful in their pursuit of professional excellence. Remember that information is power,
and the Internet is a mega-information resource. Therefore, if you know how to access, locate, and
retrieve relevant internal auditing and business information, you and the organization for which
you work will reap benefits.
Whatever you may have heard about the Internet and its resources, after reading this book you will
agree that the Internet is a good thing for auditors and the internal auditing profession. Read on to
find the information you need to join the AuditNet Revolution.
___________
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 1
Chapter 1
An Overview of the Internet
and Digital Literacy for Auditors
“The Internet is the Mother of all Information Sources.”
— Timothy K. Maloy
What exactly is this phenomenon called the Internet? How did it start, how does it work, and what
are the implications for you as an auditor? These and other questions are asked again and again by
auditors trying to understand this thing called the information superhighway or cyberspace. The
Internet is a topic of conversation in the home, at the office, in the news, and at professional
meetings. Everywhere you look it leaps out at you, and you are probably wondering what all this
hype is about. Are you connected, who is your provider, and what is the URL for that site you
found? More importantly, what does all this mean to you as an auditor and the auditing profession?
So Where Did the Internet Come From?
The roots of the Internet can be traced to the Defense Advanced Research Project Agency (DARPA)
government funded project in the early 1970s. The goal of the DARPA was to develop a communication protocol that would allow linked computers to talk to one another while remaining transparent to the end user. This network, called ARPANet, would be designed in such a way that if a
segment of the system was down, the remaining parts of the system would continue operating. The
government found that these networks provided an efficient and effective means of enhancing
communication for conducting educational and military research and development. The ARPANet
of the 1970s became the backbone of the network established in the early 1980s by the National
Science Foundation (NSFNet). The NSFNet consisted of five supercomputing centers established
at major universities across the United States. The system of networks developed in conjunction
with this project came to be known as the Internet.
Definition of the Internet
The Internet is one of those elusive terms or concepts that almost defies definition. Trying to
define it is almost like trying to hold Jell-O in your hands; you just cannot get a grasp on it. There
is a difference between the Internet with a capital “I” and internet with a lowercase “i.” The
Internet is the public network that runs applications like e-mail, file transfer, and the World Wide
Web. An internet is a private network that is closed to the general public. Many organizations are
creating intranets, which are internal, private networks using the Internet technology. Getting back
2 The Auditor’s Guide to Internet Resources, 2nd Edition
__________________________
to the question at hand, the Internet at its most basic level is a global network of computers. Sitting
at a standalone computer without a modem or connection to a LAN (Local Area Network) would
limit you to performing tasks based on the application software installed on that computer, such as
using a word processor or spreadsheet program to write an audit program or create a spreadsheet.
Connecting that computer to other computers in the office — thereby creating a LAN or local area
network — allows you to send and receive messages, and share applications and files with other
network users. Connect that LAN to other LANs within the organization and departments and
divisions acquire application and file sharing capability. Connect the LAN to a Wide Area Network or WAN and to a gateway or hub connected to a global network of computers and you have
the Internet. Well, at least almost!
We are making an assumption that each network operating system speaks a common language.
Fortunately, or unfortunately, operating systems come in many flavors such as UNIX, DOS,
Macintosh, SUN, etc. For systems to communicate with each other, they require a common protocol or translation mechanism. Transmission Control Protocol/Internet Protocol (TCP/IP), the Internet standard developed in the early phases of these government-funded projects, allows different operating systems on the global communication network or Internet to talk with one another.
While TCP/IP was developed early on as part of the government-funded research projects, it remains the current Internet standard.
The Internet is therefore a global conglomeration of computers linked together by a common
standard language (protocol) creating a seamless communication network that is relatively transparent to the end user. If we were satisfied with that definition of the Internet, we would be
missing perspectives that many individuals (including the author) consider to be equally important. The Internet is people communicating with each other and sharing information and ideas.
Without the human element, the Internet is merely connected circuitry without a purpose. People
make the Internet tick. It is a tool for enhancing communication and information/idea sharing. The
Internet is changing the way we communicate, learn, read, and interact with each other. It is also
changing the nature of business, and all types of organizations see the Internet as new opportunities for marketing, research, and electronic commerce.
___________
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 3
The Impact of the Internet on the Auditing Profession
Two roads diverged in a wood, and I I took the one less traveled by,
And that has made all the difference.
— From “The Road Not Taken” by Robert Frost
Just as the fax machine changed the nature of business communication, the Internet is having a
profound impact on the way we share and exchange information. Many auditors find themselves at
a crossroads and must decide which path they will take to accepting or rejecting the digital revolution. Internal auditors are becoming information specialists and increasingly viewed in management consulting roles. The Internet provides a virtually limitless number of resources for many
auditing and management-related topics. Audit-related information on the Internet crosses organizational lines, and auditors must be able to manage the information and share it with others. Audit
information on the Internet is constantly being added or updated, and these new resources are
available to all auditors at virtually the same time. Those who know how to keep up-to-date with
Internet information can immediately access and use this new information source.
As an auditing professional, you are in the information business, and the Internet contains information on every conceivable subject. There is no question that if you are not currently connected
to the Internet, you should be. If you are connected, you should be using it as a resource to gather
information, conduct research, solve professional problems, and network with your peers. The
information highway for auditing professionals, or the Auditbahn as I refer to it, may have potholes and dirt roads, but as construction continues, the Internet is a valuable tool now and for the
future.
Internet Competency Skills for Auditors
The Internet is a new environment for many auditors. When using the Internet as a research and
resource tool, auditors must acquire some new skills in order to be successful in a digital environment. While many auditors are now surfing the Internet, no one has really detailed the necessary
skills required to circumnavigate this environment. I never really consciously thought about what
competencies were needed to survive in this brave new world. That all changed when I read Paul
Gilster’s Digital Literacy. It provides a road map for “the thinking and survival skills new users
need to make the Internet personally and professionally meaningful.” Digital literacy is “the ability to understand and use information in multiple formats from a wide range of sources when it is
presented via computers.”1
1
Gilster, Paul, Digital Literacy (New York: Wiley and Computer Publishing), 1997, p. 1.
4 The Auditor’s Guide to Internet Resources, 2nd Edition
__________________________
What does digital literacy mean for auditors? The digital revolution has profound implications for
the auditing profession. Auditors increasingly review and process digital information. Business
and government organizations are finding digital information processing and storage to be efficient solutions to the current volume of business transactions. Computer processing and storage
are replacing traditional media, which means that auditors must be comfortable working with
digital information and understand digital storage, retrieval, and controls.
There are core competencies that auditors should develop to take full advantage of the Internet.
They need to first develop critical thinking skills on evaluating Internet content. Secondly, they
need to understand how to assemble information in a digital environment. Internet information is
not organized in the traditional way, and as an auditor you need to build knowledge based on new
criteria. Finally, auditors must learn how to locate information on the Internet. The digital library
is unlike the traditional library and therefore requires new search skills to tap Internet information.
There is an Internet Literacy Checklist for Auditors provided as Exhibit 1. This checklist provides
auditors with a basic Internet competency guideline to determine where training and development
may be needed.
Exhibit 1
Internet Literacy Checklist for Auditors
The following checklist, adapted from a handout developed by Laura C. Larsson, University of
Washington, is meant to provide a tool to evaluate digital literacy. Read through the list below and
check off those competencies with which you are familiar. If you are not familiar with certain
competencies, you will need to reinforce them by using this book or other resources on the Internet. The AuditNet Web site has a link to Ms. Larsson’s Web site that includes links to review
material that will help you become digitally literate.
Yes
No
Communication Competencies
I can send, delete, reply to, and print e-mail messages (collaboration/
communication).
I know how to attach files to an e-mail message to send to a colleague.
I can subscribe and unsubscribe to online discussion groups for auditors.
I know the difference between reply to sender and reply to all.
I know the rules of Netiquette for online discussion groups.
I understand the difference between e-mail discussion groups and Usenet
newsgroups.
I know how to configure my browser to read, send, and store e-mail.
I know how to configure my e-mail program to read, send, and store
e-mail.
___________
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 5
Exhibit 1 (Cont.)
Yes
No
Web Process Competencies
I know what a Web browser is and how to use it to move between Web
sites or pages.
I know how to save and organize useful Web sites in my browser.
I know how to change my browser preferences. For example, I know
how to change the default start page and change the font type and size.
I know how to clear the memory cache and file history on my browser to
free up space on my hard drive.
I know how to read various file formats on the Web (e.g., GIF, JPG,
PDF).
I know how to troubleshoot common error messages.
I understand what HTML is and how it is used to format text for display
by Web browsers.
Information Literacy (Critical Thinking Competencies)
I can tell whether information on a Web site is reliable and valid.
I understand that on the Web, not all information is equal in quality.
I know how to find and use meta-information available on Web sites.
I understand that information obtained from the Web is subject to
manipulation.
I know how to verify Web site information.
Information Search Competencies
I can search for, validate, and cite Web-based information (get
information).
I can find someone’s e-mail address using Internet white pages.
I can locate an author’s contact information in at least three ways.
I know how to recover postings from the newsgroups or discussion
groups.
I understand the difference between a search engine and a directory
(guide) and when I should use one or the other to look for information on
the Web.
I understand who the major producers of information are in my field.
Data Retrieval and Manipulation Competencies
Once I have located data on the Web, I can identify the format and know
how to move it into my desktop for further analysis.
I can download files using my Web browser.
I can reliably transfer text and binary files between client and server
computers (move data between my desktop and mainframe computers)
using FTP.
6 The Auditor’s Guide to Internet Resources, 2nd Edition
__________________________
Exhibit 1 (Cont.)
Yes
No
Data Retrieval and Manipulation Competencies (Cont.)
I can download files from public FTP sites.
I know how to set up a personal news feed so that I only get the
information I need (push technology).
Information Organization
I can organize, design, and create a Web site for my personal use or for
my organization.
Bibliographic Citation
Not only do I know how to cite books, journal articles, and technical reports
published in paper format, but I also know how to cite documents published on
the Web.
I understand that when I use someone else’s ideas that I must properly cite
their work.
Copyright Knowledge Competency
I understand that all information except government and information “in the
public domain” is copyrighted and may not be used except with permission of
the copyright holder.
Content Analysis Ability (Ability to make informed judgments about what you find online)
Critical thinking about content is the Internet competency upon which all others are founded. You
cannot work comfortably within this medium until you have established methods for judging the
reliability of Web pages, newsgroup postings, and mailing lists. Evaluating content on the Internet
means recognizing and verifying that you are in fact connecting to a site that will provide information useful for audit purposes. Content evaluation means taking steps to verify the information on
Internet sites to ensure that it is accurate, complete, and useful. Exhibit 2 is an Audit Content
Evaluation (ACE) Worksheet. The ACE Worksheet was adapted from a Content Evaluation
Worksheet prepared by the Department of Education, Victoria, Australia. The ACE Worksheet
includes questions that auditors should be able to answer when evaluating audit-related Web sites.
Use the worksheet to conduct a preliminary assessment of a Web site. After using the worksheet
several times, you should begin to intuitively apply critical thinking skills when evaluating Web
site content.
___________
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 7
Exhibit 2
ACE (Audit Content Evaluation) Worksheet
Adapted with permission of SOFWeb, Department of Education, Victoria, Australia
The purpose of this worksheet is not to get you to reject audit resources on the basis of the
answers you give, but rather to get you thinking about the resources critically. A site that is not
updated regularly may still have lots of useful and reliable information, but if your audit research depends on current information, it may not be an appropriate site for you to use. Again,
a site that is difficult to navigate may have good content, but it may take too long to find
things, given your time constraints. All of these issues will influence your decisions about the
material you use.
Making critical judgments about the resource material you have found does not have to involve either wholly accepting or rejecting material. It does involve your being aware of any
possible problems or limitations of the material you are using and taking that into account.
What browser are you using? _________________________________________________
Does the site suggest that it is better viewed with one kind of browser in particular? ______
What is the location (URL) of the Web page you are evaluating? http:// ________________
Look at the domain name of the URL. How does the fact that the site is an .edu; .com; .gov; or
.org influence your opinions about the site? ______________________________________
Who put this information here?
❏ Government
❏ Educational institution
❏ Commercial organization
❏ Special interest group (i.e., political party)
❏ Private person
❏ Other
Does the source of the information have any influence on your judgment about the usefulness
of this site?
Yes ❏
No ❏
Comment _________________________________________________________________
How often is the site updated?
❏ Updated daily
❏ Updated weekly
❏ Updated monthly
❏ Updated less often
Can you tell when the last time a particular page/section was changed?
Yes ❏
No ❏
8 The Auditor’s Guide to Internet Resources, 2nd Edition
__________________________
Exhibit 2 (Cont.)
Does the currency of the information have any influence on your judgment about the usefulness of this site?
Yes ❏
No ❏
Comment _________________________________________________________________
How old is the material?
❏ Recent (1-6 months)
❏ 6 months -1 year old
❏ 1-2 years old
❏ Older
Does the currency of the information have any influence on your judgment about the usefulness of this site?
Yes ❏
No ❏
Comment _________________________________________________________________
Who wrote the information?
❏ A known authority in the field
❏ Someone affiliated with a recognized organization/institution
❏ An unknown
Is the author’s signature on the page?
Yes ❏
No ❏
Is the author’s e-mail address included?
Yes ❏
No ❏
Is there any other way of identifying the author (i.e., telephone number or address)?
Yes ❏
No ❏
If you cannot identify the writer, does this have any effect on your judgment about the usefulness of this site?
Yes ❏
No ❏
Does the institutional affiliation have any effect on your judgment about this site?
Yes ❏
No ❏
Comment _________________________________________________________________
Why is this material here?
❏ As a public service
❏ For political reasons
❏ For personal reasons (i.e., a personal home page)
Is the purpose of this page indicated clearly in a prominent place?
Yes ❏
No ❏
Is there any evident bias in the information at this site?
Yes ❏
No ❏
Does the reason for this have any influence on your judgment about the usefulness of this site?
Yes ❏
No ❏
Comment _________________________________________________________________
___________
Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 9
Exhibit 2 (Cont.)
Can I do a crosscheck?
Yes ❏
No ❏
Do I have any doubts about the accuracy of the material?
Yes ❏
No ❏
If so, is there any way I can crosscheck the accuracy of the information?
Yes ❏
No ❏
Is the information available anywhere else?
Yes ❏
No ❏
Would it have been easier to get the information in some other way?
Yes ❏
No ❏
Comment _________________________________________________________________
What kind of checks could I perform?
❏ Other Internet material?
❏ Print sources?
❏ Expert knowledge (i.e., contact a known authority)?
❏ Personal knowledge?
Comment _________________________________________________________________
Is the information useful for direct evidence for this audit project?
Yes ❏
No ❏
Does the site primarily provide meta-information (information about information) that may be
useful for this audit project?
Yes ❏
No ❏
Can I use the contact information (e-mail, guest book etc.) to find more information either
online or in print format for this search?
Yes ❏
No ❏
What kinds of links come off the site? __________________________________________
Does the site include links to other sites?
Yes ❏
No ❏
Is there any selection process for the links?
Yes ❏
No ❏
Are the links organized (i.e., by subject category)?
Yes ❏
No ❏
Are the links described?
Yes ❏
No ❏
Are the links all still active?
Yes ❏
No ❏
Do the links seem relevant to the subject of the Web page?
Yes ❏
No ❏
Comment _________________________________________________________________
10 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Exhibit 2 (Cont.)
Design
The Web page includes:
❏ Color
❏ Graphics
❏ Tables
❏ Frames
❏ Animation
❏ Java
Is the page only viewable by a specific browser or release of browser?
Yes ❏
No ❏
Speed
Is the site often busy and difficult to access?
Yes ❏
No ❏
Does the page download in a reasonable amount of time?
Yes ❏
No ❏
Does it include any large graphics or files that take a long time to download?
Yes ❏
No ❏
Is it organized in a way that makes it easy to navigate?
Yes ❏
No ❏
Are the navigational links clear?
Yes ❏
No ❏
Do you have to scroll through the entire document to find the information you want?
Yes ❏
No ❏
Is there any provision for searching the site?
Yes ❏
No ❏
Is the page viewable by a text-based browser only?
Yes ❏
No ❏
Do all the graphics have a text explanation?
Yes ❏
No ❏
Does the design complement the content?
Yes ❏
No ❏
Comment _________________________________________________________________
___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 11
Knowledge Assembly Ability (Ability to collect and evaluate both fact and opinion)
Auditors need to learn how to assemble knowledge or build a reliable information base from
diverse information resources such as e-mail, World Wide Web, newsgroups, and mailing lists.
Knowledge assembly involves utilizing all the different sources of Internet information, including
news feeds from magazines, newspapers, and newsletters; discussion forums such as listservs and
newsgroups; and Web sites. Incorporating all of these into the auditing process requires careful
planning and consideration. Many auditors are not actively tapping into digital media for audit
purposes.
Search Skill Ability (Ability to conduct searches within a digital environment)
The final competency for auditors covers Internet search strategies for using search engines to
hunt through millions of pages of information and return a list of targets for your consideration. It
requires understanding how information is organized on the Internet and ways to use the existing
tools in a digital environment. This competency is covered in more detail in Chapter 4, The
Auditor’s Great Internet Search.
If you plan to make effective use of the Internet, you need to develop your “digital literacy” skills.
All indications are that the digital environment is here to stay. This means that auditing professionals need to make changes in the way they accumulate, examine, and use information. Readers can
find a Primer on Digital Literacy at http://www.auditnet.org/diglit.htm. I recommend that you read
this excerpt from the book and consider the implications on how you use the Internet in your work.
Exhibit 3 provides a Digital Literacy Self-Assessment Tool that was adapted with permission from
the Arts Wire Spider School of the New York Foundation for the Arts. The tool can help you
determine your personal level of digital literacy. I am sure you will agree that this new environment — built around the Internet — requires new skills needed to survive and keep up with the
competition. In my opinion this is one of the most important concepts that you need to understand
in order to effectively integrate the Internet in your professional and personal life.
12 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Exhibit 3
The Auditor’s Digital Literacy Self-Assessment Tool
Adapted with permission from the Arts Wire Spider School N.Y. Foundation for the Arts*
The following is another tool for auditors to use in evaluating their digital literacy competence.
Please judge your level of achievement for each of the following digital literacy skills. Circle the
number that best reflects your current level of skill attainment. (Be honest, but be kind.) This tool
is designed to help you conduct a self-analysis to determine what areas you should continue to
learn and practice. (Level 1 – Novice; Level 2 – Beginner; Level 3 – Intermediate; and Level 4 Advanced.)
I. Internet Integration
___ Level 1 - I do not see the need to blend the use of the Internet into my work.
___ Level 2 - I would like to blend the use of the Internet into my work, but there is not much
time or enough access to equipment. I need a better understanding of what strategies will
work.
___ Level 3 - I blend the use of the Internet and new technologies into my work whenever I
have the opportunity to do so. I devote a small amount of time exploring software and equipment.
___ Level 4 - I frequently blend the use of the Internet and new technologies into my work. I
use problem-solving skills and the help button to figure out how to make use of advanced
features when I need to.
2. Browser Operation
___ Level 1 - I do not use a browser, nor can I identify any uses or features it might have which
would benefit my work.
___ Level 2 - I can start up my browser and use the basic commands to surf the Web, but I
spend little time doing so.
___ Level 3 - I am able to bookmark Web sites that I have visited and would like to revisit.
*This tool is based on Mankato (MN) Schools Scale for staff technology skills assessment and technology competencies identified by the National Council for Accreditation of Teacher Education and the Association for Educational Communications and Technology.
___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 13
Exhibit 3 (Cont.)
___ Level 4 - I can organize by bookmark into folders. I can save local copies of Web pages
and graphics on my hard drive. I know how to clear my browser cache and customize the
settings. I know how to use keyboard shortcuts to make navigating more efficient. I understand almost all the error messages from the browser and can continue browsing without
problem.
3. Internet Research
___ Level 1 - I do not explore, evaluate, or make use of Internet information, nor can I see any
value in doing so.
___ Level 2 - I know how to do a basic search on at least one search engine, but I do not know
how to narrow and refine my search. I often get lost, distracted, or overwhelmed.
___ Level 3 - I know how to do Boolean searches and use more than one search engine.
___ Level 4 - I can find almost anything I need that is available on the Internet quickly and
efficiently and can evaluate the quality of the information.
4. E-Mail Use
___ Level 1 - I do not use electronic mail, nor can I identify any uses or features that would
benefit my work.
___ Level 2 - I know the basic mechanics of using my e-mail program to send and receive
messages from colleagues, constituents, or friends. I do not check or use my e-mail every day.
___ Level 3 - I know how to send documents as attachments, the address book, and file folder
system. I check my e-mail at least once a day.
___ Level 4 - I feel confident using text to communicate with many different people on a
variety of topics. I know how to write for the medium. I know how to manage my e-mail
efficiently and integrate it with other technologies such as voice mail, phone, and fax. I feel
lost when I cannot check my e-mail at least once or twice a day.
5. Listservs/Conferencing Software
___ Level 1 - I do not use listservs or conferencing, nor can I identify any uses or features that
would benefit my work.
14 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Exhibit 3 (Cont.)
___ Level 2 - I have subscribed to a couple of listservs or participated in a couple of conferences, but I do not know how to make using them efficient.
___ Level 3 - I know how to filter listserv messages and efficiently communicate using
conferencing software.
___ Level 4 - I feel that participating in listservs or conferencing with professional colleagues
has been enormously valuable to my work and find it an efficient and economical way to
collaborate.
6. Ethical Use Understanding
___ Level 1 - I am not aware of any ethical issues surrounding computer use.
___ Level 2 - I know that some copyright restrictions apply to computer software and Internet
documents.
___ Level 3 - I clearly understand the difference between freeware, shareware, and commercial software and the fees involved in the use of each. I know the programs for which my
organization holds a site license. I understand how I can use information gathered from the
Internet without violating copyright laws.
___ Level 4 - I am aware of other ethical issues involving technology use such as privacy and
can explain the issues to colleagues.
7. Basic Computer Operation
___ Level 1 - I do not use a computer.
___ Level 2 - I can use the computer to run a few specific, preloaded programs. I am somewhat
anxious I might damage the machine or its programs.
___ Level 3 - I can set up my computer and peripheral devices, load software, print, and use
most of the operating system tools like the notepad, find command, trash can, and clipboard.
___ Level 4 - I can run two programs simultaneously and have several windows open at the
same time. I can customize the look and sounds of my computer. I use keyboard shortcuts and
look for ways to maximize my computer time. I am confident enough to teach others some
basic operations.
___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 15
Exhibit 3 (Cont.)
8. File Management
___ Level 1 - I do not save any documents I create using the computer.
___ Level 2 - I save documents I have created, but I cannot chose where they are saved on my
hard drive or the network. I do not know how to back up my files.
___ Level 3 - I have a filing system for organizing my files and can locate files quickly. I back
up my files to floppy or zip disk on a regular basis.
___ Level 4 - I regularly run a disk-optimizer on my hard drive, and use a backup program to
make multiple copies of my files on a weekly basis. I have a system for archiving files on my
hard drive.
9. Word Processing
___ Level 1 - I do not use a word processor, nor can I identify any uses or features it might
have which would benefit the way I work.
___ Level 2 - I occasionally use the word processor for simple documents that I know I will
modify and use again. I generally find it easier to hand write or type most written work I do.
___ Level 3 - I use the word processor for nearly all my written professional work: memos,
worksheets, and communication. I can edit, spell check, and change the format of a document.
___ Level 4 - I use the word processor for all of my work and typically compose at the screen/
keyboard. I know how to use templates, macros, style sheets, mail merge, and import spreadsheets, databases, or graphics. I know how to save word processing files as HTML documents.
10. Presentation Software
___ Level 1 - After I do my research I am unlikely to use electronic technologies to save,
format, or share my findings.
___ Level 2 - I would feel comfortable presenting my findings in a single application program
such as a word processor, a spreadsheet, or a publishing program.
___ Level 3 - I am proficient at incorporating and sharing my findings using multimedia presentation software (Powerpoint) which combine elements from a number of applications
(Netscape, graphics, word processing, database, etc.).
16 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Exhibit 3 (Cont.)
___ Level 4 - I use the presentation software to help me think, communicate, or revise my key
points or message.
11. Spreadsheets
___ Level 1 - I do not use a spreadsheet, nor can I identify any uses or features it might have
which would benefit the way I work.
___ Level 2 - I understand the use of a spreadsheet and can navigate within one. I can create a
simple spreadsheet that adds a column of numbers. I can use the spreadsheet to make a simple
graph or chart.
___ Level 3 - I use a spreadsheet and know how to add labels, formulas, and cell references. I
can change the format of the spreadsheets to anything I need or want.
___ Level 4 - My use of the spreadsheet has helped me improve my data keeping and analysis
skills. I know how to export spreadsheet data into other file formats or insert into word processing documents. I know how to program multiple spreadsheets with macros to do advanced
financial analysis.
12. Database Use
___ Level 1 - I do not use a database, nor can I identify any uses or features it might have
which would benefit the way I work.
___ Level 2 - I understand the use of a database and can locate information within one which
has been pre-made. I can add or delete data in a database.
___ Level 3 - I use databases to collect and analyze data. I can create a database from scratch,
defining fields and creating layouts in order to support queries. I can sort and print the information in layouts that are useful to me.
___ Level 4 - I use databases to track information about my program or area. I can automatically generate appropriate letters or forms. I understand how to use and structure a relational
database. I know how to import/export data into other file formats.
13. Graphics Use
___ Level 1 - I do not use graphics in my word processing or presentations, nor can I identify
any uses or features they might have which would benefit the way I work.
___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 17
Exhibit 3 (Cont.)
___ Level 2 - I can open, create, and place simple pictures into documents using painting,
drawing, or image editing programs.
___ Level 3 - I can open, create, modify, and place graphics into documents in order to help
clarify or amplify my message.
___ Level 4 - I can manipulate and interpret graphics using image-processing software (such
as CAD, GIS, or Photoshop) for the purpose of design or analysis. I can use the programs to
enhance my visual thinking skills.
What Auditing-Related Things Can I Do On the Internet?
Now that you have an idea about the impact of the Internet on auditing and the skills you must
acquire to become “digitally literate,” here are 20 auditing-related activities you can do on the
Internet.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
Discuss auditing issues with specialists from around the world.
Conduct auditing research from your desktop.
Download auditing programs and adapt them to your organization.
Download internal control questionnaires.
Download audit-related statistical sampling software.
Download demo software for flowcharting, data extraction and analysis programs, automated working papers, and more.
Network with auditors and specialists within your industry group.
Locate new career opportunities from online job postings.
Stay in touch with your professional affiliations through association Web sites.
Find information on professional certifications online.
Earn college credit or continuing professional education online.
Locate and schedule upcoming audit conferences and training seminars.
Find audit manuals and guides from other auditing departments or organizations.
Keep in touch with audit customers via e-mail with newsletters, audit briefings, and other
targeted correspondence.
Send and receive audit-related files via e-mail attachments while away from the home office.
Conduct surveys and distribute audit questionnaires via the Internet.
Locate industry standards and guidelines via trade associations at their Web site.
Create an information feed of electronic magazines and newspapers delivered to you via email.
18 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
19. Download free utility software and receive software updates and vendor support over the
Internet.
20. Research airline schedules and hotel accommodations via Internet Web sites.
Learning to Cyberspeak
Before continuing the journey to find out the options available for accessing the Internet, you must
start learning the language of the Auditbahn (or cyberspeak). A glossary of terms is included at the
end of the book that can be referred to as needed. The glossary is unique in that it includes terms
not just for Internet users, but also for audit professionals. Browse through the terms and get a feel
for some of the language. Then start up your computer, put it in gear, and begin your journey into
cyberspace. Always remember that the Internet is merely a tool — a means to an end. It will never
take on a life of its own, although some people will tell you it already has. You will define how you
use it and how to integrate it into your professional career. The history and origins of the Internet
are already written. You have the ability to affect the future of the Internet and its usefulness as a
tool for the auditing profession. Consider the tools and applications discussed in the pages that
follow as a starting point. Follow the theme of “Electronic Progress Through Sharing” and you
will discover that the Internet is a valuable auditing tool.
Interview: John K. Peterson, Founder, Internal Auditing World Wide
Web (http://www.bitwise.net/iawww)
The IAWWW started at Dartmouth Hitchcock Medical Center. I found out about this new entity
when I received the following notice sent to the Internet audit community:
BIRTH ANNOUNCEMENT
What is IAWWW? Date of Birth: 6/9/94 @ 4:00 P.M. Weight: 987 BYTES
The purpose of the IAWWW is to provide:
Online and real-time international communications.
Real-time help and access.
Information.
Knowledge.
Ordered and focused access to the Internet.
Dedicated capability just for internal auditors.
Facilitate professional exchanges without physical boundaries.
Industry-specific audit repository.
Non-filtered discussions and electronic conferences.
Access list of peers.
___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 19
Access list of entities with audit functions.
Why was IAWWW created?
Wanted to know names of peers.
Wanted to share information on a daily basis.
Wanted to learn what everyone else was doing.
Wanted to ask questions online and real-time.
Wanted current and future list of conferences and seminars.
Wanted to save money when acquiring information and knowledge.
Wanted to supplement physical conferences and seminars.
White papers.
Multimedia audit-specific documents, movies, pictures, etc.
Futures..........
Q. Tell me about IAWWW’s Internet strategy.
The concept was and still is to provide a resource for internal auditors that goes across associations, companies, and legal entities. The IAWWW moves in the direction called for by its
audience. It provides a “meeting ground” for all types of internal auditors from all countries
and industries. It is still volunteer-based and tries to cover expenses with ads and certain
services.
Auditors have been sending resumes and looking for positions. The IAWWW has created a
relationship with The Rivers Group to help auditors secure positions. The Career and News
Page are the two highest utilized pages on the site. This recruiting tactic is in line with the
strategy — to provide the service requested by auditors.
The IAWWW Web site will grow in direct proportion to worldwide interest and contributions.
The IAWWW is also used to test various user interfaces, languages, and technologies. The
IAWWW has tried various types of concepts, and when negative responses were received, the
concept was removed. Example: Automatic moves, based on time, using Javascript were
installed and removed after a period of time.
Different Web site design ideas have been used and the “auditor’s vote” decides what stays
and what is removed.
20 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. The IAWWW was developed as a prototype for an online audit network. Now that the
Internet and audit acceptance has matured, what changes do you see in the future of the
IAWWW?
I see the activity increasing as more and more personnel get on board. The utilization to date
has been to see what is there on the IAWWW. We receive a great deal of “requests” for additional functionality… but when asked to volunteer time… requests seem to diminish quickly.
The contribution by individual auditors seems to be confined to a few who contribute a great
deal in time and money.
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
I hold a computer science degree and have been programing since 1963. I learned in formal
classroom, on-the-job training at various employers, at home on my own, and I created a
company called Peterson Consulting that is devoted to the development of extranets, internets,
intranets, and electronic commerce. Internet technologies are my job, my passion, and simply
fun. I am now learning XML and Ontology.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
Peterson Consulting has created very large portal extranets for cross-industry activities in
financial services, insurance, banking, and investment. The IAWWW has provided auditors
from mutiple companies, industries, and countries with a way of communicating that has
never existed before.
Q. How has your organization integrated the use of the Internet into auditing?
The Internet and associated Internet technologies are simply tools that are utilized for various
forms of communications in multimedia formats on a centralized, remote, and distributed
basis. The level of collaboration has increased proportionally.
Q. What Internet resources do you use, and how have they helped you and your organization?
The ability to know of and contact various associations is one of the key resources — such as
the Association Page within the IAWWW. The People Page within the IAWWW has allowed
various people to communicate and compare notes on topics of mutual interest.
___________ Chapter 1 — An Overview of the Internet and Digital Literacy for Auditors 21
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
The Internet has a profound change on the way business is conducted... and this is only the
beginning! The impact on business will be great. The companies that are part of the Internet
change will learn, grow, and become a different business. Companies that do not become part
of the Internet way of doing business will cease to exist over time. We are only just starting to
see what can be accomplished. Auditors will need to expand their scope of work and now
understand that a computer can and will process more business transactions in a nanosecond
than most auditors can comprehend. The need for auditors to understand risk, automate themselves, and automate their processes is a fact for survival in the new business world.
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
To date the effect has been minimal in a business transaction view. The auditing profession
will be changed completely over the next five to 10 years — financial auditing will still be
important but information and operational and managerial auditing will be in the spotlight.
Q. What Internet skills do you see as the most critical for new auditors?
Concepts of proactive information auditing before a new Internet-based technology system
goes into production. To passively audit will be an error. It will be too late.
Q. What role do you see for the Internet in the future of internal auditing?
The use of Internet technologies will empower “state-of-the-art auditors” to perform a valueadded function for their employers.
Q. Any other thoughts on how auditors could be using the Internet that you would like to
share?
Auditors should start to lobby their management and boards for education, technology, and
proactive implementations of audit capabilities within their organizations.
22 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Continuing Internet Education
The following books will provide you with additional information on the background and basics
of the Internet and Digital Literacy.
1.
2.
3.
4.
Digital Literacy, Paul Gilster, Wiley and Computer Publishing.
Zen and the Art of the Internet, Brendan P. Kehoe, Prentice Hall PTR.
The Internet Roadmap, Bennett Falk, Sybex.
The Whole Internet User Guide and Catalog, 2nd Edition, Ed Krol, O’Reilly & Associates,
Inc.
5. How the Internet Works, Preston Gralla, MacMillan Computer Publishing.
_____________________________________ Chapter 2 — Making the Right Connection 23
Chapter 2
Making the Right Connection
“Whatever method of access you choose, the underlying Internet remains the same.”
— Paul Gilster from New Internet Navigator
Before you can access anything on the Internet, you need one critical element — a connection.
Without a connection you are merely an observer on the outside looking in to the vast resources
available on the Auditbahn. So what do you do? Call 1-800 Internet and get connected? There are
several alternatives available to you. Selecting the right option is dependent not only on your
needs but also on how much online experience you have and where you live and work. The decisions you make will be based on a self-evaluation of the applications, tools, and resources available for your particular needs. Another key consideration is whether or not your employer currently has an Internet connection or provides other employees with some type of Internet access
via commercial online services.
Like the old saying about real estate, when it comes to the Internet and commercial online services,
the ability to access relates largely to location, location, and location. If you live in or close to a
metropolitan area, you have more choices for accessing the Internet than do professionals living in
smaller communities. This is due to a variety of factors, including supply and demand as well as
economies of scale when it comes to the number of individuals interested in a service. The larger
the population density, the greater the likelihood of access alternatives based on the market and
competition.
Internet Connection Options
Primary alternative methods for connecting to the Internet include direct connection or a dial-up
connection to a remote site. There are advantages and disadvantages to either method that you
need to know in order to make an informed decision. Making the choice about which road to take
for connecting to the Internet requires understanding the differences and similarities between the
alternatives. The following options will help guide you in making a choice. The advantages and
disadvantages of each option are included so that you may choose an option that fits your particular experience, needs, and preferences.
Direct Connections
High-speed direct connections are commonly available through businesses, educational institutions, or government organizations with a large number of users and workstations that need to be
connected to the Internet. Many organizations have established a direct connection to the Internet
24 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
for business reasons. High-speed connections are typically provided through networks already
connected to the Internet. If your organization has a connection to the Internet, the only additional
requirement involves installing Internet software on your workstation. Direct connections to the
Internet offer the most efficient connection via a high speed, dedicated leased line. As an audit
professional working for such an organization, you have the benefit of a network of information
system professionals to help configure and establish a connection to the Internet using company
resources. Setting up a workstation on a network directly connected to the Internet is not for
novices. Each workstation may require tweaks and adjustments to connect. Contact the information system professionals for the installation and configuration of the workstation. These professionals have experience and can facilitate the connection. Once your workstation is configured,
you have complete access to all the Internet services allowed by your organization, which may
include e-mail, file transfer, and Web services.
Direct Connections:
· Provide full access to Internet applications authorized by the employer.
· Provide the fastest connections.
· Allow a greater number of organization-wide users.
· Provide a stable connection to the Internet (limited line noise interference).
· Provide easier control of access via senior management authorization.
· Are expensive if there are few users.
· Require specialized knowledge and skills for system setup.
Dial-Up Connections
Many organizations do not have a direct connection to the Internet for various reasons, including
cost or the lack of a viable business reason for connecting business components. If your organization does not have a direct connection to the Internet, your other options for connecting are referred to as remote access dial-up connections. Even if your organization has a direct connection,
you may want to consider a dial-up connection at home. There are several dial-up alternatives for
connecting to the Internet. You can connect via an Internet Service Provider (ISP) or to an Online
Service Provider (OSP). They are referred to as dial-up because you connect by dialing up an
access (phone) number using your computer modem. Each dial-up alternative has certain elements
that you need to understand before making the decision on which choice best meets your needs.
ISP Dial-Up Connection
The next best thing to a direct connection is an ISP dial-up option. This is more commonly referred
to as a SLIP (Serial Line Internet Protocol) or PPP (Point to Point Protocol). This type of connection provides Internet access as long as the dial-up connection exists. When the connection is
broken (by terminating the phone call), the computer is no longer connected to the Internet. With
this type of connection, your computer actually becomes a computer node (host) on the Internet.
You may then run any Internet client-server application program from your computer.
_____________________________________ Chapter 2 — Making the Right Connection 25
The most popular type of ISP connection is an integrated dial-up. This means that the ISP provides
the software front end or shell application for easy installation and setup. The startup package
typically includes a browser (software program for viewing Internet resources), e-mail program,
Gopher client, Usenet client, and more. You may use the software program provided by the ISP or,
at your option, use your own programs to access the Internet. ISPs generally provide all the software for the connection, including the basic Internet communication protocol (TCP/IP) and the
local access number (telephone number) to dial for the Internet connection. The software provided
by the ISP will configure your computer to connect to the Internet. This means that you do not
have to know the details for configuring your system in order to connect. All that you need to do is
follow the instructions and provide the information requested during the setup process. A dial-up
direct connection provides you with full Internet access but at a slower speed than a direct connection. Speed on a dial-up direct connection is a factor of both the modem installed on your computer and the maximum access speed provided by the ISP.
The choice of which ISP to use depends to a certain extent on where you live. Because connecting
to an ISP requires a dial-up connection, there are two alternatives available. The first option is a
national ISP, which has local dial-up numbers in large metropolitan areas. An example of this type
of ISP is Mindspring (800) 719-4664 (http://www.mindspring.com/). If you live in an area where
connecting to a national ISP requires dialing a toll call, consider using a regional or local ISP. Look
in a local business paper or check with other financial professionals for contact references for
local ISPs. Another option for locating an ISP is to ask someone who is already connected to the
Internet for a recommendation. There is also a site on the Internet that provides a database of ISPs
at the following address: http://thelist.internet.com/.
Dial-Up Direct Connections:
· Allow you to choose the level of access or all the services of the Internet (cafeteria approach).
· Provide flexibility in choice of Internet software applications.
· Are cost effective for high-volume users.
· Provide connection at speeds limited by the ISP.
· Can be more difficult for users who have never been online before.
· Provide access based on geographic locations (auditors in some locations may not be able to
find a national ISP and must locate an alternative local ISP).
· Provide cafeteria-style services so cost escalates as non-standard services are added.
OSP Dial-Up Indirect Connections
The simplest and quickest way to connect to the resources of the Internet is to use a commercial
online service or online service provider (OSP) such as America Online or CompuServe. If you
live in a metropolitan area or location where commercial online services have a local dial-up
number (not long-distance), then all you need do is install the software, sign up, and log on.
CompuServe and America Online provide their own proprietary software for connecting to their
service via your home or office computer. You will need a computer (the more powerful the bet-
26 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
ter), modem (fastest speed available), and telephone (a separate line is preferable but not necessary). When you have completed the installation, you then use the software to dial a phone number
to access their central computer, enter your user name and password, and you are connected.
Follow the menu to Internet services and you can begin exploring.
If you have never been online before, you may find this route to be the easiest way to determine
how you can use the Internet. OSPs offer members a wide range of information and services, one
of which is access to the Internet. Each of the online services provides e-mail addresses (which
provide access to discussion groups), World Wide Web, and newsgroups. Each service also offers
its own proprietary information not available on other online services or the Internet. So while this
may be a deciding factor in choosing a particular service, it can also be a limiting factor as you will
only have access to the features provided by that particular commercial online service. The key
point to remember is that when connecting to a commercial online service, you are restricted to
using the specific databases and services that they offer to members as part of their service.
Each commercial online service offers specific types of Internet services, and you need to know
what you want to do before deciding which service is best for you. Each commercial online service
provides e-mail, file transfer, access to the World Wide Web, and newsgroups. Some services do
not provide the ability to log onto a remote computer (telnet) from their service. The bottom line is
to decide what services you want and need. Contact each of the commercial online services available in your area and ask about the features they offer. Each commercial online service provider
includes a free trial period to test their offerings and determine whether their services meet your
needs. Fully explore the services during this free trial period and make the decision based on
factors such as ease of use, applicability of their service offerings to your specific needs, ability to
connect, and comfort level with the support they provide. Selecting an online service should be
done in a rational structured manner as your online experience is reflected by how comfortable
you are with the service provider.
Dial-Up Indirect Connections:
• Provide a quick and easy connection.
• Require only a minimal understanding of online communications.
• Provide extensive support both from the commercial online service provider and other members (members helping members).
• Offer proprietary information available only to members.
• Provide space for Web pages.
• Are only accessible in certain geographic locations.
• Access speed limited to what the OSP offers and depending on geographical location.
• Limit the auditor to using the Internet services and tools provided by the service.
_____________________________________ Chapter 2 — Making the Right Connection 27
Deciding on an Option
The preferred option for many auditors looking for the fastest and easiest way to connect to the
Internet is by signing up with a commercial online service provider such as America Online or
CompuServe. Those account types provide all the basic services and features that most auditors
need to gain an understanding of the Internet and online services. If you have the benefit of a direct
connection through your employer, you may still find having a separate account for personal and
professional communication to be worthwhile. If the only connection that you have is through
your employer, a job change will result in having to change your e-mail address. If you have a
personal (not paid for by your employer) account, you will always retain that Internet address for
as long as you continue using that service. Sometimes even a move to a different city or state will
not mean a change in your e-mail address. As long as you stay with the same Internet service
provider or commercial online service, your e-mail address will stay the same. Experience shows
that it is a good idea to have a sense of permanence on the Internet.
The decision on how to connect to the Internet is also influenced by what you want to do once you
are connected. The next chapter covers Internet services and tools. Knowing what the Internet has
to offer you as an auditor can help you make your decision on the connection option that best fits
your needs.
The Internet is a dynamic, changing medium. As competition moves through peaks and valleys,
the costs of connecting will move up and down. An important point to remember when considering a service provider is that cost is only one factor. Selecting a provider that you will be with for
a long period of time is a major consideration as well. If the most important reason for connecting
is to obtain an e-mail address, remember that such an address requires a degree of permanence.
Moving from service provider to service provider and changing your e-mail address as you go is
like changing your home address. You will have to notify all of your correspondents of your new
e-mail address each time you move. If you fail to notify them of the change, any messages they
send you will end up being returned “address unknown.”
Interview: Carolyn Newman, President, Audimation Services Inc.
(http://www.audimation.com)
Audimation Services, Inc. was formed in 1992 to bring audit automation solutions to the audit
community. Their premier software offering is Interactive Data Extraction and Analysis (IDEA).
As distributors, rather than developers of the software, they believe the Internet will have a major
impact on their business in the next two to five years. Many software products are already available from the World Wide Web. In the case of IDEA, certain free updates and scripts can be
downloaded. Users can go to the official IDEA Web page, access the IDEA Knowledge Base,
check that they have the most current software version, download Help file updates, and contact
their distributor all from within the software. Nothing with a cost is currently available by download. However, they believe the Internet will eventually be IDEA’s primary distribution channel.
28 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Audimation Services is committed to customer service and support, and they believe the Internet
will play a major role in their ability to deliver exceptional, proactive support to the individual
users. Some examples include the development of several services to help auditors deal with the
Internet, including firewall log auditing routines available as IDEA “add-ins.” Their affiliate in the
UK, Horwath Software Services, has developed an IDEA Knowledgebase and intends to offer
additional add-ins such as credit card log auditing routines and checks on product pricing. The
ability to collaborate and share ideas and best practices with affiliates around the world has been
substantially improved because of the Internet.
Q. Tell me about Audimation’s Internet strategy.
We have just redesigned our Web page. Our Internet strategy has been stepped up to include
plans to use the Internet as a means of providing consulting services, coordinating discussion
groups with users, considering the potential for improved and more readily available training
and technical support, and a little retail operation for the overworked professional.
Q. What is Interactive Data Extraction and Analysis and why is it important for auditors?
Interactive Data Extraction and Analysis (IDEA) is a Windows-based tool that allows you to
display, analyze, manipulate, sample, or extract data from virtually any type of file. IDEA is
important for auditors because it helps them work more effectively to test and analyze the data
generated by their clients’ systems. Key analytical tests auditors use, like checking extensions, extracting large dollars, stratifying amounts, checking for gaps and duplicates, and
performing several types of sample extractions, are preprogrammed in IDEA. Preprogrammed
routines can save the auditor time and provide increased audit coverage. Noted for ease of
use, IDEA has a number of Wizard/Assistants to guide the auditor through such procedures as
importing data files, stratifying data, and preparing charts and reports.
IDEA also has a built-in scripting facility that can be used to create macros. A macro is useful
in recording and playing back a series of audit tests on the next file, whether it is the next
day’s, month’s, or year’s transactions. IDEAScript (Visual Basic style of language) also allows the creation of automated systems with dialogs and messages, importing of complex data
files, and control of other OLE2 enabled applications such as MS Word, Excel, LotusNotes,
etc.
IDEA’s latest version 3.0 has been componetized so that more technical auditors can use
Visual Basic itself to automate IDEA in the development of a customized audit automation
system.
_____________________________________ Chapter 2 — Making the Right Connection 29
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
Our “digital literacy” was obtained through lots of research and some trial and error methodology. Experimentation is one of the best ways of learning. Also, dealing with client “opportunities” has increased our digital knowledge.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
We have used our Web site to provide both technical and general information about IDEA.
The information includes such items as frequently asked questions, training schedules and
registrations, a free case study for independent learning, links to the IDEA Knowledge Base
(developed by Horwath Software Services), and links to other audit related sites, including
AuditNet.org!
Q. How has your organization integrated the use of the Internet into auditing?
IDEA’s development is definitely moving toward “Web enablement.” Version 3.0 users can
access the IDEA Web site, Knowledge Base, and distributor from within the program. In addition, reports and files can be e-mailed from within IDEA, and IDEA files can be exported as
HTML tables. Future versions will allow imports from the Web.
Q. What Internet resources do you use and how have they helped you and your organization?
Every time we meet a new prospect, we check out their Web page to learn what we can about
the organization’s or firm’s business and style. We have checked out our competition’s Web
page and are constantly viewing what’s new in professional associations through their Web
pages. We also use the Internet to research cost and availability of the software, services, and
equipment we use in our business and to stay current on technical developments as they affect
the audit profession, software development trends, and delivery/sales channels. We are heavy
users of e-mail for internal and external communications.
Q. How has the Internet changed the way your organization does business and what impact
has that change had on auditors?
The Internet allows us to communicate better with less cost (e.g., long-distance charges) with
customers, clients, and affiliates. The greatest benefit to us is the ability to become more
“connected” to our clients, which builds rapport and, hopefully, loyalty with the professionals
we have served.
30 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Our clients receive improved customer service because the Internet allows them to send us
their problem files, which we can analyze and help define. This service really helps them
hurdle the first roadblock to efficient and effective auditing using data extraction and analysis.
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
The audit profession has awakened to some of the risks associated with the openness and easy
access of information on and going through the Internet. I don’t believe they have yet realized
how much easier fraud will be to accomplish. The audit profession will need to continue to
become “digitally literate” and will need tools like IDEA even more with the continued advancement of e-commerce.
Q. What Internet skills do you see as the most critical for new auditors?
The most critical skills related to the Internet for auditors are a solid understanding of the
risks and new methods of control for Web-based commerce and information systems. Because
of the sheer volume of data auditors must deal with, it is critical for auditors to develop the
ability to capture, analyze, test, and report on errors and irregularities. The Internet will
eventually enable continuous reporting, and auditors will need to acquire new skills and tools
to provide continuous auditing services.
Q. What role do you see for the Internet in the future of internal auditing?
I see the Internet as a resource of continuing value for internal auditors. As more and more
applications are developed using Web technologies, I believe the Internet will be transformed
from a resource to a tool for the internal auditor.
Q. Any other thoughts on how auditors could be using the Internet that you would like to
share?
The Internet is forcing auditors to become more aware of the nature of worldwide business
interconnections. In our own case, we are receiving Spanish language inquiries about technical capabilities of IDEA. Such inquiries often point out the similarity of problems across
countries — a bank in Chile has the same issues as a bank in the U.S. or the U.K.
_____________________________________ Chapter 2 — Making the Right Connection 31
Continuing Internet Education
The following books will help you with information on connecting to the Internet.
1. The New Internet Navigator, Paul Gilster, John Wiley & Sons, Inc.
2. Internet Direct: Connecting Through SLIP and PPP, Robert Miller and Elissa Keeler, MIS
Press.
3. Navigating the Internet with America Online, Wes Tatters, Sams.net Publishing.
4. Navigating the Internet with CompuServe, Wes Tatters, Sams.net Publishing.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 33
Chapter 3
Internet Services and Tools
for Auditors
“Nothing in life is to be feared, it is only to be understood.”
— Marie Curie
While the concept of the Internet is something that many auditors may not understand or even care
about, what you can do with the Internet is an entirely different story. Getting to the root of the
question as to what can be done on the Internet first requires understanding the basics of Internet
addressing. It is also important to understand the distinction between services and tools. This
chapter provides a high-level, easy-to-understand, non-technical discussion of these areas. For
more information on how these Internet services and tools work, readers are encouraged to explore
both online and offline for further details.
As stated earlier, the Internet is a series of globally interconnected networks. The basic services
that the Internet offers are all associated with communicating. These services include electronic
mail (e-mail), file transfers (FTP), and logging on to a remote computer system (Telnet). You also
need to understand and appreciate the client-server model. It provides access to powerful and
popular tools and applications available on the Internet, including the World Wide Web.
Internet Addressing
Auditors who have not traveled the Auditbahn before will find that getting around requires a basic
understanding of Internet addressing principles. Imagine taking a trip to another country and not
knowing the rules of the road, let alone the language. The Internet is a strange place to many
auditing professionals, and it is important to first become familiar with some terms and concepts.
You must have an understanding of how to navigate the various components of the Internet. This
does not mean that you have to have a detailed knowledge of these concepts, but rather an appreciation and understanding of them in order to make your first trip and future trips worth the effort.
This is not as complex as you may think. This chapter will help you navigate around some of the
different types of applications that you will find useful from an audit perspective.
The Internet addressing system is what makes each computer location connected to the network
unique. Internet addresses are a lot like traditional postal addresses in that you need a name and
address in order for the mail to be delivered to the right place. E-mail addresses consist of the
individual’s name (user ID) and the physical address or location of their mailbox (domain). The
address consists of several unique components (just as you would have a street address, city, and
state). The Internet’s addressing protocol requires separating the user ID and domain name with a
34 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
@ sign. Because the domain must identify all the traditional elements of a street address, the
developers of the addressing system created a hierarchy allowing for sub-levels within the domain
name. There are a number of domains in the Internet system so the addressing system uses unique
identifiers to refer to different types of organizations. The highest level domain is the equivalent of
the addressee’s country in a postal system. In order to deliver mail to the right location, the additional domain sub-level information is needed (the equivalent of street address, city, and state).
Three letters identify the top-level domains:
Domain
Organization Type
.com
.edu
.gov
.mil
.net
.org
commercial organization
educational institution
governmental organization
military organization
Internet resource
non-profit organization
So Joe Auditor (user ID = JAuditor) who has an account on Netcom has an e-mail address of
[email protected]. There can only be one JAuditor on the Netcom system. If there is
another JAuditor using Netcom, he might have a user ID of JAuditor1 with an e-mail address of
[email protected]. E-mail addresses on the Internet must be unique just as a postal
address is unique for an individual. If that were not the case, then two people with the same e-mail
address would receive each other’s mail.
There are also domain identifiers for countries — for example, Australia (.au), Canada (.ca ),
United Kingdom (.uk), and United States (.us). If a two-letter country identifier is not present, then
it is most likely the United States.
Domain Naming System (DNS)
Every computer connected to the Internet has a unique identifier called an Internet address or IP
address. The IP address consists of a series of numbers separated by periods. However, because it
is usually easier for individuals to remember names than numbers, translation software exists on
the Internet that converts the names to numbers in order to locate the system. The translation is
really just creating an alias. If you wanted to locate the Internet system at Harvard University, you
would use the alias harvard.edu rather than the numerical address. This is important to know
because when using various Internet services, the location of the computer must be accurately
entered in order for the translation software to find the correct site. You will encounter some sites
on the Internet that use their numerical IP address rather than a name.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 35
Electronic Mail
Electronic mail (e-mail) represents the most common and widely used service on the Internet. It is
the reason that many auditors connect in the first place. E-mail allows you to electronically communicate with any individual anywhere in the world provided they also have an e-mail address.
This is the most basic of Internet services and provides a universal means of exchanging ideas and
information.
Sending e-mail to other auditors on the Internet requires knowing the other individual’s e-mail
address. E-mail addresses are unique and must be entered correctly in order for messages to reach
the recipient. E-mail addresses follow the username@domainname format.
Each e-mail message contains certain components regardless of the e-mail program used. Each email message you send contains header information and a body. The header information includes
routing information that directs the message to the recipient. Header information includes the
DATE (the date and time the message was sent), FROM (who is sending the message), REPLY TO
(preferred address for receiving responses), SUBJECT (brief topic description of the message),
and TO (who the message is going to or recipient), usually the recipient’s e-mail address.
There are guidelines or Netiquette (network etiquette) for the use of electronic mail. Netiquette is
an Internet term referring to a code of conduct in online communications. It is important to adhere
to the rules of e-mail netiquette when using this new form of communication. There are sites on
the Internet that provide guidance and information on the netiquette, such as Arlene Rinaldi’s User
Guidelines and Netiquette at http://rs6000.adm.fau.edu/rinaldi/net/user.html.
E-mail provides more than just access to other peer professionals. Using e-mail you can access
discussion lists and all the resources on the Internet. Dr. Bob Rankin’s The Whole Internet by Email (ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email) is a comprehensive guide for using e-mail to access all types of Internet information. This is a valuable (free)
tool, especially if you only have e-mail access to the Internet.
Mailing Lists
E-mail discussion groups (or listservs) are essentially electronic mailing lists. An individual with
a specific interest in a subject such as auditing need only join a list dealing with that subject. A
message sent to the list is automatically distributed to all the list members, but the sender only has
to type one e-mail message. An electronic mailing list is a register of Internet addresses of individuals interested in automatically receiving new information (documents, news, announcements,
etc.) on a particular topic of interest. Mailing lists can be administered by an individual or by
special software, which will be discussed shortly. The first step in joining a mailing list is to find
out what lists are available. Chapter 5 provides you with information on mailing lists related to
36 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
various topics for auditors and accountants. There are instructions on how to subscribe to those
mailing lists as well. A key point to remember is that subscribing to a mailing list does not cost
anything other than your time. These lists represent one of the primary resources for using the
Internet as an auditing tool.
The majority of mailing lists typically use software programs that automatically respond to specifically worded commands for subscribing, unsubscribing, and other list management options.
Listserv, Listproc, and Majordomo are the three most popular automated list management or list
server software programs. These programs act as mail forwarding systems and file repositories. It
is not necessary for you to understand the operational details of these programs. Subscribing to a
list is as simple as sending an e-mail to a server such as LISTSERV at the list address and including in the body of the message the word SUBSCRIBE with the list name and your name (each list
is different so you need to read the subscription instructions). The servers will pick up your e-mail
address from the message and you will receive a reply confirming your subscription and instructions on how to use the service. Chapter 5 covers the address and commands for subscribing. The
list server software will provide you with all the detailed instructions (by return e-mail) that you
need to post messages, read messages, and cancel your subscription (unsubscribe) from the list.
Remember to save the list instructions you receive. You may need to refer to them later.
Occasionally, individuals who are familiar with the topic act as coordinators or moderators for the
list. List moderator duties include monitoring the list, checking for and reporting inappropriate
messages, making sure that new postings are distributed to list subscribers, and recommending
enhancements that will benefit subscribers. Moderators encourage subscribers to post any relevant
information that will increase the utility of the list, such as new documents, laws, other lists, or
important topical developments. In some cases the individuals who post the information do not
even have to be subscribers. However, in order to receive all the postings to a particular list, you
must subscribe to the list.
Lists can either be moderated or unmoderated. This refers to whether someone is monitoring the
messages to determine the appropriateness of the topic or subject of the list. Moderated lists tend
to provide more useful information because the topics are not allowed to veer too much off course.
This does not mean that unmoderated lists do not include useful discussions. In many cases the
subscribers to the list will self-moderate the discussions. If you posted an inappropriate message
or one that is off-topic to a list with strong participation, the list participants will let you know the
error of your ways. They can let you know about the incorrect behavior either directly through the
list or to your personal mailbox.
Mailing lists administered by an individual (as opposed to an automated mailing list) are distributed periodically depending on the guidelines defined by that list administrator. The list administrator performs all the tasks normally handled by automated list software. Typical tasks include
adding subscribers, address changes, removing subscribers, and monitoring traffic for inappropriate postings. These types of lists are labor intensive. The administrator receives individual mes-
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 37
sages and combines and/or summarizes the comments before distributing to all the list subscribers.
As the number of subscribers to this type of list grows, the amount of effort required by the administrator increases. Adding new subscribers, handling address changes or errors, deleting subscribers, and compiling and packaging the information becomes a time-consuming endeavor.
The administrator typically maintains a distribution list based on the names of individuals that
have expressed an interest in participating in the list topic. An example of an individual administered list is the Data Extraction and Analysis (DEA) Mailing List administered by Richard Lanza.
The purpose of this list is based on the philosophy of audit users helping other users. The greater
the participation, the larger the base of knowledge that benefits all the list participants. Information and instructions provided for the DEA Mailing List are provided below.
Objective
1) To provide a moderated discussion forum for the exchange of ideas related to the use of ACL,
IDEA, Microsoft Access, and any other data extraction and analysis software. The ideas should be
sent to my Internet mailbox at [email protected]. Biweekly, the moderator sends a summarized
document, which organizes the ideas sent during the previous two-week period.
What the Mailing List Will Not Provide
The mailing list is not a forum for technical questions (other than idea questions such as “Is it
possible to use ACL for accounts receivable test work and does anyone have a good way to do
this?”). All technical assistance questions should be directed to ACL, IDEA, Microsoft Access, or
other software technical support.
When You Send Your Ideas
All messages and subscriptions should be sent to [email protected] with one line in the body of the
letter: SUB DE&A. It would be appreciated by the moderator if the person’s real name, organization, software type, and number of years data extraction and analysis have been used be included
in the message. I will assume that individuals would want to remain anonymous unless otherwise
specified in the e-mail. Finally, it would be helpful to not only send the idea but also the commands
to effectuate the report, which can be shared by all participants (This can easily be accomplished
by uploading a batch report of the commands into the e-mail document.)
Subscribing to Electronic Mailing Lists
Subscribing to a mailing list does not involve any fees or charges. These lists are available to
anyone interested in the subject matter of the list. Subscribing to a list involves sending an e-mail
message to the list management program. The program recognizes certain commands, so it is very
important that the request is worded according to the list management guidelines. If there are
mistakes in the request, the list management software will reject the request and your name will
not be added to the subscriber database. Fortunately, if you send a request to the right address but
use improper commands, the list will notify you with an explanation of the error. The program may
also recommend the correction required to successfully execute the command.
38 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
The procedure for subscribing to a mailing list is determined by the mailing list software. Usually,
the auditor sends an e-mail message to the list server at the list address and includes in the body of
the message:
SUBSCRIBE (List Name) (Auditor Name)
The mailing list software usually sends an acknowledgment message back to new subscribers,
which provides guidance and assistance for using the list. Save the acknowledgment (or “welcome” message). It provides useful and necessary commands for managing your interaction with
the discussion group. It explains items such as how to receive messages, digest messages so you
only receive periodic (weekly or monthly) distributions, and stop receiving list messages
(unsubscribing).
Unsubscribing to Electronic Mailing Lists
Knowing how to unsubscribe to a mailing list is just as important as knowing how to subscribe. In
some respects, it is more important because when you are new to Internet mailing lists, you may
get carried away with subscriptions. When you realize the volume of mail generated by some
mailing lists you will need to know the correct command for removing yourself from that list.
Usually, the request should go to the same address to which the original subscription was sent. In
the body of the message the auditor would typically enter:
UNSUBSCRIBE (List Name) (Auditor Name)
However, this may not apply in all cases. If you are unsure, send an e-mail message to the list
coordinator and ask about the procedure for unsubscribing to the list.
If you know that there will be a change in your e-mail address, unsubscribe to all lists before your
address changes. Resubmit subscription requests when your new e-mail address is available. If
you are unable to unsubscribe before the address change, you will have to contact the list manager
(not the list software) to change the address. This is not a good way to gain the confidence and
respect of the list manager because this is meant to be an automated process requiring little human
intervention.
Posting (Sending) Messages and Responses to the List
You post relevant information by sending e-mail to the list name@list address. The information
will then go to all subscribers to the list. This is important to remember because there are circumstances when a reply should only be sent to the individual who posted the original message. When
this happens, address the reply to that individual’s e-mail address rather than using the reply option, which sends the reply to all list subscribers.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 39
List Netiquette
List Netiquette is based on the experience of other users and is really common courtesy that individuals should follow when participating in this type of electronic forum.
The following document is an example of Netiquette. The list relates specifically to the Information Security discussion list.
The 15 Points of INFSEC-L Netiquette
(1) LIMIT all postings to topics, subjects, or issues relevant to the INFORMATION SECURITY field. Conserve cyberspace as much as possible, and always be considerate of subscribers who routinely pay for each message received.
(2) ALWAYS include a subject line that is descriptive of the topic being discussed.
(3) IDENTIFY YOURSELF at the bottom of your posting (i.e., include e-signature card or
tagline). Include at a minimum your name and e-mail address to facilitate back-channel
communication, if necessary.
(4) USE DISCRETION when forwarding information to the INFSEC-L list. It might be preferable to reference the source of a lengthy document and provide instructions on how to obtain
a copy.
(5) EXERCISE CAUTION when using sarcasm and humor. Without face-to-face communications, your comments or the imports of your comments might be misinterpreted.
(6) ALWAYS respect COPYRIGHT and LICENSE AGREEMENTS.
(7) Be professional and AVOID FLAMING others. The INFSEC-L list is meant for constructive exchanges ONLY.
(8) Cite all quotes, references, and sources, especially when forwarding information to another
person or a discussion list. Where possible, obtain permission from the sender first.
(9) Commercial or for-profit organizations using the Internet to advertise products or services
violates one of the basic tenets of the Internet. Products may be discussed or critiqued on the
INFSEC-L list as long as there is no payment from a vendor/individual (in the form of
advertising or marketing expenses) to do so.
40 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
(10) When quoting another individual or replying to another individual’s posting, edit out whatever is not directly applicable to your reply. Including the entire posting can be annoying to
those reading it.
(11) Keep paragraphs and messages short and to the point. Limit line length (less than 80 characters per line) to avoid text wrapping and to improve readability.
(12) Respond directly to the sender on specific or personal requests, not to the entire list.
(13) The greatest benefit to INFSEC-L as a discussion list is the GIVE and TAKE of information.
Everyone learns from the discussion.
(14) ALWAYS feel free to offer advice and suggestions on how to improve the INFSEC-L list to
make it more meaningful and enjoyable. Be tolerant of shortcomings and errant messages
that might occasionally be experienced or witnessed on the list. The objective is to continuously improve this list.
(15) If you want to redistribute someone else’s INFSEC-L posting to another forum (another
mailing list, Usenet, your in-house newsletter, etc.), please secure the original author’s consent.
Usenet Newsgroups
There is another popular type of discussion group available on the Internet where people with
common interests can share information and opinions. Usenet is a worldwide system of discussion
groups carried by many systems linked to the Internet. It is organized into categories referred to as
newsgroups. Many individuals simply refer to Usenet as newsgroups, net news, or electronic news.
There are thousands of different groups organized into topic categories. Newsgroups operate like
bulletin boards where users post information to share with all other readers of the board. You must
subscribe to the newsgroups that you want to access. Subscribing to a newsgroup does not cost
anything. It is just a way of having your newsreader identify the groups with which you are interested in participating.
There are some differences between e-mail discussion lists and newsgroups. Some of the key
differences are:
• Usenet may not be accessible to all individuals (especially auditors using a direct connection
from their place of work). The reason for this is that in order to use Usenet, you need access to
a software application called a newsreader. Organizations that have direct Internet access may
not have newsreader software installed on their network. Even if your organization has the
necessary software installed, the system administrator may only allow access to specifically
authorized newsgroups. If you are using an ISP or commercial online service, they will provide access to Usenet newsgroups.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 41
• If there are newsgroups that you are interested in, you must subscribe (join) in order to participate in the discussions. There is no charge for subscribing to a newsgroup other than the fees
you are already paying via your online service or ISP. Once you have subscribed, you may read
topics or messages that interest you, post follow-up messages, or post a new message topic. In
other words, you select what you want to read. This is in contrast to e-mail discussion groups
where you receive all messages directly via your mailbox. The only way you can read newsgroup
postings is by accessing the group via your Internet connection and selecting the messages that
interest you.
• Usenet messages are removed from the newsgroup after a period of time. Some newsgroups
maintain archives of messages. However, if you do not use this service often, you may miss
out on important discussions.
• Usenet does not have as many discussion groups established for auditors. While many Internet
users find newsgroups of interest, there are few newsgroups available on auditing, accounting,
and finance topics. The primary newsgroup established specifically for auditors is called
alt.business.internal-audit.
Chapter 5 provides additional newsgroup resources of interest to auditors, accountants, and financial professionals.
File Transfer Protocol (FTP)
File Transfer Protocol (FTP) provides the ability to download (receive) and upload (send) files
from Internet connected computers. This is possible even if the operating systems or file formats
on the two computers are different. The speed of the transfer depends on several factors, including
the type of connection and time of connecting to the FTP site. Using FTP through your service
provider gives you access to a large number of files available on the Internet. A good source of
information on archives of files in general is the Usenet newsgroup comp.archives.
Obtaining files using FTP requires knowing the location of the remote computer (address or name),
the subdirectory location on the remote computer (path), and the name of the file you want to
retrieve (filename). Files are stored on the remote computer within certain directories or
subdirectories, usually organized by subject or topic. Knowing the path or location of the files is
a critical factor in how fast you can find the particular file you need.
Access to files on FTP sites is controlled by the organization’s policy on authorized use. Some
organizations that maintain files require you to have an account in order to access the server.
However, many system administrators do not allow non-registered user access to their computer
systems. Other organizations allow what is known as “anonymous FTP,” which means you do not
need to have an account established to access the files. Locations that allow non-registered users
to access certain public files without the need to establish usernames and passwords are referred to
42 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
as anonymous FTP sites. When you log onto an anonymous FTP site, you are prompted for a user
name and password. For the user name you type in “anonymous” and use your e-mail address as
the password. This allows the system administrator at the FTP server to track users. There are
several auditing-related FTP sites that allow anonymous FTP to access financial files and programs. FTP can be an effective tool for obtaining software or documents from remote computers.
Remember to always check downloaded (files retrieved) executable programs for viruses before
installing and running them on your system.
The Internet’s file transfer protocol provides auditing professionals with the ability to exchange
audit programs and other media electronically. Rather than sending another auditor a disk via
traditional delivery methods like the postal service, you can electronically transfer the information
immediately via computer-to-computer connections.
An example of a site that provides information for auditors is the original Auditors Sharing Audit
Programs FTP site at the University of North Florida. The following is a description of the site
along with information on how it was accessed from various systems. (Note: This system was
replaced by the ASAP section of AuditNet.)
What is Auditors Sharing Audit Programs or ASAP?
In the interest of “Progress Through Sharing,” auditors began submitting audit programs to listservs
to share with their peers who requested assistance. Taking that concept one step further, I recently
posted a request asking auditors to submit audit programs for a library that they could access when
needed. The audit programs are those submitted by auditors in the worldwide community of
AuditNet.
Programs in the ASAP are included from AuditNet participants without editing or modification. I
assume that the submitted programs have been developed or modified by the submitting auditor
and therefore are not subject to copyright restrictions. The programs are provided as is and therefore we are not responsible for any errors or omissions. The programs should be carefully reviewed and modified to meet the needs of your organization.
The programs have been posted to the anonymous site and are accessible at ftp.unf.edu (ftp://
ftp.unf.edu). The directory is pub/auditnet. The AuditNet ASAP Audit Programs are in the directory pub/auditnet/programs. Auditors can contribute programs by sending them via e-mail to
[email protected]. Auditors with America Online (AOL) access may send the file to
[email protected] using the attach file feature.
Author’s Note: The ASAP clearinghouse of audit programs moved to AuditNet.org (http://
www.auditnet.org) and this is where you will find the most complete inventory.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 43
Sample FTP Session for the Auditor Sharing Audit Programs FTP Site
1. Log on to your computer or ISP.
2. Start the FTP program and enter the FTP address of the system you are trying to reach (for
example, ftp.unf.edu).
3. Once connected, enter anonymous for the user name and enter your e-mail address for the
password.
4. Change to the directory where the ASAP files are located /pub/auditnet/programs.
5. Select the audit program for the subject area you want.
6. Transfer a copy of the program to your computer.
7. Log off the remote computer and exit the FTP program.
8. Open the audit program you just retrieved in your word processor and modify as required.
FTP Tips
Reading large files while you are connected is not recommended because it keeps the FTP server
loaded. Be sensitive and do not overuse this. Get some readme or index files first and read them
off-line so you know how the site is organized and where you can find things.
Archie
At one point prior to the World Wide Web, the Internet was so large that finding files could sometimes be a bit difficult. A software utility called Internet Archive Server Listing Service (Archie)
was developed to help individuals locate files on anonymous FTP sites. It is a special tool that you
can connect to and query for items you need. Archie scans the anonymous sites and maintains file
listings from those different sites. If Archie finds a match, it provides the domain name and IP
address for the site, where the site is stored, and any other information available. You must then
use your FTP client software to connect to the site using the information provided by Archie. The
downside of using Archie for locating files is that first you need the file name (or a close facsimile)
in order to locate programs or files. Secondly, you must then use your FTP program to access the
site. Go to http://www-polisci.tamu.edu/lab/archie.htm for more information about Archie and
Archie servers.
There are a few rules you should follow when looking for information on Archie servers. Since
they are not dedicated machines, using them during normal working hours is not recommended.
Queries must be as specific as possible. Searches without a specific file in mind can be time
consuming and provide limited results. Choosing an Archie server close to your physical location
will speed the response and transfer time.
44 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Telnet
Telnet is a program or protocol that allows you to log in to another computer to run programs and
perform tasks on that computer as if you were sitting at that computer’s terminal. In order to Telnet
to a remote system, you need to have Telnet capability on your computer or via your ISP. To Telnet
to a host computer, you need to know its name (either as a numeric address or in words).
A Sample Telnet Session to CapAccess (the National Capital Area Public Access
Network)
1.
2.
3.
4.
5.
6.
Log in to the local system or ISP.
Start the Telnet program c:\windows\telnet.exe.
Enter the domain name of the remote system that you want to access (capaccess.org).
Upon connection, enter your user name and password (or guest registration).
Explore the site. When finished, quit the program and log off.
Exit the Telnet program.
Back in the early days of my online experience, I connected to CapAccess from my home by
dialing up a local phone number. But when traveling, I would have to dial long distance and incur
toll charges to connect to CapAccess. By using Telnet, I connected to my ISP via a local number
and connected to CapAccess via Telnet without incurring any long-distance charges. Some Telnet
sites may require establishing an account, while others will provide guest access privileges. When
you find sites that say Telnet access is allowed, check them out. It is a service that you may not use
often, but if it is available, it provides another option for accessing Internet information.
Client-Server Model
When the Internet was first developed, it took a great deal of knowledge and patience to navigate
the terrain. In terms of the current Auditbahn, early users of the Internet were literally traversing
dirt roads rather than superhighways. All of this changed with the introduction of the client-server
model. Under this model, communication takes place on both your computer (client) and the computer at the remote site to which you are connecting (server). Very simply put, you use a program
on your computer called a “client” to connect to the computer holding the files, a “server.” Software developers have concentrated on making the client end of the system user-friendly so that
you do not need to know all the complex commands once required to navigate a system on a
remote computer. The server end of the communication link can provide an automated response
with minimal or no human intervention. Because the links are independent, the power of each
element is dependent on the power of the machine from which the application resides. Examples
of popular client-server applications are Gopher (a menu-based look up and browse tool), Veronica
(a search tool), WAIS (another powerful search tool), and, most importantly, the World Wide Web
(a hyper-media browse and search tool).
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 45
Gopher
Gopher (developed at the University of Minnesota) was a powerful client software tool used to
search, retrieve, and view different types of information on the Internet. It was the precursor to the
World Wide Web. The derivation of the term “Gopher” relates to the fact that the software goes out
and retrieves information. Gopher is in essence a distributed document delivery system wherein
people make information available over the Internet. Gopher servers (computers) store documents
at their local sites and provide links to related information located at other sites. Early users of the
Internet had to Telnet to public Gopher sites in order to query Gopher servers. Commercial online
services now provide easy-to-use Gopher interfaces, and ISPs include Gopher client software in
their applications. For example, if you are using America Online, type “Gopher” and select “Go.”
There are a number of choices available from the Gopher menu that will lead you to Gopherspace.
Gopher uses plain English with a simple menu-based hierarchical system that many new Internet
users find easy to navigate. The power of Gopher resides in the fact that it accesses a wide range of
resources across the Internet. This means that Gopher menus may point to FTP sites, Usenet archives, and other resources on the Internet. The beauty of Gopher is that the operational detail is
transparent to the user, as the software maneuvers Gopherspace to locate information. In order to
appreciate the straightforward approach of using Gopher, connect to the FinanceNet Gopher by
typing gopher.financenet.gov from your Gopher software or from your browser. The FinanceNet
menu provides the following choices:
Welcome to FinanceNet’s Electronic Library
What’s New on FinanceNet
FinanceNet Public Mailing List
Happenings in Public Financial Management
Documents, Publications & Standards
Government Asset Sales
Closely Related Networks
FinanceNet Discussion Groups and Usenet Newsgroups
Internet Resource, Search and Help Tools
Evaluation and Comments
Search for Gopher and News Servers
Search Messages Sent to all FinanceNet Mailing Lists
Help for Search
Click on one of the above choices and you will be presented with information or another menu of
choices. Hit the escape (or back) key and you will return to the previous menu. FinanceNet was
one of the first sites that gave me an appreciation for the types of audit and accounting-related
resources available online for professionals. Gopher servers require a significant investment in
human resources to maintain the information and the system. As a result, Gopher servers are either
being shut down or not updated regularly. Web servers provide a much easier and viable alternative to Gopher for the needs of the current Internet community.
46 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Veronica
Veronica stands for Very Easy Rodent Oriented Net-Wide Index to Computerized Archives. This
client-server application was to Gopher what Archie was to FTP. Veronica is actually an index and
retrieval system that maintains an index of Gopher directory names and document titles. You can
search titles by entering a simple query. Unlike Archie (the search tool for anonymous FTP), the
result provided by Veronica allows you to directly connect to the resource by selecting the item
from the list provided. Veronica searches can be done by title word or by directory. Veronica finds
resources by a search of words in titles as opposed to a full text search. For more information on
how to compose a Veronica query, go to:
http://civic.net/cambridge_civic_network/libcopy/search_engines.html
You can access Veronica during a Gopher session. Most Gopher servers include a menu with a
name like “Search GopherSpace using Veronica.” If the Gopher server you are using does not offer
a menu item for Veronica, go to a public Veronica site such as gopher://gopher.tc.umn.edu/11/
Other%20Gopher%20and%20Information%20Servers/Veronica. America Online uses Veronica
to conduct a search of Gopherspace.
Veronica can be a powerful search tool for auditors looking for information on the Internet. However, it is important to understand that Veronica does not search the text of the document, but
rather the title of the document for a match.
WAIS
Wide Area Information Servers (WAIS) took Veronica to the next level up by searching for words
in documents. WAIS (pronounced “ways”) is a client-server application that takes advantage of
the TCP/IP protocol. A number of Internet locations have set up WAIS servers for the database of
information contained at their site. The WAIS index and text search system allows you to conduct
rapid, simple queries of those databases. If a site provides for WAIS searches, you will find a form
that will prompt you for all the necessary information for your query. Your query will search for
matches and provide an ordered list of successful hits for review. Some WAIS search engines
provide for access to multiple databases.
The following steps apply to a WAIS query regardless of the site:
1.
2.
3.
4.
5.
6.
Select the database that you want to search.
Construct your query by entering the keywords that you define.
Run the query and WAIS looks for matches on the relevant databases.
WAIS client produces a list of document that matched the query.
Select a document from the list for review.
Restate the query to further define the search and improve the results.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 47
World Wide Web
The World Wide Web (commonly referred to as WWW or Web) is a browsing and searching
system that bypasses all the usual commands required for circumnavigating the Internet. The Web
is a method of sharing resources with many individuals at the same time regardless of where the
resources are physically located. This may seem bewildering, but as you read on you will come to
appreciate the simplicity and sheer power of jumping (via links or connections) from one document or site on the Internet to another. Navigating the vast resources of the Internet has always
been a challenge. While some of the tools such as Gopher, Archie, and Veronica make it a little
easier, there are still some limitations inherent in a hierarchical structure. Gopher is a primary
example of limitations in moving between locations or documents. You can only go from menu to
menu, or menu to item. The World Wide Web gives a whole new meaning to the concept of surfing
the Auditbahn.
In order to navigate the Web, you will need client software called a browser. Browsers allow you
to access information on different types of servers around the world. Web browser software is
considered the “killer app” for the Internet because it incorporates all or most of the other Internet
applications such as Gopher, Telnet, Usenet, and more. Browsers were first developed as public
domain and were freely distributed over the Internet. There are a number of browsers available,
including NetScape Navigator and Internet Explorer. They provide you with tools for accessing
Web sites using key word search engines. Browsers require a graphical user interface such as
Windows, which means that the more powerful the machine, the better. If you choose a commercial online information service for your Internet access, you will have the Web browser provided
with that service. ISPs also include a Web browser with their software package. If you do not like
the browser provided by your service provider, you can always purchase another. Check and make
sure that any browser you purchase will work with your service provider.
The Web was developed as a resource for physicists by the European Laboratory for Particle
Physics (or CERN, which is the acronym for the French name of the organization). It links documents and pictures into a hyper-media environment that has made the Internet a household word.
While the Internet has been around in one form or another since the early 1970s, the Web has only
been on the scene since the early 1990s. The Web has fostered the evolution of the Internet from a
military research communication sharing medium into a business and personal cyberspace that is
transforming the way we access, retrieve, and use information.
The unique mechanism that sets the Web apart from all the other types of client-server tools is the
hyperlink. Hyperlinks are really pointers to other information within a document or other documents or, quite often, other sites on the Internet. Imagine that you are reading an article on corporate reengineering. Within the article you come across a reference to an article on the subject of
delayering within an organization. A print article might include a footnote with a reference where
that article is located. That same document on the Internet would most likely have a hyperlink,
which means you would simply click on the word “delayering” and it would transfer you directly
48 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
to that article. Once you finish reading the delayering article you could return to the original article
with the click of the mouse. The Web uses these hyperlinks to provide access to a variety of
Internet resources, including FTP, Gopher, Telnet, Usenet, and more. Just as a spider’s web is an
intricate set of interconnected threads, the Web provides you with a seemingly transparent connection to the depth and breadth of resources on the Internet.
The method of connecting to a Web site involves entering the address or location of the site. The
creators of the Web developed a universal access system for addressing Internet locations. Part of
this addressing is the domain naming system that gives unique location identifications to every site
on the Internet. Reaching an audit-related site on the Internet requires entering a code called a
Uniform Resource Locator (URL) in the browser program. This uniform resource locator is a
standard for specifying an object on the Internet, and is all that you need to connect to a Web site.
The URL concept can be compared to finding a channel on your television set. If you know the
URL (channel), you will connect to the right site (station). URLs for the World Wide Web appear
as follows:
http://www.auditnet.org
HyperText Transport Protocol (HTTP) is a universal identification for Web sites. Anytime you are
connecting to a Web site, the URL will begin with http://.
Following the http:// is the site name at which the particular resource is located. You must be
careful in the way that you enter the site name because some URLs are case sensitive. The site
above is the AuditNet Web site with the domain name www.auditnet.org, which is the AuditNet
home page (the first page in a set of Web documents). The file extension of “htm” means that it is
written in HyperText Markup Language (HTML), which is the universal coding language used for
creating and identifying hyperlinks. HTML is plain text with special coding or paragraph tags
similar to desktop publishing recognized by all browsers. Documents posted on the Web need to
be in HTML format so that the different types of browser programs can read and display them.
Browsers will also allow you to reach other types of resources on the Net by using a different
prefix for the URL. The following are examples of prefixes you might likely see in a URL:
gopher:// indicates a Gopher site on the Internet.
ftp:// indicates an FTP site on the Internet.
URLs represent a means of identification as well. Auditors are including URLs on business cards,
and organizations are including them in radio and television commercials and in print publications. After using the Internet and the Web awhile, the format for entering a URL will become
second nature to you. You may even start committing URLs to memory the same way that you
remember your address, phone, or fax number.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 49
Web pages may include text as well as graphics (images) and perhaps even sound. The addition of
graphics and sound adds a different flavor and personality to the Web. The graphic capability
gives the Web visual appeal but may add little to the content. There are sites that make worthwhile
use of the Web by incorporating images or maps into the interface so that an auditor can click on an
area of a graphic and link to another section of the site. This can also be accomplished with a text
link so in reality it is nothing more than another option for accessing the data. A picture can be
worth a thousand words in some settings, but other than making a site visually appealing, it adds
minimal value. In my experience, auditors are more interested in getting the information, rather
than the bells and whistles. The bottom line is information and that translates to text. The downside of sites that include large graphic images is that they also significantly increase the time it
takes for the page to load. Some computers may even freeze up due to memory limitations. You
can overcome these limitations and problems by turning off the LOAD IMAGES feature in your
browser.
Concluding Remarks
With a fundamental understanding of the different types of services and tools available, you can
begin to use the resources of the Internet in an auditing environment. You may not need all the
features or the services covered in this chapter, but it is important to know that they are available.
You also do not need to know all the nuances of how each of the services and tools works in order
to take advantage of them. Technically inquisitive auditors can find a wealth of information on the
Internet about the intricate workings of the services and tools mentioned.
Now that you have a basic understanding of the services and tools available, the next step is to
understand how to find information on the Internet. Chapter 4 covers how to search for and find
audit-related information on the Internet.
Interview: Ben Heald, Editor, AccountingWeb UK
(http://www.accountingweb.co.uk)
AccountingWEB from Sift plc is an everyday business information service for accountants. It
integrates a wide collection of Internet resources, accountancy news, organization directories, and
financial, news, and market research databases. Initially focused on the UK accounting sector, it
recently launched in the United States at http://www.accountingweb.com.
After AccountingWEB won the prestigious European Information Product of the Year Award at
the Online Information 1997 Exhibition at Olympia, Information World Review said, “It is not
often that you can call an information product elegant, but Sift’s AccountingWEB is precisely
that.”
The concept behind Sift is that they do not believe “surfing” is an appropriate metaphor for busi-
50 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
ness use of the Internet. Their approach is to use search technology, online wizards, and good oldfashioned editors to direct you to the information you need to stay informed. Because let’s face it
— not everyone is an Internet guru or wants to be! So rather than your spending precious hours
aimlessly surfing, AccountingWeb sifts things for you.
AccountingWEB exploits the new ways in which information is being made available on the Web,
while retaining access to traditional information sources such as ICC, Infocheck, Dun & Bradstreet,
and others. The approach is encapsulated by the company information wizard, which directs the
user to free Web resources as a preference to paid sources.
In addition to being a source of information, AccountingWEB is an online community centered
around the discussion area. Most features of the service are free, including the Accountancy Search
Engine, the PressZone, the Suppliers Directory, the AccountingWEB newswire, and the discussion areas.
Q . The latest trend in providing information for professionals is the establishment of vortals
or vertical industry portals. How do you see the role of AccountingWEB as fitting a
global vortal for accounting and audit professionals?
In a professional context, “global” communities are difficult to create due to the structural,
regulatory, and language differences between various domestic markets. We have a multidomestic model for AccountingWEB, the intention being to create sites with their own identity
and focus in the UK, the U.S. initially, with further European and Asian sites to come. Each
site will have its own editors, business development managers, etc. However, there will be
some issues and themes that cross the domestic boundaries. Audit is a good example because
some of the issues of an auditor in the UK and an auditor in the U.S. will be common. It’s
really important though to recognize the huge differences between an accountant in the U.S.,
say, and one in France or Germany. Not only does a French accountant apply different methods to the way in which he carries out accounting assignments, he will account for things in
completely different ways, and perhaps most importantly from a community standpoint, he has
a different role in the business community. For example, generally speaking, he is not seen as
having as much of a business advisory role as is the case in the U.S.
Q. What was the main impetus for establishing AccountingWeb?
To take advantage of the business opportunity available through building professional virtual
communities.
Q. What have been the benefits of establishing a site on the Web?
Without the site we would have no business!
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 51
Q. What, if any, are the drawbacks of establishing a site on the Web?
If a site is good and develops an atmosphere of its own, taking it forward is never-ending; it is
open all hours, every day. You can be sure that when you have to close it on a quiet Sunday
night for development and maintenance there will be someone out there who had hoped to
have a heavy session!
Don’t launch if you’re not prepared to stick with it.
Q. How do you see the Internet changing the delivery of information to auditing professionals?
The Internet will simply be the way in which virtually all information is delivered to professionals through a combination of electronic newsletters, focussed discussion areas, and searchable reference.
Q. What has been the response of the audit community to accepting this new method of
information delivery?
People are more than willing to accept new methods of getting things, but only when there is
a clear benefit. Being able to get things any time, more cheaply, and from anywhere is all in
all a better value proposition.
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
Whilst we’re talking about the Internet entering the new Millennium, let’s not forget that it has
still to enter its second decade! It’s difficult to avoid becoming at least more digitally literate
this year. There is a new digital high street being created. Although people can’t see it in the
sense they could see a new mall, they are increasingly able to conceptualize it. Like all things
there’s a learning curve.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
Internally we use a range of Internet-based authoring tools and task-management systems to
run the business. None of our editors works from the main office, for example.
52 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. What Internet resources do you use, and how have they helped you and your organization?
One of AccountingWEB’s main aims is to help accountants and auditors to navigate their way
to resources on the Internet. We therefore spend a lot of time keeping track of what’s going on
in the relevant sites for our community so that we can do this effectively.
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
See above - totally dependent on the Internet. We ourselves are driving change in auditors.
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
Overall, probably still a small effect on audit process so far, but you could say that the Internet
is part of the rapidly changing world in which auditors are operating, so auditors are already
having to deal with companies that are operating on the Internet.
Q. What Internet skills do you see as the most critical for new auditors?
Most significantly, to understand what is going on, as otherwise auditors are not going to be
able to deal with their clients who will be selling, purchasing, etc., online.
Q. What role do you see for the Internet in the future of internal auditing?
Down the road, as application outsourcing over the Internet takes off, both internal and external auditors are going to have to deal with business processes that essentially occur over an
Internet-enabled distributed network.
_____________________________ Chapter 3 — Internet Services and Tools for Auditors 53
Continuing Internet Education
The following resources are available for those auditors interested in further exploring individual
tools and applications. In addition, now that you know something about the different tools available, several resources that are available on the Internet have also been included. This is a good
opportunity to consult the Internet for furthering your Internet education.
1. Internet Guides, Online Courses and Tutorials, is available on the World Wide Web at http://
lcweb.loc.gov/global/internet/training.html. This is a Library of Congress compilation of Internet resources.
2. A collection of resources, including guides, FTP, Gopher, Usenet, mailing lists, and more, is
available at http://www.mcs.brandonu.ca/~ennsnr/Resources/Welcome.html.
3. E-mail Security, Bruce Schneier, John Wiley & Sons, Inc., 1995.
4. Using the Internet, Mary Ann Pike (and others), Que Corporation, 1996.
5. The Internet for Busy People, Christian Crumlish, Osbourne McGraw-Hill, 1996.
6. The Usenet Book: Finding, Using, and Surviving Newsgroups on the Internet, Bryan
Pfaffenberger, Addison-Wesley Pub Co., 1995.
7. 10 Minute Guide to the Internet and World Wide Web, Rick Bolton, Galen A. Grimes, Que
Education & Training, 1997.
________________________________ Chapter 4 — The Auditor’s Great Internet Search 55
Chapter 4
The Auditor’s Great Internet Search
“Knowing how to use the Web intelligently means knowing
how to locate useful information on the Web.”
— Bryan Pfaffenberger
Introduction to Searching
Of all the changes that are taking place in Internet services and tools, perhaps one of the most
dramatic involves search engines. More than a billion hyperlinks or connections reside within the
hundreds of millions of Web pages that currently exist, and millions of new pages are being created daily. With all this available information one would think that finding relevant information
would not be difficult. In fact, the Internet was not created or envisioned as an information database and was not designed to support the volume of information that it currently maintains. The
situation is complicated further by the fact that anyone can create a Web site.
The Internet does not store information in a uniform database format. Entering a simple query into
a traditional search engine may yield thousands or tens of thousands of matches. Many of those
matches may or may not be relevant to what you are looking for. Internet gurus are well aware of
the shortfalls in the virtual library of information to which users have access. On the plus side,
tools to search this global information source that has no “card catalog” are improving. This means
that auditors should be conducting more successful searches. In order to do so, they need to learn
“smart searching.” Smart searching means understanding how search engines work, how Web
pages are developed, what search tools to use for different situations, selecting a strategy, and
translating traditional research techniques to an online environment.
Living in the information technology era means that you will have to learn how to utilize new tools
to do your audit spelunking. Getting the job done means not just having the right tools, but also
knowing how to use them. That knowledge can mean the difference between success and failure in
your audit-related search strategy. It is no wonder then that search skills represent one of the core
competencies for audit digital literacy.
The Internet is the largest warehouse of information in the world. It consists of networks and file
servers with useful audit-related data buried throughout. There is little doubt or disagreement
about the amount of information available for auditors on the Internet. The problem has never
been (and probably never will be) whether the information is out there; at issue is where to find it.
I have always maintained that when I cannot find what I am looking for, it is not because the
information is not there, it is because I am not looking in the right place.
56 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Auditors constantly ask me for assistance in locating specific information needed for a project
with which they are involved. Finding information of a specific nature or on a specific auditrelated topic is like looking for the proverbial needle in a haystack. It is definitely a frustrating
experience for auditors who are new to the online world. I always try to give general directions on
where to look or how to go about conducting a search. My philosophy is akin to the proverb about
giving a hungry man a fish and you will feed him for a day, teach him how to fish and you will feed
him for life. The same holds true for searching for audit resources on the Internet. Learn how to
search the Auditbahn for information and your thirst for data will always be quenched.
There are some general considerations that apply to the Internet when searching for information.
The Internet is decidedly different from other traditional information resources such as the library.
The Internet is a distributed data environment with thousands of computers connected around the
world. There is no single authority that oversees the information content and there are no restrictions on who may post information on the Internet. As a communication medium the Internet has
unlimited potential for exchanging audit ideas and sharing professional knowledge.
A second consideration in searching for information is that the Internet is constantly changing.
Individuals or organizations can publish and upload volumes of information in a relatively short
time, and audit-related information can change in the blink of an eye. Think of data on the Internet
from a perspective of now you see it, now you don’t. The dynamic nature of the Internet means
that searches conducted over a short time can yield significantly different results.
The third consideration is that there are no existing standards for information content on the Internet. While there is a definite abundance (sufficiency) of information, there is a question of validity. It is important to carefully consider the source of any information obtained from the Internet.
The sheer volume of available information means concentrating on the most relevant information.
Relevance has a direct bearing on the purpose or objective of the specific search. Finally, if the
information helps meet the goal of the audit or search, then it may be considered useful. So while
there may be sufficient information available for auditors on the Internet, the information must
meet the tests of competence, relevance, and usefulness.
There are various methods of searching for information on the Internet. Many auditors may be
tempted to use a technique for locating information called “serendipitous surfing.” Surfing the
Internet involves locating a page containing links to information that you think are relevant to the
subject area you are looking for. You then select a link to a page based on individual judgment
believing that the link will take you to the information you need. Surfing does not utilize a structured approach for conducting a search, nor does it use any of the various search tools. This
technique may be fine for an individual who has time to “lurk” across the Internet hoping to hit
relevant information, but for auditors, surfing is an inefficient and ineffective method of searching. There are a variety of search and retrieval tools available for auditors connected to the Internet. Auditors need to focus on information searches using tools that will find competent, relevant,
and useful information.
________________________________ Chapter 4 — The Auditor’s Great Internet Search 57
How Search Engines Work
Many auditors use the term “search engine” when describing search engines and search directories. The two are not synonymous. Search engines compile their listings automatically by querying
Web sites. They are capable of updating their database by visiting sites and noting changes in Web
page information. In contrast, directories, which are not true search engines, rely on human intervention for their listings. A human cataloger reviews information you submit and determines the
appropriate subject-oriented classification for the site. If the information on that site should change,
the only way it will be updated is if you notify the directory Webmaster.
Search engines are composed of three parts. The first component is the spider (also referred to as
crawler or Web-bot). The spider queries a page by looking at the Hypertext Markup Language
(HTML) used in creating Web pages. Different search engine spiders look at different parts of the
Web page. Search engines may review a Web page’s title, meta tag for keywords, meta tag for
description and the text included in the body of the page. The information that the spider finds
goes into the second component called an index, which is a catalog that captures all the information that the spider found. When a Web page changes, the index is updated to reflect the most
recent information. The final component is the search engine itself. This is the actual program that
organizes the pages in the index and locates matches based on your criteria. The search engine
then displays them according to a ranking algorithm to determine the order in which matching
documents are returned on the results page.
Different search engines configure the three components based on their own specifications. This is
why using the same search criteria on different search engines will provide different results.
How Web Pages are Developed
Auditors should have a basic understanding of how Web pages are developed in order to structure
an effective search. Because there are so many different types of systems operating on the Internet,
the World Wide Web was developed so that a simple standard could be applied to Web pages. Web
pages use plain ASCII or DOS text but include special formatting codes. It is possible to create
Web pages using a simple text editor as long as the author who creates the page knows the HTML
formatting codes. In addition to using the right codes it is important for Web page authors to
understand the basics of search engines. If you know what kind of information the search engines
look for, you can provide relevant information and tags within the HTML document that will
increase a searcher’s chances of finding the information they are looking for.
Title tags and meta tags are important components of a Web page, yet many Web page authors are
unaware of how to include this information correctly. Additionally there are many Web authoring
software programs that produce default information for the meta tags. Failure on the part of a Web
page author to change the default settings for meta tags may hinder and sometimes prevent you
58 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
from finding information about that site when you query a search engine. If, for example, I create
a Web page that provides audit work programs but uses a title that does not clearly identify the site
or neglects to include meta tags, you might never find it unless you were told specifically where to
locate the page. Proper Web page design is almost as important as strong search skills in finding
the right sites when using a search engine.
Search Tool Selection
Smart searching also means choosing the right tools for the search. Many auditors first turn to
Yahoo for conducting an Internet search. Yahoo is not a search engine but rather a subject-oriented
index. It can be an effective search tool for auditors looking for general information that falls into
a broad subject category. For instance, if you were looking for hotel accommodations you could go
to Yahoo, look under Travel/Lodging/Hotels, and find a complete listing of hotels that have Internet sites. On the other hand, if an auditor is searching for specific audit information such as a 401K
plan audit program, Yahoo does not have the depth of content to find that information. Conduct
that same search for a 401K plan audit program using a search engine, and the first hit will be the
AuditNet Auditors Sharing Audit Programs site with a link to that program.
So which search tool is the most effective for auditors? I am asked this question repeatedly as I
spread the gospel of using the Internet in auditing. There are excellent search tools available for
auditors. The following is a list of some search engines and indexes —old favorites and new —
that offer more sophisticated searching and have been particularly useful in locating audit resources. Auditors need to become familiar with the “suspects” and find out which ones meet their
individual needs and preferences. Presently there are only levels of better as opposed to best.
• About.com (http://www.about.com/) employs expert guides to research and provide targeted
news and links for their communities. Each channel represents a specific topic such as business, finance, e-commerce, and more.
• AltaVista (http://www.altavista.com/) provides a natural language query with the Ask Jeeves
search engine. AltaVista also provides translation service for various languages. The translation feature will help bring the global audit community together as a truly international professional body.
• Excite (http://www.excite.com/) allows for concept-based searching, which may help in gathering background information for audit-related projects.
• FAST — Fast Search and Transfer (http://www.alltheweb.com/) — lives up to its name by
providing a quick response when querying its database. This next generation search engine
will conduct a virtual search of the entire Web. It employs new technology to operate more
efficiently and provide relevant results. Search time and number of documents found are provided to show both the speed and relevancy of the tool.
________________________________ Chapter 4 — The Auditor’s Great Internet Search 59
• HotBot (http://www.hotbot.lycos.com/) allows for establishing time parameters for a search.
Say you only want sites posted within the last month or last three months. HotBot allows for a
focused query. This ensures that information retrieved is relatively current.
• InfoSeek (http://www.infoseek.go.com) allows for searches of Web pages, newsgroups, Internet FAQs, e-mail addresses, and more.
• Lycos (http://www.lycos.com/) searches index sites by document title, links, and keywords. It
offers both simple and deep search options, and responds with a ranked list of sites with
options on how to display the results.
• Northern Lights (http://www.northernlight.com/) organizes matches by domain, organization,
or other specific levels. This allows auditors to target their search to a specific industry group
or type of organization.
• Research-It! (http://www.iTools.com/research-it/research-it.html) is a real time saver. It provides for searches of dictionaries, thesauri, language translators, acronyms, quotations, maps,
phone numbers, postal information, package tracking, financial information, and more in one
swift move.
• Vertical Industry Portals or Vortols provide industry-specific news, updates, research and statistics, discussion groups, and business services related to a specific profession. An example
of an audit-related Vortol is KnowledgeSpace from Arthur Anderson Consulting. This new
generation of search tools works on the premise that general search engine results are less than
precise. Vertical portals, sometimes referred to as affinity portals, help users find specific
information. They also attract strategic partners who have an interest in targeting their product
marketing at a unique industry or profession.
• Webcrawler (http://webcrawler.com) is a fast search engine that is worth using for audit-related searches. It provides options for retrieving either the site name or the site name and a
brief description of the site.
• Yahoo (http://yahoo.com) is the pioneer of Internet directories. It provides subject categories
that you may browse and search. The site also provides a people search feature for finding
phone numbers and e-mail addresses by completing a simple form.
Using Site-Specific Search Engines
Many audit-related Web sites have provided search engines that query the local site as well as the
global Internet. These site-based search engines provide an effective way for auditors to focus in
on relevant sites and then query those sites for the necessary information.
60 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Finding New Ways for Productive Searching
Hypersearching or Clever Searching is now being promoted as the future of productive searching
on the Internet. This is due to the fact that the phenomenal growth of online information has
rendered traditional search tools ineffective. This new technique looks at how Web pages are
linked together. Pages on the Internet fall into two broad categories — authorities and hubs. Authorities represent the best sources of information on a particular subject. Hubs represent collections of links to authoritative locations. This new technique concentrates on looking at the hyperlinks
rather than at the Web pages themselves. Hyperlinks confer authority so if a page is identified as
having a large volume of hyperlinks, it is most likely an authoritative source. This new search
methodology has shown promise and should increase the effectiveness of searching the Internet
for audit resources.
Strategies for Searching
Competency in digital searching is not difficult to acquire. Following some basic search guidelines and strategies goes a long way to making Internet research for auditing more productive and
efficient.
The Sherlock Strategy
Sometimes a good place to start a search for a specific site or organization on the Internet is by
using what I call the Sherlock theory or logical guessing strategy. Logical guessing means figuring
out the site address by assuming the organization chose an easy-to-remember acronym for its site
name and registered it for its domain. As Sherlock Holmes would frequently comment to his
associate when solving crimes, “Elementary my dear Watson.”
• Start by omitting the http:// when entering the address in your browser (Netscape Navigator or
Microsoft Internet Explorer).
• Enter the common WWW for the site.
• Enter the site acronym, corporate name, or initials as appropriate (OHSA, GAO, USDA,
NYTIMES).
• Add the top level domain (see Chapter 3, Internet Services and Tools for Auditors), most often
.com or .gov.
This strategy works for many common sites on the Internet. This is a quick logical way to find
audit-related sites and should not be overlooked by any auditor.
________________________________ Chapter 4 — The Auditor’s Great Internet Search 61
The Subject-Oriented Indexes or Directory Strategy
When your search criteria involves broad-based areas, using subject-oriented indexes may be an
effective search strategy. Typically these directories classify sites into subject categories and subcategories. The most popular (and oldest) subject-oriented index is Yahoo (www.yahoo.com).
There are two ways to look for information in these directories. One way is to browse through the
classifications and find the subject category or subcategory that matches your criteria. For example, if you were looking for a hotel chain, you would look in the travel category. There you
would find lodging as a subcategory and then hotels as a sub-subcategory. Scroll down and find
the hotel chain you are looking for. Of course if you were looking for the Hyatt Hotel Web site, you
could have used the Sherlock strategy and guessed www.hyatt.com. Directories are effective for
locating organization sites, general topics, and commercial products. The main disadvantage of
directories as search tools is that they are maintained and updated with human intervention. Therefore directory databases are not as large as other search tools nor are they as current. Auditors
looking for specific information need to choose more advanced search tools in their quest.
The Search Engine Strategy
Advanced searching requires sophisticated search tools. Search engines (robots or crawlers) rely
on software that examines the underlying code (HTML) embedded in Web pages. Through this
examination, the search engine builds a database and indexes as many sites as possible. This
technique is most effective and efficient for creating a large index of Web sites. Once a site is
indexed, the software periodically goes out (crawls), examines the Web site for changes, and
updates its database. Auditors can use search engines by entering their query and retrieving a “hit
list” of sites with relevant information. Different search engines use different search methodologies so you need to read the “help” section of each search engine. Become familiar with terms like
natural language query, Boolean logic, qualifiers, and extenders.
Search engines make it possible for auditors to access information stored on Internet servers for
words or phrases that are relevant to their inquiry. Those words or phrases can lead to authoritative
pronouncements, audit guides, manuals, tools, and other audit-related topics. The key to getting
the right information lies in formulating the appropriate query for the search engine. In designing
the query for the search engine it is extremely important to select the right words that will select
the most relevant documents existing on the Internet. But even selecting the right words may not
uncover the best information or all the information relevant to your search. Search engines are
only effective if the Web page developers have done a good job of creating their pages. Remember
that search engines look at the underlying code (HTML) used by the Web page developer. That
universal code is recognized by Internet browser software. If a developer has left out important
information such as title, keyword listing, or page description, the search engine may not even
include that page in your list of relevant hits. This is why there has not been a search engine
developed to date that will provide a comprehensive index of every site on the Internet. Search
62 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
engines can only find relevant sites when those sites have been properly constructed. To take this
strategy one step further, if you misspell a word in your search query, it is very likely that your
search will turn up hits in which the Web developer misspelled the same word. Therefore a search
on “audting” (or any misspelled variation) will turn up hits. Give it a try and you will see how
effective search engines are in finding spelling errors!
Search engines also have their limitations. For example, search engines cannot link to text within
Adobe portable data format (PDF) documents; information residing on corporate, government, or
organization intranets (Internal networks using Internet technology); or information in sites that
require a membership login and password.
Offline Search Utilities
Not all of the search utilities are Web-based. Some search utilities reside on your local computer.
These search tools query Web search engines and return results in the form of an abstract with the
address. Click on the address and your browser opens the site. Many of these tools, such as WebFerret
from Ferret Software (http://www.ferretsoft.com), are free.
Research Techniques for Auditors
The Professional Auditor Search Strategy (PASS)
If the main reason you are connecting to the Internet is for audit-related information, it is imperative that you approach searches with a rational and planned strategy. The best way to start looking
for information that meets the guidelines of competence, relevance, and usefulness is to utilize
what I call a professional auditor search strategy (PASS). The successful PASS for audit-related
information relies on utilizing what researchers call critical-thinking skills. This means applying
what you have learned as an auditor in order to approach each search for information in a logical
and systematic way. The PASS includes the four phases of traditional research methods, including:
1.
2.
3.
4.
Identifying the audit issue (also known as the audit search definition or objective).
Developing the audit search.
Choosing where to search.
Evaluating the results of the search.
Phase 1 — Identifying the Objective (the Audit Issue)
Begin by defining the objective of the search. This is also known as the issue identification phase.
Auditors looking for information on the Internet are doing so for a specific reason. They need
information on a particular topic for a specific reason such as ideas for the long-range audit plan,
preparing for scheduled audits that are included in the current audit plan, or based on a specific
request from management or the audit committee on an important business-related issue. Write
________________________________ Chapter 4 — The Auditor’s Great Internet Search 63
down the objective or purpose of the project. It will help you define the search before you begin.
As an example, suppose that your organization recently decided to provide e-mail access to all
employees. The objective of your search might be to find existing policies and risks associated
with employee use of e-mail. It is important that you narrow the scope of the search as much as
possible by clearly defining the objective.
Phase 2 — Developing the Audit Search
After identifying the search objective, you must decide how you want to search. There are sites on
the Internet where the information is organized by subject matter or trees. Subject-oriented sites
organize information in a hierarchical directory format. Subject indexes can provide successful
results by browsing through the hierarchy of menus. There are several subject-oriented sites such
as Yahoo (http://www.yahoo.com) that are popular with auditors. Most of the time you will use a
combination of subject matter and a specific search criteria known as a keyword query. In developing the search you should consider identifying the keywords that will provide you with information related to the search objective. There are several ways of structuring a keyword search. Consider using synonyms (different words with similar meanings) for the audit terms selected for the
key query. Using a different form of a keyword will also yield different results. If the first search
attempt fails to yield sufficient results, try using a different form of the word. For example, using
“auditor” as the keyword may turn up a number of hits (matches) for auditory (hearing) or auditorium. Changing the keyword in the query to “auditing” will yield more relevant matches. Sometimes using a different word in a keyword query alters the results considerably. Another technique
for search strategies involves using relevant phrases or words rather than a single word. The phrase
“internal control” will yield far different search results than will separate searches using the words
“internal” and “control.”
Phase 3 — Choosing Where to Search
There are four different areas on the Internet available to auditors looking for information. You
can search for audit-related information on commercial online information services, via peoplebased searches, through text-based Internet tools, and by using the World Wide Web. The order in
which these areas are presented does not signify a priority of which resource will most likely
provide you with the answer to your query. Your audit search may include one or more of these
areas. However, based on the explosion of information and sites on the World Wide Web, auditors
will tend to concentrate their efforts here. This may limit the results obtained by ignoring otherwise worthwhile information. If there is sufficient information available on the Web, auditors may
stop searching. If sufficient information sources are not found on the Web, auditors should pursue
other areas for relevant and reliable information.
Commercial Online Information Services
If you subscribe to a commercial online service, you may search the resources available within that
service. Many of those resources are unique to the commercial service to which you subscribe and
therefore may not be available to all auditors connected to the Internet. Each service provides
access to various business resources, including professional associations, newspapers and busi-
64 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
ness magazines, and special forums for entrepreneurs, small businesses, and industry groups. Each
commercial service provides research tools for locating information. Typically you may query
online versions of newspapers, magazines, and databases by title and subject. If you are not a
member of a commercial online information service, ask a friend or audit colleague if they can
search America Online or Compuserve for you.
People-Based Searches
The people-based search for audit information consists of utilizing e-mail discussion lists, Usenet
newsgroups, and your network of auditors connected to the Internet by e-mail. We have already
covered discussion lists, but an excellent resource for topics is the archives of audit-related lists.
Some of those archives are posted on the World Wide Web or Gopher servers. Discussion lists and
Usenet newsgroups connect you to a worldwide network of auditors and financial professionals.
These resources should be one of primary tools for finding audit-related information on the Internet.
If only I knew someone who had the answer to the question, “How do I find other auditors connected to the Auditbahn?” Sometimes it is a matter of finding another peer who may already have
the answer. So the issue becomes where can you find other audit professionals in your area with
whom to network. Although finding other auditors on the Internet is not always easy, there are
several ways to go about doing so. One way is simply to ask people for their e-mail address when
you meet them. Including your e-mail address on your business card helps this process along.
Another way is to post a message on a discussion list or audit-related newsgroup to connect with
other auditors with similar interests. America Online (AOL) allows for keyword search of their
member profiles. This is an excellent way of networking and finding other auditors who subscribe
to AOL.
There is also an online e-mail registry of auditors, accountants, and financial professionals. The
AuditNet Accounting/Audit/Finance E-mail Directory is the most comprehensive listing of auditors, accountants, and financial professionals available on the Internet. Financial professionals
voluntarily e-mail a registration form for listing in the directory. Information and the format for
submitting a request to the directory are included in Chapter 6.
If you are trying to locate an e-mail address and you know the person’s name but not their phone
number or address, you have alternatives. For frequently asked questions (also known as FAQ) on
how to find e-mail addresses, go to: http://www.cis.ohio-state.edu/hypertext/faq/usenet/findingaddresses/faq.html.
Another option is the Yahoo People Search site at http://people.yahoo.com/. The site provides a
form where you complete the first name, last name, and domain. For example, when I entered Jim
Kaplan on the netcom.com domain, it returned my e-mail address as [email protected]
and another Jim Kaplan with a different e-mail address on Netcom. If an auditor you are looking
for has posted a message on a Usenet newsgroup recently (within the last six months), you can use
________________________________ Chapter 4 — The Auditor’s Great Internet Search 65
the Deja.com Web page (http://www.deja.com). The site searches Usenet postings under the auditor’s
name and retrieves the message he or she wrote or is mentioned in. You can then get the auditor’s
Internet address. Professional organizations such as the National Association of Local Government Auditors are including e-mail addresses on new member and renewal applications. Member
directories will be a primary resource for finding peer e-mail addresses.
Incorporate people-based search options in every audit or project that you undertake. Remember
that the Internet is more than just computer networks tied together. It is a people-based network of
information resources that epitomizes the concept of “Progress Through Sharing.”
Text-Based Search Tools and the World Wide Web
In the previous chapter we talked about some of the text-based search tools such as Archie, which
searches anonymous FTP sites, and Veronica, which searches Gopherspace. We will next concentrate on search and retrieval tools designed for the World Wide Web. The World Wide Web provides powerful tools that make it easy for an auditor to search for audit-related information.
Auditing, Accounting, and Financial Hotlists (Link Sites)
There are a number of sites on the Internet where other individuals, government agencies, professional associations, or companies maintain hotlists or links to auditing, accounting, and financialrelated information. These sites act as a directory specifically directed to particular subjects such
as security, internal auditing, accounting, taxes, and education. Each site chooses to organize their
information differently so you need to look carefully to find the right category. The AuditNet
Resource List, available on the AuditNet Home Page (http://www.auditnet.org/karlhome.htm), is
a list of audit-related resources that you can refer to in an Internet search. Find a site that could be
related to the topic you are researching. For example, if you were looking for a federal circular
from the Office of Management and Budget (OMB), go to the site on the Internet and you will find
the current publications available. These hotlists are a great help if you know what type of information you are looking for and it relates to a particular subject or organization. One thing to keep
in mind is that sites sometimes do not update their links regularly. Find a site that you feel comfortable with and visit it regularly to keep up to date with new resources. The AuditNet site also
includes links to some popular search engines.
Audit-Specific Databases
There are a growing number of audit-related locations that index their information and include
WAIS searching capability. These sites provide word searches of their indexes that make it easy to
search for specific terms. They include a popup dialog box that allows for different types of searches,
and typically include a help feature that guides you through the selection criteria. Availability of
an audit-specific database narrows down a search if you already know that material on your subject has been gathered before. Government sites such as FinanceNet (http://financenet.gov/) and
the Auditor General of Canada have keyword search capability in their respective sites. There are
also search engines that list (by subject) a number of sites with WAIS capability.
66 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
The U.S. General Accounting Office (http://www.gao.gov) is an excellent example of an auditspecific searchable database. GAO audit reports are found easily by using the Government Printing Office Search and Retrieval tool at Purdue University (http://thorplus.lib.purdue.edu/gpo) for
accessing Wide Area Information Server (WAIS) databases. Databases available for searching
include congressional bills, the Congressional Record, the Federal Register, public laws, the U.S.
Code, and the GAO Blue Book. When planning a review or audit, go to this database first and find
out whether GAO has performed any similar reviews.
Subject-Oriented Directories
Some Web sites are subject-oriented directories or catalogs. These sites are organized by subject
trees and provide a hierarchy of categories and sub-categories that allow for searches by topic.
They are organized in alphabetical order. Selecting a category provides you with additional subcategories, which provide you with a list of resources for that particular sub-category. Subject
directories are used for browsing broad-based subject or general topic areas. Some of these Web
sites also allow for a keyword index search of the resources that they reference. Yahoo (http://
www.yahoo.com) and the WWW Virtual Library (http://vlib.org/Overview.html) are examples of
well-known subject tree directories. While these directories should be queried when conducting a
search for audit information, most of the sites will include topics for business and accounting, but
not specifically for auditing. Use the keyword index search capability to locate audit-related topics.
Internet Indexes
There are Internet indexes that utilize search engines for conducting searches. Search engines, or
search and retrieval tools as they are referred to, allow you to find and retrieve audit-related information by connecting to Internet resources through a keyword query. Search engines negotiate
multiple locations on the Internet and return matches based on the keywords or phrases chosen for
the search. Search engines operate by using tools (robots and spiders) that travel the Internet
looking for resources. The search engine maintains an updated index of the sites queried to speed
the process. These tools visit millions of WWW pages to create their databases and are the preferred method for searching for audit-related information available on the Internet. Popular search
engines include AltaVista (http://altavista.digital.com/), WebCrawler (http://www.webcrawler.com/
), Lycos (http://www.lycos.com/), and InfoSeek (http://www.infoseek.com/). Do not assume that
all search engines produce the same results. Based on the way that each search engine queries
sites, results can be surprisingly different. There are also sites that will simultaneously query a
variety of search engines. These are known as metasearch engines and can be a powerful addition
to the Internet audit search toolbox. The downside of metasearch engines is the limitation of structuring queries for a specific search engine. So the bottom line is knowing how to structure the
query for the search engine you chose. This requires a basic familiarity with the different search
techniques that Internet search engines utilize.
________________________________ Chapter 4 — The Auditor’s Great Internet Search 67
Search Techniques and Search Queries
Internet search engines create an indexed database of words and phrases for the URLs of the sites
they query. Making the most effective use of indexes requires knowing how to develop a query
using the logical rules or algorithms that the search engine understands. Each search engine uses
its own set of rules for queries. Those rules are spelled out in the search engine help feature. All of
the Internet search engines provide a query form in which you are asked for the search term.
Structuring a query requires knowing what search technique each search engine utilizes. Indexes
provide for keyword searching of their respective databases. Additional techniques include Boolean operators, natural language, single term, and automatic truncation. Simple queries for each
search engine use the default search technique programmed into that search engine. Each search
engine also provides the capability for advanced queries. Before using any one of the popular
search engines, read the explanation of how to do simple or complex (advanced) queries. Knowing how to structure your queries will increase the chances for a successful search.
Boolean operators allow you to search for different concepts within one query. Boolean operators
are actually words such as AND, NOT, and OR. By using a Boolean operator in a query you can
search for concepts rather than limiting yourself to single keyword queries. An example of a
Boolean search would be a query for INTERNAL and CONTROL. Choosing different Boolean
operators can either narrow (and) or broaden (or) the search results. This can be a powerful tool for
searching indexes, however not all of the search engines utilize Boolean logic.
Some sites support natural language queries that allow you to ask questions as you would in a
conversation. Asking the right questions can give you successful search results if you ask them
correctly. This technique can give quite unexpected results.
Single-term sites rely on using a keyword for the query. The challenge for these sites is choosing
the right word to use for the query.
Automatic truncation provides for near searches of an indexed site. This technique provides for
searching the root of the word and its various endings. Using the term AUDIT would return hits on
AUDITOR, AUDITING, AUDITORIUM, etc. Some sites allow using an * or ? as part of the
query as well. Search engines that use truncation are worthwhile when you are looking for variations on the root word but will likely include other irrelevant hits.
There are also search engines that recognize phrases or a string of contiguous words. These sites
look for occurrences of words together such as INTERNAL CONTROL, or GENERALLY ACCEPTED AUDITING STANDARDS.
68 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Here are some tips for making the most of your search for audit-related information.
• Start by posting a message on one or more of the audit-related discussion groups (mailing lists
or newsgroups). While many subscribers to the lists read messages regularly, some subscribers only check intermittently. Many good ideas come from posting to an audit-related discussion list. Other auditors may know where to find the information you are looking for.
• Check any audit-related Web sites you have visited before. Sites constantly change and you
may find the information you are looking for on an audit-related indexed location. A good
example of this is the GAO searchable database of reports issued, which is available on the
GAO home page at http://www.gao.gov/.
• Prepare for searches early in the planning stage of the audit. In fact, searches can begin when
the annual audit plan is approved.
• Choose the right words. Use your knowledge of auditing to select the right word or phrase for
the search.
• Spell the words you select for the query correctly. Spelling errors may have a significant
impact on the search results.
• Use synonyms to increase the chances for a successful search.
• Try several different search engines for your queries. Each one indexes Web sites differently
and produces varied results.
• Check the help feature for the search engines you use. Learn the methods of structuring the
query for your favorite search engine.
• Check for FAQs or Frequently Asked Questions. FAQs contain a wealth of information and
should not be overlooked in an audit-related search strategy.
• Be as specific as possible in your search terminology with several caveats. The better your
definition, the greater the chance of a successful search. If you receive too much information
it may be due to your choice of words. If you receive too little information, you may have been
too limiting.
Phase 4 — Evaluating the Results of the Search
The final step in finding audit-related information on the Internet is to evaluate the results of the
search (search results). At this stage consider the objectives of the search. Did what you find
satisfy the objectives? If not, perhaps the objectives were not clear. Did you find sufficient information? The search criteria could have been too limiting. You may need to expand your search to
________________________________ Chapter 4 — The Auditor’s Great Internet Search 69
locate more records. There are several ways to expand a search on the Internet for information.
Use the Boolean operator AND to find more records on the subject. Another possibility is that you
may not have allocated sufficient lead time to conduct a thorough Internet search. Did you find too
much information? Perhaps your search criterion was too general or not focused enough. You
could use the NOT Boolean operator or use a phrase for limiting the records found.
The success of the search from an audit perspective depends on more than sufficient, relevant, and
useful. The competence or quality of the information is perhaps the most important ingredient of a
successful search. The dynamic nature of the Internet combined with the fact that anyone can post
information means that you should evaluate the quality of any information retrieved. When it
comes to evaluating content on the Internet, the ability to think critically is another of the core
competencies that auditors need to develop to achieve digital literacy. Evaluate the information
found by applying the following standards.
Who Posted the Information?
Consider the author of the material when evaluating quality. The background and credentials of
the author may provide evidence of his or her qualifications for writing on the subject.
What is the Nature of the Information?
Is it source information or merely a reference to another’s work? Original information is the most
reliable and can be easily verified through the provider. Consider the source in determining the
nature of the data found.
Why is the Information Posted?
The purpose for writing or posting information on the Internet may be another indicator of quality
(or lack thereof). Marketing information on a particular site is meant to entice consumers to buy a
product or service. Beware of advertising hype such as “This is the best software auditing program
on the market.”
Where is the Information Coming From?
Information from academic, government, or commercial sites is posted for a variety of purposes.
Commercial sites post volumes of marketing-oriented material. University sites post research papers, theoretical, and other academic works from professors and doctoral students. Information
intended for those audiences may not be competent for audit purposes.
When Was the Information Last Updated?
How current is the information? You may find sites where the information is not updated regularly.
Stale information may not be factually accurate. If there are questions as to when the information
was posted or last updated, send an e-mail to the Webmaster or individual who maintains the site.
70 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
How is the Information Obtained?
What method did the Webmaster use to obtain the information? Did another individual upload the
information to the site and not provide contact information? If a survey was conducted, make sure
that the methodology is documented on the site. Find out about the site and make sure that any
information posted is done with the knowledge of the Webmaster. If you download any executable
programs from a site, make sure that you check them with an antivirus software program.
While these questions may seem intuitive, it is important that you not alter or impair your professional judgment just because you are using a new tool (the Internet). The Internet is another source
for information, but it is not the only source. Apply professional judgment to any information
obtained from the Internet by making sure that it is sufficient, competent, relevant, and useful.
There are many more search engines and indexes available on the Internet. While I have found the
above tools to be helpful, you may find other tools to help locate audit and audit-related resources.
There are several books that I recommend for maximizing your search efforts. Web Search Strategies by Bryan Pfaffenberger (MIS Press) will help you understand more about searching the Internet, especially deep search strategies. Finding It On the Internet by Paul Gilster (John Wiley and
Sons) provides details for utilizing all the search capabilities of the Internet. It is also wise to keep
up to date on new tools for searching the Internet. The best way to keep informed is by subscribing
to the Scout Report, a Publication of Net Scout Services. The Scout Report is available via e-mail
by sending a message to [email protected]. In the body of the message, type: subscribe scoutreport-HTML. The Scout Report includes a section on Network Tools that highlights new resources for searching. It also has a Web site (http://www.scout.cs.wisc.edu/) where subscription
information is available. Remember that the Internet is constantly changing. In order to make the
most of it, keep current on what tools and resources are available to you.
Interview: Robert D. Randolph, Communications/Marketing Specialist,
Arthur Andersen Knowledgespace (http://www.knowledgespace.com)
KnowledgeSpace® is a Web-based knowledge service designed to help improve business performance. It integrates Arthur Andersen’s business resources with daily news and insights to help
business people identify and address issues and opportunities. KnowledgeSpace® enhances collaboration among business professionals by creating “virtual communities” of members who face
similar issues and have similar interests. By joining a KnowledgeSpace community, members can
conduct research on business issues that are specific to their function and industry, use diagnostic
tools designed to address their individual business and industry-specific challenges, and participate in discussion groups and electronic forums with their peers and relevant industry experts.
The internal audit community gives auditors the knowledge base needed to enhance their internal
audit performance. Members have access to the business processes advisor, expanded global best
________________________________ Chapter 4 — The Auditor’s Great Internet Search 71
practices, accounting rules and regulations, and proven procedures — valuable resources for improving their companies’ financial processes.
Q. Why did Arthur Andersen create KnowledgeSpace?
KnowledgeSpace was created in response to client requests for access to best practice information that Andersen had been collecting in a knowledge base since the early 1990s. What
began as an internal knowledge management tool became a resource that any business can
use to supplement their existing knowledge management efforts, bringing structured business
knowledge into their environment from outside the organization.
Q. Tell me about KnowledgeSpace’s Internet strategy.
KnowledgeSpace is designed as a forum for sharing Arthur Andersen’s unique business knowledge with the business world and a means to enhance the work we currently do with clients.
We have a free business portal site for enterprise business owners and managers, but a more
robust site for clients. The client site includes tools that will help the client better understand
their needs and work more effectively with their Arthur Andersen engagement team.
KnowledgeSpace is a Web-based knowledge service designed to improve business performance. By delivering relevant information when it is needed, KnowledgeSpace helps business
people better understand their industry, their opportunities, and their business challenges.
The Arthur Andersen resources delivered through KnowledgeSpace help the user address critical
business issues they identify with the assistance of KnowledgeSpace. Tools such as Global
Best Practices for KnowledgeSpace help benchmark business practices, while Business Radar delivers deep, broad business news from many of the leading business news sources and
over 400 industry and trade publications. KnowledgeSpace will also help you connect to the
global business community through the “Connections” area of the service. There you can
network with business leaders in your industry in online forums, or view video broadcasts of
presentations made by leading business luminaries. Overall, KnowledgeSpace is an awardwinning integration of Internet business resources that captures and shares the relevant information business people need to meet their business objectives — and their bottom line.
Q. Recently KnowledgeSpace had an article on “virtual auditing.” Do you see an expanded
presence for “cyberaudits” as the Internet integrates itself into business processes?
The personal aspect of an audit will never disappear, but the Internet can result in some of the
audit being virtual. What will be exciting is when an organization and its auditor can tie into
a shared system for purposes of the audit. While that will certainly make the audit seem much
more virtual, it will be surprising that the importance of the personal relationship will increase.
72 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. What do you see as the future of Internet subscription-based products such as
KnowledgeSpace directed at the audit community?
An offering like KnowledgeSpace Internal Audit community will be the general format for
subscription Web services. General offerings will continue to be offered for free with an advertising revenue model. Very deep specific resources will be able to command a subscription
fee because they truly do offer timesaving opportunities. People do not look for a one-stopshop for ALL business information, but they do want one resource they can turn to for all the
right information on a very specific topic, such as internal auditing.
Q. One of the digital literacy core competencies identified by Paul Gilster was knowledge
assembly or being able to target specific information through media feeds that will meet
the needs of business professionals. How do you see KnowledgeSpace as meeting the
criteria associated with knowledge assembly?
KnowledgeSpace was designed with that competency in mind. We have created several different ways for subscribers to reach the information that is relevant to them. One very effective
way is through our topical navigator — an index of business issues that auditors deal with on
a routine basis throughout the year. By drilling down through a specific topic, an auditor can
find all the resources KnowledgeSpace has to offer on that matter. Another effective way is
through our Search Plus! feature. Enter a search term and locate all the resources and news
articles containing that term or phrase. Finally, we offer Business Radar, a news search service that scours the more than 400 top business dailies and trade journals, and a browse
option to scroll through the various resources we have compiled.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
Within our firm new electronic tools, primarily using Internet technology, have allowed our
professionals equal and timely access to critical information, tools, and resources. Our use of
Internet technology internally (intranet) enables the dissemination of new and updated content on a worldwide basis for our firm in the most efficient fashion imaginable.
Q. How has your organization integrated the use of the Internet into auditing?
As described above, KnowledgeSpace and our firm intranet have provided our internal auditing professionals with access to the newest auditing tools and methodologies. The Internet has
also provided our professionals with access to global internal auditing resources, outside of
our own, via the World Wide Web. By having access to auditing resources that are provided by
professional organizations such as The Institute of Internal Auditors via their Web site, our
auditors are able to keep up with and adjust to industry standard practices. E-mail transfer
________________________________ Chapter 4 — The Auditor’s Great Internet Search 73
between our partners and employees and our clients (made possible by Internet tools) has
increased the efficiency of our work and communication tremendously.
Q. What Internet resources do you use, and how have they helped you and your organization?
Part of the answer to this question is addressed above. We use the Internet to view industry
information and standards. We use it to search for specific auditing tools such as work programs offered for viewing by several organizations with Web sites. We use the Internet to share
information about our firm with the global business community, to “open our doors” to students at universities worldwide, and to stay abreast of our competitors’ actions. In a nutshell,
the Internet has been revolutionary in the way it has allowed our firm to share knowledge
internally and externally.
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
See all answers above.
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
The existence of the Internet and the World Wide Web has increased the speed by which internal auditors discover and adapt to best auditing practices. In the “old world” it took significant time for a new auditing technique to be discovered through paper mail or word of mouth.
Now auditors around the world have access to new trends and best auditing practices on a
timely, almost immediate, basis. These revolutionary times have also evened the playing field,
allowing departments with smaller budgets and fewer resources access to the same level of
data, tools, methodologies, standards, and other auditing resources that the larger “wealthier”
departments enjoy.
Q. What Internet skills do you see as the most critical for new auditors?
The Internet does not require much “skill” to use; it requires action. The major mental model
that is necessary for internal auditors to embrace and foster is one of “sharing.” In order for
us all to keep this knowledge ball moving, we must all share our ideas and practices with each
other. The profession will take huge steps forward as a result of the coming together of minds
via the Internet.
74 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. What role do you see for the Internet in the future of internal auditing?
Since we are in the infancy stages with the Web and Web technologies, all of the ideas and
actions commented on above will be enhanced and used more completely by internal auditors
around the globe. Plus, if you let your imagination run a little wild, there are many more
possibilities. Who knows, the day might not be far off when internal auditors are needed to
keep systems and processes controlled in far-off places such as international space stations,
giving a whole new meaning to knowledge sharing in cyberspace.
Continuing Internet Education
The following books are excellent resources for using the advanced techniques of searching for
information on the Internet.
1. The AltaVista Search Revolution, Richard Seltzer, Eric J. Ray, and Deborah S. Ray.
2. The Information Specialist’s Guide to Searching and Researching on the Internet and the
World Wide Web, Ernest Ackermann and Karen Hartman.
3. Finding It On the Internet, 2nd Edition, Paul Gilster, John Wiley & Sons, Inc.
4. Official Netscape Guide to Internet Research, 2nd Edition, Jill Nystrom and Tara Calishain.
5. The Internet Research Guide, Timothy K. Maloy, Allworth Press.
6. Web Search Strategies, Bryan Pfaffenberger, MIS Press.
To keep up with the latest in search tools, go to www.researchbuzz.com. The site was developed as
a companion to the Official Netscape Guide to Internet Research. Most business days you can get
the latest on new research sites and information. ResearchBuzz is also available as a free weekly
newsletter. Subscription information is available at their Web site.
____________________________________________ Chapter 5 — Look Who’s Talking! 75
Chapter 5
Look Who’s Talking!
Discussion Group Resources
The Internet has long been an important resource for academicians, researchers, and government
employees. Today’s auditors and accountants are also appreciating the power of online digital
resources. Those resources include a variety of tools that will help professional auditors increase
efficiency and effectiveness within their departments and throughout their organizations.
Auditors can maximize the power of electronic communications by using discussion groups, one
of the oldest and most popular services available on the Internet. Discussion groups are often
referred to as mailing lists (or sometimes listserv). Mailing lists are distributed via e-mail and are
popular because all that is required to participate is an e-mail account or address, which means
virtually everyone on the Internet can participate. Unlike traditional mailing lists, which are used
for marketing purposes, electronic mailing lists are used by professionals as electronic newsletters
or magazines, as forums for discussions of professional related subjects, and to disseminate news
and information. Each list covers a topic or group of topics to which all messages distributed are
expected to relate. Some of these lists are open to the entire audit community while others are open
only to specific groups of auditors. These interactive lists encourage participation of the list members in order to exchange information and ideas. There are definite economies of scale in that the
greater the number of auditors that participate in the discussion, the greater the opportunity for
sharing and networking. Some of these lists are monitored or moderated which means the list
coordinator reviews material for appropriateness to the purpose of the list. Other lists are not
moderated, which means that the topic areas may sometimes drift from their original subject.
There are also lists available that are termed reactive and are used primarily for disseminating
information or news items. These lists typically do not encourage discussion among list members.
There are mailing lists devoted to auditing, accounting, and financial related topics. Subscribe to
these mailing lists and you will receive periodic distributions from the list. You may also post
messages to the mailing list that will be sent to all subscribers. For example, you could post a
request for information on interest rate derivatives in planning for an audit on that subject. Each
subscriber to the mailing list would receive the request. Within minutes of sending that request
you might receive a reply stating that GAO performed an audit on interest rate derivatives. The
response could provide you with information on where to obtain the document electronically.
Discussion lists or mailing lists are powerful, efficient tools for networking that auditors may
utilize for audit planning, problem solving, and discussion of topical issues. Like most other electronic tools, auditors must understand what mailing lists are available, learn how to subscribe, and
use them effectively. Chapter 3 provided the mechanics of mailing lists, including how to join,
manage, and leave this type of electronic forum. The following provides specific information on
audit-related mailing lists.
76 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Tips for Using Mailing Lists
Mailing lists represent a powerful tool for auditors. As with other tools, you should learn to make
the most of them. Following are tips for using mailing lists.
1. Save the instructions that you received when you first subscribed to the list. They will provide the details on how to use the list, including unsubscribing from the list.
2. Subscribe to only those lists that are of interest because some lists generate a large volume
of e-mail.
3. Address your subscription request to the listserv address rather than the list address.
4. Follow the format for using your name (not e-mail address) in the body of the request (i.e.,
Subscribe Auditlist John Doe, if so instructed).
5. Know how to unsubscribe just in case the volume of mail becomes unmanageable.
6. Browse messages and archives before contributing to get a feel for the mailing list personality.
7. Keep your postings short and to the point.
8. Practice e-mail etiquette techniques when contributing and responding to list messages.
9. Use sound professional judgment when submitting to lists (i.e., do not distribute sensitive or
confidential information to the list).
10. Share meaningful, relevant information to the list. This is an effective way to network with
thousands of other auditors.
11. Share relevant messages with peers who are not subscribers to the list.
Auditing and Accounting-Related Mailing Lists
There are literally thousands of discussion groups available on the Internet. A common question
is, “Where do I go to find out what audit-related mailing lists are available?” There are sites on the
Internet that store databases of discussion groups, but unfortunately they include all topics. Finding out what relevant discussion groups are available for auditors is a matter of networking.
The following auditing, accounting, and financial-related mailing lists for auditing professionals
were available at the time of publication. These lists represent a wide variety of auditing and
accounting-related topics. The AuditNet Resource List provides updates of new audit-related lists
and should be consulted periodically for additions or changes. The AuditNet Resource List, available by e-mail from [email protected] or at the AuditNet home page (http://
www.auditnet.org/karlhome.htm), maintains references to various audit-related mailing lists. The
following lists are organized by list name and include the list address for subscribing.
____________________________________________ Chapter 5 — Look Who’s Talking! 77
Audit Discussion Groups
ACUA-L List - Association of College and University Auditors (ACUA) - ACUA-L is a listserv
on Bitnet and is a closed list, available only to college and university auditors. The list is very
active and is a valuable resource, networking, and information tool for auditors in an educational
institution environment. Contact Chuck Jefferis at the University of Vermont
([email protected]) for subscription information.
ANZ Internal Audit Group Mailing List (http://www.curtin.edu.au/curtin/audit/
mailing%20list.htm) allows for the free exchange of ideas for internal auditors of Australian and
New Zealand universities and other interested participants. The site provides information for
subscribing to the ANZUIAG-L list. This list was previously called INTAUDIT-L).
Audit-L is a generalized audit discussion list open to all auditors irrespective of industries and
organizations. The list is intended to have a diverse membership so that broad perspectives from
all auditors can be gained through interactive communication. While many specialized lists are
created to address unique needs of specific industries or special interest groups, the concept of this
list recognizes that many audit issues cross industry/organizational lines. Send subscription requests to [email protected] with one line in the body of the letter: SUB
AUDIT-L your name.
AuditNet-L is a monthly mailing from AuditNet that provides the latest additions to the AuditNet
Resource List, new audit programs added to Auditors Sharing Audit Programs, and more. For a
free subscription to AuditNet-L, which includes the monthly updates to Internet Resources for
Auditors, send an e-mail to [email protected], leave subject blank, and in the body of the
message put subscribe auditnet-l (your name). To unsubscribe, send an e-mail to the same address
and put unsubscribe AuditNet-L (your name) in the body of the message.
Audit-Y2K Discussion List ([email protected]) is a discussion list devoted
to year 2000 issues for auditors. This list is open to all auditors interested in the year 2000 issue
and is not moderated. Dyan Hudson, University of Texas at Austin, is the list owner. Subscribe by
sending an e-mail request to [email protected] with the message Subscribe AuditY2K (your name).
CISACA-L - The Central Indiana Chapter ISACA created a list for information systems auditors.
The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe send a one-line message to [email protected] with the message SUBSCRIBE CISACA-L (your name). Leave the subject line blank. Messages sent to [email protected] will be distributed to all subscribers.
78 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
COBIT™ listserv (COBIT-List) created to facilitate discussion about COBIT among members,
ISACA has created a COBIT listserv. By exchanging knowledge through the listserv, subscribers
are sure to find answers to their questions and advice for improving implementation procedures.
Subscribe to the COBIT listserv by sending the following e-mail message to [email protected],
type subscribe in the subject line, and leave the message body blank. There is also a digest function for auditors who want to receive a complete daily digest of all postings instead of each posting
separately. To subscribe to the digest version of the COBIT list, add the following command in the
body of the message: BODY OF MESSAGE: SET DIGEST cobit-list. You will receive an acknowledgment and instructions on how to unsubscribe by e-mail.
Computer-Assisted Audit Tools and Techniques (CAATT-L) is a forum for exchange of ideas,
experiences, and information related to automated audit tools and techniques such as generalized
audit software, test data generators, computerized audit programs, specialized audit utilities, and
automated audit working papers. It is a closed discussion list hosted by RAIN, a regional networking service provider. Send subscription request to [email protected] with “subscribe”
in the body of the letter.
Control Self-Assessment (CSA-L) Mailing List - an unmoderated discussion list devoted to
Control Self-Assessment and open to anyone with an interest in discussing issues related to CSA.
CSA is a process that allows work groups to identify or refine the business and quality objectives
that they should be fulfilling, while assessing the adequacy of plans and controls in place to meet
those objectives. To join the list send a message to [email protected] with the text SUBSCRIBE CSA-L. You will receive an acknowledgement and a message with administrative issues.
Credit Union Internal Auditors Mailing List - Discussion list for credit union internal auditors.
To join this Internet mailing list, send an e-mail to [email protected] and include the
following: “subscribe cu-ia” in the body of the message.
Data Extraction and Analysis Mailing List. Established March 1, 1995, on America Online as a
moderated discussion forum for the exchange of ideas related to the use of ACL, IDEA, Microsoft
Access, and any other data extraction and analysis software. ACL, IDEA, and Microsoft Access
are PC-based and allow users to easily read, analyze, and report on data. Biweekly, the moderator
sends a summarized document, which organizes the ideas sent during the previous two-week period. The mailing list is not a forum for technical questions (other than idea questions such as, “Is
it possible to use ACL for accounts receivable test work and does anyone have a good way to do
this?”). All technical assistance questions should be directed to ACL, IDEA, Microsoft Access, or
other software technical support. Send all messages and subscriptions to [email protected] with one
line in the body of the letter: SUB DE&A. It would be appreciated by the moderator if the person’s
real name, organization, software type, and the number of years that data extraction and analysis
has been used be included in the message.
____________________________________________ Chapter 5 — Look Who’s Talking! 79
GovCon Discussion Groups (http://www.govcon.com/) - Government contractors site that includes discussion groups for auditing, accounting, and financial management issues. KPMG Peat
Marwick is moderating a new discussion group on government audit and reviews. If you have a
question on issues affecting the performance and resolution of government contract audits (DCAA,
IGs, etc.), post it online. Access to the site is free but registration is required.
IDEA Software Users Discussion List - IDEA-LIST is an unmoderated discussion list and forum
to exchange ideas and information among users of IDEA (Interactive Data Extraction and Analysis). IDEA is a productivity tool for auditors, accountants, and financial managers that can help
display, analyze, manipulate, or extract data from other computer systems. Send subscription requests to [email protected] with one line in the body of the letter: SUBSCRIBE
IDEA-LIST. For more information, you can send an e-mail to [email protected].
IS Audit List (isaudit-list) - The IS Audit list server provides IS auditors with a forum to freely
discuss topics affecting the profession, including career development issues. The site is sponsored
by Gerry Myers Associates, an IS Audit Consulting and Recruiting firm. To subscribe to the list,
address your request to [email protected] with the word SUBSCRIBE in the subject field
only. You will receive an acknowledgment welcoming you to the list with important information
on using the list server.
PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L) is a list server devoted
to PeopleSoft Security, Audit, and Control. To subscribe to this list, send an e-mail (with your
signature feature turned off) to: [email protected]. Include no subject line. In the
body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example: subscribe
PSSAC-L Jane Doe).
Business-Related Discussion Groups
Employee Benefits Mailing List (Benefits-L) provides discussion on health management, human
resource information systems, payroll, ERISA, unemployment insurance, workers compensation,
and other benefit-related issues. To subscribe, send a message to [email protected]. Leave
the subject blank and type in the message area: subscribe BENEFITS-L (your name).
Government Finance-Related Discussion Groups
FinanceNet Mailing Lists
FinanceNet operates various mailing lists that are useful for sharing information and staying abreast
with breaking issues in the area of government financial management. For information on all the
current mailing lists available from FinanceNet and instructions on how to use them, send a message to [email protected].
.
80 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
FinanceNet mailing lists open for public subscription use the “Listproc” program software to
automatically respond to specifically worded commands to subscribe and unsubscribe users and to
respond to certain “special option” commands that provide further utility. Subscription to any of
the FinanceNet e-mail lists is free and available to anyone interested in improving government
financial management through the sharing of information and ideas. There are many e-mail lists
within the FinanceNet network, each one dedicated to a government financial management discipline or professional organization.
FinanceNet mailing lists are “coordinated” by a member of the FinanceNet Core Team who is
familiar with the topic of the list. Coordination involves monitoring the list, checking for and
reporting disruptive inflammatory messages, insuring that the appropriate new documents, newsletters, journals, bulletins, circulars, or other pertinent items of interest to the list membership get
distributed to the list, and making policy recommendations back to the FinanceNet’s Core Team
for list enhancements.
You are free (even encouraged) to post pertinent documents, news, or announcements (or notices
of the electronic location of same) to any of the FinanceNet mailing lists. You are not required to
be a subscriber to a list to post to it. However, to receive distributions posted to a particular list,
you must subscribe to that list.
All communications to the list (postings) are addressed to the list itself (i.e., [email protected]). All subscription service requests must always go to the list manager
address (i.e., [email protected]) or they will not get processed.
FinanceNet Mailing Lists Currently Available
All of the following mailing lists are available through FinanceNet. The purpose of the lists is for
posting and receiving news, announcements, notices, information comments, and questions related to the list topics. The list title is provided first followed by the list name in parentheses. The
list name is the address to send messages to that will go to the subscribers of the list (see How to
Post Messages). Each list includes a description of the types of information covered by the list
topic. Subscribe to the list by sending an e-mail to [email protected] and include a message
SUBSCRIBE (LISTNAME) (YOUR NAME FIRST/LAST). Replace LISTNAME with the name
of the list that you want to subscribe to (for example, muninet, budget-net, etc.). Remember that
the list name is everything before the @ sign. For general information about FinanceNet mailing
lists, send an e-mail to: [email protected]. FinanceNet is always adding new lists based
on specific needs of the government financial management community.
Accounting ([email protected]) - A distribution list for public and private sector accountants to encourage the cross-sector posting of accounting-related notices, papers, standards,
and other documents to increase the awareness of each sector’s particular accounting problems,
successes, and best practices.
____________________________________________ Chapter 5 — Look Who’s Talking! 81
Association of Government Accountants ([email protected]). This AGA mailing list is for
discussions of governmental accounting issues.
Budget-Net ([email protected]) - A distribution and discussion list for revenue, appropriation, and budget issues at all levels of government related to the mission of BudgetNet, a
NetResults network of people at the National Performance Review.
Calendar - Joint Financial Management Improvement Program ([email protected])
is a free government distribution list (no discussions). FinanceNet’s “calendar” posts periodic
updates (usually monthly) of the FinanceNet Universal Financial Management Calendar for Events
and Training. This calendar is also cross-posted on the FinanceNet Web site. Calendar events and
training opportunities are posted by day of month for all federal, state, and local participating
agencies and professional organizations. This list is coordinated by the Joint Financial Management Improvement Program (JFMIP). You are encouraged to send agency and professional association calendar events for posting to this list to the JFMIP.
Daily Asset Sales from the CBD ([email protected]) - FinanceNet’s “daily-sales” list
server is a daily distribution list of all government asset sales and surplus listings from each day’s
edition of the “Commerce Business Daily.” This service is provided compliments of the Loren
Data Corp.
Electronic Commerce ([email protected]) - FinanceNet’s free “EC-Finance” list server
targets all issues relating to financial administrative aspects of government electronic procurement
and acquisition at all levels of government. Your topic-related comments and participation in this
list are encouraged and welcomed.
Employment Opportunities in Public Financial Management - FinanceNet’s “Fin-Jobs” list
server is a free government distribution list (no discussions) that posts notices of employment
openings in government financial management positions, including accounting and budgeting jobs,
at all levels of government.
FASAB ([email protected]) list server is a free government distribution list (no discussions)
reserved for official news and announcements from the Federal Accounting Standards Advisory
Board (FASAB). Posted to the list are news, announcements, meeting agendas, and newsletters
from the FASAB.
Fin-audits ([email protected]) list server addresses all issues relating to government
financial audit issues at all levels of government. Discussions can relate to the various financial
issues relating to the relations between the CFO and audit communities, agency audit findings and
recommendations, audit follow-up and validation procedures, materiality thresholds, IG vs. IPA
audits, financial audit resources and staffing, etc. Your topic-related comments and participation
in this list are encouraged and welcomed.
82 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Financial Executives Institute ([email protected]).
Financial Legislation ([email protected]) list server is a free government distribution list (no discussions) that posts periodic updates on the status of financial management legislation, in various stages of completion, from the U.S. Chief Financial Officers Council’s (CFOC)
Legislation Committee.
Financial Operations ([email protected]) - FinanceNet’s “Fin-Operations” list
server is a free government distribution and discussion list that targets the full range of government administrative financial management operations, including vendor payments, cash management, travel, accounting standards, financial reporting, etc. Your topic-related comments and participation in this list are encouraged and welcomed.
Financial Personnel & Training ([email protected]) - FinanceNet’s “Fin-training”
list server is a free government distribution and discussion list that addresses all matters relating to
government financial personnel and training issues at all levels of government. Discussions frequently center around establishing core competencies for government financial managers, retention, recruitment, training and continuing education issues, course content, professional readiness,
applicant pool size, interviewing skills, classification standards, position descriptions, etc. Your
topic-related comments and participation in this list are encouraged and welcomed.
Financial Policy ([email protected]) - FinanceNet’s “Fin-policy” list server is a free
government distribution and discussion list that addresses all matters relating to government financial management policy at all levels of government. Your topic-related comments and participation in this list are encouraged and welcomed.
Financial Statements & Reporting ([email protected]) - FinanceNet’s “Fin-reporting” list server is a free government distribution and discussion list that addresses all matters
relating to the various financial reporting requirements of the FASAB, treasury, and OMB; financial statements issues, accountability and stewardship reporting, policy, procedures, improvements,
standards, etc., and especially the newly required “Statement of Financing.” Your topic-related
comments and participation in this list are encouraged and welcomed.
Financial Systems ([email protected]) - FinanceNet’s “Fin-Systems” list server is a
free government distribution and discussion list that addresses all matters relating to government
financial government financial systems at federal, state, and local levels such as systems integration, core systems, systems requirements, computer hardware and software, contractors, useful
life, information architecture, functional standards, data dictionaries, standard general ledger implementation, cross-servicing, general improvements, etc. Your topic-related comments and participation in this list are encouraged and welcomed.
____________________________________________ Chapter 5 — Look Who’s Talking! 83
Financial Technologies ([email protected]) - FinanceNet’s “Fin-Technologies”
list server is a free government distribution and discussion list that addresses all matters relating to
emerging technologies in governments. Your comments and participation in this list are encouraged and welcomed. Submissions to this list are liberally moderated for applicability to the topic.
General Public Finance Topics ([email protected]) - FinanceNet’s “General” list server
is a free government distribution and discussion list that addresses all matters relating to government financial management issues that do not conveniently fall into one of the categories represented by the other FinanceNet mailing lists. Your topic-related comments and participation in this
list are encouraged and welcomed.
GovSales ([email protected]). This list server is a free government distribution list that
announces matters relating to the public sale of all manner of assets, surplus, and property posted
by federal, state, and local governments. Included are notices for auctions and public sales and
information on hard, soft, and financial assets covering everything from loans and estates to boats
and cars. Traffic is light, especially as agencies “gear up” to participate in this list. This list is set
up as a “digest” so that subscribers receive only one message per day.
Government Finance Officer’s Association Mailing List - FinanceNet’s “GFOA” list server is
a free government distribution and discussion list that addresses all matters relating to the mission
of the Government Finance Officers The GFOA posts announcements and other important information via this mailing list. For information on this and other FinanceNet mailing lists, send email to [email protected]. To post information to the GFOA mailing list, send a message
to [email protected]. Your topic-related comments and participation in this list are encouraged and welcomed.
International Financial Management ([email protected]) - FinanceNet’s “International” list server is a free government distribution and discussion list that addresses all matters
broadly relating to international government financial management. Discussions can relate to topics such as government accounting, audits, financial statements, budgets, financial operations and
policy, controls, revenues and taxation, accountability and stewardship, and all other issues of
interest to international government financial managers and taxpayers. Issues and problems discussed and best practices offered cross geopolitical borders. Posts are accepted in multiple languages. This list also provides a communications medium for members of the International Consortium for Government Financial Management (ICGFM) and other international government professional financial management and accounting organizations. Your comments and participation
in this list are encouraged and welcomed. Submissions to this list are liberally moderated for
applicability to the topic.
84 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Local Government Elections and Technology ([email protected]) - FinanceNet’s “LEAT”
list server is a free government distribution and discussion list that addresses all matters relating to
the mission of government elections administrators. The list is sponsored and moderated by the
International Institute of Municipal Clerks (IIMC).
Municipalities and Townships ([email protected]) - FinanceNet’s “MuniNet” list server
is a free government distribution and discussion list that addresses all matters relating to financial
accountability and stewardship of municipalities, towns, and townships within larger geopolitical
jurisdictions. As in the “state-county” list, documents and discussions broadly relate to accounting
matters, bonds, revenues and taxation, budgets, systems, fees, licenses, audits, controls, payroll,
and all other issues of interest to clerks, and other local government financial management staff
and taxpayers. This list also provides a communications medium for the membership and agenda
issues for the International Institute of Municipal Clerks and other local government professional
organizations. Your comments and participation in this list are encouraged and welcomed.
National Association of Local Government Auditors ([email protected]). A list devoted to
issues and topics for city and county local government auditors. Subscribe to this list by sending
an e-mail message to [email protected].
News ([email protected]), FinanceNet’s free “News” list server, is the “master” announceonly list server (no discussions). All messages sent to ALL of FinanceNet’s topical and organizational financial management listservers are forwarded to this “master” listserv. The default has
been set to “weekly digest” — you will get only one message each week (on Wednesday). That
message will include all messages sent to all FinanceNet’s public listservers for the week ending
that Wednesday. The “news” Web archive is also the “master” archive for all of FinanceNet’s
public list server messages distributed from 12/10/98 forward.
Performance Measures ([email protected]) - FinanceNet’s “Perf-measures” list
server is a free government distribution and discussion list that addresses all matters relating to
government performance measures at federal, state, and local levels. Dialog can relate to the Government Performance and Results Act of 1993 (GPRA), outcome vs. output measures, statistical
presentation and reporting, performance measures impact, development, standards, compliance,
etc. Your topic-related comments and participation in this list are encouraged and welcomed.
Privatization ([email protected]) - FinanceNet’s “Privatization” list server is a free
government distribution and discussion list that addresses all matters relating to privatization of
government services at federal, state, and local levels. Your comments and participation in discusions
on this list are encouraged and welcomed. This list is sponsored by the National Council for Public
and Private Partnerships (NCPPP).
____________________________________________ Chapter 5 — Look Who’s Talking! 85
Procurement Issues ([email protected]) - FinanceNet’s “Procurement” list server
is a free government distribution and discussion list that addresses all matters relating to government procurement, acquisition, streamlining and reinvention, and electronic commerce at all levels of government. Your topic-related comments and participation in this list are encouraged and
welcomed.
Property Plant and Equipment ([email protected]) - FinanceNet’s “PP_E” list server is a
free government distribution and discussion list that addresses all matters relating to fully accounting for and reporting the costs of property, plant, and equipment held by federal, state/local, and
international government agencies. Historically, governments have often not maintained records
to fully account for PP&E costs. Issues may relate to developing and maintaining a complete
inventory, techniques for determining original cost, useful life considerations, accounting for agencyunique assets, capitalization thresholds, documentation and retention, and cost/benefit considerations. Your topic-related comments and participation in this list are encouraged and welcomed.
State & County Issues ([email protected]) - FinanceNet’s “State-County” list server
is a free government distribution and discussion list that addresses all matters relating to government financial stewardship and taxpayer accountability issues at state and county levels of government. Posts and discussions broadly relate to accounting matters, bonds, revenues and taxation,
budgets, systems, fees, licenses, audits, controls, payroll, and all other issues of interest to local
government financial managers and taxpayers. Your comments and participation in this list are
encouraged and welcomed.
The following is information provided by FinanceNet on subscribing and managing participation
on these mailing lists.
How to Subscribe
You can automatically subscribe to any FinanceNet Internet mailing list by following a few simple
procedures exactly. The list program will process your request and subscribe you to the list only
when your commands are worded correctly and in the proper sequence. It is important to remember that the “Listproc” program will not understand any commands, comments, or verbiage you
might send in the body of your message that do not precisely match the commands and instructions
described below. Additional verbiage will just confuse the software.
Although you may subscribe to as many FinanceNet mailing lists as you like, we suggest that you
subscribe to only one list per message. You will be able to subscribe to any of the lists by sending
a simple Internet e-mail message. To begin you must address your message to:
[email protected]
DO NOT address your subscription request (or other list maintenance or service request) to the list
name itself (i.e., [email protected]). Not only will your service request not be under-
86 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
stood or honored, your service message will go out to all subscribers of record for that particular
list. Your service request message will more than likely be confusing and an irritant to other subscribers. To repeat, all mailing list subscription service request messages must be sent ONLY to:
[email protected]
You may leave the subject blank on all list service requests. However, you may want to include one
for your own future reference. For example, if you wanted to subscribe to the FinanceNet list “intcontrols” you would include in the first line of the body of the mail message (case being unimportant) the command:
subscribe list name your name
Example: subscribe int-controls John Doe
You must use your true name (John Doe) in the command above (not your e-mail address) and,
again, send via e-mail to:
[email protected]
Rarely you may need personal attention from a live individual relating to a special mailing list
request or problem. In this case, send your e-mail comment or request to the list manager:
[email protected]
Contacting the list manager for anything other than compliments should be your last option, NOT
your first. The whole idea is that YOU manage your account with the list and the manager only
steps in when the need goes beyond what the list service will allow you to do.
How to Unsubscribe
To unsubscribe (sign off) from any FinanceNet e-mail list, simply send in the first line of the body
of a mail message the command:
unsubscribe list name
Example: unsubscribe int-controls
and send via e-mail to:
[email protected]
____________________________________________ Chapter 5 — Look Who’s Talking! 87
Again, DO NOT address your “unsubscription” or other service request to the particular mailing
list name itself. All such requests MUST go to the “listproc” address above. All service requests
do not require the subject line to be filled out, although you may do so for your own record keeping
if you like. If you send your “unsubscribe” request to the list itself you will NOT be unsubscribed,
and everyone on the list will receive a wasted message.
We enthusiastically encourage you to actively subscribe to and participate in FinanceNet mailing
lists by browsing and replying to messages. However, until you become accustomed to the structure and nature of the lists, you may want to just browse through the messages until you gain
confidence. Also, as you begin to acquaint yourself with the process, you may want to limit your
subscriptions to only those lists of particular interest. This will also reduce the likelihood of overloading your e-mail inbox.
How to Post (Send) Messages and Responses to the List
By default, everything you post to the list goes to every subscriber on the list, and the list may have
thousands of members. There are times when you only want to reply to the individual who posted
a particular message. Make sure you address your message to that individual rather than simply
using the reply option on your e-mail service. The reply option will send your message back to all
members of the list.
Quoting in a Reply
If your e-mail package allows you to quote the message you are replying to — USE IT. Do not
quote the whole message, just quote enough so that the other person understands what you are
replying to. Many members of a list get and send a lot of mail and they need a memory jogger as to
what you are talking about. If you do not have a quote feature, add a reminder as part of your reply.
Be Brief
This is a gray area that requires good judgment, but the general rule is to keep your posts to a list
short and to the point (this post is not a good example). Most subscribers are not looking for 10page books. If you have a lot to say, then send a message to the list announcing your book and how
they can request it. DO NOT drop a book into 2,000 mail boxes without permission. The practice
of dropping large messages on a list is also a problem for the list manager’s equipment. The
computer managing the list has to work overtime when someone posts a huge document to thousands of e-mail addresses.
To send a message to the entire list, always address it to the list itself:
list [email protected]
Example: [email protected]
88 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
You may subscribe to as many lists as you like, but you will need to keep in mind that should a
message ever be sent to all of the FinanceNet mailing lists (for instance, a general interest message
from the FinanceNet Core Team), you will get a duplicate message for every list to which you
subscribe.
Some Good General Mailing List Tips
A list service wants to avoid subscribing and unsubscribing users on a case-by-case basis. Individuals send subscription service commands directly to the list processor via e-mail messages
rather than relying on the list manager to manually and laboriously do it for them. FinanceNet
mailing lists are expected to develop thousands of subscribers, so it is not practical for the manager
to personally assist in subscription service requests unless absolutely necessary.
The Listproc software sends a message back to a new subscriber explaining how to unsubscribe
from the list, set various list service options, and get additional help. A good practice is to save that
document for future reference. A good way to manage this is to create a physical or electronic
directory/folder called Listproc (or whatever you like). Under that directory/folder, create directories for every list to which you subscribe. Next, store anything related to that service in its directory for future referral.
Change of Addresses
If you know your e-mail address is going to change, unsubscribe from ALL lists that you belong to
before the address changes. Then re-subscribe to them again using the new address. If you wait
until you are using the new address, the list manager will have to unsubscribe you from the list
under the old address. If were unable to unsubscribe before your address changed, send a subscribe message to the list and a second message to the manager asking that your old address be
removed.
The Digest Command
An excellent way to avoid e-mail inbox overloading, or to solve the problem of a currently overloaded e-mail inbox, is to use the “digest” command. This useful command will “digest” all messages posted to a particular mailing list by sending you only one message per day. That one message will include every message sent to the list that day with a handy “index” to all the posted
messages up font to help you sort through the day’s e-mail traffic.
The only disadvantage to setting the “digest” option is that it makes replying to any particular
message in the “digest” more difficult. To respond to a message buried within the “digest,” you
would manually jot down the address of the sender and then address a separate message as your
reply. We suggest you use the “digest” setting only when necessary should your e-mail inbox
become overloaded.
____________________________________________ Chapter 5 — Look Who’s Talking! 89
To set the “digest” option (for the “int-controls” example), include in the first line of the body of
an e-mail message the following command:
set <list> mail digest
Example: set int-controls mail digest
and send via e-mail to: [email protected]
The reversing listproc command to turn off digest option is:
set <list> mail ack
Example: set int-controls mail ack
WARNING: DO NOT send a list maintenance message for change of address, the setting of special options, or subscribe or unsubscribe messages to the lists themselves (example above). Your
list maintenance message will go out to every member of the list, much to their dismay. Send any
and all automatic list maintenance and service commands to:
[email protected]
Send special subscription requests, comments, or evaluations to:
[email protected]
Additional Mailing List Information
For additional information on FinanceNet Internet e-mail list commands, send the following request in the first line of the body of an e-mail message: help
and send to: [email protected]
For complete information on all FinanceNet services, send a blank e-mail message to:
[email protected]
You will automatically receive a response by return e-mail with complete details.
90 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Jobs and Career Discussion Groups
Accounting and Finance Employment Opportunities (JOBS-ACT). This is a moderated mailing list of employment opportunities for accounting and finance jobs, including cash management,
auditing, and tax (no entry level positions). To subscribe, send a message to [email protected] with the word SUBSCRIBE in the subject line and the body.
Do not include your name, address, or additional text in the subject line or the body of the message. Subscribers can obtain an archive file, which gives information on several employment BBS’s
around the nation by sending the command ARCHIVE JOBS-ACT to the list address.
Privacy Discussion Groups
Cypherpunks list is a forum for discussing personal defenses for privacy in the digital domain. It
is a high-volume mailing list. To join, send e-mail to [email protected] and, in the text of
your message (not the subject line), write: SUBSCRIBE cypherpunks-unedited.
Cypherpunks Announce is a low-volume announcements list which is moderated. Announcements for physical cypherpunks meetings, new software, and important developments are posted
there. To join, send e-mail to [email protected] and, in the text of your message (not the
subject line), write: SUBSCRIBE cypherpunks-announce.
Privacy Digest Discussion group covers all issues related to privacy, including government, credit
reporting agencies, and individual rights. Subscribe by sending an e-mail to [email protected] and leave the subject line blank. Type SUBSCRIBE in the body of the message.
The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS. It spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: information
privacy.
Security Discussion Groups
Security mailing lists represent important tools for auditors, network administrators, security officers, security consultants, and anyone who needs to keep current on security-related information.
Computer Risks covers industrial espionage, trade secrets, and computer security risks. Subscribe by sending e-mail to [email protected] and leave the subject line blank. Type SUBSCRIBE in the message area.
____________________________________________ Chapter 5 — Look Who’s Talking! 91
Firewalls Mailing List is a list server devoted to the subject of firewalls and Internet security.
Any auditor concerned with information security and the issue of firewalls should subscribe to this
list. The list generates a great deal of traffic on the subject of internet security and the construction
of firewalls. Subscriptions should be sent to [email protected] with the message subscribe firewalls-digest. I would recommend the digest version rather than the direct mail (nondigest) version.
Information Security Discussion List ([email protected])
INFSEC-L is an unmoderated Internet discussion list intended to foster open and constructive
communication among information security and auditing professionals in government, industry,
and academic institutions. Discussion is encouraged on a broad range of topics and issues related
to information security. Initial subscriptions to the list are screened by the list owner to ensure the
addition of only appropriate individuals. Send subscription requests to [email protected] with one line in the body of the letter: SUB INFSEC-L your name.
PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L) is a list server devoted
to PeopleSoft Security, Audit, and Control. To subscribe to this list, send an e-mail (with your
signature feature turned off) to: [email protected]. Include no subject line. In the
body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example: subscribe
PSSAC-L Jane Doe).
RACF-L ([email protected]) is a discussion list devoted to the topic of Remote
Access Control Facility. Auditors in organizations that use this security tool should consider subscribing to this e-mail discussion group. You can join this group by sending the message “sub
RACF-L your name” to [email protected]. Note: This is a high-volume list specifically
designed for audit and security personnel using RACF.
To get the latest network security news and information, use the following services:
[email protected] with “send index” in message
http://www.iss.net/
ftp://ftp.iss.net/pub/
Alert is a moderated list designed to keep the noise to a minimum and provide quality security
information. It covers topics such as security product announcements, security product updates,
new vulnerabilities, frequently asked questions (FAQs) on security, and new intruder techniques
and awareness. To join, send e-mail to [email protected] and, in the text of your message (not
the subject line), write: subscribe alert. To remove, send e-mail to [email protected] and, in the
text of your message (not the subject line), write: unsubscribe alert.
92 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Best-of-Security was created in order to compile information for the average security administrator. Best-of-Security is currently an unmoderated list. That may sound strange given its stated
purpose of massive entropy reduction, but because “best” often equates with “vital,” it is important that material sent to this list be delivered to its subscribers quickly.
If you find information from any source (including other mailing lists, newsgroups, conference
notes, papers, etc.) that fits into one of the acceptable categories, you should immediately send it to
“[email protected]”. Do not try and predict whether or not someone else will send
the item. Unless you are on a time-delayed mail vector, such as polled uucp, or the item has already
appeared on best-of-security, mail the info to the list! Even if it is a widely deployed piece of
information, such as a CERT advisory, the proceeding argument still applies. If the information
has not appeared on this list yet, SEND IT. It is far better to run the risk of minor duplication in
exchange for having the information out where it is needed than to act conservatively about the
occasional doubling up on content. To join, send e-mail to [email protected]
with the following in the body of the message: subscribe best-of-security.
The Bugtraq list is for detailed discussion of UNIX security holes — what they are, how to
exploit, and what to do to fix them. This list is not intended to be about cracking systems or
exploiting their vulnerabilities. It is about defining, recognizing, and preventing the use of security
holes and risks. Please refrain from posting one-line messages or messages that do not contain any
substance that can relate to this list’s charter. Please follow the below guidelines on what kind of
information should be posted to the Bugtraq list: information on Unix-related security holes/
backdoors (past and present), exploit programs, scripts or detailed processes about the above,
patches, workarounds, fixes, announcements, advisories or warnings, ideas, future plans or current works dealing with Unix security, information material regarding vendor contacts and procedures, individual experiences in dealing with above vendors or security organizations, and incident advisories or informational reporting. To join, send e-mail to [email protected] and, in
the text of your message (not the subject line), write: subscribe bugtraq.
CERT (Computer Emergency Response Team) advisory mailing list provides past advisories
and other information related to computer security, available for anonymous FTP from cert.org
(192.88.209.5). To join, send e-mail to [email protected] and, in the text of your message (not the
subject line), write: I want to be on your mailing list.
The CIAC (Computer Incident Advisory Capability) of DoE. CIAC manages the following
mailing list for its electronic publications: CIAC-Bulletin: CIAC Information Bulletins and Advisory Notices containing important, time-critical computer security information. To join, send email to [email protected] and, in the body of your message (not the subject line), write
any of the following examples: subscribe ciac-bulletin.
COAST Security Archive for the Computer Operations, Audit, and Security Technology
(COAST) Project. To join, send e-mail to [email protected] and, in the text of your
message (not the subject line), write: SUBSCRIBE coast.
____________________________________________ Chapter 5 — Look Who’s Talking! 93
The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard
P. Levine. It is gatewayed to the Usenet newsgroup comp.society.privacy. It is a relatively open
(i.e., less tightly moderated) list established to provide a forum for discussion on the effect of
technology on privacy. All too often technology is way ahead of the law and society as it presents
us with new devices and applications. Technology can enhance and detract from privacy. To join,
send e-mail to [email protected] and, in the text of your message (not the subject
line), write: subscribe cpd.
Computer Underground Digest or CuD is available as a Usenet newsgroup: comp.society.cudigest and covers many issues of the computer underground. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write:
SUB CUDIGEST.
Euro Firewalls deals with the issue from the European perspective. To join, send e-mail to
[email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE
firewalls-uk e-mail-addr.
Firewalls discussion lists provide useful information regarding firewalls and how to implement
them for security. This list is for discussions of Internet “firewall” security systems and related
issues. To join, send e-mail to [email protected] and, in the text of your message (not the
subject line), write: SUBSCRIBE firewalls.
HP, Hewlett Packard. The latest digest of new HP Security Bulletins will be distributed directly
to your mailbox on a routine basis. To join, send e-mail to [email protected] and,
in the text of your message (not the subject line), write: subscribe security_info.
Intrusion Detection Systems list is a forum for discussions on topics related to the development
of intrusion detection systems. Possible topics include techniques used to detect intruders in computer systems and computer networks, audit collection/filtering, subject profiling, knowledgebased expert systems, fuzzy logic systems, neural networks, methods used by intruders (known
intrusion scenarios), CERT advisories, scripts and tools used by hackers, computer system policies, and universal intrusion detection systems. To join, send e-mail to [email protected]
with the following in the body of the message: subscribe ids.
NTBugtraq is a mailing list for the discussion of security exploits and security bugs in Windows
NT and its related applications. To join, send e-mail to [email protected] and, in the
text of your message (not the subject line), write: subscribe ntbugtraq. To remove, send e-mail to
[email protected] and, in the text of your message (not the subject line), write:
unsubscribe ntbugtraq.
94 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
NT Security Mailing List is a moderated mailing list discussing Windows NT security as well as
the Windows 95 and Windows for Work Group security issues. The issues discussed include everything at the host and application level security as well as at the network level. To join, send email to [email protected] and, in the text of your message (not the subject line), write: subscribe
ntsecurity. To remove, send e-mail to [email protected] and, in the text of your message (not the
subject line), write: unsubscribe ntsecurity.
Risks is a digest that describes many of the technological risks that happen in today’s environment. To join, send e-mail to [email protected] and, in the text of your message (not the
subject line), write: SUBSCRIBE.
Secure NCSA http is a World Wide Web (WWW) server supporting transaction privacy and
authentication for Secure WWW clients over the Internet using the Secure HyperText Transfer
Protocol (S-HTTP). Secure NCSA httpd was developed by Enterprise Integration Technologies in
cooperation with RSA Data Security and the National Center for Supercomputing Applications at
the University of Illinois, Urbana-Champaign. The purpose of this mailing list (shttp-talk) is to
allow people who are interested in potentially using SHTTP to ask questions, air issues, express
concerns, and discuss the specification and reference implementation. Information about Secure
HTTP can be found on the CommerceNet WWW server. To join, send e-mail to [email protected] and, in the text of your message (not the subject line), write: SUBSCRIBE .
Secure Socket Layer - Talk is a mailing list to discuss secure sockets layer - Netscape’s approach
to providing encryption and authentication for IP-based services (primarily HTTP, but expanding
to address Telnet and FTP as well). To join, send e-mail to [email protected] and, in
the text of your message (not the subject line), write: SUBSCRIBE.
The Sneakers mailing list is for discussion of legal evaluations and experiments in testing various
Internet “firewalls” and other TCP/IP network security products. Vendors are welcome to post
challenges to the Internet network security community. Internet users are welcome to post anecdotal experiences regarding (legally) testing the defenses of firewall and security products. “Above
board” organized and/or loosely organized wide area tiger teams (WATTs) can share information,
report on their progress, or eventual success here. There is a WWW page with instructions on
unsubscribing as well as posting, and where notices and pointers to resources may be put up from
time to time: http://www.cs.yale.edu/HTML/YALE/CS/HyPlans/long-morrow/sneakers.html. To
join, send e-mail to [email protected] and, in the text of your message (not the subject
line), write: SUBSCRIBE Sneakers.
Sun Security Alert mailing list informs users of security information for SUN systems. To join,
send e-mail to [email protected] and, in the subject of your message write: SUBSCRIBE
CWS your-e-mail-addr.
____________________________________________ Chapter 5 — Look Who’s Talking! 95
UNINFSEC - University Info Security Forum is a closed, unmoderated discussion list for people
who have information security responsibilities in their jobs and who work for educational institutions or have a close relation with education. Discussions range from policy discussions, awareness programs, virus protection, change control, privileges, monitoring, risk assessments, auditing, business resumption, etc. To join, send e-mail to [email protected] and, in
the text of your message (not the subject line), write: subscribe uninfsec.
Virus Alert (VALERT-L) is an electronic mail discussion forum for sharing urgent virus warnings among other computer users. Postings to VALERT-L are strictly limited to warnings about
viruses (e.g., “We here at University/Organization X just got hit by virus Y - what should we
do?”). Follow ups to messages on VALERT-L should be done either by private e-mail or to VIRUS-L, a moderated, digested, virus discussion forum also available on this listserv,
[email protected]. Note that any message sent to VALERT-L will be cross-posted in the next
VIRUS-L digest. To preserve the timely nature of such warnings and announcements, the list is
moderated on demand (see posting instructions below for more information).
What VALERT-L is not? A place to do anything, other than announce virus infections or warn
people about particular computer viruses (symptoms, type of machine which is vulnerable, etc.).
To join, send e-mail to [email protected] and, in the text of your message (not the subject line),
write: SUBSCRIBE valert-l your name.
Virus-L is an electronic mail discussion forum for sharing information and ideas about computer
viruses. It is also distributed via the Usenet Netnews as comp.virus. Discussions can include (but
are not necessarily limited to) current events (virus sightings), virus prevention (practical and
theoretical), and virus-related questions/answers. The list is moderated and digested. That means
that any message coming in gets sent to me, the editor. I read through the messages and make sure
that they adhere to the guidelines of the list (see below) and add them to the next digest. Weekly
logs of digests are kept by the listserv (see below for details on how to get them). To join, send email to [email protected] and, in the text of your message (not the subject line), write: subscribe
virus-l your name.
WWW Security list is maintained by the www-security team of Network Services, Rutgers University Telecommunications Division. WWW-SECURITY is the official mailing list of the IETF
Web Transaction Security Working Group. While there are many approaches to providing security
services on the Web, most of the current work is concerned with securing the HyperText Transport
Protocol. Because of the great need for quick implementation of Web security services, HTTPlevel solutions cover a wide range of WWW applications, and the IETF is a proven forum for
promoting standards to vendors and the international networking community. To join, send e-mail
to [email protected] and, in the text of your message (not the subject line),
write: SUBSCRIBE www-security your_e-mail_address.
96 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Tax and Accounting Discussion Groups
Accounting and Tax Professionals in Public Practice and in Industry Discussion Lists - The
following lists are jointly owned and managed by Kent Information Services, Inc., and TAPNet. If
you have questions or need additional information about these lists, e-mail John Graves at
[email protected] or Jim Snell at [email protected]. Subscribe to these lists at http://
www.kentis.com/listsub.html.
AA-STDS-APP discusses actual accounting and auditing problems and how current standards
should be applied in those circumstances. Participants must agree that the names of the companies
that are the subject of discussion will not be identified, and opinions offered by participants will
not be relied upon as authoritative but only as a starting point for further research. All accounting
and auditing professionals are welcome to join this list.
CPA-INET-USE focuses on:
1. How CPAs in public practice are using the Internet to improve client service, lower costs, and
enhance revenues.
2. How CPAs in industry are using the Internet to enhance administration and productivity. The
Internet is a new tool being used by CPAs in innovative ways not predicted even a year ago.
This discussion group shares new ideas and lessons learned from successful implementations
as well as those that were not as successful. Home pages are submitted to this group for
evaluation and comment. All accounting and tax professionals are welcome to join this list.
CPA-MGMT-MRKTG - The CPA Management and Marketing list is dedicated exclusively to
subjects on managing and growing a CPA firm. The goal of the list is to be a forum for discussing
ideas, sharing problems, and communicating successes about firm management and marketing.
By participating in this group, practitioners have a place to turn for access to the most current ideas
and trends and to sound out ideas and plans in a supportive atmosphere. All tax and accounting
professionals in public practice are welcome to join this list.
MGMT-ACCT - The Management Accounting list discusses new issues and ideas relevant to
financial professionals working for both large and small companies. This list helps management
accountants cope with the increasing corporate demands for greater organization efficiency. Relevant topics include a range of practical issues from “strategies used to decrease lead times for
order fulfillment” and “choosing the right combination of organization benefits,” to “strategies
used in downsizing, strategic planning, and financial reengineering.” Tax and accounting professionals with an interest in management accounting are welcome to join this list.
TAX-PRCT-ISSUES - The Tax Practice Issues list is a discussion among tax professionals working in industry and public practice. The discussion focuses on how companies and tax practitioners are dealing with current tax issues. Members agree not to identify organization names during
these discussions or use the content of this list as a basis for taking a position before the IRS. By
____________________________________________ Chapter 5 — Look Who’s Talking! 97
participating in these discussions, tax professionals support each other by sharing information and
become more efficient and productive. Tax and accounting professionals with an interest in taxation are welcome to join this list.
Accounting Education Using Computers and Multimedia (AECM-L) - This list/interest group
provides a forum for discussions of all hardware and software that can be useful for accounting
education at the college/university level. Hardware includes all platforms. Software includes spreadsheets and related templates, practice sets, multimedia authoring and presentation packages, database programs, tax packages, instructor-developed applications, etc. Loyola College in Maryland,
which has an AACSB-accredited accounting program, serves as the host to the list, which was
established in February 1994. It was the first list/group for accounting education on either Bitnet
or Internet.
AECM-L provides an unmoderated environment where issues, questions, comments, ideas, and
uses of educational accounting software and related hardware can be freely discussed. As is the
case on all unmoderated lists, the topics and discussions are limited only by the imagination and
interest of its subscribers. Members are welcome to take an active role by posting to AECM-L or
an inactive role by monitoring the list. This list brings together accounting faculty, authors, developers, publishers and anyone else with an interest in using computers and multimedia in accounting education. Subscribers are encouraged to ask questions, share ideas and information, and discuss experiences they have had with various educational accounting software and hardware products. Possible topics include:
· Computer applications in managerial/systems/tax, etc.
· AECC curriculum revisions and computer-based pedagogical approaches to support these
changes.
· Notable educational accounting software and hardware, as well as inferior products one
should avoid.
· Information about related conferences, workshops, and seminars.
· A discussion of articles, books, and notes which subscribers find to be stimulating and
worthwhile.
· “What’s the best software to use for my [blank] course?”
· “In what direction is educational accounting software evolving?”
· “How can I get [product] to do [function]?”
IMPORTANT - Mail sent to the list/group must be addressed to:
[email protected]
(Internet users)
All mail sent to an above address is automatically forwarded to all list/group subscribers. If you
reply to a question, observation, etc., using the REPLY command, your response will also be
forwarded automatically to all subscribers. If you wish to respond privately to the original sender,
you must locate that person’s address on the “From:” line of the mail header and address the
98 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
response directly to them. This list is NOT listserv-based. MAILSERV supports the following
commands, among others:
HELP - Ask for the HELP file.
SUBSCRIBE - Subscribe to a list.
UNSUBSCRIBE - Unsubscribe to a list.
To subscribe to AECM_L, send the message SUBSCRIBE AECM-L to
[email protected]. MAILSERV accepts only mail messages, not interactive SENDs
or TELLs. To unsubscribe to the AECM-L list, send the message UNSUBSCRIBE AECM-L to
[email protected].
(Notice that you do not need to give a subscription name or address. MAILSERV gets them from
your e-mail.) Questions regarding this list should be addressed to the owner: E. Barry Rice Internet: [email protected].
American Accounting Association Government and Nonprofit Section mailing list (AAAGNPL). The purpose of this list is to share information of specific interest to AAA GNP members,
including notice of upcoming AAA GNP meetings and their agenda, and to facilitate discussions
on various topics of interest to AAA GNP members. In general, this newsgroup is of interest to
anyone in the government or nonprofit areas of accounting, especially those interested in academic research in areas such as governmental auditing and finance, public choice, public interest,
and the U.S. Governmental Accounting Standards Board standard-setting process and behavioral
accounting research relating to governments. The AAA GNP newsgroup is sponsored by the International Accounting Network (ANet). To subscribe, send the following e-mail message: subscribe
AAAGNP-L yourfirstname yourlastname to [email protected].
ANet Mailing Lists
The ANet is a cooperative venture of a number of individuals around the world that seeks to
provide a networked, electronic forum for the exchange of information and discussion of issues in
the auditing and accounting discipline. One of the major services provided by ANet is more than
30 mailing lists in a range of areas. The principal mailing list is ANews-L, which provides information on a variety of upcoming events, new publications, and important developments on the
Internet. Lists are both open and closed. Open lists are available for everyone to see and use.
Closed lists are for specific purposes and have limited membership. ANet also maintains archives
of certain mailing lists. Descriptions of the available ANet mailing lists, moderation status, and
whether the respective lists are open or closed are provided below. Send requests for the lists to
[email protected] with Subscribe Listname in the body of the message. Following are the lists
distributed by ANet:
____________________________________________ Chapter 5 — Look Who’s Talking! 99
AAAES-L ([email protected]) - American Accounting Association AI/ES Section Newsletter. The American Accounting Association AI/ES Section Newsletter list. Note: There is no
discussion on this list. Archives of the list are maintained.
AAATC-L ([email protected]) - American Accounting Association Teaching and Curriculum Section Newsletter. The American Accounting Association Teaching and Curriculum Section
Newsletter list. Note: There is no discussion on this list. Archives of the list are maintained.
AAccSys-L ([email protected]) - Discussion on all matters concerned with accounting
information systems theory and practice.
AAcrdn-L ([email protected]) - Accounting Program Accreditation. The purpose of the
AAcrdn-L list is to provide an open forum for the exchange of ideas, concerns, questions, or
comments by individuals involved with their department/school/unit’s efforts to obtain either
American Assembly of Collegiate Schools of Business first time or reaccreditation of their school’s
accounting programs. The primary focus of the list is AACSB accounting accreditation in the
U.S., but general business school accreditation items that relate to the accounting accreditation
process are welcome. General issues of accreditation that might encompass accounting programs
in other countries are welcome on the general ANet teaching and curriculum list, ATeach-L. The
AAcrdn-L list is intended as a forum for those seeking AACSB accreditation in accounting, those
thinking about entering the accreditation process, and those who are already accredited. The list is
intended to serve as an independent support vehicle to the AACSB accounting accreditation work
efforts of schools and is not affiliated with the AACSB in any official or unofficial way. The
purpose of the list is not to debate the overall merits of AACSB or any other accreditation process;
rather it is hoped that the list can serve as a continuous virtual meeting place for individuals who
are involved in AACSB accounting accreditation efforts. Archives of the list are maintained.
AAudit-L ([email protected]) - Moderated list to discuss all aspects of external and internal audit. Archives of the list are maintained.
ABooks-L ([email protected]) - A mailing list that allows authors and publishers to advertise the arrival of new books in the discipline. Comment: Be warned - unashamed advertising
allowed in this mailing list. Archives of the list are maintained.
ADble-L ([email protected]) - Double Entries is produced weekly by a group of volunteers
from the profession and academia. It is designed to provide brief news on accounting and auditing
around the world and is available both by e-mail and on the World Wide Web.
AEthics-L ([email protected]) - Moderated list to discuss the ethical dimension of accounting and auditing. Archives of the list are maintained.
100 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
AEthnog-L ([email protected]) - Moderated list to discuss the ethnographic dimension of
accounting and auditing. Archives of the list are maintained.
AFinAcc-L ([email protected]) - Moderated list that discusses all aspects of financial
accounting. If the demand warrants, this may need to be supplemented by country-specific mailing
lists. Archives of the list are maintained.
AGvNFP-L ([email protected]) - Moderated list concerned with the discussion of accounting for government and not-for-profit organizations. Archives of the list are maintained.
AIntAcc-L ([email protected]) - Moderated list that discusses all aspects of international
accounting. Archives of the list are maintained.
AIntSys-L ([email protected]) - Moderated mailing list that discusses the application of
intelligent and expert systems to accounting and management. Archives of the list are maintained.
AJobs-L ([email protected]) - Moderated list that carries academic job announcements.
Contact the ANet team for information. Archives of the AJobs-L list are maintained.
AMgtAcc-L ([email protected]) - Moderated management accounting list. Archives of
the list are maintained.
ANews-L ([email protected]) - A low-volume, high-quality mailing list that concentrates on
news of journals, conferences, seminars, and other matters of interest to the academic accounting
community. If you want only minimal contact with ANet, subscribe to this “news only channel.”
Archives of the list are maintained. This mailing list is unidirectional. Any information posted to
ANews-L is incorporated into a single digest and posted periodically.
AOilAcc-L ([email protected]) - Moderated list that discusses accounting for extractive
industries, including oil and gas. Archives of the list are maintained.
AProfsn-L ([email protected]) - Moderated list that discusses the nexus between academia
and the accounting and auditing profession with particular emphasis on improving the relationship
and cooperation between the two elements. Archives of the list are maintained.
ASocial-L ([email protected]) - Moderated list that discusses all aspects of accounting in
its behavioral and sociological context. Archives of the list are maintained.
AStdnt-L ([email protected]) - This list enables student-to-student contact around the world.
Archives of the list are maintained.
____________________________________________ Chapter 5 — Look Who’s Talking! 101
ATax-L ([email protected]) - Moderated list to discuss all accounting and other tax-related
issues. Archives of the list are maintained.
ATeach-L ([email protected]) - Moderated list that discusses developments in the teaching,
learning, and curriculum design of accounting and auditing. Archives of the list are maintained.
ATechno-L ([email protected]) - Moderated list of accounting and technology investment
issues.
ATwoYear-L ([email protected]) - Moderated list is devoted to teaching and learning in
the two-year community college system in the United States. Archives of the list are maintained.
Closed Mailing List Details
There are a number of ANet mailing lists whose membership is closed.
AAccWeb-L - A closed list for ANet and other developers of a multinational, multi-institutional
World Wide Web server of accounting information. For further information contact Roger Debreceny
<[email protected]> No archives of the list are maintained.
ANetDev-L - This closed, moderated list discusses the development of ANet and is particularly
designed for moderators and those involved with the management of the network. No archives of
this list are maintained. Moderator: Roger Debreceny, Southern Cross University, Australia.
ARes00-L - Moderated ANet service to the academic accounting community, a number of
unmoderated and closed lists are provided to academics who are working on group research projects.
They facilitate teams that have more than two members where normal e-mail is a nuisance. Once
the ANet management team has established the membership of the list, the list is then left to its
own devices. No archives of these lists are maintained and membership can, if desired, be concealed. If you would like to use one of these lists, please e-mail [email protected].
Can-AccTech is a discussion list where Canadian accountants and financial professionals can
swap ideas, problems, and experiences in an open, unmoderated exchange of views and comments. The Can-AccTech discussion forum may lead to the development of further information
sources and assistance in technology matters specifically geared to the needs of accountants and
financial professionals. To join Can-AccTech, send an e-mail message to
[email protected] and in the message body state: subscribe can-acctech. You will receive, via return e-mail, an acknowledgement of your free subscription along with information on
how you can participate in Can-AccTech. If you have any questions about Can-AccTech, please email the list owner, Richard Morochove, at: [email protected].
102 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Cost Accounting Discussion List - The Southeast Conference on College Cost Accounting sponsors this list dealing with cost accounting issues, OMB Circulars A-21, A-110, A-128, and other
related issues. To subscribe, send message to [email protected].
CPAS-L Internet Accounting List/Forum for CPAs is a free list/forum for CPAs in public
practice, private industry, and government. The list is hosted by Loyola University Department of
Accounting. It provides an unmoderated forum for discussion of all aspects of the practice of
accounting. Subscribe by sending an e-mail to [email protected] and leave the subject line
blank. The message should read: SUBSCRIBE CPAS-L firstname lastname firm/organization/
organization.
CTI-CCC-AUDIT - Auditing and accounting mailing list sponsored by the CTI Centre for Accounting, Finance and Management at the School of Information Systems, University of East
Anglia, UK. The list is open to anyone interested in auditing and wanting to be in contact with
others with similar interests. This is a listserv. To subscribe, send an e-mail message to
[email protected] and state in the message: Join cti-acc-audit firstname lastname.
FedTax-L Discussion list (unmoderated), supported by Sam Houston State University of
Huntsville,Texas, provides discussion of federal taxation issues from both a practitioner’s and
academic viewpoint. The discussions cover trends, regulatory actions, and an idea exchange forum. Archives for this list are available via anonymous FTP at niord.shsu.edu/fedtax-l and from
the gopher site:niord.shsu. Subscribe by sending a message to [email protected] with the word
subscribe.
Internet Guide for Accounting Discussion List (http://www.swcollege.com/acct/inet_acct/
subscribe.html) is for exchanging information relating to accounting professionals’ use of the
internet. Free subscription is available from the site.
Microsoft Network Industry Accounting Forum (http://www.microsoft.com/industry/acc/) Site includes articles and products of interest to accountants. There is a downloadable version of
Microsoft’s Software Auditing Resource Kit for designing software audit applications.
Real Estate Accounting Professionals Forum (http://www.reap.com/reap/) site, sponsored by
a financial products vendor, includes a discussion area with topics on software support and managerial issues. There are software reviews, sample products, and links to related Internet resources.
Tax Analysts Discussion Groups nonprofit corporation that moderates various e-mail discussion
groups. Archives are available at http://205.177.50.2/groups.htm.
____________________________________________ Chapter 5 — Look Who’s Talking! 103
The following discussion lists are hosted by representatives of the Tax Analyst group. Interested
auditors may subscribe to a group via e-mail by selecting the group’s address below. In the body of
your e-mail message, type “subscribe,” followed by your e-mail address.
Subject
Accounting
Financial Institutions
Tax-Exempt Bonds
Bankruptcy & Insolvency
Business Tax Issues
Criminal Violations
Employment Taxes
Estate, Gift, Trusts
Excises and User Fees
Exempt Organizations
Farm and Ranch
Individual Income Taxes
International Taxation
Legislation and Policy
Natural Resources
Partnership Taxation
Pensions, Benefits, ERISA
IRS Practice, Procedure
Real Estate
S Corporations
State and Local Taxes
Subscription Address
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Usenet News Discussion Groups for Auditors
What is a newsgroup and why should you use one? A newsgroup is a bulletin board. Readers who
are interested in that newsgroup’s particular topic can read and respond to messages posted on the
bulletin board by other readers. Generally, there will be different “threads” of discussion going on
at the same time, but they all share some common theme. There are approximately 900 newsgroups,
with more being added all the time.
There are two types of newsgroups: moderated and unmoderated. A moderated newsgroup does
not allow individuals to post directly to the newsgroup. Rather, the postings go to the newsgroup’s
moderator who determines whether or not to pass the posting to the entire group. An unmoderated
newsgroup allows a reader to post directly to the other readers.
104 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Many auditors may not be aware that there is a Usenet newsgroup targeted to internal auditors.
Newsgroups contain messages from people who participate in them. Each message includes the
name of the author, subject, date and time of posting, the name of the originating computer system,
and the body of the message.
How do I subscribe to a newsgroup? You do not subscribe to a newsgroup. Either you get the
service through an Internet service provider or commercial online service or you gain access through
your corporate Internet access. If there is one you want, you can ask the systems administrator to
try to get it for you. Access to newsgroups via a corporate or organization Internet connection
depends on policy decisions for this type of activity.
What is netiquette? There are some guidelines that apply for communicating in newsgroups that
financial professionals should follow. These guidelines are referred to as “netiquette.”
• Read the topics and subject matter to become familiar with the thread of the discussion before
participating. This will give you a certain comfort level before contributing your own views.
Read messages carefully and make sure you understand exactly what the message is before
responding.
• Choose newsgroups of particular interest to you and your organization. Newsgroups can generate a large volume of messages and may become time consuming to read and respond to.
What began as a perceived productivity tool may become a productivity inhibitor. Add or
remove a newsgroup based on a benefit analysis. If the time spent monitoring and reading the
messages is not beneficial, then remove the newsgroup from your daily routine.
• Newsgroup privacy is an oxymoron. There is no privacy in newsgroups because it is a public
forum. Therefore, post only those messages that you would feel comfortable posting in an
open environment.
• Identify personal opinions as just that. If you are participating in a newsgroup and using your
organization name in either the e-mail address or your signature line, be sure that you are not
misrepresenting or conflicting with your organization’s position on issues. This could be a
career deterrent if you embarrass your organization.
• Respond by posting to the newsgroup when it is appropriate as a follow-up to a specific posting and is beneficial for all members to read. Many messages posted to newsgroups could be
answered with a post directly to the sender of the message, thereby reducing the traffic of
useless group information. Include the original sender’s message when posting follow-up to
the group so that the original sender is identified and everyone understands the message and
response.
____________________________________________ Chapter 5 — Look Who’s Talking! 105
• Offensive language is no more appropriate in a newsgroup than it would be in the office. Do
not use it. Using ALL CAPS is e-mail for shouting and is considered rude.
• “Electronic Progress Through Sharing” is a major benefit of this type of forum. The more
auditors and accountants that participate in the discussion, the greater the likelihood that more
members of the newsgroup will receive the benefits. Greater active participation by individual
auditors and accountants yields greater returns for the participants and their organizations.
• If your organization has Internet access to Usenet, identify those newsgroups that are appropriate for the organization and ask your newsgroup administrator to add them. If your organization does not have access, use an Internet service provider such as NetCom, or PSI, or one of
the online services such as America Online or CompuServe.
Usenet Newsgroups for Auditors
ABIA (Alt.business.internal-audit) - Internal audit newsgroup formed for discussion of internal
auditing related subjects. Open forum to share ideas, proposals, experiences, hopes, fears, and
vulnerabilities. Access via Usenet newsreader, or on America Online Internet Center, or GO Usenet
on CompuServe. Contribute to the newsgroup via your Usenet newsgroup or send mail for the
newsgroup to: [email protected] or [email protected]
Frequently Asked Questions (FAQs) on ABIA
The following represent frequently asked questions about the alt.business.internal-audit Usenet
newsgroup. The document was adapted from RFC1855 by Charles Bury, Auditor, U.S. Department of Education.1
alt.business.internal-audit Posting FAQ
Abstract
This document provides a minimum set of guidelines for Network Etiquette (Netiquette) that
alt.business.internal-audit users should attempt to follow. Please pay particular attention to the
instructions regarding information to be included on the SUBJECT line.
1
Hambridge, S.,”RFC 1855 - Netiquette Guidelines,” <URL: ftp://rs.internic.net/rfc/rfc1855.txt> author’s e-mail:
[email protected].
106 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
General Guidelines for Mailing Lists and NetNews
Read both mailing lists and newsgroups for one or two months before posting anything. This will
help you to get an understanding of the culture of the group. This guideline is optional, but you
should at least have read this FAQ2 and all current messages in the newsgroup before posting for
the first time.
Consider that a large audience will see your posts. That may include your present or your next
supervisor. Take care in what you write. Remember that mailing lists and newsgroups are frequently archived, and that your words may be stored for a long time in a place to which many
people have access. Assume that individuals speak for themselves, and what they say does not
represent their organization (unless stated explicitly).
Remember that both mail and news take system resources. Pay attention to any specific rules
regarding their uses that your organization may have.
Messages and articles should be brief and to the point. Do not wander off-topic, do not ramble, and
do not send mail or post messages solely to point out other people’s errors in typing or spelling.
This type of behavior will mark you as an immature Internet beginner.
SUBJECT lines should follow the conventions of the group. For alt.business.internal-audit all
posts must relate to the subject of auditing. To help readers of the group identify that your article
is specifically related to auditing, please begin the SUBJECT line with “AUDIT:”; if the article
relates to the use of the newsgroup itself, the SUBJECT should begin with “ADMIN:”; for the rare
advertisements that relate to auditing (i.e., conferences, software, etc.) the SUBJECT should begin
with “ADVERTISEMENT”; and for employment-related articles please begin the SUBJECT with
“AUDIT POSITION OFFERED” or “AUDIT POSITION WANTED.” The geographic location of
the position should be included in the SUBJECT line as well.
Advertising is welcomed on some lists and newsgroups and abhorred on others. This is another
example of why it is important to know your audience before you post. Unsolicited advertising
that is completely off-topic will most certainly guarantee you a lot of hate mail.
If you are sending a reply to a message or a posting, be sure you summarize the original at the top
of the message, or include just enough text of the original to give a context. This will ensure that
readers understand when they start to read your response. Since NetNews is proliferated by distributing the postings from one host to another, it is possible to see a response to a message before
seeing the original. Giving context helps everyone. But do not include the entire original!
2
ABIA FAQ <URL: http://www.netaxs.com/~edoig/abiafaq.txt> author’s e-mail: [email protected].
____________________________________________ Chapter 5 — Look Who’s Talking! 107
It is recommended that you have a signature that you attach to your message. This will guarantee
that any peculiarities of mailers or newsreaders, which strip header information, will not delete the
only reference in the message of how people may reach you.
Be careful when you reply to messages or postings. Frequently, replies are sent back to the address
that originated the post, which in many cases is the address of someone else answering the original
question. You may accidentally send a personal response to the wrong person. It is best to type in
the address instead of relying on “reply” when sending a response by e-mail only. If you find a
personal message has gone to a list or group, send an apology to the person and to the group.
If you should find yourself in a disagreement with one person, make your responses to each other
via mail rather than continuing to send messages to the list or the group. If you are debating a point
on which the group might have some interest, you may summarize for them later. Do not get
involved in flame wars. Do not post or respond to incendiary material. Avoid sending messages or
posting articles that are no more than gratuitous replies to replies.
Be careful with monospaced fonts and diagrams. These will display differently on different systems, and with different mailers on the same system.
NetNews Guidelines
NetNews is a globally distributed system that allows people to communicate on topics of specific
interest. It is divided into hierarchies, with the major divisions being sci – science-related discussions; comp – computer-related discussions; news – for discussions that center around NetNews
itself; rec - recreational activities; soc - social issues; talk - long-winded, never-ending discussions; biz – business-related postings; and alt - the alternate hierarchy. Alt is so named because
creating an alt group does not go through the same process as creating a group in the other parts of
the hierarchy. There are also regional hierarchies and hierarchies that are widely distributed, such
as Bionet. Your place of business may have its own groups as well.
Recently a “humanities” hierarchy was added, and as time goes on it is likely that more will be
added. In NetNews parlance, “posting” refers to posting a new article to a group, or responding to
a post someone else has posted. “Cross-posting” refers to posting a message to more than one
group.
If you introduce cross-posting to a group, or if you direct “Follow-up To:” in the header of your
posting, warn readers! They will usually assume that the message was posted to a specific group
and that follow-ups will go to that group. Headers change this behavior.
Read all of a discussion in progress (we call this a thread) before posting replies. Avoid posting
“Me Too” messages, where content is limited to agreement with previous posts. Content of a
follow-up post should exceed quoted content.
108 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Send mail when an answer to a question is for one person only. Remember that news has global
distribution and the whole world probably is not interested in a personal response. However, do
not hesitate to post when something will be of general interest to the newsgroup participants.
Check the “Distribution” section of the header, but do not depend on it. Due to the complex method
by which news is delivered, distribution headers are unreliable. If you are posting something that
will be of interest to a limited number of readers, use a distribution line that attempts to limit the
distribution of your article to those people. For example, set the distribution to be “nj” if you are
posting an article that will be of interest only to New Jersey readers.
If you feel that an article will be of interest to more than one newsgroup, be sure to cross-post the
article rather than individually posting it to those groups. In general, probably only five or six
groups will have similar enough interests to warrant this.
Consider using reference sources (manuals, professional journals, ASAP3, AuditNet4, GARP5,
etc.) before posting a question. Asking a newsgroup when answers are readily available elsewhere
generates grumpy “RTFM” (Read The Fine Manual - although a more vulgar meaning of the word
beginning with “f” is usually implied) messages.
Although there are newsgroups that welcome advertising, this is not one of them. If you have an
audit-related product that you want to advertise in this group, clearly identify your posting by
beginning the SUBJECT line with “ADVERTISEMENT:”. Your post should consist of no more
than 10 lines, which should primarily consist of guidance on how the reader can contact you for
further information. Under no circumstances should advertising for products unrelated to auditing
be posted to this group.
If you discover an error in your post, cancel it as soon as possible. DO NOT attempt to cancel any
articles other than your own. Contact your administrator if you do not know how to cancel your
post, or if some other post, such as a chain letter, needs canceling.
If you have posted something and do not see it immediately, do not assume it has failed and re-post
it. Some groups permit (and some welcome) posts which in other circumstances would be considered to be in questionable taste. This group does not.
3
Auditors Sharing Audit Programs <URL: http://www.auditnet.org/asapind.htm/> If you would like to contribute an
audit program send it via e-mail to [email protected] or [email protected].
4
Kaplan’s AuditNet Resource List <URL: http://www.auditnet.org/karlhome.htm> author ’s e-mail:
[email protected].
5
The Government Auditors’ Resource Page <URL: http://www.netaxs.com/~edoig/GARP.html> author’s e-mail:
[email protected].
____________________________________________ Chapter 5 — Look Who’s Talking! 109
Forging of news articles is not permitted. You can protect yourself from forgeries by using software that generates a manipulation detection “fingerprint,” such as PGP (in the U.S.).
Postings via anonymous servers are acceptable. However, your comments and questions are most
useful when they can be placed in context. Material that is inappropriate when posted under one’s
own name is still inappropriate when posted anonymously.
FinanceNet Discussion Groups
The following information is part of FinanceNet’s documentation for their newsgroups.
Instructions for Posting to FinanceNet Newsgroups via E-Mail
One way to improve financial management is for financial professionals to be able to communicate daily with one another in a “forum” in which one can post and receive answers and solutions
to questions and problems encountered in daily work. The Internet Usenet or newsgroups provide
that unique opportunity. The preferred access to FinanceNet’s newsgroups and discussion forums
is by newsreader or by Web browsers that provide newsgroup access. To reach the “financenet”
newsgroups, point your newsreader’s news (NNTP) server to news.financenet.gov and subscribe
to any one of FinanceNets’ newsgroups.
However, for those financial professionals who do not have high-level Internet tools, FinanceNet
provides all newsgroup messages on its Gopher server with the additional facility to respond by
regular Internet e-mail. You should be aware that the method of threading (sequencing of related
messages) may not be as readable or “user friendly” as you would likely find had you accessed via
either Usenet newsreader or a Web browser.
The newsgroup Gopher directories contain mirror images of all messages sent to FinanceNet
newsgroups from all sources, i.e., newsreaders, WWW, and e-mail. Each Gopher directory is a
newsgroup that corresponds to one of the FinanceNet public mailing lists. Many messages moderated as inappropriate for distribution to a certain FinanceNet mailing list may well be considered
interesting and appropriate material for the corresponding newsgroup(s). Such messages are posted
to the newsgroup(s) and bear the “moderation desk” name “[email protected].” Such messages are
forwarded from subscribers and users and not “created” or “sourced” by FinanceNet. Messages
will appear on these directories for one month before being deleted.
How To Post Messages to These Newsgroups via E-Mail
Again, even without a newsreader, you will have the capability to reply to any newsgroup message
posted by sending a regular Internet e-mail message to a certain FinanceNet address. In replying,
we suggest that you copy to the clipboard (in Windows: Ctrl+Ins) a portion of any message to
110 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
which you want to respond and then paste it (in Windows: Shft+Ins) into the body of your responding message. It may also be useful to put the identifier, “>”, at the beginning and end of the text
copied. This will assist others in identifying the comments you are responding to since the threading sequence on the Gopher may not always be very efficient.
The protocol for mailing to a newsgroup is slightly different from that for the mailing list. For
instance, the mailing list called “[email protected]” will have a corresponding newsgroup
called “[email protected]” (note the word “news-” in front).
After composing your regular e-mail message (be sure to include your own personal e-mail address in the body if you want a return reply), address your message to the appropriate newsgroup
that carried the message to which you are responding. For example, if you read a message on the
“Financial Audits” (fin-audits) newsgroup directory, you will address your Internet message to
“[email protected].”
It is also important to try to make the subject of your message read the same as the message to
which you are responding. This assists in the “threading” process and augments thematic continuity on the Gopher.
The names of the newsgroups that correspond to our public mailing lists are provided below (with
the Reply hotlink at the end). Each is a particular Internet e-mail address to which you may send
your message.
E-Mail newsgroups and addresses for FinanceNet newsgroups via Gopher:
FinanceNet Discussion Forms
1. Association of Government Accountants ([email protected])/
2. Accounting Related News and Notices ([email protected]../
3. BudgetNet ([email protected])/
4. Calendar ([email protected])/
5. Financial Audits ([email protected])/
6. Finance Related Job Opportunities. ([email protected])/
7. Financial Policy ([email protected])/
8. Financial Reporting ([email protected])/
9. Financial Systems ([email protected])/
10. Financial Training ([email protected])/
11. Financial Management News, Notices and Announcements ([email protected])
12. General Public Finance Information ([email protected])
13. Government Financial Officers Association ([email protected])
14. Government Asset Sales News, Notices & Announcements ([email protected])
15. Internal Controls ([email protected])
16. Municipal and Town Financial Management ([email protected])
____________________________________________ Chapter 5 — Look Who’s Talking! 111
17.
18.
19.
20.
21.
Payroll Issues ([email protected])
Performance Measures ([email protected])
Procurement ([email protected])
State and County Government Issues ([email protected])
Travel Issues ([email protected])
For further assistance and instructions, send e-mail to: [email protected].
Tax Usenet Groups
Usenet FAQ (Frequently Asked Questions)
Copies of the misc.taxes FAQ as well as those for other newsgroups may be obtained by anonymous FTP from rtfm.mit.edu. For the misc.taxes faq look under /pub/usenet/news.answers/taxesfaq (this is part1). Or send e-mail to [email protected] with send usenet/news.answers/
taxes-faq/part1 in the body of the message, leaving the subject line empty.
Misc.taxes Usenet Newsgroup. Accessible by any Usenet newsgroup reader. The group’s broad
charter is: Tax laws and advice. To read previous posts of misc.taxes, go to the searchable message
base: gopher://niord.shsu.edu/11gopher_root%3a%5b_DATA.FILESERV us.finance.taxes. This
group is for the discussion of preparing U.S. tax returns as well as the planning and structuring of
personal and household finances with regard to U.S. tax laws. Practical questions and answers
about tax returns and tax planning are completely appropriate. Participants should be aware that
they need to seek the professional help of an accountant or attorney for advice that they can completely rely on. All U.S. taxes are discussed in this group, including but not limited to income,
estate, and excise taxes. Additional groups can be split off to cover specialized topics when traffic
warrants. Advertising is not appropriate in this group, although neutral reviews of tax-related
products or services are appropriate. Arguments and discussions concerning the politics, ethics, or
history of the U.S. tax system are specifically not appropriate to this group. The group is
unmoderated.
us.politics.taxes. This group is for the discussion of the politics, ethics, and history of the U.S. tax
system. Any discussion of U.S. taxes that is not related to personal, household, or business finance is appropriate in this group. Questions and answers about tax preparation and tax planning
should not be posted to this group. Advertising is not appropriate in this group. The group is
unmoderated.
112 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Interview: Harald Will, President, ACL Services Ltd.
(http://www.acl.com)
ACL Services Ltd. is a privately held company based in Vancouver, Canada, with offices in Brussels and Singapore and representatives in over 30 countries worldwide. Since 1987 ACL has provided market-leading technology and services for data inquiry, analysis, and reporting. ACL is the
only global organization dedicated to providing an integrated solution for the audit professional.
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
The concept of creating and leveraging value and knowledge from digital literacy is the very
foundation upon which ACL was built. As far back as the 1970s, before this notion was generally accepted, we recognized/foresaw/anticipated the need for audit and related professions to
extract and present valuable business information through automated and interactive auditing of data. Auditors were being asked to access data from many environments and perform
various audit tasks, yet no tool or solution was available. As a result, ACL was born! Consequently we have been educating and supporting all auditors, not just EDP auditors, through
provision of the tools and training so that they may flourish in the age of the digital explosion.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
As an industry leader and an active member of the international audit community, we have a
responsibility to share information, education, and best practices with our global audience of
users and non-users alike. The Internet is a perfect conduit for both disseminating and receiving timely and relevant industry information. Specifically, we participate in a number of thirdparty on-line forums and chat areas as well as host various industry-specific electronic listservs
for our clients. Additionally, our own Web site – www.acl.com – contains a wealth of information, which serves as a valuable resource available to anyone, anytime, from anywhere in the
world. Our Web site also offers links to many other useful Web locations. ACL actively contributes to other knowledge sites such as accountantsledger.com, as well as ITAudit.org – the
information technology education site of The IIA - of which we are the founding sponsor.
Q. How has your organization integrated the use of the Internet into auditing?
Being an audit technology provider, we have certainly recognized the importance of auditing
through the Internet. Consequently, our software incorporates Internet associated features
such as the ability to export to HTML, which allows ACL reports to be posted on organization
intranets. This feature also allows automated ACL routines (batches) to be loaded onto the
intranet and shared by auditors from different departments, locations, or countries, thereby
____________________________________________ Chapter 5 — Look Who’s Talking! 113
ensuring consistency and achieving efficiencies across an organization. Another important
Web specific feature is our software’s ability to continuously monitor and send e-mail notification to specified personnel once “exceptions” are identified. Auditing through the Internet
allows for both the distribution of critical information and response in a timely manner.
Q. What Internet resources do you use, and how have they helped you and your organization?
Mining the internet is a good source of both technical and audit information which we can
apply to our offerings, in order to maintain our market-leading position as the provider of
premium audit technology solutions. By actively participating in various audit knowledge
sites and electronic forums, we are instantly in touch with the audit issues of today and tomorrow, while helping to foster a healthy virtual user community and strengthen our product and
services.
Using the Internet has also allowed us to achieve operational efficiencies as we can now
conduct our beta testing online, provide technical support via the Web, and communicate with
our user base through e-mail.
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
The Internet has had a huge impact on the way and the speed with which we conduct business
both internally and externally.
Internally, we can ensure that all our offices, no matter where they are located in the world,
can instantly, constantly, easily, and relatively cheaply communicate with each other. Interoffice business is transacted quickly, which has very definite and positive repercussions for
our clients.
Externally, we can rapidly and cost-effectively distribute our goods and services via the Internet. Where traditional distribution methods prove difficult, we use the Internet to distribute
our software. We can provide technical support via the Web no matter where or in what time
zone our clients operate. Particularly complex problems can be expeditiously resolved because clients can send extracts of data files over the Web for immediate review.
Not surprisingly, customer service expectations have risen accordingly and ACL constantly
strives to exceed these expectations with even higher levels of client excellence!
114 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
The rise of e-commerce, e-banking, and other Web-based applications and business activities
has extended the realm of risk, security, and control responsibilities for auditors. It presents
new challenges in terms of the nature of control over privacy, and the accuracy of data and its
impact can be compared to the emergence of EDI some five to 10 years ago. But, in principle,
the same audit analysis techniques apply equally to EDI data as to Internet data, although
some technical differences exist.
Consequently, initiatives such as the CPA WebTrust have been launched as a way to assess
commerce Web sites to assure they meet AICPA and CICA defined criteria for standard business practices and controls over transaction integrity and information protection.
The proliferation of the Internet has also brought the audit profession much closer together.
Every auditor worldwide can share knowledge and ideas and participate in the discussion of
issues to quickly lead the profession forward. In the past this was limited to attending conferences on an annual basis. Now there is a virtual audit community online acting together on a
constant, real-time basis.
Q. What Internet skills do you see as the most critical for new auditors?
The ability to locate, send, and share report findings and knowledge over the Internet will be
an important skill for auditors today and tomorrow. Mastering this skill will help to increase
productivity, especially for audit teams in international organizations who can leverage off
sharing and accessing knowledge bases on the Internet and intranet.
Auditors will also need to become more technically proficient in all aspects of risk and control
issues and implications associated with the Web and e-business transactions. The ability to
conduct Web-log reviews with data analysis software will be a critical component of an auditor’s
toolkit.
Q. What role do you see for the Internet in the future of internal auditing?
In addition to all the aforementioned issues, the future role of internal auditing must be considered in the context of the emergence of the Knowledge Age – where knowledge is an
organization’s most important asset and competitive advantage. Internal audit will have a
role to play in assessing risk and control concerns of knowledge management projects which
are often inextricably tied to information systems. Management decisions are only as good as
the data on which they are based, and internal auditors must ensure the integrity, validity, and
accuracy of this information. No organization can afford to ignore evaluations that assess the
quality and use of the knowledge that underpins the business.
____________________________________________ Chapter 5 — Look Who’s Talking! 115
Q. Any other thoughts on how auditors could be using the Internet that you would like to
share?
We are currently evaluating different ways for our audit client base to leverage off the Internet
to operate more effectively within their organization; for example, the delivery of modularized, industry-specific, interactive Web-based ACL training. So no matter where you are located, if you have Internet access, you can attain or maintain current technical and professional skills and expertise. Similarly, ACL users will in the future be able to download specialized ACL applications tailored to the needs of their particular industry from our Web site,
thereby increasing response time to specific issues without “reinventing the wheel.”
Additionally, we are considering making the current version of ACL available for download
for use on a real-time, as-needed basis for clients who require this type of flexibility and/or
cost and information system efficiency.
___________________________________ Chapter 6 — Internet Resources for Auditors 117
Chapter 6
Internet Resources for Auditors
The Internet has created a unique opportunity for auditors by supplementing traditional resources
with online electronic information resources. The true value of the Internet for auditing professionals lies in the wealth of available online information in various disciplines. Accountants, auditors, and financial professionals can benefit from a wide variety of resources, which fall into
specific categories depending on the nature of the information included. Pay special attention to
those identified as “knowledge assembly resources.” They focus on relevant business information
useful for establishing an auditor’s digital literacy foundation.
The resources reflect both the depth and breadth of information available for financial professionals. While the volume of information may seem large, it is only a small portion of the total amount
of resources available on the Internet. It is important to remember that the dynamic nature of the
Internet means that what was available yesterday may not be accessible today, and new resources
that were not there before may have been added. Do not be surprised if you go to one of these sites
and find information that is different from what is described in this book. In the same way that our
society has become mobile, you may find that resources included in these pages have been moved
online. Sometimes they will be linked to a new address. Other times you may find “address unknown,” in which case an alternative search may be in order. Refer to Chapter 8 for help in deciphering Internet error messages.The resources presented here are offered as a snapshot of what
was available as this book went to press.
The following resources are organized by categories based on the subject matter. The name of the
site for the organization is presented first, followed by the uniform resource locator (URL) and a
description of the information contained at the site. The URL is similar to a channel on a television
set. If you know the URL, you can reach a site. Some sites simply provide links to other sites while
others have more detailed information. For sites that provide links, it is not necessary for you to
know the URL. Anytime there is a link at a site, you may reach that site by selecting the link using
your mouse or keyboard. While there may be duplication in the links provided at many of the sites
it is important to understand that sometimes sites are not available. This means that sometimes
there is more than one way to reach a particular site through links. The following codes indicate
which type of site is indicated in the resource listing:
http:// = Web site
gopher:// = Gopher site
ftp:// = FTP site
118 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Auditing Resources
This section provides resources specific to auditing or auditing organizations. It includes auditing
departments in private industry, colleges and universities, and government at all levels. Audit
guides, manuals, checklists, and audit work programs provide you with best practices and examples of resources that other auditing offices developed. Making these resources available on
their Web sites represents support of “Electronic Progress Through Sharing,” the principle that
has been an integral part of building the AuditNet.
Audit Guides, Manuals, and Checklists
The following sites represent value-added resources from the global audit community that promotes “Electronic Progress Through Sharing.” Utilize the information from these sites to build on
the internal audit database of best practices material.
Advanced Technology Program (ATP) Audit Guidelines (http://www.atp.nist.gov/atp/psagco.htm) are provided by the Office of Inspector General, U.S. Department of Commerce. The
ATP is a cost-sharing program between government and industry to pursue high-risk, enabling
technologies with significant commercial and economic potential.
Application Review Questionnaire (http://www.umanitoba.ca/admin/internal_audit/admin/
internal_audit/html/application.html) for an environmental controls system.
Appraising Your Auditors (http://www.icas.org.uk/members/framewk7.pdf) is a report from
the Institute of Chartered Accountants of Scotland. The report provides a framework for the review and appointment of auditors by listed companies.
Audit Manual (http://www.utsystem.edu/AUD/manual/tab_cont.htm) from the UT Systems
Audit Office includes details on organizational structure, office policies and procedures, and sample
documents.
Audit Methodology Manual (http://www.sao.state.tx.us/sao/Manuals/meth.htm) from the
Texas State Auditor’s Office represents their comprehensive guide on audit-related topics, techniques, and methods. The Manual is an excellent resource for state and local government audit
offices looking for guidance on a broad range of audit issues. The Manual is in Adobe Acrobat
PDF format. Auditors may download individual sections or the entire manual.
Audit Process Handbook (http://www.hhs.gov/progorg/oas/tap.pdf). The DHHS OIG Audit
Process Handbook in PDF format was developed to give auditors tools to conduct audits and
prepare reports. It lays out a systematic approach designed to keep the audit focused, involve all
team members throughout the process, and facilitate report preparation.
___________________________________ Chapter 6 — Internet Resources for Auditors 119
Audit Report Writing Guide (http://www.psc-cfp.gc.ca/audit/metod1-e.htm) from the Public
Service Commission of Canada provides guidelines for the design, style, and content of the reports
they publish. This document is an excellent resource for audit organizations that want to develop
their own guide.
Audit Survival Guide (http://www.stanford.edu/dept/Internal-Audit/docs/guide/) from
Stanford University provides information for staff on the auditing process. This is a great resource
for internal marketing of the auditing function through demystification of the auditing process.
Audit Techniques Guide (http://www.irs.ustreas.gov/prod/bus_info/mssp/index.html). Internal Revenue Service market segment specialization program provides audit guides used by examiners for 11 different industries. Good reference material for auditors reviewing air charters, architects, the tobacco industry, and more.
Benchmark Project Guide (http://www.dtic.mil/c3i/bprcd/0135.htm) from the Department of
Defense Electronic College of Process Innovation is a tutorial on How to Prepare for and Conduct
a benchmark project. Excellent resource for auditors looking at organizational analysis issues.
Best Practices Procurement Manual (http://www.fta.dot.gov/fta/library/admin/) from the
Federal Transit Administration provides recipients of Federal Transit Administration (FTA) funds
with suggested procedures, methods, and examples for conducting third-party procurements to
assist them in meeting FTA standards.
Better Practice Guides (http://www.anao.gov.au/bpgs.html) from the Australian National Audit Office are reports on specific areas of interest to auditors along with best practices information.
Includes guides for selecting suppliers, travel, effective control, performance information, and
more.
Building and Auditing a Trusted Network Environment with Netware 4.x (http://
developer.novell.com/research/appnotes/1994/april/a1frame.htm) Online Guide from Novell
includes a security overview, security basics, and audit guidelines for Novell networks using Netware
4.x.
Business on the Web Management Guide (http://www.butlergroup.co.uk/). Go to the free
publications section. This is an excellent guide that auditors can use in evaluating the organizational decision to establish a Web site. The Guide includes a chapter on security issues.
Business Tools (http://www.toolkit.cch.com/tools/tools.htm) is a Web site from CCH that provides a comprehensive list of ready-to-use templates, checklists, and model business documents.
You never know when one of these documents may come in handy.
120 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Check Fraud: A Guide to Avoiding Losses (http://www.occ.treas.gov/chckfrd/contents.htm)
from the Office of the Comptroller of the Currency provides guidance on a major organizational
issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check cashing guidelines), and more.
Client Satisfaction Measurement Questionnaire (http://www.psc-cfp.gc.ca/audit/metod2e.htm) from the Public Service Commission of Canada provides an excellent resource for measuring audit customer satisfaction.
COBIT (http://www.isaca.org/ct_dwnld.htm) - Control Objectives for Information Technology
from ISACA are online. The executive summary, the framework, and the control objectives are
available for download in Adobe Acrobat (PDF) format.
Computer Control and Audit Guide (http://arts.uwaterloo.ca/ACCT/acct.html) prepared by
Professor J. Efrim Boritz, a recognized accounting scholar, is an overview and reference source
pertaining to computer control and auditing issues with which an accountant or financial manager
should be familiar. This guide can be used as a text in a course or for self-study. It is organized into
three logically related parts as follows: risks and exposures in computer-based information systems; computer controls, objectives, standards, and techniques; and computer auditing issues. Go
to People-Faculty-J. Efrim Boritz for the Guide.
Conference Audit Guide (http://www-tradoc.monroe.army.mil/irac/guides/g-conf.html) provides information and guidance for performing audits of conferences, symposiums, and workshops.
Corporate Credit Card Best Practice Guide (http://www.audit.nsw.gov.au/corpcd98/
crdtcard.htm) from the Australian government provides a policy, controls over card issues, operational controls, and more.
Corporate World Wide Web Strategy: Development, Implementation, and Audit (http://
ourworld.compuserve.com:80/homepages/bfelmly/webdoc.htm). This is an excellent guide for
information systems audit professionals who want to understand and audit issues that are associated with the Internet and the Web.
Cost Estimating Handbook (http://www.jsc.nasa.gov/bu2/PCEHHTML/pceh_c.htm) is an
excellent resource tool for auditors and accountants. The Handbook provides statistical techniques
and development guidelines for cost estimation, acceptance criteria for cost estimation, guidelines
for auditing and analyzing a cost estimation relationship, elements of good estimating practice,
and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 121
Cost Performance Model for Assessing WWW Service Investments (http://
www.ctg.albany.edu/projects/inettb/SpreadSheets.html) is a set of tools designed to assist organizations in estimating the likely costs and benefits of developing a Web-based service. This is
an excellent tool for auditors looking to evaluate the organizational cost and ROI for Web-based
services.
Cost Principles - Procedures for Developing Cost Allocation Plans (http://www.hhs.gov/
progorg/grantsnet/state) is an implementation guide for OMB Circular A-87.
Curtin Control Assessment (http://www.curtin.edu.au/curtin/audit/iad7b.htm) is a management tool utilized at the university that enables managers to informally assess their control processes.
Customer Service Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/cus_ser.e.html) from
the Treasury Board of Canada provides information for conducting a review in this area.
Data Collection and Analysis Site (http://www.deakin.edu.au/~agoodman/sci101/) from Deakin
University in Australia provides a comprehensive guide on the scientific process of collecting and
analyzing data. There are particularly useful chapters for auditors on surveys, sampling, and techniques.
Economics, Essential Principles (http://william-king.www.drexel.edu/top/prin/txt/
EcoToC.html) is a hypermedia text on the subject. The comprehensive text covers both
microeconomic and macroeconomic principles and is a good refresher for auditors on economic
principles and theories.
EDI Implementation Guide (http://www.pa.gov.au/ec/ediguide/editoc.htm) from the Australian government provides control audit and security issues, implementation plans, standards, and
more.
Environmental Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/envguid.e.html) from
Consulting and Audit Canada provides information for reviews in this subject.
Environmental Auditing Program (http://www.pca.state.mn.us/programs/audit_p.html) provides information from the Minnesota Pollution Control Agency, including audit checklists for
aboveground tanks, underground tanks, spills, and more.
Ethical Business Guide (http://nt1.ids.ac.uk/eldis/hot/ethics.htm) is a Web site with links and
material covering non-financial benchmarks of institutional/corporate activity, including social
and environmental impacts and anti-corruption measures.
122 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
FDIC Bank Examination Manual (http://www.fdic.gov/regulations/compliance/manual/
index.htm). The table of contents of this Federal Deposit Insurance Corporation Compliance manual
links the auditor with files in Adobe Acrobat format. This is a useful resource for bank auditors.
FDIC Information Systems Handbook (http://www.fdic.gov/regulations/information/information/index.html) is the interagency guide for regulatory examiners for examining information
systems operations in financial institutions and service bureaus. The Handbook includes an overview of IS concepts, practices, controls, and sample audit programs. This is a valuable resource for
IS auditors. The files are in Adobe Acrobat format.
Federal Financial Accounting Concepts and Standards (http://www.gao.gov/policy/
volume.pdf). The General Accounting Office (GAO) has posted an electronic version of Volume
I, Original Statements of Federal Financial Accounting Concepts and Standards, on its home page.
The document is in Adobe Acrobat PDF format.
Federal Information Processing Standards (http://www.nist.gov/itl/lab/fips/) is online access
to the FIPS developed by NIST for government use. FIPS have been developed for information
processing areas such as hardware, software, security, telecommunications, data, and operations
standards and are widely accepted by private industry. Auditors have found them useful for research, comparison, and audit planning.
Federal Sentencing Guideline Manual (http://www.ussc.gov/1997guid/tabcon97.htm) from
the United States Sentencing Commission provides the most recent guidelines and policy statements on the guideline sentencing process.
Fraud Control Policy (http://www.law.gov.au/aghome/commprot/olec/LECD/fraud2.html)
is part of a report from the Australian Commonwealth Law Enforcement Board. The report includes a section on best practice for fraud control with the policy, reporting of fraud information,
case handling, and fraud training. Auditors should check the quality assurance guidelines and the
attachments on criteria against which fraud risks can be measured.
Full Cost Initiative Implementation Guide (http://ifmp.nasa.gov/codeb/fullcost/) developed
by NASA provides a comprehensive accounting and management approach to costing services.
GAO Federal Information Systems Control Audit Manual (http://www.gao.gov/policy/
12_19_6.pdf) from GAO provides guidelines for auditing information systems.
GAO Financial Audit Manual (http://www.gao.gov/policy/fam/fam.htm). The GAO manual
(Volumes 1 and 2) for conducting audits includes the methodology and tools. The manual is in
Adobe Acrobat format.
___________________________________ Chapter 6 — Internet Resources for Auditors 123
GAO General Policies/Procedures and Communications Manual (http://www.gao.gov/policy/
gppm-cm.pdf) provides guidance on their methodologies, including sampling, workpapers, reporting, and more.
GNA Internal Controls and Procedures (http://www.gnacademy.org:8001/uu-gna/admin/finance/newpages/page8.htm) Web page provides an excellent description of a financial control
system, including goals for control procedures and general and specific procedures.
Guide to Cost-Based Decision-Making (http://www.sao.state.tx.us/manuals/cost.htm) from
the Texas State Auditor’s Office is designed to assist management in developing more comprehensive cost accounting information. This will enhance the ability of decision-makers to identify,
analyze, and control the causes of costs as well as establish links between cost information and
program efficiency and effectiveness.
Guide to Minimizing Computer Theft (http://www.rcmp-grc.gc.ca/html/ccprev.htm) provides
information on methods to safeguard computer assets.
Guide to Performance Measurement (http://www.fpm.com/journal/mattison.htm) from the
Foundation for Performance Measurement provides non-financial indicators.
Handbook for Audit Committee Members (http://www.gt.com/resources/assurance/role/
roletoc.html) is a good reference from Grant Thornton for auditors who need to provide guidance
to the audit committee. Includes sections on reviewing internal controls and working with internal
auditors.
Hiring Policies and Procedures Manual (http://vms.www.uwplatt.edu/~pers/contents.htm)
from the University of Wisconsin Platteville provides a good example of guidelines for a human
resources department.
Housing and Urban Development Audit Guide (http://www.hud.gov/oig/oigguide.html) provides a link to their consolidated audit guide.
Human Resource Management Self-Assessment Guide (http://www.hr.state.tx.us/cfdocs/apps/
hrsag/icg-f.html) from the Texas State Auditor’s Office serves as a tool for evaluating areas to
improve. Shows organizations how to address identified deficiencies in human resource management.
Internal Control and Financial Management Manual (http://www.state.ct.us/otc/accdir1/
acctitl.htm) is Connecticut’s Accountability Directive issued jointly by the Office of the State
Comptroller, Office of Policy and Administration, and the Auditor of Public Accounts.
124 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Internal Control Guide (http://www.jhu.edu/~oams/guide/guide.htm) developed by Johns
Hopkins University. The Guide focuses on the policies and procedures of the university but could
easily be adapted to other organizations.
Internal Control Guide (http://www.state.ma.us/osc/homeview/CONTROL/contents.htm) Massachusetts Comptroller General guide for state departments. Straightforward format that could
be adopted by other auditors in recommendations.
Internal Review Guide (http://www.asafm.army.mil/ir/irgd/ir-gd.htm) from the U.S. Army
provides details of the process used in conducting audits of their operations. Excellent example of
a comprehensive audit program targeted toward meeting customer needs.
Internet Administration Policy Guide (http://www.elronsoftware.com/) provides an executive overview on the subject and includes an acceptable usage policy template.
Internet Security Policy Guide (http://csrc.nist.gov/isptg/) from the NIST Special Publication
series is designed to help organizations create an Internet-specific information security policy.
Investigations Manual (http://www.ig.navy.mil/Publications_Investigations_Manual_Frame.
html) from the Office of the Naval Inspector General’s office is an excellent guide for conducting
investigations.
Investigator’s Guide to Sources of Information (http://www.gao.gov/special.pubs/soi.htm) a GAO publication that provides a comprehensive list of resources useful in conducting investigations. The guide is downloadable as a PDF file and requires the Adobe Acrobat reader (also available for download). Updated in April 1997, it now includes a chapter on an Investigator’s Guide to
the Internet. Auditors will find the selected Internet sites for investigate reference worth reviewing.
IS Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/kits.html) from
Slemo Warigon at Gallaudet University includes ready-to-use IS/IT audit program and security
review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions
organized to lead auditors through the audit or review. This is an excellent site for jumpstarting an
IS security review or audit.
Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (http://
csrc.nist.gov/nistpubs/800-10/) NIST Special Publication 800 10 provides auditors with an excellent introduction and overview of firewall issues. Useful in planning audit reviews of Internet
connections.
___________________________________ Chapter 6 — Internet Resources for Auditors 125
Kelley Blue Book (http://www.kbb.com/) provides vehicle values for new and used cars and
motorcycles. This is a recognized industry standard resource for auditors looking at inventory
valuation guidelines for fleet vehicles.
LAN Security Guidelines (http://www.utoronto.ca/security/) site provides checklists for administrators to evaluate and adjust LAN security. This is a comprehensive document that covers
everything from access controls to virus protection. Includes a section on LAN audit considerations.
Legal Services Corporation Audit Guide (http://oig.lsc.gov/lscpages/aud1.htm) provides guidance to auditors and recipients of LSC grants.
Managerial Cost Accounting Guide (http://www.va.gov/cfo/pubs/CostGuide/default.htm) is
available on the Veteran’s Administration Web site. The Guide includes tools and techniques for
implementing a managerial cost accounting system. There is an introduction to project management, implementation strategies, organizational analysis, costing methodologies, team charters,
position descriptions, statements of work, and more. The Guide, in Word97 format, provides a free
viewer download for those professionals who do not have the program.
Micro-Computer Security Checklist (http://www.fis.ncsu.edu/audit/selfaccs/intcont/
selfeval.htm) Web site from the North Carolina State University internal auditing department
provides a guide for department managers.
Network Risk Assessment Users Manual (http://wwwoirm.nih.gov/security/) is available in
either Word or WordPerfect format from the NIH Information Systems Security page.
Performance Assessment Guide (http://www.dtic.mil/performance/paguide.html) from the
Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide for
Developing Performance Measures, a Guide For Measuring Customer Satisfaction, Quality and
Productivity Self-Assessment Questionnaires, and more.
Performance-Based Management Guide (http://www.itpolicy.gsa.gov/mkm/pathways/
8-steps.htm) from the General Services Administration provides eight steps to develop and use
information technology performance measures effectively.
Performance Management Guide (http://www-hr.ucsd.edu/~staffeducation/guide/) is an excellent publication from UC San Diego on managing employee performance. Auditors reviewing
the human resources department for their organization can use this guide as a model for setting up
an employee performance management system.
126 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Performance Management System Audit Guide (http://www.qao.qld.gov.au/guidelin.html)
from the Australian Queensland Audit Office provides an audit approach, methodology, audit
considerations, criteria, and more.
Performance Measurement Guide (http://www.sao.state.tx.us/) from the Texas State Auditor’s
Office provides information about setting up a performance measurement system and detail on
how agencies can establish adequate internal controls in measurement systems in order to assist
them in reporting accurate information.
Performance Measurement Handbook of Tools and Techniques (http://www.orau.gov/pbm/
resources/handbook1/handbook1.html/) is an excellent resource for auditors involved in performance measurement. The Handbook is available in html format or may be downloaded in PDF
format for printing.
Performance Planning Guide (http://www.ospl.state.nc.us/planning/hcontent.html) from the
North Carolina Office of State Planning provides an excellent step-by-step process for setting up a
performance management system.
Practical Guide to Corruption Prevention (http://www.icac.nsw.gov.au/) prepared by the Independent Commission Against Corruption is an excellent resource for developing a fraud and
corruption prevention program within organizations. Modules include risk assessment, ethics, cash
handling, purchasing, and more. Go to Reports and Publications for the Guide.
Procurement Policies and Procedures Handbook (http://www.state.ma.us/osd/phand/) for
the Commonwealth of Massachusetts includes best value guidelines, role of procurement for managers, contract categories, and more. This is a good reference document for auditors reviewing and
comparing best practices.
Research Methods Knowledge Base (http://trochim.human.cornell.edu/kb/) is a comprehensive Web-based textbook that addresses all of the topics in a typical introductory undergraduate or
graduate course in social research methods. Auditors will benefit from the sections covering the
entire research process.
Review Information Network (http://www.tbs-sct.gc.ca/rin/) Web site provides audit publications and guides from the Treasury Board of Canada.
Risk Management Audit Guide (http://www.tbs-sct.gc.ca/Pubs_pol/dcgpubs/TB_H4/
RISK_e.html) from the Treasury Board of Canada provides review guidance for auditors, including risk identification, compensation, volunteers, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 127
Sales System Control Objectives (http://www.umanitoba.ca/admin/internal_audit/admin/
internal_audit/html/sales.html) from the University of Manitoba provides system implementation control objectives for this functional area.
Sampling and Surveying Handbook (http://www.au.af.mil/au/hq/selc/smplntro.htm) from the
Air University provides guidelines for planning, organizing, and conducting surveys. The site
includes guidance on selecting a sample size with a corresponding free program available for
download.
Security Checklist (http://spider.osfl.disa.mil/cm/security/check_list/check_list.html). This site
from the Defense Information Infrastructure Common Operating Environment (DII COE) includes
security check lists for Solaris, Windows NT, Oracle, and more. Files are available in both PDF
and MSW versions.
Sick Leave Management Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/AuditGuidance/
GUID305S.e.html) from the Treasury Board of Canada provides guidance for reviews in this
area. Sections include a model for sick leave management, planning and performing the audit, and
more.
Site Security Handbook (http://www.net.ohio-state.edu/hypertext/rfc1244/toc.html) is the
product of an Internet Engineering Task Force work group. This document provides auditors with
guidance on how to deal with Internet security issues. Useful for designing audits and reviews of
Internet security.
Software Management Guide (http://microsoft.com/piracy/samguide/introduction/) provides
an effective system for software acquisition, distribution/use, copyright law, and more. Includes
sections on software audits, audit tools, audit resources, preparing for an audit, initial analysis,
conducting, and reporting.
Software Management Policy Manual (http://www.state.ct.us/otc/softmpm/smpmtoc.htm)
from the State of Connecticut provides their policy statements, agency responsibilities, and software use policies. This excellent resource is a model for combating organizational software piracy.
Sub-Recipient Audit Guide (http://www.phila.gov/atservice/reports/audit98/auditweb/). The
purpose of this manual is to implement the city of Philadelphia’s audit requirements for organizations and their independent auditors in preparing for and performing audits of organizations that
receive financial assistance awards from the city.
128 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
System Implementation Review Checklist (http://www.umanitoba.ca/campus/
adminstrative_systems/application_development/internal.htm) from the University of Manitoba
provides a comprehensive approach for a review of this area.
Training Function Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/AuditGuidance/
GUIDE307.e.html) from the Treasury Board of Canada provides information for reviews in the
staff training area.
Users Guide for the Uniform Bank Performance Report (http://www.ffiec.gov/UBPR.htm)
– Guide from the Federal Financial Institutions Examination Council for an analytical tool created
for bank supervisory, examination, and management purposes.
Value for Money Audit Manual (http://www.oag-bvg.gc.ca/domino/other.nsf/html/
99cam_e.html) from the Office of the Auditor General of Canada provides standards and expected and common practices.
Windows NT Security Guidelines (http://www.trustedsystems.com/NSAGuide.htm) from
Trusted Systems Services provide guidelines for securely configuring the Windows NT operating
system. The 110-page guidelines were the result of a one-year project for the National Security
Agency (NSA) Research Organization.
Audit Programs
After observing repeated postings requesting audit programs in audit-related discussion groups it
became clear that auditors should not have to “reinvent the wheel” every time they start an audit.
The following listings are links to audit work programs or sites that contain audit work programs.
Remember that these programs represent a starting point in preparing for an audit area. Expect to
modify or revise the audit program to fit your organization and the specific objectives of the area
selected for review.
Association of College and University Auditors Audit Exchange Library (http://www.acua.org/
library.htm). This resource contains audit programs, audit reports, questionnaires, guides, program reviews, etc., focusing on audits for institutions of higher education. Includes an index that
lists and briefly describes all available files.
Association of Healthcare Internal Auditors (AHIA) Electronic Audit Library (http://
www.ahia.org/auditlibrary/libindex.htm). Available to AHIA members only.
Audit Guides - Treasury Board of Canada (http://www.tbs-sct.gc.ca/rin/ia_main/
AuditGuidance/Audit_Guidance_Index.e.html).
___________________________________ Chapter 6 — Internet Resources for Auditors 129
Audit Manuals, Guides and Programs - Treasury Board of Canada (http://www.tbs-sct.gc.ca/
rin/ia_main/AuditManuals/Audit_Manuals_index.e.html).
Audit Program Guides (http://www.ci.tampa.fl.us/audit/audit_guides.htm) from the city of
Tampa’s internal auditing department are available in Adobe Acrobat PDF format. The audit guides
cover many functional and program areas of local governments such as fixed assets, inventory,
cashiering, and more. Local government auditors should bookmark this site for future reference.
Audit Programs (http://www.utsystem.edu/AUD/programs/programs.htm) from the UT Systems Audit Office includes programs and questionnaires for internal controls, information technology, payroll, and more.
Auditing the Human Resources Function (http://www.auxillium.com/audit.htm). An audit
program provided by a human resource consulting firm that outlines the basic approach as well as
information that should be included to cover a regulatory compliance review.
AuditNet Auditors Sharing Audit Programs (ASAP) (http://www.auditnet.org/asapind.htm).
In the interest of “Progress Through Sharing,” auditors began submitting audit programs to listservs
to share with their peers who requested assistance. The audit programs are those submitted by
auditors in the worldwide community of AuditNet. If you would like to contribute a program, send
it via e-mail to [email protected]. Those with AOL access may send the file to
[email protected] using the attach file feature.
AuditNet Supplemental List of Audit Programs (http://www.auditnet.org/asap2.htm).
Computer Security Institute Mini-Checklist (http://www.all.net/books/audit/generic/
CSIlist.html).
Construction Audit Program (http://150.176.41.12/cig/construct-audprog.asp).
Defense Contract Audit Agency (DCAA). Directory of Tailored/Standard Audit Programs
(http://web.deskbook.osd.mil/reflib/DDCAA/0038z/0038zdoc.htm#T2).
File System Checklists (http://www.all.net/books/audit/unix/files/top.html).
Florida Power Corporation Audit Services Audit Programs (http://www.fpc.com/audits/
pgmslist.htm).
Florida Power Corporation Audit Services Internal Control Questionnaire Checklists (http:/
/www.fpc.com/audits/icqlist.htm).
130 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
GASSP Firewall Checklist (http://www.all.net/books/audit/Firewall/gassp/top.html).
Information Systems Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/
kits.html).
LAN Administration Self Assessment Questionnaire (http://jhuniverse.hcf.jhu.edu/~oams/
lan.htm).
Management Analytics Firewall Checklist (http://www.all.net/books/audit/Firewall/manal/
top.html).
Novell Network Security Self Assessment (http://www.stanford.edu/dept/Internal-Audit/docs/
novell.shtml).
Operating Unit Compliance Audits (http://www.stanford.edu/dept/Internal-Audit/docs/
compliance.shtml).
PBX Audit Checklist (http://www.all.net/books/audit/pbx/general.html).
PCCIP Risk Management Best Practices Audit (http://www.all.net/books/audit/pccip.html).
Post Award of Contract and Leases Audit Program (http://150.176.41.12/cig/
SysAuditProgram2.asp).
Process Audit Checklist (http://www.all.net/books/audit/unix/process.html).
QS-9000 Auditor’s Checklist (http://www.isogroup.iserv.net/qslist.html).
___________________________________ Chapter 6 — Internet Resources for Auditors 131
Government Auditing
Government sites represent a primary resource for audit-related Internet information. In the interest of making government information available for citizens, taxpayers, and peer audit organizations, government audit and evaluation are a cornerstone of free resources. If you do not find what
you want on a government Web site, contact the site administrator or Webmaster and ask if the
information you are looking for is available. Meta-information (information about information) is
often neglected by auditors looking for resources on the Internet.
Air Force Audit Agency Headquarters AFAA Home Page (http://www.afaa.hq.af.mil) contains links to audit and accounting information, downloadable files, government sites, and Web
reference sites, including a dictionary, thesaurus, and the CIA World Factbook.
Air Force FAR Site (http://farsite.hill.af.mil/) Web site set up by the Air Force for Federal
Acquisition Regulations.
Alabama State Auditor’s Office (http://agencies.state.al.us/auditor/) Web site provides information about the office, staff, press releases, and more.
Alaska Division of Legislative Audit (http://www.legis.state.ak.us/legaud/web/default.htm)
site provides summary and full text of audit reports.
Anchorage Internal Audit (http://ci.anchorage.ak.us/Services/Departments/Audit) Web site
provides information about the office, their annual audit plan, and links to reports.
Arizona Auditor General (http://www.auditorgen.state.az.us/) Web site provides a navigation
guide that explains about the office and its reports. There are links to performance, financial, and
investigative audit reports issued by the office. The Services section includes manuals, forms, and
newsletters issued by the office. They also have employment information and links to other related
audit sites.
Arkansas State Auditor Home Page (http://www.state.ar.us/auditor/auditor.html) provides
information about the office and its services.
Audit Commission (http://www.auditcommission.org/) is an independent government body in
England and Wales responsible for appointing auditors in local government, setting standards,
preparing special studies, and defining comparative performance measures.
Auditing Government Funding (http://www.dhfs.state.wi.us/grants/Audit/IntroAud.htm) Web
site from the Wisconsin Department of Health and Family Services provides information related
to grants and contract audits.
132 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Auditor of the Commonwealth of Massachusetts (http://www.magnet.state.ma.us/sao/
auditor.htm). The Office of the State Auditor Web site provides information about the office and
its divisions.
Auditor General of Canada (http://www.oag-bvg.gc.ca). The annual reports of the Auditor
General of Canada are available on the Internet. The reports contain detailed information about
the office and are organized based on the results of studies and audits completed. There is a searchable index built into the reports. There is also information about the office and publications and
other materials.
Australian National Audit Office (http://www.anao.gov.au/anaohome.html) Web site of auditing for Australia provides audit reports, audit strategy, better practices guides, publications and
more.
Board of Audit of Japan (http://www.jbaudit.admix.go.jp/engl/) Web site provides status and
history of the office and its audit activities.
Brevard County Internal Audit (http://199.241.8.81/pages/interaud.htm) provides information about the office and online versions of recent audit reports.
British Columbia, Office of the Auditor General (http://www.oag.bc.ca/) site provides information about the office and the reports produced. Also includes links to other related sites.
California State Auditor (http://www.bsa.ca.gov/bsa/) site provides information about the office, employment opportunities, audit reports issued by both the Bureau of State Audits as well as
the Auditor General. Audit reports may be ordered from this Web site.
California State Controller’s Office (http://www.sco.ca.gov/) - details about the office including responsibilities and functions. The home page provides links to the Controller’s Monthly Revenue Updates, Controller’s Quarterly Reports, and a response to the May 1995 Performance Audit. The response is an excellent example of a detailed plan with corrective action identified.
Chesapeake Audit Services Department (http://www.chesapeake.va.us/services/depart/audit/audit.html) Web site provides contact information for the office.
Chesterfield County Internal Audit (http://www.co.chesterfield.va.us/ManagementServices/
InternalAudit/iahome.htm) Web site provides information about the office and an e-mail contact.
Chicago Housing Authority Inspector General (http://www.thecha.org/Inspect_Gen.htm) Web
site provides information about the office, job opportunities, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 133
Clark County Internal Audit (http://www.co.clark.nv.us/intaudit/Intaudit.htm) Web site provides information about the office, audit process, audit plan, audit programs, and more.
Clerk’s Internal Audit Department (http://www.clerk.collier.fl.us/internal_audit.htm) Web
site of the Collier County Clerk of the Circuit Court Internal Auditor provides information about
the office, audit plan, reports issued, and more.
Colorado State Controller’s Office (http://www.state.co.us/gov_dir/gss/acc/) Web site for the
organization that manages the financial affairs of the state by providing financial information,
issuing fiscal policies, ensuring timely recording of the budget, and providing accounting consulting services to state agencies. The site includes general information as well as reports and publications.
Commonwealth of Australia Department of Finance (http://www.finance.gov.au) provides
information about the Australian Department of Finance, including mission statement, organization structure, and links to other organizations. There is also a link to the Commonwealth budget,
which could assist auditors in reviewing budgets for their own organizations.
Connecticut Auditor of Public Accounts (http://www.state.ct.us/apa/) Web site provides information about the office, types of audits performed, reports, employment information, and more.
Connecticut Office of the State Comptroller (http://www.state.ct.us/otc/) home page provides
an overview of the office, press releases, reports, manuals, and an excellent page of links to other
state comptrollers on the Internet.
Corporate Review, Evaluation and Audit (http://www.ncr.dfo.ca/communic/cread/english/
index_e.htm) Web site of the Canadian Department of Fisheries and Oceans audit organization
with access to their service standards and reports and links to other sites.
Dallas City Auditor (http://www.ci.dallas.tx.us/html/city_auditor.html) Web site provides information about the office, FAQs, and a program description.
D.C. Inspector General (http://www.dcig.org/) provides information about the office, media
releases, reports, and more.
Defense Contract Audit Agency (http://www.dcaa.mil/) Web site for the agency responsible
for performing all contract audits for DoD and providing all accounting and financial advisory
services for contracts and subcontracts in DoD organizations. Site includes background information about the organization, vision and goals, audit guidance, and more. Auditors involved in
reviewing contracts will find useful guidance at this site.
134 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Delaware Auditor of Accounts (http://www.state.de.us/auditor/index.htm) Office of the Auditor of Accounts for the State of Delaware. Provides information about the office and links to
economy and efficiency reports issued by the office.
Denver Auditor’s Office (http://www.denvergov.org/dephome.asp?depid=228) provides information about completed audits, city budget, technology update, and more.
Department of Commerce Inspector General (http://www.oig.doc.gov/) Web site provides information about the office, online reports, and more.
DuPage County Auditor’s Office (http://www.co.dupage.il.us/auditor/index.html) local government audit office that includes the role of the county auditor, summaries of revenues and expenditures, and abstracts of audit reports issued the county auditor. Contains links to federal, state,
and local government sites and specifically sites of interest to local government professionals.
Environmental Protection Agency Office of the Inspector General (http://www.epa.gov/
oigearth/) Web site provides information about the office branches, audit reports, and more. Their
customer service rules and strategic plan provide excellent sample frameworks for other audit
offices.
Fairfax County Internal Audit Office (http://www.co.fairfax.va.us/gov/audit/) Web site provides information about the organization, a local government audit survey, annual audit plan, Internal Audit Manual with forms (Adobe and WordPerfect format), links to fraud, performance and
audit-related sites, and more.
Federal Trade Commission Inspector General (http://www.ftc.gov/oig/oighome.htm) Web
site provides their mission, a statement of reinvention principles, audit reports, and links to other
resources.
Florida Auditor General (http://sun6.dms.state.fl.us/audgen/) Web site provides information
about the office, report summaries by subject, a report listing, and the rules of the auditor general.
Florida Comptroller (http://www.dbf.state.fl.us/index.html) Web site provides an overview of
the organization, financial highlights, comptroller’s newsletter, consumer alerts, and more.
Florida Inspectors General Network (http://fcn.state.fl.us/dms/sec/fignet/fignet.html) Web
site provides a central information resource for the Florida IG community. Includes IG-related
state statutes, audit reports from state agencies, and Web information references.
Florida Legislature Office of Program Policy Analysis and Government Accountability (http:/
/www.oppaga.state.fl.us/). In addition to reports and manuals, the site contains F-GAR, an electronic encyclopedia and search engine covering 400 state programs, performance measures, and
accountability ratings.
___________________________________ Chapter 6 — Internet Resources for Auditors 135
Franklin County Auditor (http://www.co.franklin.oh.us/Auditor/) local government Web site
provides information about the office and the services they offer.
Gainesville City Auditor’s Office (http://www.afn.org/~auditor/) Web site provides a profile,
annual audit plan, recent audit reports, peer review information, and policies and procedures.
GAO Daybook. The U.S. General Accounting Office has a mailing list service for a daily electronic posting of the GAO Daybook. The “Daybook” is the daily listing of released GAO reports
and testimony. Subscribe to the GAO Daybook by sending an e-mail message to:
<[email protected]> with the message “subscribe daybook” (no quotes). For additional
information about GAO services, send an e-mail message to [email protected] with “info” in
the body.
GAO Report Database on the Internet (http://www.access.gpo.gov). General Accounting Office reports are now available on the Internet through the Government Printing Office Access
Service.
General Accounting Office (http://www.gao.gov). The site includes GAO reports and testimony, decisions of the Comptroller General of the U.S, GAO policy and guidance materials, special publications, and more.
General Services Administration Inspector General (http://www.gsa.gov/staff/ig/audit/
httoc.htm) site provides a straightforward audit plan for the office.
Georgia Department of Audits (http://www.state.ga.us/Departments/AUDIT/) home page of
the State Auditor for Georgia. Includes a description of the department and each of the divisions.
The Performance Audit Operations Division has a list of completed report topics, reports in progress,
sources of related information, employment opportunities, and more.
GovCon Discussion Groups (http://www.govcon.com/) Government Contractors site that includes discussion groups for auditing, accounting, and financial management issues. KPMG Peat
Marwick is moderating a new discussion group on government audit and reviews. Questions on
issues affecting the performance and resolution of government contract audits (DCAA, IGs, etc.)
can be posted online. Access to the site is free but registration is required.
Government Auditing Standards (http://www.ignet.gov/ignet/internal/manual/yellow/
yellow.html) Web site for the GAO Government Auditing Standards or Yellow Book.
Government Auditor’s Resource Page (http://www.trib.infi.net/~zsudiak/GARP.html) U.S.
Department of Education Office of Inspector General home page provides information on resources for government auditors. Includes links to Thomas (legislative information on the Internet), Internet search tools, audit resources, sources for government documents, and links to other
government resource indexes.
136 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Grant Administration and Audit Resources (http://www.dhfs.state.wi.us/grants/Resources/
IntroRes.htm) Web site from the Wisconsin Health and Family Services Department provides
links to federal sites, audit requirement sites, department resources, and more.
Guide to the World Wide Web for Research and Auditing (http://www.tetranet.net/users/
gaostl/guide.htm). David Henry of GAO provides auditors with the basic instructions for using
the Web as an auditing/research tool.
Harris County, Texas Auditor’s Office (http://www.co.harris.tx.us/auditor/default.html). Site
includes information about the office, staff, organization charts, and financial information.
Health and Human Services Office of Audit Services (http://www.hhs.gov/progorg/oas/
index.html) Web site provides reports, manuals and guides, employment opportunities, and more.
Health and Human Services Office of the Inspector General (http://www.dhhs.gov/progorg/
oig/) Web site provides information about the office, audit and inspection reports, and a link to the
HHS Redbook, a compendium of OIG recommendations that have not been substantially implemented.
Henrico County Internal Audit (http://www.co.henrico.va.us/audit/) Web site contains information about their mission, staffing, audit committee, audit charter, e-mail contacts, external auditing, and office history.
Hong Kong Audit Department (http:/www.hk.super.net/~audskli/welcome.htm) is one of the
oldest departments in the Hong Kong government. The site includes information about the office,
types of audits performed, links to audit reports, and more.
Howard County Auditor’s Office (http://www.co.ho.md.us/auditor/index.htm) Web site for
this Maryland local government jurisdiction includes background information, charter, links to
audit reports, and more.
HUD OIG (http://www.hud.gov/oig/oigindex.html). The U.S. Department of Housing and Urban Development Office of the Inspector General Web page includes a mission statement, hotline
information, list of IG offices, testimony from the IG, the semiannual report to Congress and audit
reports covering management of programs by HUD and others, technical assistance and useful
information about audit requirements, and links to other audit-related information and search tools.
Idaho Legislative Auditor (http://www.state.id.us/legislat/audit.html) Web site provides online
executive summaries of legislative fiscal audits for the various departments, boards, and commissions of the Idaho state government.
___________________________________ Chapter 6 — Internet Resources for Auditors 137
IGNet (http://www.ignet.gov). Internet-based electronic communications network dedicated to
improving the effectiveness of the inspector general community and to provide public access to IG
reports. Site includes links to IG home pages, Internet resources via a virtual library, the IGNet
Internet search list, related organizations, and more. The site includes the Interactive Yellow Book,
a valuable tool for government and non-government auditors. The Job Opportunities home page
lists IG vacancies and links to other sites related to career planning and job search strategies.
Illinois Auditor General (http://www.state.il.us/auditor/audhome.htm) Web site provides information about the auditor general’s office, agencies audited and audit reports, career opportunities, and more.
Indiana State Auditor (http://www.state.in.us/acin/auditor/index.html) Web site provides information about the office, staff, and more.
Indiana State Board of Accounts (http://www.ai.org/sboa/) Web site provides information about
the office, guidelines, manuals, reports, job opportunities, and more.
Inspector General Social Security Administration (http://www.ssa.gov/oig/oig1.htm) Web site
provides information about the office, audit reports, job announcements, and more.
Iowa Office of the State Auditor (http://www.state.ia.us/government/auditor/index.html) Web
site provides information about the office.
Ireland Comptroller and Auditor General (http://www.irlgov.ie/audgen/default.htm) Web
site includes organization details, press releases, publications, and areas of interest/current projects.
Kansas City Auditor’s Office (http://www.kcmo.org/auditor/) site provides information about
the office and the type of audits performed.
Kansas Legislative Division of Post Audit (http://skyways.lib.ks.us/kansas/kslegPAUD/
homepage.html) is the audit organization of Kansas government. The site provides information
about the organization, its functions, missions, goals, and performance measures. There are links
to other audit organizations, search engines, and more.
Kentucky Auditor of Public Accounts (http://www.state.ky.us/agencies/apa) Web site provides information about the office, reports, an employee index, and more.
King County Auditor’s Office (http://www.metrokc.gov/auditor/) home page provides information about the office, e-mail addresses for the staff, a list of current projects, an index of audit
reports issued, including the executive summaries (organized by agency, topic, and year issued),
and links to other audit-related sites.
138 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Korean Board of Audit and Inspection (http://www.bai.go.kr/) Web site for the agency that
monitors the performance of Korean government operations. Information available includes a
history of the organization, annual report, and links to other Korean sites.
Legal Services Corporation Office of Inspector General (http://oig.lsc.gov/aud/cs3recov.htm)
Web site provides a link to their Audit Guide and Compliance Supplement, and allowable cost/
cost principles.
Legislative Analyst’s Office (LAO) (http://www.lao.ca.gov/). The LAO provides analysis to
the California legislature on financial and policy issues. As an independent legislative oversight
body, the LAO advises lawmakers on the financial impact of policy issues, including state and
local government implications, and the use of information technology as a tool to make government more effective. Documents include budget analysis, reports, policy briefings, and special
publications.
Lorain County Auditor (http://www.loraincounty.com/auditor/) local government Web site
provides information about the office and the services they offer.
Louisiana Inspector General (http://www.state.la.us/oig/inspector.htm) Web site provides a
history of the office, mission statement, public reports, and more.
Louisiana Legislative Auditor (http://www.lla.state.la.us/) Web site provides information about
the office, types of audits performed, reports issued, and more.
Maine Office of Program and Legislative Audit (http://www.state.me.us/legis/opla/
reports.htm) Web site of the Maine legislative audit function provides access to reports issued.
Manatee County Internal Audit (http://clerkofcourts.com/internal.htm) Web site provides
information about the office, services provided, published audit reports, and more.
Maricopa County Internal Audit (http://www.maricopa.gov/internal_audit/default.asp) provides information about the department and an index of audit reports issued.
Maryland Comptroller of the Treasury (http://www.comp.state.md.us/main.htm) provides
information about the office, services offered, and links to general taxpayer assistance for Maryland residents and businesses.
Massachusetts Office of Inspector General (http://www.state.ma.us/ig/ighome.htm) Web site
for the state watchdog agency. Site provides information about the office, publications issued, and
more.
___________________________________ Chapter 6 — Internet Resources for Auditors 139
Massachusetts State Auditor (http://www.state.ma.us/sao/) Web site provides information about
the office and its divisions.
Medina County Auditor (http://www.medinacountyauditor.org/) local government Web site
provides information about the office and the services they offer.
Metro Office of the Auditor (http://www.metro-region.org/glance/auditor/dow.html) helps
the Portland Metro regional government achieve honest, efficient management and full accountability to the public. Links to reports, a newsletter, and more.
Metropolitan Water District of Southern California (http://www.mwd.dst.ca.us/audit/docs/
audhome.htm) audit department home page includes information about the department, charter,
work plan summaries, and more.
Michigan Office of the Auditor General (http://www.state.mi.us/audgen/) home page includes
information about the office and their reports.
Milwaukee County Department of Audit (http://www.co.milwaukee.wi.us/depart/daudit.htm) Web site provides information about the office and the services offered.
Minnesota Office of the Legislative Auditor (http://www.auditor.leg.state.mn.us/) Web server
for the Legislative Auditor’s Office. The OLA server includes history of the office, information
about the financial audit division, and program evaluation division. Copies of audit reports, including a report on performance budgeting. Provides links to the Minnesota legislature Gopher
server, and federal, state, and Internet information resources of interest to auditors.
Minnesota Office of the State Auditor (http://www.osa.state.mn.us) Web site provides information about the office, online access to reports, and downloadable files from prior periods.
Mississippi Joint Legislative PEER Committee (http://www.peer.state.ms.us/index.html) Web
site for the Mississippi Performance Evaluation and Expenditure Review Committee provides
access to reports from 1974 to present in Adobe Acrobat format. There are also FAQs and links to
other sites of interest.
Mississippi Office of the State Auditor (http://www.osa.state.ms.us/) Web site provides information about the function, public documents, press releases, and links to other sites of interest.
Missouri State Auditor’s Office (http://www.auditor.state.mo.us/). Site includes information
about the office, details on reporting fraud, waste and abuse, summaries of reports, and more. For
more information, send e-mail to [email protected].
140 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Montana Legislative Audit Division (http://www.mt.gov/leg/audit/). Site provides information about the organization, access to reports, goal, audit standards, employment opportunities,
and more.
Multnomah County Auditor’s Office Home Page (http://www.multnomah.lib.or.us/aud). First
county auditor’s office to establish a home page on the Web. Includes summaries of recent auditors’ reports, an index of past reports, a profile of the office, and an auditor’s column. The page is
directed at Portland citizens with access to the Internet to let them know about the county auditor’s
office.
NARA IG (http://www.nara.gov/ig/). The National Archive and Records Administration Inspector
General’s Office home page provides a wealth of resources for IG offices. The site provides information about the role of the IG and the audit and investigation units. There are links to other
related sources and a Guide to Internet Legal Research with links to areas of special interest to IGs,
statutes, case law, regulations, legislative history, and more.
NASA Office of Inspector General (http://www.hq.nasa.gov/office/oig/hq/) Web site provides
the mission statement, information on their hotline, and summaries of the audit and investigation
sections, including sample audit findings.
National Audit Office (http://www.open.gov.uk/nao/home.htm) home page for the independent public sector audit organization in the United Kingdom. This office reports on the economy,
efficiency, and effectiveness of departments and related parts of the government. The NAO publishes up to 50 value-for-money audits annually. A listing of the reports is on the site as well as
press notices that provide an abstract for each report. The annual report summarizes their work
and results achieved.
Naval Inspector General (http://www.ig.navy.mil/New_Look.html) Web site provides information about the office, online publications, and more.
Nebraska State Auditor of Public Accounts (http://www.nol.org/home/auditor/index.html)
home page provides information about the organization, including the Special Audits and Evaluation Unit, which operates a hotline. Includes examples of complaints and concerns.
Netherlands Court of Audit (http://www.rekenkamer.nl/en/index.htm) is the official audit
organization for the government. The site includes performance and regularity audit manuals,
summaries of audit reports, the legal basis for the office, and more.
Nevada Legislative Counsel Bureau Audit Division (http://www.leg.state.nv.us/lcb/audit/
audit.htm) Web site provides information about the office, list of reports issued, organizational
structure, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 141
New Hampshire Legislative Budget Assistant (http://www.state.nh.us/lba/index.html) Web
site for the audit division provides their mission, staff directory, summaries of reports, and links to
other sites.
New Jersey Office of the State Auditor (http://www.njleg.state.nj.us/html98/olsaudit.htm)
Web site provides information about the office, mission statement, and full text of recent audit
reports in Envoy format (free reader available).
New Mexico State Auditor (http://www.saonm.org/) Web site of the office responsible for safeguarding New Mexico taxpayers’ money.
New South Wales Audit Office (http://www.audit.nsw.gov.au/) Web site includes information
about the office, roles and responsibilities, reports and publications, and more.
New York State Office of the State Comptroller (http://www.osc.state.ny.us). Well-organized
Web site provides information about the office, audits of state agencies, local government services
and audits, the State Comptroller’s Assistance Network (SCAN), links to other useful sites, and
more.
New Zealand Controller and Auditor-General (http://www.netlink.co.nz/~oag/) Office of the
Controller and Auditor-General of New Zealand provides general information, recent reports,
speeches, and international affiliations.
Non-Federal Audits Team Home Page ( http://home.gvi.net/~edoig) provides “one stop shopping” for information pertaining to single audits and other audits of education programs (SFA
audits, lender audits, etc). (Non-federal means audits of federal funds performed by non-federal
auditors.) Information is organized by source (GAO, OMB, PCIE, ED, etc.). There are links to
other related sites.
North Carolina Office of the State Auditor (http://www.osa.state.nc.us/) provides information
about the State Auditor’s Office, online access to selected audit reports, e-mail request for other
reports, and links to other sites.
North Dakota State Auditor (http://www.state.nd.us/auditor/) Web site provides information
about the office, links to audit reports, FAQs, employment information, staff directory, and a fraud
hotline.
Northern Territory Auditor-General’s Office (http://www.nt.gov.au/ago/) Web site provides
information about the office and their reports.
Nova Scotia Office of the Auditor General (http://www.gov.ns.ca/legi/audg/) Web site provides information about the office and the services offered. Includes annual reports by the auditor
general.
142 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
NYCComptNet (http://www.comptroller.nyc.ny.us). Office of the New York City Comptroller
established an Internet connection and offers other localities ideas on how to improve their financial systems and reporting, internal controls, and performance measures via the Internet.
Office of the Auditor General, Alberta, Canada (http://www.oag.ab.ca/) Web site provides a
report on government accountability and links to annual reports.
Office of the Auditor General, New Brunswick (http://www.gov.nb.ca/audgen/index.htm)
Web site provides information about the office and their publications.
Office of the Auditor General, Newfoundland and Labrador (http://www.gov.nf.ca/ag/) Web
site provides information about the office, entities subject to audit, reports, and more.
Office of the Inspector General EPA (http://www.epa.gov/oigearth/index.htm) provides information about the organization, reports, strategic plan, and more.
Office of the Inspector General University of Florida (http://oig.ufl.edu/). This Web site
contains a wealth of information for auditors in the college and university environment and others.
Includes a checklist for accounting and administrative controls, control summaries for time records
and leave, and tax compliance issues. The UF Software Copyright Policy is an excellent model,
which includes policies and guidelines, resources, and training materials. There are also links to
other sites, including the Florida Legislature.
Office of the Provincial Auditor, Ontario, Canada (http://www.gov.on.ca/opa/en/ieng.htm)
Web site provides information about the office and links to audit reports by ministry and program.
Office of the Provincial Auditor, Saskatchewan (http://www.legassembly.sk.ca/provaud/) Web
site provides information about the office, reports issued, and more.
Ohio Auditor of State (http://www.ohio.gov/auditor/). The Ohio State Auditor Office provides
information about the office and its division, audit reports released, technical bulletins, publications, links to related sites, and more.
Ohio Office of the Inspector General (http://www.ohio.gov/watchdog/) Web site provides information about the office such as mission and history. There are summaries of investigations,
investigation reports, annual reports, FAQs, and more.
Oklahoma State Auditor (http://www.state.ok.us/~auditor/) Web site includes agency information, audit reports, and forms.
___________________________________ Chapter 6 — Internet Resources for Auditors 143
Orange County Florida Audit Division (http://www.comptroller.co.orange.fl.us/audit/
audit.html) Web site provides information about the office, the audit process, a fraud hotline, and
a list of published reports back to fiscal year 1987.
Orange County Internal Audit Department (http://www.oc.ca.gov/audit/index.htm) Web site
for this California county provides information about the office, control self-assessment, internal
control, and more.
Oregon Secretary of State Audits Division (http://www.sos.state.or.us/audits/audithp.htm)
Web site includes information about the office, report summaries, fraud hotline, and more.
Orlando Internal Audit Office (http://www.ci.orlando.fl.us/departments/audit/) Web site provides their mission statement, a list of available audit reports, links to their hotline, revenue auditing, and more.
Pennsylvania Auditor General (http://www.auditorgen.state.pa.us/). Interactive tour of
Pennsylvania’s Taxpayer Advocate provides information about the office, audit results, and career
opportunities.
Philadelphia Office of the City Controller (http://www.libertynet.org/~citycont/) Web site
provides information about the office, access to city economic information, and a searchable audit
database.
Portland City Auditor’s Office (http://www.ci.portland.or.us/auditor/pdxaudit.htm) Web site
includes general information about the City of Portland, Oregon Audit Services Division. Includes list of all audit reports issued, abstracts of audits, and links to other resources.
Public Service Commission of Canada Audit and Review (http://www.psc-cfp.gc.ca/audit/
internet/recourse.htm) Web site includes information about the PSC, monographs and reports,
methodologies used, and links to other related sites.
Queensland Audit Office (http://www.qao.qld.gov.au/) home page includes information about
the office and links to other sites.
Review Information Network (http://www.tbs-sct.gc.ca/rin/) Web site provides audit publications and guides from the Treasury Board of Canada.
St. Charles County Auditor (http://www.win.org/county/depts/sccgaud.htm) Web site provides information about the office, their annual audit plan, links to audit reports, and more.
144 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Saipan, Office of the Public Auditor (http://www.opacnmi.com/) Web site for the official auditor of the Commonwealth of the Northern Mariana Islands provides information about the office,
reports issued, government ethics, links to other resources, and more.
San Diego Auditor’s Department (http://www.co.san-diego.ca.us/cnty/cntydepts/general/auditor/) Web site provides information about the department, goals, services, job information, FAQs,
and more.
San Jose Office of the City Auditor (http://www.ci.san-jose.ca.us/auditor/www.shtml) Web
site provides information about the office, types of audits performed, FAQs, benefits to the city,
organizational charts, and a list of issued audit reports.
Seattle, Office of the City Auditor (http://www.pan.ci.seattle.wa.us/seattle/audit/hpg.htm)
Web site for the city’s independent auditor provides audit reports, a description of the audit process, a whistleblower’s page, links to other audit offices, an excellent newsletter with a performance theme, and more.
South Australia Auditor General (http://www.audit.sa.gov.au/) government Web site provides
information about their office and the reports issued.
South Carolina Audit and Certification (http://www.state.sc.us/mmo/audit/audmenu.htm)
Web site provides information about the office, audit program, internal control questionnaire, and
more.
South Carolina Comptroller General (http://www.state.sc.us/cg/news.htm) Web site provides
information about the organization, monthly financial reports, their Comprehensive Annual Financial Report, and more.
South Dakota State Auditor’s Office (http://www.state.sd.us/state/executive/auditor/
auditor.htm) Web site provides information about the office and the tasks performed.
South Florida Water Management District (http://www.sfwmd.gov/gover/2_intaudit.html)
Inspector General’s Office Web site has information about the office, charter, audit reports, and
more.
Tallahassee Auditing Department (http://www.state.fl.us/citytlh/auditing/audhompg.html)
home page provides information about the office, its staff, and a list of recent audit reports.
Tampa Internal Audit Department (http://www.ci.tampa.fl.us/audit/index.htm) is the Web
site for the city audit office. The site includes information about the office, current audit agenda,
audit programs, audit reports, tax information, links to related sites, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 145
Tasmanian Audit Office (http://www.audit.tas.gov.au/) site includes information about the office, audit reports, and links to other Australian audit sites.
Tennessee Comptroller of the Treasury (http://www.comptroller.state.tn.us/) Web site provides information and reports released for the office that has audit responsibility for all counties in
the state.
Tennessee Valley Authority Office of the Inspector General (http://www.tva.gov/oig) home
page with information about the office and links to other audit, finance, and business-related sites.
For more information, send e-mail to [email protected]/.
Texas Comptroller of Public Accounts (http://www.cpa.state.texas.us/) Web site provides news
and information, including comptroller publications, e-mail link to the comptroller, and links to
other related servers.
Texas State Auditor’s Office (http:// www.sao.state.tx.us/) Web site has information about the
mission, goal, objectives, and statement of values of the SAO. Key points of reports released since
1994 and the full text of reports released since 04/96 is available online. Resources include Acrobat versions of the Guide to Performance Measurement and the SAO Methodology Manual. Another downloadable file is CAFE (Comprehensive Analysis for Efficiency), a visual basic application that contains summary information from various Texas state databases. Audit resource links
on the Internet, employment opportunities, and training schedules for Texas State Agency internal
auditors are also included on this comprehensive Web site.
Tulsa City Auditor’s Office (http://www.webzone.net/philwood/) Web site provides links to
audit reports, audit and accounting resources, and more.
United Nations Office of Internal Oversight Services (http://www.un.org/Depts/oios/) Web
site for the internal auditing function of this worldwide organization provides information about
the office, mandate, mission statement, activities, and reports.
U.S. Army Audit Agency (http://www.hqda.army.mil/AAAWEB/) Web site provides information about the agency’s mission, vision, values, goals, and strategic plans. There are links to
audit-related sites, government sites, and search engines.
U.S. Army Internal Review (http://www.asafm.army.mil/IR/IR.htm) Web site has information about their mission, services, training program, internal review guide, audit programs, and
links to other resources.
146 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
U.S Army Training and Doctrine Command Center OIRAC (http://www
tradoc.monroe.army.mil/irac/). The Office of Internal Review and Audit Compliance Web site
contains listings of ongoing audits from Army Audit Agency, DoDIG, General Accounting Office,
and local internal review audits. There are also past audit reports from GAO, Army Audit Agency,
and other select audits. The site also includes pointers to selected audit resources geared to the
internal review audit community.
U.S. House of Representatives OIG (http://thomas.loc.gov/home/audit.html) Web site provides financial statements and performance reports issued. Reports are in PDF format and require
the Adobe Acrobat Reader.
U.S. Postal Service Inspector General (http://www.uspsoig.gov/oiginfo.htm) Web site has links
to information about the office, hotline, reports, and more.
Utah State Auditor’s Office (http://www.sao.state.ut.us/) Web site provides information about
the office, a mailing list of local governments, access to audit reports, an audit hotline, and more.
Utah’s Legislative Auditor (http://www.le.state.ut.us/audit/lag.htm) home page of Utah’s Legislative Auditor General. Provides information about the office, the purpose of performance audits, and abstracts of recent audit reports.
Victoria Auditor General’s Office Australia (http://www.vicnet.net.au/~vicaud1/aghome.htm)
home page includes information about the office, abstracts of reports, and links to other audit
offices and resources. Reports include a performance audit of the office by Price Waterhouse,
Privatisation: An Audit Framework for the Future, and more.
Virginia Auditor of Public Accounts (http://www.apa.state.va.us/) Web site for the commonwealth organization that conducts audits of state agencies and local governments. Site includes
audit reports for online viewing, information about the office, a directory, and recruiting information.
Virginia Department of State Internal Auditor (http://www.cns.state.va.us/dsia/) Web site
provides information about the office, newsletters, job opportunities, an audit forum to discuss
relevant issues, and more.
Virginia Evaluation Information Online (http://jlarc.state.va.us/). The Joint Legislative Audit
and Review Commission home page provides information about members, meeting schedules,
and reports issued back to 1975. There is a chronological list of all reports issued, an annotated
index of reports, and online report summaries for selected reports back to 1993.
Washington State Auditor’s Office (http://www.sao.wa.gov/) site provides information about
the office and links to legal and audit resources.
___________________________________ Chapter 6 — Internet Resources for Auditors 147
Washington (State) Legislative Budget Committee (http://www.wa.gov/lbc/) site for the LBC,
which conducts performance audits, program evaluations, special studies, and sunset reviews on
behalf of the Legislature and the citizens of the state of Washington. The committee makes recommendations to the Legislature and state agencies that will result in cost savings and improved
performance in state government.
West Virginia State Auditor’s Office (http://www.wvauditor.com) site provides information
about the office, guides, and reports.
Western Australia Office of the Auditor General (http://www.audit.wa.gov.au/) site provides
information about the office and includes an index of reports from 1991. Recent reports are available online.
Wisconsin Legislative Audit Bureau (http://www.legis.state.wi.us/lab/index.html) Web site
provides information about the office and their work products.
Wyoming Department of Audit (http://audit.state.wy.us/) Web site provides information about
the organization’s divisions.
Internal Auditing
These are primarily links to corporate internal auditing departments or Web sites focusing on
internal auditing. The resources of AuditNet are included in this category as a central clearinghouse for internal auditors using the Internet as an auditing tool.
Accounting and Audit Resources (http://www.disastercenter.com/audit.htm) from the disaster center provides a comprehensive list of links to related sites. The links to accounting and audit
associations and organizations is especially useful.
Ameritech Internal Audit Services (http://www.ameritech.com/corporate/internalaudit/
index.html) Web site provides information about the office and the services offered. Auditors will
find information on self-directed work teams, benchmarking, and more.
ANet Mailing Lists (http://www.csu.edu.au/anet/lists/). One of the major services provided by
ANet is mailing lists in a range of areas. The principal mailing list is ANews-L, which provides
information on a variety of upcoming events, new publications, and important developments on
the Internet. Archives of the various ANet lists are maintained on the site.
ANZ Internal Audit Group Mailing List (http://www.curtin.edu.au/curtin/audit/
mailing%20list.htm) allows for the free exchange of ideas for internal auditors of Australian and
New Zealand universities and other interested participants. The site provides information for
subscribing to the ANZUIAG-L list. This list was previously called INTAUDIT-L).
148 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
ANZUIAG (http://www.curtin.edu.au/curtin/audit/anzuiag1.htm) is the Web site for the Australian & New Zealand internal audit group at the University of South Australia. This page provides links to other Australian and New Zealand universities.
Arthur Andersen KnowledgeSpace® for Internal Auditors (http://www.knowledgespace.com)
is a customized source of internal audit resources, tools, methodologies, checklists, and self-assessment surveys. The site provides access to Arthur Andersen’s Global Best Practices knowledge
base for business process improvement. You can sign up online for a free 30-day trial of this
subscription-based Web site.
Audit Software and Security Utilities (http://www.rawnet.co.uk/) Web site provides
downloadable demos of audit-related software and security programs, including a random password generator, NT and Netware Security, software inventory, and more.
Auditing Home Page (http://www.uwm.edu:80/dept/Auditing/) guidance tool for students or
individuals interested in auditing. Site was established by a group of accounting majors at the
University of Wisconsin-Milwaukee. Includes a description of what auditing is, who performs,
professional associations, business schools, and courses. Provides links to accounting sites on the
Internet as well as accounting and software.
Audit-L Discussion List. A generalized audit discussion list that is open to all auditors irrespective of industries and organizations. The list is intended to have a diverse membership so that
broad perspectives from all auditors could be gained through interactive communication. While
many specialized lists were created to address unique needs of specific industries or special interest groups, the concept of this list recognizes that many audit issues cross industry/organizational
lines. Send subscription request to [email protected] with one line in the
body of the letter: SUB AUDIT-L yourname.
Auditmall (http://www.vfauditmall.com/) Web site for VF Internal Audit: The internal auditing
department of VF Corporation, a Fortune 500 apparel company. Topics include internal audit
philosophy, internal controls, control self-assessment, employment opportunities, links to related
sites, and much more.
AuditNet Accounting/Audit/Finance Email Directory (http://www.ecu.edu.au/mra/resources/
auditnet.html). The AuditNet Email List was established for the purposes of fostering electronic
communications among auditing professionals in government, industry, and academic institutions. Listing in the AEL is by request. The e-mail directory is being maintained at Edith Cowan
University. E-mail the following request to [email protected]:
___________________________________ Chapter 6 — Internet Resources for Auditors 149
Please include me in a directory of e-mail addresses of auditors. I understand that this information
will be used as a networking tool for auditors to maintain a communications link.
Full Name (your REAL name, please):
E-mail Address:
Occupation:
Company/Organization Name:
Organization’s Web Page Address (if applicable):
Industry Title:
City:
State:
Country:
Your Personal Web Page Address (if applicable):
AuditNet Communication Network for Internal Auditors (http://www.auditnet.org/
acnia.htm). An electronic bulletin board providing internal auditors with a place to communicate
with other professionals. Areas include internal auditing best practices (AuditBest), conferences
and training seminars (AudiTrain), Internet books of interest to internal auditors (AuditBooks),
job notices (AuditJobs), and other timely information.
AuditNet Home Page (http://www.auditnet.org/) is the central site containing information about
the components of AuditNet, including the AuditNet Resource List (KARL), Auditors Sharing
Audit Programs (ASAP), AuditNet E-Mail Directory, and more. Links to the KARL and indexed
pages facilitate connecting to related resources.
AuditNet Internet Use Policy Resources for Internal Auditors (http://www.auditnet.org/
iupaudit.htm) Web site provides links to policy resources for Internet use, security, e-mail, and
other related topics.
AuditNet-L is a monthly mailing from AuditNet that provides the latest additions to the AuditNet
Resource List, new audit programs added to Auditors Sharing Audit Programs, and more. To
subscribe to AuditNet-L, which includes the monthly updates to Internet Resources for Auditors,
send an e-mail to [email protected] and, in the body of the message, put SUBSCRIBE
AUDITNET-L (your name).
AuditNet Resource List Home Page (http://www.auditnet.org/karl.htm). The official hypertext
version of the AuditNet Resource List (KARL) that provides the most recent set of links to auditrelated resources on the Internet.
AuditNet Year 2000 Resources for Auditors (http://www.auditnet.org/y2kaudit.htm) Web
site provides links to year 2000 resources for auditors.
150 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
AuditZine (http://www.auditnet.org/aud_zine.htm) compilation of articles related to audit and
accounting uses of the Internet. Provides links to articles or a bibliography entry of the article for
ease of location.
Bank Internal Auditing (http://members.xoom.com/bankauditing/) is an e-library for bank
internal auditing with links to related resources.
Certified Internal Auditor Information (http://www.theiia.org/cia/ciacvr.htm) provides information for the CIA certification and examination. Provides details about the certification and
examination, including exam locations and dates.
Credit Union Internal Auditors Mailing List Discussion list for credit union internal auditors.
To join this Internet mailing list, send an e-mail to [email protected] and include “subscribe cu-ia” in the body of the message. (Knowledge Assembly Resource)
EDIFICAS Schwiez (http://www.firmnet.ch/edificas/) awareness group formed to establish EDI
accounting and auditing guidelines. Includes an excellent article, “The Auditor in the EDI Environment,” which discusses the auditor’s role, answers to new requirements, and the auditor’s use
of information technology.
Florida Progress Corporation Audit Services (http://www.fpc.com/audits) Web site is provided as a service to the audit community. Includes audit programs and internal control questionnaires, an Excel statistical sampling routine, and more.
Internal Audit Newsgroup (Alt.business.internal-audit). Internal audit newsgroup formed September 5, 1994, for discussion of internal auditing related subjects. Open forum to share ideas,
proposals, experiences, hopes, fears, and vulnerabilities. Access via Usenet newsreader or on
America Online Internet Center or GO Usenet on CompuServe.
Internal Audit Stakeholders (http://athens.bitwise.net/iawww/) is a database of internal auditing professionals who have voluntarily listed their names, areas of interest, and e-mail addresses
on the Internal Auditing World Wide Web site. This is a great resource for auditors looking for
peer professional contacts. Look in the People Section.
Internal Auditing Resource Center (http://members.tripod.com/~sisaac/index.html) Web site
from Automation Consulting links to auditing software, auditing sites, and more.
Internal Auditing World Wide Web (IAWWW) http://www.bitwise.net/iawww. Developed
as a prototype demonstration project, the site functions as a warehouse of information and knowledge pertaining to the internal auditing profession and functions across associations, industries,
and countries. This is a premier source of information on the internal auditing profession. Send email to [email protected].
___________________________________ Chapter 6 — Internet Resources for Auditors 151
Jefferson Laboratory Internal Audit Department (http://www.jlab.org/div_dept/audit/
index.html) Web site provides the charter, strategy, methodology, reports and work plans, and
more.
New Mexico Military Institute Internal Audit (http://www.nmmi.cc.nm.us/audit/Guest.html)
site provides information about the department, FAQs, and links to other resources.
Union Pacific Corporate Audit (http://www.up.com/audit/) provides information about the
department and employment opportunities.
College and University Auditing
Colleges and universities were early users of the Internet because, along with the government,
they played a role in research and development. The internal auditing departments of colleges and
universities are established denizens of the Internet. Most of their sites provide guidance on internal controls and security issues that auditors will find particularly useful. Their foundation in the
use of the Internet makes them likely candidates for answering questions that perhaps other auditors cannot answer. Use their sites as a meta-information resource and do not hesitate to contact
them via e-mail if the resources you are looking for are not available on their Web pages.
Auburn University Internal Audit Department (http://www.auburn.edu/~auaudit/) home of
the internal audit department. Provides information about the department, FAQs, a Guide to Internal Controls, Ask an Auditor, the Fraud Hotline, and more.
Boston College Internal Audit (http://www.bc.edu/bc_org/fvp/ia/home/home.html) is the Information Security and Internal Control Awareness home page from the Boston College internal
auditing department. Site includes information about the office, network security, software copyright information, end-user computing, and AuditNews that covers articles of interest to auditors
compiled from other journals.
California Institute of Technology Internal Audit Department (http://www.cco.caltech.edu/
~iaudit/~iaudit.html) Web site provides information about the office, internal control descriptions, the audit process, and more.
Columbia University Internal Audit (http://www.columbia.edu/cu/ia/). The Columbia University Web site has a section devoted to their internal auditing department. The section includes
“A Guide to Internal Controls,” “Internal Control Issues,” and “Auditing at Columbia University:
A Service to Management.” The last document is an excellent guide that other audit organizations
can follow to educate management and departments about internal auditing.
Curtin University Internal Audit Department (http://www.curtin.edu.au/audit/index.htm)
Web site includes their charter, mission, resources, and links to other Internet locations.
152 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Duke University Internal Audit (http://www.duke.edu/web/iaudit/audit.html) Web site provides information about the office, a self-assessment survey, and more.
Edith Cowan University Management Review and Audit (http://www.cowan.edu.au/mra)
ECU MRA site includes information about the function and their audit plan. Also includes articles
written by staff, links to other Internet audit resources, e-mail discussion lists, and search tools.
Emory University Office of Internal Audit (http://www.cc.emory.edu/IAD/home.html) Web
site provides background information, staffing, mission, and more.
Gallaudet University Management and Advisory Services (http://www.gallaudet.edu/
~auditweb/index.html) Web site provides information about the office, audit programs and review kits, links to other resources, and more.
Harvard University Internal Audit (http://www.harvard.edu/internal_audit/HUIA.html) site
provides information about the office, audit tools and techniques, policies and procedures, and
publications on passwords and software copyright. The questionnaire for conducting a departmental review is a useful document that can be customized by other audit organizations.
Indiana University Internal Audit (http://www.indiana.edu/~iuaudit/main.html) Web site
provides information about the staff, organizational structure, information and publications, and
more.
Princeton Office of Internal Audit (http://webware.princeton.edu/Audit/) site provides information about the office, their charter, objectives, audit guidelines, and links to other useful resources.
Purdue University Internal Audit (http://www.purdue.edu/OOP/AUDIT/index.html) Web
site provides information about the office, a guide to internal controls, links to other resources, and
more.
RMIT Internal Audit Group (http://www.rmit.edu.au/departments/ia/) is the Web site for the
auditors of the Royal Melbourne Institute of Technology. The page includes information about the
department, charter, FAQs, links to other audit sites, and more.
Rutgers Accounting Web (RAW) (http://www.rutgers.edu/Accounting/) site located at Rutgers
University mirrors the ANet WWW site.
Stanford University Internal Audit (http://www-portfolio.stanford.edu/104401/) Web site
provides information about the department, their audit program, an Audit Survival Guide for management, internal control factors, a Novell Network Security Self-Assessment, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 153
Syracuse University Internal Audit Department (http://sumweb.syr.edu/internal_audit/)
contains useful information for all audit departments. The site includes information on the department, policies, procedures, and more. There is proactive information provided for the department’s
customers such as password suggestions, computer security improvement suggestions, self-assessment documents, brochures, videos, and more. There is guidance for university departments
on self-audit for computers as well as administrative areas, including cash handling, inventory
tracking, revenue, budget, personnel, and computing issues.
Texas A&M University System Internal Audit Department (http://sago.tamu.edu/iaudit/)
Web site provides information about the office, internal controls, an overview of the audit process,
and more.
Thomas Jefferson University Internal Audit Department (http://physres2.uns.tju.edu/
internal.audit/) Web site provides background about the organization, audit plan, internal control
guidance, and more.
UCAR Internal Auditing (http://www.fin.ucar.edu/), the Web site for the University Corporation for Atmospheric Research, provides information about the office, FAQs, a guide to internal
controls, Ask-An-Auditor, and more.
UNCW Internal Audit (http://www.uncwil.edu/ia/Index.htm) Web site of the University of
North Carolina at Wilmington includes information about the department, their audit manual, an
excellent set of forms for control self-assessment, and more.
University of Arizona Internal Audit (http://w3.arizona.edu/~audit/) Web site provides information about the office, links to policies and procedures, and related sites.
University of Buffalo Internal Audit Program (http://www.mgt.buffalo.edu/departments/
AandL/intaudit/) Web site for an endorsed internal audit program at the university. Site provides
information about internal auditing, career opportunities, program course requirements, certification, student organizations, and more.
University of California, Berkeley Internal Audit Department (http://www.audit.berkeley.edu)
Web site provides information about the office, planning, process, controls, and more.
University of Chicago Internal Audit (http://www uccomp.uchicago.edu/audit/audit.htm)
site provides information about software piracy, internal control, the policy on information technology resources, and a link to ACUA.
University of Idaho Auditing Services (http://www.uidaho.edu/admin/FnA/audit/) Web site
provides information about the office, an Internal Control Self-Assessment Checklist, and more.
154 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
University of Iowa Internal Audit (http://www.uiowa.edu/~intaudit/index.html) site provides
audit plans, mission statement, department news, and links to other university internal audit Web
pages.
University of Manitoba Internal Audit (http://www.umanitoba.ca/admin/internal_audit/
admin/internal_audit/) Web site provides information about the office, FAQs, resources, review
checklists, and more.
University of Maryland, Internal Audit Office (http://www.umsa.ums.edu/iao/) site provides
the IAO charter, procedural guidelines, an electronic brochure, a link to an anonymous re-mailer,
and more.
University of Massachusetts Accounting and Auditing Information (http://www.umass.edu/
acctg). This site is designed primarily as an information source for students. There are links to
accounting sites, including accounting organizations, public accounting firms, and other sources
of information. There is also a section that provides selected course materials, including Introduction to Financial Accounting, Cost Accounting, and Auditing. Included is a syllabus, a list of class
projects, and practice exams. The exams are structured like professional exams with a combination of multiple-choice and essay questions.
University of Melbourne Internal Audit (http://www.unimelb.edu.au/audit/) site includes a
strategic planning and management procedures manual. The manual describes a computer-based
system used for planning, monitoring, and reporting audit activity. This is an outstanding example
of auditors sharing knowledge and techniques in the pursuit of global audit excellence.
University of Missouri Internal Audit (http://www.system.missouri.edu/audit/) Web site provides information about the office and FAQs.
University of New Hampshire Internal Audit Department (http://marley.unh.edu/audit/) Web
site provides information about the department, policies and procedures, FAQs, flowcharts, previously issued reports, and an excellent list of common audit findings.
University of Notre Dame Audit and Advisory Services (http://www.nd.edu/~auditing/) Web
site describes the office, services, policies and procedures, and more.
University of Rochester University Audit (http://listener.uis.rochester.edu/audit/) home page
provides information about the office, a description of internal controls, links to other sites, and
more. There is a Top 10 List of Typical Audit Findings that auditors may find interesting.
___________________________________ Chapter 6 — Internet Resources for Auditors 155
University of Waterloo Internal Audit Department (http://www.adm.uwaterloo.ca/infoia/)
site provides background information on audit reviews, information on internal controls (why they
are necessary), policies and procedures, and more.
University of West Florida Office of Inspector General (http://www.uwf.edu/~oig/oig.htm)
site provides information about the office, mission statement, strategic plan, and audit and management advisory services. Includes links to auditing resources and more.
UT System Audit Office (http://www.utsystem.edu/AUD/) is the Web site for the University of
Texas System Audit Office. The site provides information about the office, the services they offer,
various resources including audit programs, and a participant manual for a control self-assessment
workshop.
UWS Nepean Internal Audit (http://www.nepean.uws.edu.au/dvc/intaudit/) is the Web site
for the University of Western Sydney Internal Audit Office. Includes their fraud control strategy,
audit plan, the role of internal audit, and links to related Internet sites.
Virginia Polytechnic Institute Internal Audit Department (http://www.ams.vt.edu/) provides
information about the office, policies and procedures, and an internal control guide for managers.
Washington State University Internal Audit (http://www.wsu.edu:8080/~intaudit/
a_page1.html) Web site provides the mission and objectives of the office, information about
audits, and more.
West Virginia University Internal Audit Office (http://www.wvu.edu/~inaudit/). This site
provides information about the internal audit program at WVU. Includes the charter, types of
audits conducted, selection and scheduling, audit policies, other resources available, and links to
other audit sites.
Wichita State University Office of Internal Audit (http://twsuvm.uc.twsu.edu/~iawww/) site
includes FAQs, their charter, and a link to ACUA.
156 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Information Systems Auditing
Information systems (IS) auditing is a term that most auditors recognize. The information age has
made this branch of auditing an integral part of most auditing departments. Many organizations
have merged their traditional audit functions with IS auditing capabilities creating an integrated
audit team. Auditors with information technology competence skills will command a premium in
millenium audit organizations. Internet resources on information systems issues will expand exponentially as organizations shift more of their business to the global economy.
COBIT Listserv (COBIT-List) - created to facilitate discussion about COBIT among members,
ISACA has created a COBIT listserv. By exchanging knowledge through the listserv, subscribers
are sure to find answers to their questions and advice for improving implementation procedures.
Subscribe to the COBIT listserv by sending the following e-mail message to [email protected],
SUBJECT: subscribe and leave the MESSAGE BODY blank.
Computer-Assisted Audit Tools and Techniques (CAATT-L) is a forum for exchange of ideas,
experiences, and information related to automated audit tools and techniques, such as generalized
audit software, test data generators, computerized audit programs, specialized audit utilities, and
automated audit workpapers. It is a closed discussion list hosted by RAIN, a regional networking
services provider. To subscribe, include “subscribe” in the body of your e-mail message to [email protected].
Enterprising Associates (http://members.aol.com/ealimited/OURPAGE/ealindex.htm) is an
information technology audit, computer security, and consulting practice. The site includes The
Computer Advisory with articles on computer security and auditing. A free ram resident utility
providing a fix to the year 2000 problem for PCs is also available for download.
Interactive Data Extraction & Analysis (http://www.cica.ca/idea/) home page for IDEA, an
audit automation package. Provides information about the product, a downloadable demo, guidelines for requesting computer data, and an article dealing with the year 2000 issue. What’s New
provides updates about the product, training opportunities, and links to IDEA-related topics.
IS Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/kits.html) from
Slemo Warigon at Gallaudet University includes ready-to-use IS/IT audit program and security
review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions
organized to lead you through the audit or review. This is an excellent site for jumpstarting an IS
security review or audit.
___________________________________ Chapter 6 — Internet Resources for Auditors 157
IS Audit List (isaudit-list). The IS audit list server provides IS auditors with a forum to freely
discuss topics affecting the profession, including career development issues. The site is sponsored
by Gerry Myers Associates, an IS audit consulting and recruiting firm. To subscribe to the list
server, address your request to [email protected] with the word SUBSCRIBE in the subject
field only. You will receive an acknowledgment welcoming you to the list with important information on the usage of the list server.
IS Auditing Business Research Projects (http://www.csupomona.edu/~cis/gallegos/
msbaproj.html) Web site containing project topics and abstracts for student research going back
to 1983. Many recent projects cover Internet-related topics.
ITAudit.org (http://www.itaudit.org/) is The Institute of Internal Auditors Web site dedicated to
information technology (IT) information needs of auditors at all levels. Features include a forum
for timely, interesting articles on IT topics; a reference section containing links to useful information resources on the Net, including AuditNet; a conference section with threaded and interactive
discussions; and a Yellow Pages section containing links to technology products and services that
auditors need.
PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L). A listserv devoted to
PeopleSoft Security, Audit, and Control has been created. To subscribe to this list, send an e-mail
(with your signature feature turned off) to: [email protected]. Include no subject
line. In the body of the message, type: subscribe PSSAC-L yourfirstname yourlastname (example:
subscribe PSSAC-L Jane Doe).
Windows NT Security Guidelines (http://www.trustedsystems.com/NSAGuide.htm) from
Trusted Systems Services provide guidelines for securely configuring the Windows NT operating
system. The 110-page guidelines are the result of a one-year project for the National Security
Agency (NSA) Research Organization.
158 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Business Resources
Business resources include sites that would be of interest to financial professionals in areas such
as business process reengineering, business management, benefits, risk, and quality issues. These
sites also provide links to other business-related resources on the Internet and vendors of business-related services for audit organizations.
Corporate World Wide Web Strategy: Development, Implementation, and Audit (http://
ourworld.compuserve.com:80/homepages/bfelmly/webdoc.htm). This is an excellent guide for
information systems audit professionals.
Cost Performance Model for Assessing WWW Service Investments (http://
www.ctg.albany.edu/projects/inettb/SpreadSheets.html) is a set of tools designed to assist organizations in estimating the likely costs and benefits of developing a Web-based service. This is
an excellent tool for auditors looking to evaluate the organizational cost and ROI for Web-based
services.
Data Collection and Analysis Site (http://www.deakin.edu.au/~agoodman/sci101/). Web site
from Deakin University in Australia provides a comprehensive guide on the scientific process of
collecting and analyzing data. Particularly useful chapters for auditors on surveys, sampling, and
techniques.
Economic Indicators (http://www.gpo.ucop.edu/catalog/econind.html) from the Government
Printing Office provides access to the monthly federal economic indicators. Great site for statistical economic analysis information.
Economics of the Internet (http://www.sims.berkeley.edu/resources/infoecon/) Web site provides data on the economics of the Internet, information goods, intellectual property, and related
goods. Worthwhile site for auditors looking for background information for Internet audits.
Environmental Finance Financial Tools Guidebook(http://www.epa.gov/efinpage/guidebk/
guindex.htm) EPA reference guidebook of more than 250 tools for financing environmental programs. Great reference tool for auditors reviewing environmental programs and their respective
financing.
Financial Ratios (http://www.americanexpress.com/smallbusiness/resources/managing/
ratios.shtml) page from American Express provides a guide for understanding 10 key financial
ratios. Auditors who perform financial statement analysis should consider bookmarking this page.
___________________________________ Chapter 6 — Internet Resources for Auditors 159
Information Management Forum (http://www.infomgmtforum.com/). International association of information and business executives. Site provides information on strategic uses for information technology and implementation planning and management. Discussions include current
trends, year 2000 issues, and more. There are abstracts of reports on technology research, technology management, and transcripts of CIO presentations.
Institute for Business and Professional Ethics (http://www.depaul.edu/ethics/) Web site at
DePaul University devoted to the subject of ethical behavior. Includes professional and ethics
resources, an ethics calendar, Ethics Beat, and more.
International Financial Encyclopedia (http://www.euro.net/innovation/Finance_Base/
Fin_encyc.html) Web site of an Interactive Financial Encyclopedia. There is also a link to
Innovation’s Guide to Management and Technology, an online book that is a professional’s survival guide for technology in the information age. Book sections include Accounting (Control and
Monitoring), Finance, and Economics. This is an excellent desktop reference for auditors interested in the impact of technology on the organization.
Internet Learning Materials for MBA Students (http://bized.ac.uk/fme/) Web guide from BizEd
focused on MBA studies. Sections provide links and research tips for accounting and finance,
business economics, human resource management, marketing, strategy, and operations management.
Knowledge World (http://www.ec2.edu/kworld/index.html) is a comprehensive Web site covering issues on knowledge management, including a small business advisor, education center,
white paper, and more.
Litigation Cost Control Resource Center (http://www.tiac.net/users/svoltz/freebies.htm). Web
site dedicated to information on controlling the cost of litigation. A free Litigation Cost Control
Manual and other advice is available by e-mail.
Management Link (http://www.inst-mgt.org.uk/external/mgt-menu.html) is a comprehensive
site developed by Information Researchers at the Institute of Management’s Management Information Centre. There are links to sites on management skills and management sources.
Nijenrode Business Resources (http://library/nyenrode.nl/) comprehensive list of business resources maintained by Nijenrode University in the Netherlands. Provides links to business resources on the Internet.
Professional Ethics Resources on the WWW (http://www.ethics.ubc.ca/resources/professional)
provides links to sites on the subject.
160 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Professionals Online (http://www.prosonline.com) Directory of WWW sites organized by profession. Classifications include accounting, finance, business, and more. Resources for accountants are organized into CPA Exam, Theory, Practice, Auditing, Commercial Law, Tax, SEC Accounting, and more. Financial resources include business and personal finance and digital cash.
Project Management Institute (http://www.pmi.org) Web site for the organization for project
management professionals includes information about the organization and available resources.
The site includes a comprehensive Guide to the Project Management Body of Knowledge. The
guide is in PDF format and requires an Adobe reader (available for free). The guide alone makes
this site a sure bookmark for all auditors, accountants, and financial professionals.
StudyWeb (http://www.studyweb.com/) is a site designed for researching a variety of topics
using the Internet. The business and finance category includes topics for accounting, economics,
federal reserve banks, finance, glossaries, investing, and newspapers on the Web.
Swedish School of Economics and Business Administration in Helsinki, Finland, Department of Accounting Web site (http://status.shh.fi/Depts/Redovis) includes tutorials and working papers. “The Property of Audit Trail” by Anders Tallberg analyzes the concept from the perspective of computer security and accounting systems. Includes links to accounting-related sites.
WebEc (http://www.helsinki.fi/WebEc/) is an effort to categorize free information in economics
on the Web. An excellent site for anything related to economics resources on the Internet.
Control Self-Assessment Resources
Corporate governance, control self-assessment, and control risk assessment all refer to a new
method of assessing risk and controls within organizations. Auditors are adapting to these new
models and methodologies to meet the needs of the companies and organizations for which they
work. The following sites provide different approaches taken by these entities as well as a knowledge base for auditors examining how to implement the process. The Institute of Internal Auditors’ Control Self-Assessment Center provides a repository of information, including the Certification in Control Self-Assessment.
CoActive Connection (http://www.coactiveconnection.com). The Tongren and Associates Web
site provides information on CoActive Audit, CoActive Control, CoActive Governance, and
CoActive Risk as well as a library of articles on the above principles.
Control Co-Assessment (http://www.vfauditmall.com/Cca/ccashop.HTM) provides the VF
Corporation’s approach to control self-assessment.
___________________________________ Chapter 6 — Internet Resources for Auditors 161
Control, Risk and Governance (http://www.cica.ca/) from the Canadian Institute of Chartered
Accountants provides an overview of the Criteria on Control, the exposure draft CoCo report,
newsletters, publications, and articles from CA Magazine. Look under Studies and Standards in
What’s New July-September 1998. Great resource for auditors implementing CSA.
Control Self-Assessment (http://vpf-web.harvard.edu/audit/home/CSA_frame_bot.html) from
Harvard University provides an introduction, questionnaire, guidance on completing the questionnaire, and reference material.
Control Self-Assessment (CSA-L) Mailing List. An unmoderated discussion list devoted to CSA
and open to anyone with an interest in discussing related issues. CSA is a process that allows work
groups to identify or refine the business and quality objectives that they should be fulfilling, while
assessing the adequacy of plans and controls in place to meet those objectives. To join the list,
send a message to [email protected] with the text SUBSCRIBE CSA-L. You will receive
an acknowledgment and a message with administrative issues.
Control Self-Assessment Center (http://www.theiia.org/csa/csa.htm) at The Institute of Internal Auditors provides comprehensive information and material on CSA, including qualification,
certification, conferences, seminars, and educational products.
Control Self-Assessment Resource Center (http://www.jhw.com/~jhw/csa/) Web site provides
links to CSA resources available on the Internet.
Control Self-Assessment Workshop (http://www.utsystem.edu/AUD/Resource/csaintro.htm)
Participant Manual is available from the UT System Audit Office. The manual serves as an excellent example of a training document for the CSA process.
Controls Assessment Tool (http://www.oig.ufl.edu/cat/) comes from the University of Florida
Office of the Inspector General. The survey consists of questions that address controls in a variety
of business processes, such as planning and policy making, budgeting and performance measurement, procurement, personnel and fiscal management, and more.
Corporate Governance (http://www.corpgov.net/) Web site covers issues related to management accountability within organizations. There are links to sample policies, library reference
materials, forums, and more.
Facilitation Skills Course (http://www.dtic.mil/c3i/bprcd/4122.htm) from the DoD Electronic
College of Process Innovation is a complete workshop on the topic. Excellent resource for auditors implementing a CSA approach in their organization.
162 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Framework for Internal Control Systems in Banking Organisations (http://www.bis.org/
publ/bcbs40.htm) from the Bank for International Settlements is available for download from
their Web site.
Internal Control (http://137.21.52.50/CTRL.HTM) from the State University of New York at
Brockport provides information about their program. The site includes a definition, human resource internal controls, general and specific standards, and more.
Internal Control and Financial Management Manual (http://www.state.ct.us/otc/accdir1/
acctitl.htm) is Connecticut’s Accountability Directive issued jointly by the Office of the State
Comptroller, Office of Policy and Administration, and the Auditor of Public Accounts.
Internal Control Guide (http://www.icaew.co.uk/internalcontrol/) draft from the ICAEW provides internal control guidance for directors of listed companies incorporated in the United Kingdom.
Internal Control Guide (http://www.jhu.edu/~oams/guide/guide.htm) developed by Johns
Hopkins University. The Guide focuses on the policies and procedures of the University but could
easily be adapted to other organizations.
Internal Control Guide (http://www.state.ma/osc/homeview/CONTROL/Contents.htm)
Massachusetts Comptroller General guide for state departments. Straightforward format that could
be adopted by other auditors in recommendations.
Internal Control Resources (http://pw1.netcom.com/~jstorres/internalaudit/index.html) Web
site has a comprehensive set of links to articles, books, organizations, resources, and more.
Management Control (http://www.mc2consulting.com/govpage.htm) Web site for corporate
governance, accountability, and management control provides information and articles on the subject for internal auditors. The site advocates a collaborative approach involving various disciplines and stakeholders. This site provides excellent information on control self-assessment and
coactive control topics.
Management Control Concepts (http://www.mc2consulting.com/) home page for audit-related
consulting and training services. Includes a description of services offered, books authored by the
consultant (David McNamee), and links to audit-related sites.
Methodware Ltd. (http://www.methodware.com/) Web site for Advisor software products which
automate international frameworks such as COBIT and COSO and help organizations perform
control self-assessment, quality reviews, risk evaluations, and more. The Web site also includes
examples of customized solutions.
___________________________________ Chapter 6 — Internet Resources for Auditors 163
OptionFinder (http://www.optionfinder.com/) is an electronic meeting tool that gets everyone
involved and keeps meetings on schedule. This keypad-based group polling system is used by
many organizations in the control self-assessment process.
Risk Assessment and Control Design WWW Resource Kit (http://www.kpmg.ca/crsa/
main.htm) is a project of KPMG and includes a virtual library on the topic. There are articles and
guides and a moderated mailing list on the subject of CSA.
Disaster Recovery and Business Continuity Planning
Binomial International (http://www.binomial.com) site for disaster recovery planning contains
valuable information for auditors. Also includes links to over 400 DRP sites. A free monthly
newsletter is available by sending a message — “subscribe disaster recovery” — to
[email protected] or via the home page.
Rothstein Associates (http://www.rothstein.com) home page for industry’s primary source of
information on disaster recovery. Contains an extensive index of material on disaster recovery and
links are planned to resources for business continuity and disaster recovery professionals. For
more information, send e-mail to [email protected].
Year 2000 Audit Program (http://www.cowan.edu.au/mra/approach/year2000.html) is available from the Edith Cowan University Web site. The model covers the issues, control weaknesses
and exposures, recommendations, and key controls.
Year 2000 Auditing and Accounting Guidance (http://www.aicpa.org/members/y2000/
intro.htm) is provided by the AICPA. The report is available for download in Word, WordPerfect,
PDF, and RTF formats.
Year 2000 Business Continuity Plan (http://www.magnet.state.ma.us/y2k/projplanning/
businesscontinuityplan_template.htm) is a comprehensive template from the state of Massachusetts that helps auditors address key issues.
Year 2000 Contingency Plan (http://www.magnet.state.ma.us/y2k/projplanning/
contingencyplan_template.htm) is a template from the state of Massachusetts for actions to be
implemented in response to a year 2000 hazard.
Year 2000 Contingency Planning (http://www.bis.org/ongoing/index.htm) from the Bank for
International Settlements provides business continuity planning guidelines for financial institutions.
164 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Year 2000 Disclosure Requirements (http://www.auburn.edu/slgacct/hotissue/hotissue.htm)
for state and local governments provided by the AICPA and GASB.
Year 2000 Information Center (http://www.year2000.com/) site covers the issue of the date
change to the year 2000. The site includes articles related to the issues, links to vendors that will
assist in the process, and links to other date-related sites. There is information on subscribing to
the year 2000 mailing list that will help you stay up to date about the problem and solutions.
Auditors should ensure that the information system professionals are starting the planning process
now for this event. For more information, send message to Peter de Jager ([email protected]).
Year 2000 Information Page (http://www.magnet.state.ma.us/sao/edp1yr2000.htm) from the
Massachusetts State Auditor Information Technology Audit Division provides a survey, report,
and links to state, federal, and other Y2K-related pages.
Year 2000 Page (http://www.disastercenter.com/year2000.htm) from the Disaster Center provides information and links to many resources for auditors. Site includes general information on
year 2000 as well as compliance information.
Year 2000 Problem Checklist (http://www.cunamutual.com/custaff/managedu/Y2K/
2000list.htm) from the CUNA Mutual Insurance Society provides a structured approach for dealing with the year 2000 time bomb issue.
Year 2000 White Papers (http://www.myrickconsulting.com) Web site provides discussion
papers for Y2K Project Guide, Contingency Planning, PC Application Test Report, and an xBase
Function Library.
Discussion Lists
(See Chapter 5 for auditing and accounting discussion groups or mailing lists.)
___________________________________ Chapter 6 — Internet Resources for Auditors 165
Employment-Related Resources
This section provides resources for employment and career-related issues for auditors and financial professionals. There are links to other career-related sites on the Internet from America’s Job
Bank. Employment opportunities for government and private industry are also available through
these resources.
Accountants on Call (http://www.aocnet.com/) staffing service specializes in accounting and
financial personnel placement. This recruiting and job search Web site includes articles on hiring
for employers, career articles for job seekers, a list of FAQs, salary guide by request, and access to
the searchable database of jobs and candidates.
Accountemps (http://www.accountemps.com/jobsAT/) is the Web site for an International temporary financial staffing placement firm. The site provides an excellent career advisor, salary
survey, and more.
Accounting and Finance Employment Opportunities (JOBS ACT). This is a moderated mailing list of employment opportunities for accounting and finance jobs, including cash management,
auditing, and tax (no entry-level positions). To subscribe, send a message to JOBS
[email protected] with the word SUBSCRIBE in the subject line and the body.
Do not include your name, address, or additional text in the subject line or the body of the message. Subscribers can obtain an archive file, which gives information on several employment BBS’s
around the nation, by sending the command ARCHIVE JOBS ACT to the list address.
Accounting and Finance Jobs (http://www.accountingjobs.com) is a national database of accounting and finance-related jobs. This joint project sponsored by AccountingNet and CareerMosaic
focuses on employment opportunities in the accounting and finance professions.
Creative Financial Staffing (http://www.cfstaffing.com/index.html) Web site for an accounting and financial placement firm. Includes articles for companies about staffing, human resources,
and accounting industries. There are resume, job search, and interviewing tips for job seekers.
There is also a financial and accounting salary guide.
Employment Opportunities in Public Financial Management FinanceNet established a discussion list ([email protected]) for notification of federal, state, and local employment
opportunities in public financial management. A corresponding newsgroup (fnet.fin.jobs) encourages discussion and dialog on employment issues in the public financial management profession.
Send message to email [email protected] for more details.
Financial/Accounting/Insurance Jobs Page (http://www.nationjob.com/) NationJob Network
provides list of accounting, audit, and financial positions available across the United States.
166 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
GFOA Employment Opportunities (http://www.gfoa.org/employ/empann.htm) Web site with
links to government finance, auditing, and accounting jobs.
IS Audit Consulting & Recruiting Services (http://www.isaudit.com/) Web site with job postings,
information on happenings in the IS job market, and more.
IS Audit List (isaudit-list). The IS audit list server provides IS auditors with a forum to freely
discuss topics affecting the profession, including career development issues. The site is sponsored
by Gerry Myers Associates, an IS Audit Consulting and Recruiting firm. To subscribe to the list
server, address your request to [email protected] with the word SUBSCRIBE in the subject
field only. You will receive an acknowledgment welcoming you to the list with important information on the usage of the list server.
Source Services (http://www.experienceondemand.com/) is the Web site for one of the leading
financial employment services. There are articles on career development, a strategic staffing guide,
the Salary Survey on Demand, and more. This is a great site for auditing departments looking to
fill positions or for auditors seeking information on their worth in the job market.
Tax-Jobs.Com (http://www.tax-jobs.com/) Web site with job listings for tax professionals provides opportunities for employers, job seekers, and links to other related sites.
USA Jobs (http://www.usajobs.opm.gov/). This is the U.S. government’s official site for jobs
and employment information. Auditors and accountants may search this site for employment information and online career transition assistance.
Finance Resources
Finance resources include government and private industry sites on the Internet. These locations
provide a starting point for auditors looking for finance-related resources online.
FinanceNet (http://financenet.gov) is a professional governmental financial management network of organizations, agencies, and departments. Designed to share information and ideas for
improving financial management throughout all levels of government. Accountants, auditors, and
financial managers participate and share financial management information, ideas, news, experiences, software, comments on financial documents, best practices, resources, etc. Gopher to
[email protected]. FinanceNet Mailing Lists and a FinanceNet Newsgroup are available. For more information on FinanceNet mailing lists, send e-mail to e-mail [email protected].
Point your newsreader to news.financenet.gov for this new Usenet news group.
___________________________________ Chapter 6 — Internet Resources for Auditors 167
Financial Data Finder (http://www.cob.ohio-state.edu/dept/fin//fdf/osudata.htm) site at Ohio
State University provides links to over 140 finance-related Web sites, including financial news
sources, economic databases, financial data, a database of financial criminals, and more.
Financial Management Association International (http://www.fma.org/). The FMA is a professional association of finance practitioners, academicians, and students founded to develop a
continuing relationship between financial theory and practice. The site includes a one-stop shopping guide to finance on the Internet.
Financial Managers Society (http://www.fmsinc.org/index.htm) Web site for the only not-forprofit professional society dedicated to serving the technical and professional needs of bank, thrift,
and credit union financial officers. Site includes information about the organization, regulatory
issues, employment opportunities, and more.
Financial Reporting in Government (http://www.pwc.gmu.edu/course/govt490/). Pilot online
course focusing on a critical analysis of current governmental accounting and financial reporting
at the state and local level as well as a presentation of the main tenets of the current model for
financial accounting and reporting. This document is a work in progress by Dr. John Sacco of
George Mason University in Fairfax, Virginia.
FINWeb (http://www.finweb.com) Financial Economics WWW server managed at the University of Texas at Austin. Provides a list of Internet resources with substantive information concerning economics and finance-related topics. Includes the Financial Economics Network, the
Journal of Finance, the Financial Executive Journal, and Resources for Economists on the Internet. Also includes services such as EDGAR, providing SEC reports and statements on publicly
traded companies.
Treasury Management Pages (http://www.mcs.com/~tryhardz/tmpaa.html) set of Internet
information resources developed for treasury management professionals. Provides a wealth of
information on banking and corporate finance, treasury operations, and other management topics.
168 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Government Resources
Auditors looking for government resources on the Internet will not have to look very far. There is
information from all levels of government available for citizens, businesses, and other governments. Government access via the Internet is considered to be a customer service feature. While it
would be impractical to list all government sites available, check out the Government Information
on the Internet resource. That site has already done the work by listing all the available federal
government information available. Links to state and local government information make them a
prime source for connecting to government on the Internet.
Acquisition Best Practices (http://[email protected]/BestP/BestP.html) Web site
provides links to Office of Federal Procurement Policy Best Practice guides.
Acquisition Reform Network (http://[email protected]/index.html) Joint Project
of the National Performance Review, Office of Federal Procurement Policy, and others focuses on
procurement-related issues. There is an Acquisition Best Practices area where auditors may find
ideas on reinventing procurement within their organizations.
Activity Based Costing Resources (http://www.saffin.hq.af.mil/FMC/ABC/index.htm) Web
site provides links to an ABC dictionary, bibliography, software models, periodicals, and more.
Bureau of Economic Analysis (http://www.bea.doc.gov/) Web site for the nation’s economic
accountant.
CFO Council (http://financenet.gov/cfo.htm) link to the organization of the chief financial officers and deputies of the largest federal agencies, OMB, and treasury officials who work together
on improving federal financial management.
Code of Federal Regulations on the WWW (http://www4.law.cornell.edu/cfr/34cfr.htm). The
Code of Federal Regulations is the official subject-matter-order compilation of the federal regulations of a general applicability and legal effect that are currently in force. In accordance with
section 1510(d) of title 44 of the U.S. Code, the Code of Federal Regulations is compiled by the
Office of the Federal Register of the National Archives and Records Administration. The Code is
divided into 50 titles by subject matter. Each title is divided into sections. Sections within a title
may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions. Titles
may also have appendices that may be divided into sections, rules, and/or forms.
Government Information on the Internet (http://www.govspot.com/) provides links to federal, state, and local governments.
___________________________________ Chapter 6 — Internet Resources for Auditors 169
Federal Register (http://www.access.gpo.gov/su_docs/aces/aces140.html) Web site for the official daily publication for Rules, Proposed Rules, and Notices of Federal Agencies and Organizations. Contains archives going back to 1995.
Federal Reserve Economic Data (http://www.stls.frb.org/fred/) provides historical U.S. economic and financial data such as daily interest rates, monetary and business indicators, exchange
rates, and regional economic data. Another great resource for audit projects involving financial
analysis based on key economic indicators.
FedStats (http://www.fedstats.gov/) site, maintained by the Federal Interagency Council on Statistical Policy, provides access to statistical information produced by more than 70 agencies.
Fedworld (www.fedworld.gov). Over 135 federal government BBSs, including Office of Management and Budget.
FinanceNet (http://financenet.gov). Professional governmental financial management network
of organizations, agencies, and departments. Share information and ideas for improving financial
management throughout all levels of government. Accountants, auditors, and financial managers
participate and share financial management information, ideas, news, experiences, software, comments on financial documents, best practices, resources, etc. Gopher to [email protected].
FinanceNet Mailing Lists and a FinanceNet Newsgroup are now available. For more information
on FinanceNet mailing lists, send e-mail to email [email protected]. Point your newsreader to
news.financenet.gov for this new Usenet news group.
Financial Reporting in Government (http://www.pwc.gmu.edu/course/govt490/). Pilot online
course focusing on a critical analysis of current governmental accounting and financial reporting
at the state and local level as well as a presentation of the main tenets of the current model for
financial accounting and reporting. This document is a work in progress by Dr. John Sacco of
George Mason University in Fairfax, Virginia.
Florida Government Accountability Report (http://www.oppaga.state.fl.us/government/) is
a free Internet service for legislators and the public to monitor the activities and performance of
approximately 400 state government agencies and programs.
GovBot (http://ciir2.cs.umass.edu/Govbot/) database was developed by the Center for Intelligent Information Retrieval and includes more than 500,000 searchable pages from U.S. government and military sites.
Government Accounting Standards Board (http://www.gasb.org/) site for this standards-setting body provides information about GASB, GASB happenings, documents, publications, and
standards.
170 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Government Contractor’s Glossary (http://www.govcon.com/) site provides a reference guide
for professionals dealing with government contracts. Also contains an acronym table. Source documents for this guide include Federal Acquisition Regulations (FAR), Armed Services Pricing Manual
(ASPM), and the DCAA Contract Audit Manual (DCAAM). Access to the Glossary is free but
site registration is required.
Government Printing Office (http://thorplus.lib.purdue.edu/gpo/). Purdue University added a
Web-based search and retrieval access point using WAIS (Wide Area Information Server) to GPO’s
database. The database includes all GAO Bluebooks published since 1994, 1993-95 Congressional Bills, the 1994-95 Congressional Record, the 1994-95 Federal Register, Public Laws of the
104th Congress, and the U.S. Code. The search tool provides for user entry text search of document types in the database.
Government Reinvention Center (http://www.govexec.com/reinvent). This Web site from
Government Executive Magazine includes full text articles on government reform, links to agencies and organizations involved in reinvention, background documents, and a conference calendar.
GovNews (http://www.govnews.org/). The International GovNews Project is a topical-based news
discussion service providing auditors with information on various financial areas. The discussion
groups are also available via Usenet. There are discussions on performance measures, internal
controls, audits, and more. (Knowledge Assembly Resource)
Internal Revenue Service (http://www.irs.ustreas.gov/) site of the IRS Digital Daily providing
access to tax forms and publications for businesses and individuals and more. There is a text-only
version at http://www.irs.ustreas.gov/plain/ for auditors with slower connections.
Internet Guide to the U.S. Government (http://www.uncle-sam.com/guide.html) Web site
provides links to all branches of the federal government, independent agencies, and commissions.
LGNet (http://www.ig.org/). The Local Government Network sponsored by the Innovations
Group on the WWW provides information services for local government professionals. Valuable
resource for local government auditors and accountants with information on performance-based
measurements, document imaging, reinvention projects, and more. The Innovations Group issues
a quarterly newsletter titled Local Government Online that highlights ways cities and counties are
using electronic communication to improve productivity, save money, and provide excellent service to citizens.
Louisiana State Division of Administration (http://www.state.la.us/doa/doa.htm) - site of the
organization that oversees the management of state financial administration.
___________________________________ Chapter 6 — Internet Resources for Auditors 171
MuniNet Mailing List FinanceNet mailing list targeted to municipal and township financial
managers and clerks. The list is a distribution and discussion list for issues relating to financial
management of municipalities, townships, and counties within larger geopolitical jurisdictions. To
subscribe, send e-mail to [email protected] and include message “subscribe MuniNet
(FirstName LastName). (Knowledge Assembly Resource)
National Credit Union Administration (http://www.ncua.gov/) Web site of the independent
federal agency that oversees federal and state credit unions. Online information for auditors includes guidelines for operations, an accounting manual, the FFIEC IS Examination Handbook,
and Financial Performance Report Guide.
National Criminal Justice Reference Service (http://www.ncjrs.org/). The NCJRS site contains various resources from the National Institute of Justice, the research and development agency
of the U.S. Department of Justice. Includes updates from the Office of Justice and the Office of
National Drug Control Policy. Also provides information about products and services sponsored
by NCJRS. There is an e-mail address to send questions, documents, Web sites, listservs, and other
resources.
National Library of Australia Department of Finance (http://www.finance.gov.au/) site provides Australian government information from the Department of Finance. The Information Technology and Systems area includes IT Acquisition Council Guidelines as well as information on
publications such as Implementing Financial Management Information Systems.
New Mexico State Treasurer (http://www.stonm.org/). Web site of the office responsible for
accounting for taxpayers’ money. Site provides access to public reports.
NPR Report (http://www.npr.gov) From Red Tape to Results, hypermedia document. The Federal Reinventing Government report is available with word search capability on the Web. See the
Library section.
Occupational Safety and Health Administration - OSHA’s Web site (http://www.osha.gov)
which includes general information about the agency, standards, news releases, fact sheets, publications, OSHA Compliance Assistance Tools, and safety and health-related links on the Internet.
Auditors with OSHA audit responsibilities should include this site on their hot list.
Office of Management and Budget (http://www.whitehouse.gov/OMB) site contains links to
selected OMB circulars, bulletins, and regulations.
172 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Securities and Exchange Commission (SEC) (http://www.sec.gov/) provides free Internet access to the EDGAR database. EDGAR on the Internet began as a trial project in 1993 with New
York University and the nonprofit Internet Multicasting Service. The Internet database makes key
financial information available to anyone with Internet access. There are plans to provide e-mail
requests for specific EDGAR filing documents and SEC information documents, multiple indexing of SEC information documents, and text search of SEC public information documents. The
SEC site menu of services includes corporate financial information from the EDGAR database;
information on SEC operations and underlying acts; SEC-produced investor brochures, publications and alerts; speeches, congressional testimony, press releases, and daily information on Commission enforcement actions included in the SEC News Digest; and rulemaking proposals as well
as final rules.
Texas Information Resource Standards (http://www.state.tx.us/Standards). The Texas State
Government site includes information security standards as well as a document titled Information
Resources Security and Risk Management Policy, Standards and Guidelines. There are also links
to the American National Standards Institute (ANSI), Federal Information Processing Standards
(FIPS), and more.
Transactional Records Access Clearinghouse - TRAC (http://trac.syr.edu/
aboutTRACgeneral.html) is a data gathering, research, and distribution organization affiliated
with Syracuse University. The site accesses federal enforcement and regulatory agencies such as
BATF, DEA, IRS, and the FBI. This is an excellent site for benchmarking information, statistics,
and trends on crime and enforcement issues.
U.S. Code on the WWW (http://uscode.house.gov). The United States Code is the official,
subject-matter-order compilation of the federal laws of a general and permanent nature that are
currently in force. In accordance with section 285b of title 2 of the U.S. Code, the Code is compiled by the Office of the Law Revision Counsel of the United States House of Representatives.
The Code is divided into 50 titles by subject matter. Each title is divided into sections. Sections
within a title may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions.
Where in Federal Contracting (http://www.radix.net/~ambrose/) is a Web site that provides a
comprehensive set of links to resources on the subject. Developed and maintained by a government auditor.
___________________________________ Chapter 6 — Internet Resources for Auditors 173
Human Resources
Keeping up with all the changes in human resources issues is now facilitated by Internet sites
covering benefits, human resources management, and other personnel-related issues. The following sites provide a sample of what the Internet offers auditors looking at reviews of human resources activities.
Benefits-L Internet Resource is a comprehensive list of benefits resources for human resources
professionals. This is an excellent point of reference for auditors and financial professionals to
research and obtain background for reviews in the benefits area. Coverage includes health management, human resources information systems, payroll, ERISA, unemployment insurance, workers compensation, and other benefits-related issues. URL is http://www.mtsu.edu/~rlhannah/
employee_benefits.html. The coordinator also maintains an employee benefits list. To subscribe,
send a message to [email protected]. Leave subject blank and type in the message area:
subscribe BENEFITS-L (your name). (Knowledge Assembly Resource)
HR Links (http://www.shrm.org/hrlinks/). The Society for Human Resources Management
maintains this home page of human resources links on the Internet. The site includes links to
information on compensation and benefits, diversity, flexible work arrangements, labor relations,
safety and health, and more.
National Council on Compensation Insurance (http://www.ncci.com/index.html) is the largest workers compensation data, statistical, and research corporation. Web site contains information about products and free publications.
Performance Management Guide (http://www-hr.ucsd.edu/~staffeducation/guide/) is an excellent publication from UC San Diego on managing employee performance. Auditors reviewing
the human resources department for their organization can use this guide as a model for setting up
an employee performance management system.
Information Security Resources
Many individuals consider the issue of security to be closely related to the auditing profession.
The following resources provide a wide range of information on security, audit, and control issues. Sites include links to disaster recovery resources, security guides, ethics issues, and more.
The COAST site at Purdue University is a gateway to computer operations, audit, and security
technology resources on the Internet.
AntiOnline (http://www.antionline.com/) is a megasite devoted to the subject of computer security. Site includes a virtual library based on user level, archives, special reports, a local file search
engine, and more.
174 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
AS/400 Security Page (http://home.earthlink.net/~vleveque/) is an excellent resource for security and disaster recovery information. The site has links toAS/400 and IBM sites, general resources for security and disaster recovery, security vendors, and more.
Australian Computer Emergency Response Team AUSCERT (http://www.auscert.org.au)
is funded by the Australian Academic Research Network (AARNet) for its members. Located at
The University of Queensland within the Prentice Centre, AUSCERT is a full member of the
Forum of Incident Response and Security Teams (FIRST). AUSCERT maintains an anonymous
FTP service at ftp://ftp.auscert.org.au. This archive contains past SERT and AUSCERT advisories
and other computer security information.
CERIAS (http://www.cerias.purdue.edu/index.html) is the Web site for the Center for Education and Research in Information Assurance and Security. There are links to the various programs
supported by the Center, including COAST.
CERT (http://www.cert.org/), the Computer Emergency Response Team Coordination Center site, is a focal point for computer security concerns of Internet users. There are links to CERT
advisories, the CERT FTP archives, FAQs, and more.
Comprehensive Info-Surety Database (http://www.all.net/) site maintained by Dr. Frederick
Cohen. Contains a potpourri of security-related information, including numerous articles related
to IT audit, lists of attack and defense methods, studies of emerging information protection technologies, national infosecurity technical baselines, and other information to aid the auditor in
keeping current and effective on leading edge security issues.
Computer and Network Security (http://www.netsurf.com/nsf/index.html) Netsurfer Focus
addresses the issue of computer and network security. This electronic magazine is available on the
Web site and also via e-mail. To obtain Netsurfer Focus directly via e-mail, send message to
nsdigest [email protected]. In the body of the message, type: subscribe nsdigest html or subscribe nsdigest text. (Knowledge Assembly Resource)
Computer Operations, Audit, and Security Technology (COAST) (http://
www.cerias.purdue.edu/coast/) Project Computer security research project in the Computer Science Department at Purdue University. Exploring new approaches to computer security and computer system management. COAST has a comprehensive archive containing tools, papers, technical reports, documentation, announcements, alerts, security patches, and newsletters. Areas of
interest include, but are not limited to, access control, authentication, criminal investigation, email privacy, firewalls, and incident response.
Computer Security Awareness Training (http://wwwoirm.nih.gov/sectrain/index.html#intro)
is a computer-based training course. There is also an accompanying document available for download with an overview of basic computer and information security practices.
___________________________________ Chapter 6 — Internet Resources for Auditors 175
Computer Security Institute (http://www.gocsi.com/) - Web site of the oldest international
membership organization for training information security professionals. This site provides excellent information on computer security issues, including current issues and trends, technology links,
and valuable Guides to Computer Security for Managers in the areas of e-mail security, Internet
security, computer viruses, communications fraud, and computer security awareness. Free registration required for online access to the guides.
Computer Security Publications from NIST - send e-mail to [email protected] with
the message “send index” for a list of NIST computer security publications. To retrieve copies of
the publication via e-mail, send message “send <document filename>. The NIST also distributes
a Computer System Security Laboratory Newsletter via the Internet. Send e-mail message to
[email protected] with the message “subscribe csl newsletter.”
Computer Security Resource Clearinghouse (CSRC) (http://csrc.ncsl.nist.gov/)/. The NIST
Computer Security Division maintains an electronic clearinghouse to encourage the sharing of
information on computer security. The CSRC contains computer security awareness and training
information, publications, conferences, and software tools as well as security alerts and prevention measures.
Firewalls FAQs (http://www.v one.com/pubs/fw faq/faq.htm). As organizations establish Internet connections, auditors are asked to review security issues associated with connectivity. Frequently Asked Questions or FAQs may help auditors address some of the issues. This Web site
provides answers to commonly asked questions.
Firewalls Mailing List. This is a listserv devoted to the subject of firewalls and Internet security.
Any auditor concerned with information security and the issue of firewalls should subscribe to this
list. Subscriptions should be sent to [email protected] with the message subscribe
firewalls digest. I would recommend the digest version rather than the direct mail (non-digest)
version. (Knowledge Assembly Resource)
Generally Accepted System Security Principles (http://web.mit.edu/security/www/
gassp1.html) from The International Information Security Foundation (I2SF) provides uniform
organizational guidance for security issues.
Information Security Discussion List INFSEC-L is a non-moderated Internet discussion list
intended to foster open and constructive communication among information security and auditing
professionals in government, industry, and academic institutions. Discussion is encouraged on a
broad range of topics and issues related to information security. Initial subscriptions to the list are
screened by the list owner to ensure the addition of only appropriate individuals. Send subscription request to [email protected] commerce.edu with one line in the body of the letter: SUB
INFSEC-L your name.
176 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Information Security SWAT Team (http://www.axent.com/swat/swat.htm) is a compendium
of security resources for the advanced user from a security vendor, Axent Technologies. Categories include Attack Signatures, Threats, Security Tasks, Security Resources, and Hacker Links.
(Knowledge Assembly Resource)
Information Security Zone (http://www.information-security-zone.co.uk/). Web site from a
corporate training company with a multitude of links to sites on topics such as general security,
viruses, cryptography, firewalls, and more.
Information Systems Security Association (http://www.issa-intl.org) site of the ISSA provides
information about this international organization of information security professionals. There are
links to security-related sites, security tools and utilities, and security-related listservers. For more
information, send message to [email protected].
InfoSec Heaven (http://all.net) Web site of Dr. Fred Cohen provides a comprehensive database
of information security links and articles separated into categories of attacks and defenses and
viewpoints. There is also a link to the InfoSurety Database at Sandia Labs.
Internet Security Systems (http://iss.net) is a vendor of network security software. This site
provides information on their products and FAQs on security, a list of security discussion groups,
and links to other security sites. There are also downloadable free security tools available from
ISS. The site contains an article on the threat of hacking, which is worthwhile reading for an
understanding of the threats present on the Internet. For more information, send e-mail to [email protected].
NJH Security Consulting, Inc. (http://www.njh.com/) - Web site for a security consultant specializing in Internet penetration testing and Web security. Items of interest to auditors include
articles on security-related issues and problems.
RACF-L ([email protected]) is a discussion list devoted to the topic of Remote
Access Control Facility. Auditors in organizations that use this security tool should consider subscribing to this e-mail discussion group. You can join this group by sending the message “sub
RACF-L your name” to [email protected]. Note: This is a high-volume list specifically
designed for audit and security personnel using RACF. (Knowledge Assembly Resource)
Raptor Systems Security Library (http://www.raptor.com/lib/) provides links to a variety of
security articles.
Security Alert for Enterprise Resources (http://safer.siamrelay.com/online/) provides a monthly
security update for IT professionals and executives. E-mail notifications provide links to this Webbased newsletter. Great knowledge resource on information technology security. (Knowledge Assembly Resource)
___________________________________ Chapter 6 — Internet Resources for Auditors 177
Security Articles (http://www.intrusion.com/sec-art.htm) provided by Intrusion Detection Inc.
The articles are on subjects such as NT network security, help desks, sniffers, and more. The site
includes links to other security sites.
Security and Auditing Software Related Home Page (http://www.gy.com/esd/esd1/se_hp.htm).
Web site with links to related topical resources.
Security Checklist (http://spider.osfl.disa.mil/cm/security/check_list/check_list.html). This site
from the Defense Information Infrastructure Common Operating Environment (DII COE) includes
security checklists for Solaris, Windows NT, Oracle, and more. Files are available in both PDF
and MSW versions.
Security & Hackerscene (http://bau2.uibk.ac.at/matic/). Web site with a comprehensive set of
links to security and hacker information. Covers all aspects of Internet security on Unix, X Windows, articles, hacker sites, security software, newsletters, and files.
Security and IS Audit Resources (http://www.versalink.com/resource.htm) provides information for security and IS audit professionals. Site includes hacking information, security archives, virus information, information systems audit, and more.
Security Management Online (http://www.securitymanagement.com) magazine of the American Society for Industrial Security. Contains information about ASIS, editorial columns, articles,
and more.
Security Newsletter, authored by noted security expert Winn Schwartau, provides the latest security tips, product news, and analysis to help reduce your network’s vulnerability. Free subscription
to this e-mail newsletter is available at Network World Web site (http://www.nwfusion.com/focus). (Knowledge Assembly Resource)
Security Policies (http://www.sans.org/newlook/resources/policies/policies.htm) provided by
the SANS Institute include templates for computer usage guidelines, acceptable use statements,
special access policy, incident handling, and more.
Security Resource Net (http://nsi.org/) site of the National Security Institute provides information on security-related topics, including computer alerts, products, a virtual security library, and
more.
Site Security Handbook (http://bilbo.isu.edu/security/isl/rfc1244.html). Product of an Internet Engineering Task Force work group. This document provides auditors with guidance on how
to deal with Internet security issues. Useful for designing audits and reviews of Internet security.
178 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Symantec AntiVirus Research Center (http://www.symantec.com/avcenter/vinfodb.html) Web
site from an AntiVirus software vendor provides a comprehensive database of computer virusrelated information. The site provides updates to their software, information about virus hoaxes,
and more.
Investigations, Fraud, and Privacy Resources
The criminal and civil investigation community has made information readily accessible via the
Internet. Federal and State Inspectors General have been leaders in providing electronic information via the Internet. Inspectors General offices are well organized and provide useful information
that auditors will find invaluable. Privacy has become a major concern from both individual and
corporate viewpoints. As a result there is a wealth of privacy information available on the Internet. Fraud resources will continue to be added to the Internet, especially with the presence of the
Association of Certified Fraud Examiners Web page.
Business Fraud Detection Services (http://getzoff.com/business_fraud/business_fraud.html)
site of a fraud examination consultant. Includes a checklist of 20 ways to detect fraud.
Check Fraud: A Guide to Avoiding Losses (http://www.occ.treas.gov/chckfrd/contents.htm)
from the Office of the Comptroller of the Currency provides guidance on a major organizational
issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check cashing guidelines) and more.
Cybercop Home Page (http://www.well.com/user/kfarrand/index.htm) site provides a number of links to crime prevention and investigatory resources. The training schedule for the Financial Fraud Institute at the Federal Law Enforcement Training Center. For more information, contact [email protected].
Economic Crime Prevention (http://www.rcmp-grc.gc.ca/html/ecbweb.htm) Web site that
provides information about current criminal behavior trends in such areas as fraud, computer crime
prevention, and more.
Financial Action Task Force (http://www.oecd.org/fatf/) is an inter-governmental body dedicated to the development and promotion of policies to combat money laundering. The policies aim
to prevent proceeds from being used in future criminal activities and from affecting legitimate
economic activities. The site provides annual reports on money laundering, an evaluation of preventive measures, recommendations from members, and more.
Financial Scandals (http://www.ex.ac.uk/~RDavies/arian/scandals.html) page provides links
to sources of information on the subject. Includes general sources on corruption, bank scandals,
insurance fraud, forensic accounting, and more. Auditors may find the links to resources to finding
people useful in conducting fraud audits.
___________________________________ Chapter 6 — Internet Resources for Auditors 179
Forensic Accounting and Litigation Support (http://www.forensicaccounting.com/) Web site
provides information about this field of business-related investigations.
Fraud Defense Network (http://www.fdn.net/) provides resources for insurance fraud investigators.
Fraud Report (http://www.hm-treasury.gov.uk/pub/html/docs/fraud/9596fr/main.html) is a
report from the United Kingdom that analyzes reported fraud in government departments. The
report provides details on the types and causes of the frauds, how they were discovered, and more.
Auditors should check out the section of the report for guidance on managing the risk of fraud.
Fraud Report Newsletter (http://www.fraudreport.com/) provides users with anti-fraud articles, legislative updates, and upcoming events. Free subscription available on the site. (Knowledge Assembly Resource)
Hacked (http://www.2600.com/hacked_pages/) provides reproduced copies of hacked Web sites.
This is a good site for auditors who are looking at the risks of connecting to the Internet and setting
up organizational Web sites.
Independent Commission Against Corruption (http://www.icac.nsw.gov.au/) exposes and
minimizes corruption involving the New South Wales public sector through investigation, corruption prevention, and education. Site features include background information on the Commission,
publications, reports, and more.
Infowar.com (http://www.infowar.com/) - Winn Schwartau’s comprehensive Web site on information security. Premier site for information security resources and links. Categories include tools,
utilities & jobs, resources, survey & studies, discussion and chat groups, the Journal of Infrastructural
Warfare, and more.
Inside Fraud Bulletin (http://www.maximag.co.uk/) is a publication from Maxima Group that
focuses on all aspects of fraud, including embezzlement, management fraud, audit, and more. The
Web site has links to past issues.
Insurance Fraud Bureau of Massachusetts (http://www.ifb.org/) is a unique and multifaceted
investigative agency dedicated to the systematic elimination of fraudulent insurance transactions.
Features include their quarterly publication, FocusFraud, and links to other law enforcement, crime
prevention, and research organizations.
Insurance Fraud Fightback Site (http://www.geocities.com/ResearchTriangle/1528/) was
designed to stimulate discussion among auditors and fraud examiners about ways of expanding
our toolkits via the inclusion of state-of-the-art electronic tools to proactively seek out insurance
fraud activities. Site includes articles written by the site developer and links to other related resources.
180 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Insurance Fraud Management Advisory Panel (http://www.aisg.org/ifm/ifm.html) is an organization that brings together property/casualty fraud units and claims management to share information and build effective anti-fraud programs.
Internal Auditing and Fraud Investigation (http://users.aol.com/marksimms/mrsweb/
index.htm) site focuses on topics dealing only with internal auditing or fraud investigations. Includes links to relevant articles and Web resources.
Investigators Toolbox (http://www.virtuallibrarian.com/it/index.html) is a meta-site of links
to researcher resources such as companies, databases, and more. Great information resource for
auditors.
Legal Investigator Links (http://www.teleport.com/~pagrue/). The private
[email protected] page provides links to sites of interest to investigators. There are resources such as the Detective Information Network, Criminal Justice Links, Computer Network
Security, the FBI, and others. There is also a link to several privacy-related sites.
Municipal Bond Scandals (http://lissack.com/) site provides overview of scandals and problems affecting the municipal bond industry in the U.S. Includes definitions and common terms,
search capability, and a large index of relevant articles.
Northeast Insurance Anti-Fraud Group (http://www.geocities.com/WallStreet/Exchange/
1276/) is an organization of investigative professionals dedicated to finding fraud in the insurance
industry. Site includes topics of past and future meetings and links to other related sites.
Practical Guide to Corruption Prevention (http://www.icac.nsw.gov.au/guide.htm), prepared
by the Independent Commission Against Corruption, is an excellent resource for developing a
fraud and corruption program within organizations. Modules include risk assessment, ethics, cash
handling, purchasing, and more.
Preventing Business Fraud (http://www.ioma.com/newsletters/pbf/), a newsletter from the
Institute of Management and Administration, provides recent articles on the subject.
RespondaNet (http://www.respondanet.com/) is the Web site for the Americas Accountability
Anti-Corruption project. The site contains information in English and Spanish, including Accountability, the quarterly newsletter, links to related sites, publications, event listings, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 181
Journals – Accounting, Auditing, and Finance Publications
The Internet provides new opportunities for the publishers of audit and business-related information. Many of the following sites provide online examples of the information available via their
print publications. Copies or articles, abstracts, and indexes of articles and publications make
this a worthwhile area for locating elusive information. Many of the sites provide search engines
that allow you to find relevant information using key word queries. These sites also represent an
important knowledge assembly resource in acquiring auditor digital literacy.
Accountancy Edition-Sift (http://www.sift.co.uk) Web search site for accounting professionals.
The accountancy edition of Sift draws together a wide collection of relevant Internet resources for
an accountant doing business in the UK. Includes access to accountancy news and company directories (ICC, Infocheck, Dun & Bradstreet, and others) as well as a wide collection of financial,
news, and market research databases from DataStar. Maintains a set of links to other relevant Web
sites. Subscription service is available.
Accountants’ Ledger (http://www.accountantsledger.com/) is an online magazine for accountants. Includes feature articles, online resources, reviews, and more.
Accounting, Auditing & Accountability Journal (http://www.mcb.co.uk/cgi-bin/mcb_serve/
table1.txt&aaaj&journal1.htm) site provides information about the Journal and allows browsing of selected articles. Subscription information is provided.
CGA Magazine (http://www.cga-canada.org/eng/magazine/default.htm) is the journal of the
Certified General Accountants Association.
CPA Journal (http://www.cpaj.com/) is a subscription publication directed at public practitioners, management, educators, and other accounting professionals. The Web site provides access
to the lead story as well as a comprehensive collection of links to Internet resources for CPAs.
CPANews (http://www.webnetcpa.com/cpanews/) is a weekly electronic newsletter dedicated
to reporting events, developments, and news for CPA firms and financial professionals.
Daily Auditor’s Virtual News (http://www.bitwise.net/iawww/IAWWW NEWS
EXEC.HTML). Includes news of a general nature, internal auditing news, and news pertaining to
the IAWWW. Check this section weekly and keep up to date on internal auditing-related news.
182 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Disaster Recovery Journal (http://www.drj.com/) home page for a magazine dedicated to business continuity. Links are available to a variety of disaster recovery sites, disaster recovery service
providers, and selected articles and highlights from past issues.
Double Entries (http://www.accountingeducation.com) is a newsletter produced weekly by a
group of volunteers from the profession and academia. It is designed to provide brief news on
accounting and auditing around the world and is available both by e-mail and on the World Wide
Web. Register your name and e-mail address via the AccountingEducation.com Web site. (Knowledge Resource)
Electronic Accountant (http://www.electronicaccountant.com/) is an accountant’s Web magazine and resource guide. This e-zine includes reviews of accounting software, a buyer’s guide, and
online discussion groups, including accounting and auditing. (Knowledge Resource)
Exec (http://www.unisys.com/execmag/framesets/resources.htm) is an electronic journal for
senior managers from Unisys. The publication includes timely articles on subjects like electronic
commerce. (Knowledge Resource)
Financial Times (http://www.ft.com/) - site of the publication that provides business, economic,
and political news. Free service after registration. (Knowledge Resource)
Government Executive Magazine (http://www.govexec.com). Electronic version of an independent business magazine of government. Includes discussion of leading edge information on
budgets, procurement, technology, and virtual government. The Reinvention Center has information of interest to auditors. (Knowledge Resource)
Information Week Interactive (http://www.iweek.com). IW is a weekly newsmagazine oriented to business and technology managers. Frequently covers issues of interest to auditors on
topics such as security and software management. Good resource for auditors to stay current on
hot issues in IT. Provides WAIS search for back issues. (Knowledge Resource)
Journal of Accountancy (http://www.aicpa.org/pubs/jofa/joahome.htm). The professional
journal of the American Institute of Certified Public Accountants. The site includes articles and
indexes from 1997 to current.
Journal of Financial Abstracts published by the Financial Economics Network and devoted to
the electronic publishing of abstracts in research in financial economics and related topics. The
JFA is free and distributed electronically via the Internet. To subscribe, send e-mail to Wayne Marr
at the following address: [email protected]
Managerial Auditing Journal (http://www.mcb.co.uk/cgi-bin/jorunal1/maj) provides links to
illustrative articles and subscription information.
___________________________________ Chapter 6 — Internet Resources for Auditors 183
Quality Digest Magazine (http://www.tqm.com/digest/index.html). The Quality Digest electronic magazine covers quality management issues. Examples of topics include How To, Case
Studies, Benchmarking, Reengineering, and more. The site maintains both current and back issues. (Knowledge Resource)
Security Magazine (http://www.secmag.com/) is a publication for corporate and commercial
buyers of security and other products in business, industry, and government. The site includes an
online database of products and articles on security issues. (Knowledge Resource)
Performance Measurement Resources
Measuring performance is an excellent way for organizations to determine how well they are
meeting their goals and objectives. As part of the Standards for the Professional Practice of Internal Auditing, the auditing profession has taken an active role in performance measurement reviews and audits. Measuring outcomes and benchmarking against other like organizations are
well on the way to becoming recognized as the “right thing to do.” The following Internet sites
represent various best practices on performance measurement issues.
Center for Performance Measurement (http://www.icma.org/abouticma/programs/performance/index.cfm) Web site from the International City Manager’s Association is dedicated to
helping local governments measure, compare, and improve municipal service delivery. The site
contains sample performance measures for selected services and a library of articles on the topic
of performance measurement.
Information Technology Performance Measures (http://wwwoirm.nih.gov/itmra/
perform.html) Web site from the National Institutes of Health provides performance measures
for help desks, LANs, links to other sites, and more.
Measure.net (http://measure.net/index.htm) Web site dedicated to improving corporate performance measurement systems provides an Idea Exchange, a Resource Center, and information
about performance measurement audits.
Performance Assessment Guide (http://www.dtic.mil/performance/paguide.html) from the
Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide for
Developing Performance Measures, a Guide for Measuring Customer Satisfaction, Quality and
Productivity Self Assessment Questionnaires, and more.
Performance-Based Management Guide (http://www.itpolicy.gsa.gov/mkm/pathways/8steps.htm) from the General Services Administrations provides eight steps to develop and use
information technology performance measures effectively.
184 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Performance-Based Organizations (http://www.npr.gov/library/pbo/guide1.html) from the
NPR Web site provides a Conversion Guide for organizations that are shifting to a performancebased environment.
Performance Indicators Page (http://www.audit-commission.gov.uk) provides comparative
measures for local government and public safety entities. Results are in Microsoft Excel format
with separate spreadsheets for England, Wales, and police data.
Performance Management (http://www.ey.com/) download library from Ernst & Young contains practical articles on topics in Adobe Acrobat format.
Performance Management (http://www.oecd.org/puma/mgmtres/pac/) Web site for the Organization for Economic Cooperation and Development (European Countries). The site identifies
and explains key performance management issues, performance management publications, work
methods, links to other sites, and more.
Performance Management System Audit Guide (http://www.qao.qld.gov.au/guidelin.html)
from the Australian Queensland Audit Office provides an audit approach, methodology, audit
considerations, criteria, and more.
Performance Measurement Best Practices (http://www.npr.gov/library/papers/benchmrk/
nprbook.html) is a benchmarking study report from the National Performance Review.
Performance Measurement Guide (http://www.sao.state.tx.us/) from the Texas State Auditor’s
Office provides information about setting up a performance measurement system and details on
how agencies can establish adequate internal controls in measurement systems in order to assist
them in reporting accurate information.
Performance Measurement Handbook of Tools and Techniques (http://www.arau.gov/pbm/
resources/handbook1/handbook1.html) is an excellent resource for auditors involved in performance measurement. The Handbook is available in HTML format or may be downloaded in PDF
format for printing.
Performance Measurement Info (http://financenet.gov/financenet/start/topic/perf.htm).
FinanceNet has a number of files and reports available on performance measurement.
Performance Measurement Office (http://www.qed.qld.gov.au/about/pmo/index.htm) Web
site of the Queensland Education Department includes information about the office, performance
information, a school planning and accountability framework, a measurement listserv, and more.
Performance Measurement Resources (http://www.zigonperf.com/performance.htm) is a set
of free resources to help you with performance measurement problems. There are articles, links,
and sample performance measures for various job categories.
___________________________________ Chapter 6 — Internet Resources for Auditors 185
Performance Measures for Procurement (http://www.itpolicy.gsa.gov/perfmeas/pathways/
pp8ahow.htm) is a government task force report that provides best practices and procurement
performance measures.
Performance Pathways (http://www.itpolicy.gsa.gov/mkm/pathways/pathways.htm) Web site
from the Office of Government-wide Policy provides a central resource for information related to
the development and use of performance measurement.
Performance Planning Guide (http://www.ospl.state.nc.us/planning/hcontent.html) from the
North Carolina Office of State Planning provides an excellent step-by-step process for setting up a
performance management system.
Professional Associations
Professional associations establish Web sites to encourage new members and share information
with existing members of their respective organizations. Some of these sites use the accessibility of
the Internet to market their services and broadcast their purpose to the general public. Professional associations on the Internet provide a link for you as a professional to the global resources
of the professional audit community. With the globalization of many organizations, these sites
reflect the changing nature of professional bodies. The sites provide links to other audit, accounting, and financial resources available on the Internet.
AAA Government and Nonprofit Section (http://www.bs.ac.cowan.edu.au/aaagnp/) Web site
provides information about the organization, research papers, and teaching material.
Affiliated Conference of Practicing Accountants (http://www.acpaintl.org) Web site provides
information about the organization and the programs offered.
American Accounting Association Auditing Section (http://raw.rutgers.edu/raw/aaa/audit/)
site provides background information, announcements for accounting conferences and paper deadlines, links to accounting and auditing sites, and technical resources.
American Accounting Association Government and Nonprofit Section mailing list (AAAGNPL). The purpose of this list is to share information of specific interest to AAA GNP members,
including notice of upcoming AAA GNP meetings and their agenda, and to facilitate discussions
on various topics of interest to AAA GNP members. In general, this newsgroup is of interest to
anyone in the government or nonprofit areas of accounting, especially those interested in academic research in areas such as governmental auditing and finance, public choice, public interest,
the U.S. Governmental Accounting Standards Board standard setting process and behavioral accounting research relating to governments. To subscribe to the AAA GNP newsgroup, sponsored
by the International Accounting Network (ANet), simply send the following e-mail message: subscribe AAAGNP-L yourfirstname yourlastname to [email protected].
186 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
American College of Forensic Examiners (http://www2.acfe.com/acfe/). This is a not-for-profit
organization for professionals involved in forensic examinations and consultation. There are links
to criminal justice sites and other forensic links that provide information about forensic accounting (Zeno’s Forensic Page). Certain areas on this page are restricted to members.
American Health Information Management Association (http://www.ahima.org/index.html)
Web site provides background on the organization, searchable clinical and non-clinical library
databases, online publications and articles, and more.
American Institute of Certified Public Accountants (http://www.aicpa.org/). The AICPA home
page includes general information, member matters, catalogs, conference notices, research links, a
news flash of professional happenings, and more.
American Institute for Chartered Property Casualty Underwriters (http://www.aicpcu.org)
provides information about property and liability insurance.
American Payroll Association (http://www.amerianpayroll.org/) contains articles on payroll
topics, information about the organization, and more.
American Society of Military Comptrollers (http://www.asmconline.org) is the professional
organization for military controllership (professions of financial management in the Department
of Defense and Coast Guard). The site includes information about the organization, local chapters,
membership, career opportunities, professional development, and more. The links section provides access to many additional resources for DoD financial professionals.
American Society of Women Accountants (http://www.aswa.org/) site provides information
about the organization, membership, scholarships, and a directory of chapter presidents. This organization represents a good networking tool for auditors.
American Society for Quality Control (ASQC) (http://www.asqc.org) - professional organization for persons employed or interested in the field of quality science.
Arizona Society of Certified Public Accountants (http://www.ascpa.com/) site provides information about the Society, accounting information, links to other sites, and the Newsledger.
Association of Certified Fraud Examiners (http://www.cfenet.com/) - site for the organization
of professionals who investigate fraud. Provides information about the Association, the certification program, links to local chapters, the Code of Professional Ethics, and more.
Association of Chartered Accountants in the U.S. (http://www.acaus.org/) - home page for the
professional organization representing U.S.-based chartered accountants. Includes information about
the organization, an accounting bookstore, a history of accounting, and links to other sites.
___________________________________ Chapter 6 — Internet Resources for Auditors 187
Association of Chartered Certified Accountants (http://www.acca.ca) Web site provides information about the organization, news, events, links to resources, and more.
Association of College and University Auditors (http://www.acua.org). Home page of ACUA,
an international professional organization focusing on internal auditing in higher education institutions. Site includes information about the organization, scheduled events, links to document
libraries, and other interesting Web sites.
Association of Credit Union Internal Auditors (http://www.acuiainc.org). International organization for internal auditors in the credit union industry. Site provides information about membership and more.
Association of Government Accountants (http://www.agacgfm.org/). The official site of the
educational organization dedicated to the enhancement of public financial management. Web site
provides information about the organization, links to local chapters, publications, conferences,
education and training, news, and more.
Association of Healthcare Internal Auditors (http://www.ahia.org/). Professional organization for healthcare internal auditors dedicated to the advancement of the healthcare internal auditing profession. Site provides information about AHIA, Code of Ethics, position papers, and a
planned audit library.
Association of Inspectors General (http://www.lib.jjay.cuny.edu/ig/) Web site provides information about the organization representing state and local inspectors general and other public
inspection and oversight entities. There are links to IG offices and various Internet-based professional development initiatives. Association of Practicing CPAs (http://www.ap-cpa.org/) is a forum for CPAs to network with other CPAs by mentoring, teaching, learning, and sharing business
opportunities. Includes links to their newsletter, a CPA directory, and related resources.
Association of Public Pension Fund Auditors, Inc. (http://www.appfa.org/) is an organization
whose members are responsible for internal auditing of public pension funds. The site provides
information about the organization, conference schedules, audit programs, their listserv, and more.
Association for Computing Machinery (ACM) (HTTP://www.acm.org). Largest and oldest
international scientific and educational computer society in the industry. ACM provides members
with a forum for sharing knowledge on developments and achievements. There is a Special Interest Group (SIG) for Security, Audit, and Control.
Australian Society of CPAs Online (http://www.cpaonline.com.au) site includes information
about the Society, membership, regulations, professional development, services available through
the Microsoft Network, and available information resources.
188 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Bank Administration Institute (http://www.bai.org/) provides information about BAI, links to
emerging issues, and Certified Bank Auditor training material demo.
California State Association of County Auditors (http://www.co.sanmateo.ca.us/controller/
auditchf.htm) Web site provides a list of California counties and their auditors, a list of audits
performed with contacts, and links to other sites.
Canadian Environmental Auditing Association (http://www.mgmt14k.com/ceaa/) organization dedicated to development of the practice of environmental auditing. Site provides background on the organization.
Canadian Institute of Chartered Accountants (CICA) established a Chartered Accountants
of Canada Web home page (http://www.cica.ca). The site will contain links to the provincial
institutes. There are also links to accounting and consulting practices of accounting firms, national
and international accounting organizations, and activity areas, including accounting and audit.
While much of the site is under construction, there are excellent links to environmental accounting
resources and activities.
Certified General Accountants Association of British Columbia (http://www.cga bc.org/).
Site provides information about the Association, tax tips, links to accounting associations, and
more.
Certified General Accountants Association of Canada (http://www.cga canada.org) provides
information about the CGA structure, programs, publications, and more.
Chartered Institute of Management Accountants (http://www.cima.org.uk). Provides information about the CIMA and describes management accounting. This is an information server for
this association of United Kingdom financial professionals.
Chartered Property Casualty Underwriters Society (http://www.cpcusociety.org/index2.htm)
Web site of insurance professionals containing information for consumers covering areas such as
insurance law, finance, ethics, and management.
CharterNET Web server for the Institute of Chartered Accountants in Ireland (ICAI). This
site (http://www.icai.ie/) provides information about the ICAI services and online library of materials. There is also a description of the Business Network reaching out to chartered accountants
working in industry, commerce, and the services sector.
Confederation of Asian and Pacific Accountants (http://www.capa.com.my) Web site for a
professional organization provides information on projects, articles, publications, links to other
CAPA bodies, an Accountant’s Forum, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 189
Construction Financial Management Association (http://www.cfma.org/) site provides information about the organizations, publications, a job bank, and more.
Council of Higher Education Internal Auditors (http://www.wlv.ac.uk/ias/cheia/
welcome.html) Web site provides information about the organization, newsletter, internal audit
links, and an e-mail discussion list.
County Auditor’s Association of Ohio (http://www.caao.org) professional organization Web
site provides a directory of county auditors, a virtual tour, and fiscal responsibilities.
Credit Union Internal Auditors Association (http://www.cuiia.org/MainPg.htm) Web site
provides information about the CUIAA, a useful discussion forum, and more.
European Accounting Association (http://www.bham.ac.uk/EAA/) site contains information
about the EAA, its publications, conferences, and links to other resources.
European Court of Auditors (http://europa.eu.int/ca/intro.html). Organization that monitors
the European Unions finances and points out areas where management improvements are needed.
Page provides all the details on organization and duties of this body.
Federation of Tax Administrators (http://www.taxadmin.org/) provides information about the
organization, publications, electronic commerce, and more.
Financial Management Association International (http://www.fma.org/). The FMA is a professional association of finance practitioners, academicians, and students founded to develop a
continuing relationship between financial theory and practice. The site includes a one-stop shopping guide to finance on the Internet.
Financial Management of the Firm (http://garnet.acus.fsu.edu/~ppeters/fin3403/) provides
all the material for a course on financial management. The site contains lecture material, in-class
and practice problems, and exams. There are also tables for the time value of money, using a
financial calculator, and Web-based information.
Financial Managers Society (http://www.fmsinc.org/index.htm) Web site for the only not-forprofit professional society dedicated to serving the technical and professional needs of bank, thrift,
and credit union financial officers. Site includes information about the organization, regulatory
issues, employment opportunities, and more.
Florida Institute of CPAs (http://www.ficpa.org/) Web site provides legislative updates, job
links, and other sites of interest to Florida CPAs.
190 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Government Finance Officers Association (http://www.gfoa.org) Web site for the GFOA, the
professional association of state/provincial and local finance officers in the United States and
Canada that has served the public finance profession since 1906. Resources include organization
history, job listings, publications, articles, chapter information, and more.
Healthcare Financial Management Association (http://www.hfma.org) professional association for financial professionals in the healthcare field. Provides information about the association,
publications, special interest groups such as a CFO forum, professional certification programs,
and more.
ICAA (http://www.icaa.org.au). The Institute of Chartered Accountants in Australia maintains a
site on the Web and a site on CompuServe. There is general information about the Institute, membership, student news, and more.
Illinois CPA Society (http://www.icpas.org/). Home page of the state professional association
representing Certified Public Accountants. Includes financial management information, articles
from Insight Magazine, and links to accounting-related resources. Some areas of this site are
restricted to members.
Information Systems Audit and Control Association (ISACA) on the Internet. The Central
Indiana Chapter ISACA created a list for information systems auditors called CISACA-L. The list
is meant to encourage professional discussion and is open to all information system auditors. To
subscribe, send a one-line message to [email protected] with the message SUBSCRIBE
CISACA-L (yourname). Leave the subject line blank. Messages sent to [email protected]
will be distributed to all subscribers.
Information Systems Security Association (http://www.issa-intl.org) site of the ISSA provides
information about this international organization of information security professionals. There are
links to security-related sites, security tools and utilities, and security-related listservers.
Institute of Chartered Accountants of England and Wales (http://www.icaew.co.uk) Web site
provides information about the organization, news, and more.
Institute of Chartered Accountants of Ontario (http://www.icao.on.ca) site provides information about the Institute, upcoming events, and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 191
Institute of Internal Auditors (IIA) Resources on the Internet:
The Institute of Internal Auditors established e-mail addresses for the headquarters staff. Address
e-mail by using the first initial of the staff member’s first name plus their last name, followed by
@theiia.org. General inquiries can be sent to [email protected].
Institute of Internal Auditors Inc. (http://www.theiia.org) - The IIA’s home page provides
information about The Institute, its mission, programs, and services. The site is organized under
the various centers for business, learning, and practices. The global audit resource center has links
to industry and audit specialty groups, discussion groups, forums, and a site for IT auditors.
Institute of Management Accountants (http://www.rutgers.edu/Accounting/raw/ima/). This
site provides comprehensive information on IMA programs and services. Includes Cases from
Management Accounting Practice, Statement on Management Accounting 4 P, Practices and Techniques for Implementing Activity-Based Costing, and more.
Institute of Management and Administration (IOMA) (http://ioma.com/) the leading publisher of business and management information. Each month their newsletters bring actionable,
productive articles to managers and executives in virtually every industry sector, all at the same
high editorial standards that challenge the popular cliches that fail to address today’s new and
pressing problems. The Administration section includes an Accounting and Taxation category
with links to a number of other sites mentioned in the ARL.
Institute for Professionals in Taxation (http://www.ipt.org/) Web site for a professional organization dedicated to minimizing the cost of tax administration and compliance for ad valorem and
sales and use taxes. Site provides information about the organization, employment opportunities,
research links, reference materials, and more.
International Computer Security Association (http://www.icsa.net). ICSA is an authority on
computer network security. Resources include white papers on security, publications, Security
Magazine, and more. The Tech Zone provides up-to-the-minute information on products and services related to Internet and computer security.
International Federation of Accountants (http://www.ifac.org/) home page of the worldwide
organization for the accountancy profession. Site provides information about the organization,
standards, discussion papers, and more.
ISACA Foundation (http://www.isaca.org) home page of the organization provides information
about membership, audit programs, internal control guidelines, certification, education, publications, and more. The site provides links to all local chapters that have Web sites.
192 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Maryland Association of Certified Public Accountants (http://www.macpa.org/) site includes
information about the association, a comprehensive listing of resources, and CPE opportunities.
Massachusetts Society of CPAs (http://www.mscpaonline.org/). Well-organized Web site for
the state society includes information about the organization, a record retention guide, Internet
from A to Z (links and resources for business), and more.
Minnesota Society of Certified Public Accountants (http://www.accountingnet.com/society/
mn/) MNCPA online site provides information about the organization, articles from their newsletter, CPE opportunities, and more.
National Association of Enrolled Agents (http://www.naea.org/) site provides information about
the association and its members, how to find a tax advisor, tax links, tax news, and electronic
commerce resources.
National Association of Financial Services Auditors (http://www.nafsa.com/index.htm) Web
site provides information about the organization, conferences, membership, and more.
National Association of Local Government Auditors (http://www.nalga.org/) home page for
NALGA, the organization formed to bring together professional local government auditors. The
site includes information about the organization, annual conferences, and excerpts from the Local
Government Auditing Quarterly.
National Association of Purchasing Management (NAPM) (http://catalog.com/napmsv/) Silicon Valley Chapter maintains a World Wide Web page on the Internet. Includes resources for
purchasing and supply management professionals. Purchasing articles include topics such as Software Licensing Flexibility, Paperless Purchasing, and Getting Started With EDI. The site also
includes a library collection of books, video, and audio cassettes on purchasing, materials, operations, and business management.
National Association of State Auditors, Comptrollers and Treasurers (http://sso.org/nasact/
nasact.htm) Web site for the organization, which includes public financial management, treasury,
and audit reports. Provides links to state auditors and treasurers on the Web, state comptroller, and
state auditor issues.
National Association of State Boards of Accountancy (http://www.nasba.org/). This Web site
provides information about the organization, a listing of individual state boards of accountancy, a
national registry of CPE sponsors, and more. Some areas are restricted to members only.
National Association of State Budget Officers (http://www.nasbo.org/) Web site for the professional organization for state finance officers. The site includes a list of available publications,
links to budget-related links, and more. The Budget Links page also includes sites related to performance measurement.
___________________________________ Chapter 6 — Internet Resources for Auditors 193
National Association of State Information Resource Executives (http://www.nasire.org/).
Clearinghouse of state government information on the Internet. Selectable categories include auditors, finance and administration, and information resource management. Categories provide links
to related information servers.
National Association of Trust Audit and Compliance Professionals (http://www.natacp.org)
Web site provides information about the organization, membership, career opportunities, and more.
National Health Care Anti-Fraud Association (http://www.nhcaa.org/) is an organization composed of private health insurers and federal/state law enforcement officials dedicated to the detection, investigation, and prosecution of healthcare fraud.
National Society of Insurance Premium Auditors (http://www.nispa.org/) Web site includes
background information, industry news, publications, and more.
National Society of Public Accountants (http://www.nspa.org) site provides information about
the NSPA, a national organization representing local practitioners and small businesses. Includes
information about publications, course availability, membership, and more.
Ohio Society of CPAs (http://www.ohioscpa.com/) - CPA access site provides information about
the organization, news, information exchange, CPE, links to the Top Ten Web Sites for Accountants, and more.
Organization of Local Government Auditing (OLGA) (http://www.olga.org/) is an initiative
of Scandinavian auditing firms responsible for auditing local government entities in their respective countries. The Web site provides information about the organization and their members as
well as links to other audit organizations.
Pennsylvania Institute of Certified Public Accountants (http://www.picpa.com/) site contains
information on education, government relations communications, including the table of contents
for its journal, and pointers to its officers and chapters.
Rhode Island Society of CPAs (http://www.riscpa.org/) site of this professional society provides links to Internet resources and information about the organization.
SANS Institute Online (http://www.sans.org/). The System Administration, Networking and
Security Institute is an education and research organization for system and network administrators
and security professionals. They provide resources and tools for professionals in related fields.
Their e-mail newsletters are a valuable knowledge resource for IT auditors.
194 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Society of Management Accountants (http://www.cma canada.org/) home page for the organization that represents Canadian Certified Management Accountants. Site has information about
the designation, a library including articles from current and past issues of CMA Magazine, member news, and more.
Texas Society of Certified Public Accountants (http://www.tscpa.org/) site provides information about the organization, including the CPA Yellow Pages, National Job Search, Government
Resources, and more.
Utah Association of CPAs (http://www.uacpa.org/) home page of the Utah Association of CPAs.
Provides links to local and national accounting firms, CPE events, a CPA referral service, and
more.
Virginia Local Government Auditors Association (http://www.co.chesterfield.va.us/
ManagementServices/InternalAudit/vlgaa.htm) home page for the statewide organization dedicated to promoting the local government auditing profession. Provides information about the
organization and upcoming training.
Western Canadian Auditing Roundtable (http://www.wcar.org) Web site for a nonprofit organization dedicated to the advancement of Health, Safety, and Environmental auditing. Site provides their mission and goals, a waste facility environmental review, and more.
Quality, BPR, and TQM Resources
Internet resources on quality issues, including Business Process Redesign (BPR) and Total Quality Management (TQM), have become an important resource for auditing. These sites cover a
broad spectrum on the topics related to quality issues. These also reflect the nature of business in
the information age, where change has become a normal occurrence that organizations and the
auditors who work for them must accept.
American Productivity and Quality Center (http://www.apqc.org) site is devoted to TQM and
benchmarking issues. There is information about the Center, membership details, and services
offered. The site also includes selected articles on benchmarking, reengineering, and total quality
from their publication, Continuous Journey Magazine. For more information, send message to
[email protected].
Benchmark Auditing in the Federal Audit Community (http://www.hhs.gov/ignet/faec/
bmrk.html) is an initiative from the Federal Audit Executive Council and resides on the IGNet
server. The site provides information about benchmarking, including a definition, the reasons, and
the auditor’s role. There is a list of references, a Code of Conduct, and links to other benchmarking
sites.
___________________________________ Chapter 6 — Internet Resources for Auditors 195
Benchmarking and Best Practices (http://www.tbs-sct.gc.ca/tb/iqe/bmrkg_e/indexe.html) Web
site for the Treasury Board of Canada provides benchmarking and best practices information useful for auditors. The main page for their site also includes links to quality service guides for
various aspects of government operations.
Benchmarking Human Resources (http://www.wa.gov.au/gov/psmo/pubs/directory/guides/
hrpp/wdu/benchmk.html) is a navigation guide from the Western Australia State Government.
This discussion paper provides an overview of HR benchmarking and strategies for identifying
meaningful HR performance indices.
Business Process Resource Centre (http://bprc.warwick.ac.uk/index.html) at the University
of Warwick provides links to other sites on the topics of reengineering business processes, discussion forums, a glossary of terms, articles, reports, and documents.
Business Researcher’s Interest (http://www.brint.com/BPR.htm). Comprehensive site of links
to business process reengineering and innovation. Includes papers, handbooks, projects, tools, and
links to other BPR resources and related sites.
Continuous Quality Improvement Server. The CQI Server (http://deming.eng.clemson.edu)
at Clemson University’s Department of Industrial Engineering supports global efforts in quality
improvement and education in quality. CQI includes tutorials on CQI, links to the Deming Electronic Network, the Community Quality Electronic Network, discussion lists on TQM, and other
quality-related sites.
Inter-Agency Benchmarking and Best Practices Council (http://www.va.gov/fedsbest/
index.htm). Site created as a central resource for sharing information on benchmarking and best
practices. Includes a code of conduct for benchmarking, databases for best practices and BPR,
links to other related sites, and more.
International Organization for Standardization (http://www.iso.ch/) (ISO) online Web site of
the organization that developed standards for quality management and established an online support unit to provide facts on ISO 9000. The ISO 9000 Forum provides answers to various FAQs as
well as background information on the standard.
Quality Auditor Home Page (http://www.geopages.com/WallStreet/2233) resource page for
quality auditors. Includes links to the ASQC, the Quality Auditor division, listserv for Good Laboratory Practices, newsgroups, and more.
Quality Network (http://www.quality.co.uk/quality/index.htm) site provides links to resources
on quality management, ISO 9000, environmental and safety management. Will include environmental and safety management auditing advice.
196 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Quality Online Forum (http://www.qof.com/) is a subscription service available via dial-up or
the Internet. There are links to proprietary databases, resources, and other quality sites.
Quality Resources Online (http://www.quality.org/) Web site provides links to TQM, business
process reengineering, and other quality resources.
Risk Management and Assessment Resources
Risk-based resources on the Internet cover issues that auditors reviewing the risk function should
appreciate. Identifying and managing risk in today’s business environment can be critical in business continuity planning.
International Finance and Commodities Institute (IFCI) (http://Finance.Wat.ch/ifci) - Foundation promoting the understanding of financial risk management instruments and commodities.
Site includes links to financial and derivative-related Web sites. The home page includes a query
box to locate specific information within the site. Timely reports, research papers, listings of education, and information products make this a worthwhile site for auditors, accountants, and financial professionals who need information on financial instruments.
Risk Assessment and Risk Management (http://www.mc2consulting.com/riskpage.htm) Web
site for a project that provides tools and articles on risk-related subjects. There is a risk glossary
and internal audit risk bibliography that professionals will find useful for research and background
on the subject.
Risk Assessment Do’s and Don’ts (http://www.jebcl.com/riskdo/riskdo.htm) - Professor Boritz
provides guidance on risk assessment for internal auditors.
Risk Management and Internal Auditing (http://www.rpi.edu/dept/rmia/webpage/rmia.html)
site at Rensselaer Polytechnical Institute includes loss prevention policies and procedures, Internal Control Manual, Conflict of Interest Policy Statement, and more. Most files are in Adobe
Acrobat (PDF) format which requires the Adobe Acrobat reader, available free by download.
Risk Ranking and Security Controls (http://ourworld.compuserve.com/homepages/JerArdra)
Web site of Jerry FitzGerald and Associates. Access a downloadable working copy of RANKIT(R) (and 16-page manual), a DOS-based risk ranking program and methodology that automates
the ranking process. Information is also available on other information systems books and software.
___________________________________ Chapter 6 — Internet Resources for Auditors 197
Risk Standards for Institutional Investment Managers (http://www.cmra.com/riskpress.htm)
Web site from an industry working group containing guidelines that institutional investors and
institutional investment managers may use when planning their own risk measurement and risk
management practices. The Risk Standards are grouped into three categories: Management, Measurement, and Oversight. Excellent resource for auditors reviewing investment risk within organizations.
RiskList is a KPMG moderated mailing list forum for discussions on control and risk management issues. Join RiskList by sending an e-mail message to [email protected] with the words
“subscribe risklist” in the body of the message. (Knowledge Assembly Resource)
RISKWeb (http://www.riskweb.com). Information resource for academics and professionals
interested in risk management and insurance issues. The RISKNet WWW server is a service of the
RISKNet mailing maintained at the University of Texas at Austin. The RISKNet mailing list provides individuals around the world with a forum for open discussion of risk and insurance issues.
Software Resources (Accounting, Auditing, and Security)
The following sites provide links to software management tools, data extraction and retrieval
tools, audit management software, and more. They also provide links to audit and accounting
resources available on the Internet. Look for demos of the programs available for download as
well as Internet-based customer support for their products.
ACL (http://www.acl.com) is an integrated system of software providing complete control over
data access, management, analysis, and presentation. The site offers information about their products, trade shows, seminars, and training schedules as well as online support and the Audit Central
page - A Guide to Web Audit Sites. For more information, send e-mail to [email protected].
ADM PLUS for Windows (http://www.admplus.com/) Web site of Joseph Plier & Associates
provides information about their audit automation software. There are links to a newsletter, conference announcements, and a full-featured, 90-day Evaluation Version or a Production Version of
ADM PLUS for Windows is available for downloading.
AllCLEAR – SPSS Inc. (http://www.spss.com/allclear) allCLEAR is ideal for quality, auditing,
IS, training, and human resources. allCLEAR turns a simple text outline into a flowchart automatically.
Audit Sentry – HIS Financial Products (http://www.ihsfinancial.com/products/audit/
audit.html). AUDIT SENTRY is a user-friendly Lotus Notes® or Windows 95®-based system
that streamlines the audit process, from planning and performance to reporting.
198 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
AuditMasterPlan (http://www.jebcl.com/). AMP is a computer-based risk assessment, planning, and work tracking system for internal auditors. The site provides information about the
product, and a downloadable demo is available.
Auditor Assistant (http://www.auditorassistant.com/) is a teamwork-based audit system using
Lotus Notes. The site includes a description of how the system works, requirements, and a
downloadable preview version of the program.
AutoAudit – Paisley Consulting (http://www.paisleyconsulting.com). Business Ethics Resources
on WWW (http://www.ethics.ubc.ca/resources/business/) provides links to sites related to the subject.
Barefoot Auditor (BFA) (http:/www.thebarefootauditor.com/) site with information about the
Barefoot Auditor, a software auditing program. Downloadable demo is available from this site.
BrainTree Security Software (http://www.sqlsecure.com/) vendor Web site provides information about their products for security solutions for relational databases. White papers available on
PeopleSoft data security and more.
CaseWare (http://www.caseware.com/). CaseWare International is a producer of engagement
and reporting software.
CRA Wiz – PCI Services Inc. (http://www.pciwiz.com) CRA Wiz™ is a family of Windows™
based software tools for compliance professionals in the CRA and Fair Lending fields. The three
tools are the Database Analyzer, the Geocoder, and the Mapper. All are Windows™ based and can
be operated and purchased as an integrated system or independently of each other.
Crystal Reports – Seagate Software (http://www.crystalinc.com/crystalreports). Directorate
of Counter Fraud Services (http://www.doh.gov.uk/dcfs/index.htm) Web site provides information about healthcare fraud in the United Kingdom, the types of fraud, and a fraud strategy.
IDEA Software Users Discussion List. IDEA-LIST is a non-moderated discussion list and forum
to exchange ideas and information among users of IDEA (Interactive Data Extraction and Analysis). IDEA is a productivity tool for auditors, accountants, and financial managers that can help
display, analyze, manipulate, or extract data from other computer systems. Send subscription requests to [email protected] with one line in the body of the letter: SUBSCRIBE
IDEA-LIST.
Micrografx, Inc. (http://www.micrografx.com/flowcharter). FlowCharter is a business drawing, diagramming, and charting tool. It can be used to create organization charts, network diagrams, statistical control charts, and flow diagrams of any type.
___________________________________ Chapter 6 — Internet Resources for Auditors 199
Paisley Consulting (http://www.paisleyconsulting.com) provides products and services that improve the efficiency and effectiveness of internal auditing departments. Site includes the AutoAudit
software, which is a complete workflow automation system designed to increase the productivity
and effectiveness of medium and large-sized audit firms.
QSAK (http://www.optimumtechnology.com/pages/QSAK.htm) software used to schedule,
manage, analyze, and conduct internal audits, assessments, tests, and inspections. This management tool is designed to organize, direct, document, and report on internal and external audits.
Free limited version is available for download from Optimum Technology’s site.
Seagate Crystal Reports accesses more than 30 data sources, has powerful data analysis capabilities and report type options, and produces presentation-quality output.
Software Information Industry Association (http://www.siia.net/). The Software Information
Industry Association (SIIA), formerly the Software Publishers Association, home page on the
Web has information available on SIIA publications, anti-piracy programs, and more. This is a
great resource for software compliance auditing.
Accounting and Tax Resources
The following sites provide a wide range of accounting-related resources that you can utilize. All
of the major public accounting firms have sites on the Internet and provide a wide variety of
information about their organizations and services offered. The International Accounting Network (Anet) has various sites around the world and provides a comprehensive database of accounting-related resources. Connect to the closest available location to speed up access to their
information.
Accounting Resources
Academy of Accounting Historians (http://weatherhead.cwru.edu/Accounting) organization
that encourages research, publication, teaching, and the interchange of ideas for accounting history and its relationship to business and economic history. Site provides information about the
Academy, its organization, and services offered. There is also a publication section with links to
research papers and abstracts.
Accountant’s Home Page (http://www.computercpa.com/) includes resources for accountants,
financial and business professionals. Resources include governments, professional organizations,
corporations, and universities.
Accountants Online (http://www.ppn.com.hk/accountantsonline.html) Pacific Professionals
Network accounting page of information and resources. Includes What’s Hot for Accountants and
Accounting Web sites.
200 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Accounting: A Virtual History (http://www.acaus.org/history/) Web site from the Association
of Chartered Accountants in the U.S. provides an excellent historical background on the roots of
accounting.
ANet Mailing Lists (http://www.csu.edu.au/anet/lists/). One of the major services provided by
ANet is mailing lists in a range of areas. The principal mailing list is ANews-L that provides
information on a variety of coming events, new publications, and important developments on the
Internet. Archives of the various ANet lists are maintained on the site.
Accounting (BIG 5) Firms on the Internet.
Arthur Andersen (http://www.arthurandersen.com/) Web site provides information about the
firm and its history as well as sections for global best practices, interactive tools, and business
links.
Deloitte & Touche (http://www.dttus.com) site provides information about D&T as well as an
excellent Hot Topics section (http://www.dttus.com/dttus/hot/hotlist.htm) with timely information on software products, surveys, and breaking news items of interest to accountants and auditors. Deloitte Touche Tohmatsu TAXNET (http://www.deloitte.com.au) Deloitte Touche
Tohmatsu Australian division is now on the World Wide Web. Site includes information about
Deloitte, Tax Publications, career information, and more. Touche Ross UK (http://www.deloitte
touche.co.uk/) site for the UK Division of Deloitte Touch. Includes a hot topics area, information
about the firm, and Inside Fraud, the quarterly fraud bulletin.
Ernst & Young (http://www.ey.com) U.S. site provides financial reporting briefs, a financial
reporting and accounting 1995 Update, gateways to other E&Y sites, and career opportunity information. Ernst & Young (http://www.eycan.com) E&Y Canada provide information about the firm’s
services and career opportunities. Includes news releases, tax briefs, links to the Department of
Justice of Canada (French or English) and links to other business resources. E&Y England (http:/
/www.ernsty.co.uk/welcome.htm) include the complete publication of Cadbury Corporate Governance: Reporting on Internal Financial Control. E&Y Africa (http://www.mbendi.co.za/ernsty)
provides information on their services.
KPMG - Peat Marwick Web Sites KPMG US (http://www.us.kpmg.com) provides updates on
KPMG, services, employment, and a library that contains links to accounting and tax-related sites.
KPMG Online Canada (http://www.kpmg.ca) includes industry studies and links to business resources. KPMG Australia (http://www.kpmg.com.au) includes tax information for Australia and
links to other resources.
PricewaterhouseCoopers (http://www.pwcglobal.com) Web site contains firm history, insights
and solutions, and career information.
___________________________________ Chapter 6 — Internet Resources for Auditors 201
ProfessionalCity.com (http://www.professionalcity.com/) is a vertical industry portal that provides research material and information regarding related products and services for specific professions. There are currently “neighborhoods” for law, marketing, and accounting.
Tax Resources
Tax-related resources are readily available on the Internet. The Internal Revenue Service maintains an excellent site with up-to-date tax information. Some sites maintain archives of tax-related
discussion lists as well as links to other tax resources. Like the saying goes, the only things that are
certain are death and taxes. Look at some of the following sites for the tax information to stay up
to date.
Research Institute of America (http://www.riatax.com) is a publisher of U.S. federal, state, and
local tax information and analysis. Weekly updates on tax information, product reviews, demos,
and employment opportunities.
Tax & Accounting Professional Network (TAPNet) (http://www.tapnet.com) provides information on the selection and implementation of accounting software systems. Professionals can
also subscribe to five e-mail discussion groups of various tax and accounting topics and search for
past articles published in Management Accounting magazine via the subject index linked to abstracts of all articles published after October 1994.
Tax and Accounting Sites (http://www.taxsites.com). An extensive list of tax, accounting, law,
finance, economics, and government sites maintained by Dennis Schmidt, Associate Professor of
Accounting, University of Northern Iowa.
Taxpayers Against Fraud (http://www.taf.org/) is a nonprofit public interest organization devoted to fighting fraud against the federal government. The site includes information about the
False Claims Act, news releases, resources, healthcare information, and more.
TaxWeb (http://www.taxweb.com/) Web site for federal, state, and local tax-related developments. Includes tax forms, filing extension information, federal and state legislation, tax research,
enforcement, tax publishers, discussion groups, professional organizations, and more.
World Tax (http://www.doingbusinessin.com/) is Ernst & Young’s site for international business, tax, and accounting. The site features Tax News International, a “quarterly digest of tax
information in more than 50 countries,” the 1997 Worldwide Corporate Tax Guide, and the 1997
Worldwide Executive Tax Guide, which provides a summary of the corporate and personal tax
systems in more than 130 countries.
202 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Training – Continuing Professional Education
All auditors, accountants, and financial managers have to keep up to date with changes taking
place in their respective professions. The Internet provides opportunities for staying current on
professional issues by continuing professional development or training. Some sites are providing
training opportunities via the Internet while other sites use the Internet to announce conferences
and courses. Determine your training needs and explore the following sites to see whether they
are providing courses that will meet current and future needs.
Becker CPA Review (http://www.beckercpa.com/) site provides details about their CPA review
course. There is an excellent description of careers in accounting and pay scales that would be
useful for students exploring accounting-related positions.
Bisk Publishing Company (http://www.bisk.com/) site for the provider of educational materials
for auditors and accountants. Site search engine available to locate information.
Canaudit (http://www.canaudit.com/) Web site for continuing education/training for internal
audit and information systems audit. Features include information about their services, a newsletter, and more.
CPEInternet (http://www.cpeinternet.com/) provides continuing professional education for
accountants and auditors via the Internet. Course catalog includes training in business, accounting/auditing, taxation, consulting, and more. Free demos and course previews available.
CPENet (http://www.cpenet.net) a nonprofit, online continuing education service designed by a
group of certified financial professionals, all of whom have been active as practitioners and trainers for many years. CPENet originates from our concern that outsourcing, downsizing, and slashed
training budgets are making high quality CPE more and more difficult for CPAs, CIAs, CISAs,
CMAs, CFEs, and CGFMs to obtain. The purpose of CPENet is to reduce the cost of high-quality,
continuing professional education. CPENet is a National Association of State Boards of Accountancy (NASBA) continuing education sponsor (#95 000739 97). E-mail comments to:
[email protected].
CPE-Tracker (http://www.cpe-tracker.com/) Web site for Continuing Education tracking and
resources for professionals provides various services for auditors and accountants. Services include searching for CPE, tracking, CPE requirements, CPE providers, and more.
Gleim Publications, Inc. (http://www.gleim.com/) - Publisher of accounting and auditing examination preparation material.
___________________________________ Chapter 6 — Internet Resources for Auditors 203
Government Audit Training Institute (GATI) (216.1.143.50/programs_services/auditing/
gatp.cfm) Web site provides information about the organization, available courses, details on
registration, and more.
Graduate School USDA (http://grad.usda.gov) provides information about courses offered by
the organization, including the Government Audit Training Institute (GATI). For more information, send message to [email protected].
Lambers CPA Review (http://www.lamberscpa.com/) - site of the publisher of professional
exam review guides for CPA, CIA, and CMA.
MicroMash Accounting Reviews (http://www.micromash.com/) provides information about
their review courses for the CIA, CPA, CMA, CISA, CFM, and more. They offer tutors, indicators
(practice exams), and downloadable demos of their programs.
MIS Training Institute MISTI (http://www.misti.com/) Web site contains information on seminar
offerings and links to other Internet sites. The MISTI curriculum includes courses in modern
internal auditing and information systems audit and security. They also offer a variety of products
and services, including topical conferences, video training, publications, and more.
Training and Seminar Locator (http://www.tasl.com) - free access database to help find resources for training and professional development. Search U.S. training providers by type of
resource, subject, location, and date range. Eventually this service will provide online registration.
Wiley CPA Exam Review (http://www.wiley.com/cpa.html). This site features the Wiley/Delaney
review materials for candidates preparing to take the CPA exam. Site also includes FAQs on preparing for and taking the exam and sample review questions.
World Training Institute (http://worldtraining.com) Web site for CPE training in taxation,
telecommunications industries, internal controls, COSO, and communication skills.
Yipinet Knowledge Hub (http://www.yipinet.com/) offers CPE courses for the accounting profession using an easy-to-navigate, full-solution Web destination for professionals who seek continuing education. They provide CPE tracking, and the site also includes an Industry Watch that
users can customize to their interests.
204 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Vendor and Consultant Resources
Vendors and consultants marketing audit-related goods and services on the Internet have provided auditors with an effective way to find help. The following sites provide a sample of the types
of services available on the Internet. The inclusion of these sites is not meant as an endorsement
of the goods or services they offer but merely as an example of how audit-related consultants are
using the Internet to reach potential customers.
Audimation (http://www.audimation.com) is a distributor of IDEA software. The site has links
to information about the product, its uses, training, upcoming events, and demo downloads.
Audit Serve Inc. (http://www.auditserve.com) site provides technical articles on audit and security, discussion topics, question postings, system software release tracking, and job postings. A
section of the home page is also devoted to year 2000 software issues. Issues relating to the century date change problem are described and a tracking system is provided which identifies whether
software and hardware platforms are year 2000 compliant. The home page also contains a description of products and services offered by Audit Serve. For more information, send message to
[email protected].
AuditForce (http://www.auditforce.com/). Consulting organization that provides internal audit
and compliance expertise. Site has an e-zine with articles on topics of interest to auditors, including internal auditing and controls in the reengineered company.
Canaudit (http://www.canaudit.com/) Web site for continuing education/training for internal
audit and information systems audit. Features include information about their services, a newsletter, and more.
Carratu International (http://www.carratu.com/) Web site of a fraud and security consultant.
Includes a description of services offered and bulletins (in Adobe Acrobat format) on corporate
fraud, risk analysis, and more.
Enterprising Associates (http://members.aol.com/EAlimited/OURPAGE/index.htm) is an information technology audit, computer security, and consulting practice. The site includes The
Computer Advisory with articles on computer security and auditing. A free ram resident utility
providing a fix to the year 2000 problem for PCs is also available for download.
New Technologies Inc. (http://www.forensics-intl.com/intro.html) is a security consulting firm
that offers training and tools for computer forensics. Site provides articles, software, visual aids,
and more.
___________________________________ Chapter 6 — Internet Resources for Auditors 205
NJH Security Consulting, Inc. (http://www.njh.com/) Web site for a security consultant specializing in Internet penetration testing and Web security. Items of interest to auditors include
articles on security-related issues and problems.
Veris Social Security Number Verification Services (http://www.ssn-locate.com/) provides
methods for validity checking Social Security numbers for invalid, never issued, and deceased.
The services include standalone application programs and software libraries for a variety of computer systems as well as a mail-in-processing service. SSN databases are obtained from the Social
Security Administration and updated monthly.
Interview: Charles Lawver, President, CPENet (http://www.cpenet.net)
CPENet was the first distance education provider to offer National Association of State Boards of
Accountancy (NASBA) certified, continuing education credit on the Web. In 1994 when they
started, many of their students in the United States and overseas and did not have separate word
processing applications (many overseas still do not), so they chose to deliver their courses via email. They had only one payment option, which was for the student to mail his or her tuition
payment to a post office box.
Over the years the look and feel of the site has constantly changed. Today they offer more courses
than ever; they are constantly adding the new and dropping the old. They try to keep their courses
up to date to mirror current issues and concerns but also limit the number so the student is not
overwhelmed. Their students (in 12 countries) can now register for one or any number of courses
online at the same time.
Since they keep full records on each of their students (as required by NASBA and by their affiliate,
Global Online University), any of their students can request at anytime a free transcript of all the
courses he or she has ever taken. This can be a help at reporting time when you’ve waited until the
last minute (as many of us have) to report hours to a state chapter or certification board. They now
offer the option of allowing students to pay their tuition with VISA and/or MasterCard using
secure Cybercash technology.
But the vision of their editorial board has remained consistent from the beginning…they are an allvolunteer, nonprofit organization with only one mission. They want to offer their students, who for
one reason or another (physical distance or location, job-related travel, downsizing, dumb-sizing,
reduced training and travel budgets, etc.) cannot obtain traditional training, worthwhile continuing
education, and skills updating experience at a reasonable cost. Whatever monies they take in as
tuition are expended on new course development and to cover the cost of operating their Web site.
206 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. Why was CPENet created?
CPENet was created in reaction to the downsizing and organizational reengineering wave
that hit the Richmond, Virginia, audit community very hard beginning in 1993. I was on the
board of the local chapter of The IIA at the time as well as serving as president of the Richmond Chapter of the Certified Fraud Examiners. Many state and federal government agencies and private firms eliminated training budgets for their internal audit shops entirely. Even
worse, many highly qualified auditors of all kinds found themselves out of work. As president
of the local CFE chapter, I would get phone call after phone call from auditors whose organizations weren’t paying for training anymore as well as from colleagues whose jobs had simply
been eliminated, all looking for low cost, but high quality, continuing education credit. It
occurred to me that one way to make training available on a low cost basis to a large number
of potential students was to make short courses available over the Internet via e-mail.
I organized a board of directors and obtained NASBA certification as a continuing education
provider for what we decided to call CPENet. As you know, CPENet is nonprofit; all monies
received from students are plowed back into the development of additional courses and/or
used to defray the costs of operating the Web site.
To my surprise I found not only a very brisk demand among auditors between jobs from all
over the United States but from American auditors and accountants working or residing in
remote or overseas venues where CPE simply was not available from the local chapters of
their certifying organizations. By the end of our first two years of operation, CPENet had
students in 12 countries.
Q. How do you see the Internet changing the delivery of continuing professional education?
I think there is an opportunity to provide CPE to folks on their own time as they need it. The
advantage to CPE over the Internet is that it is available right when the student needs it, or
wants to take it, in a wholly convenient format. When a site adds forum and chat capability,
there is really no end to the possibilities for information sharing.
Q. What has been the response of the audit community to accepting this new method of
CPE delivery?
Auditors tend to be a conservative lot and usually adopt a “show me” attitude of skepticism at
first to the idea of CPE online. I think the success CPENet had in its first years derived from
the fact that those using the service were in remote locations and had to break down their
normal reluctance by necessity. I have found that the best way to introduce auditors who are
not in remote venues to CPE online is to involve them through their local professional organization chapters. For example, in Richmond the CFEs have tripled our membership since we
started holding virtual meetings online featuring a downloadable lecture for two hours of
___________________________________ Chapter 6 — Internet Resources for Auditors 207
CPE credit. We hold such virtual meetings every two months year round and invite the membership of a different professional organization (IIA, ISACA, the Governmental Accountants,
the Association of Investigative Officers, etc.) to each of our meetings. We have never failed to
pick up several new members from each of the organizations we invite to our online meetings.
The Richmond CFEs make 12 hours of CPE credit available online each year to each of our
members for the price of the annual membership fee ($15.00).
Q. What types (industry) of auditors are benefiting from this new way to earn CPE?
I would have to say that students from just about every major industry have taken CPENet
lectures and courses at one time or another... we have had governmental types, bankers, people
in finance, lots of auditors from all over, information systems people, etc. I think the industrial
classification is less important in distinguishing our students than the type of individual who
is attracted to CPE online in the first place. As I said, these folks tend to be in remote locations
but also tend to be less afraid to try something new… they are generally innovative and curious by nature. As time goes by I think we can attract more conventional folks to online CPE
through use of the Internet as a professional chapter building device.
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
As a CISA, I have been involved with information systems from the earliest days of my career.
I guess my years as a systems developer in the mainframe environment were what initiated my
interest in PCs as a way to bring computing to the desktop.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
Here in Virginia state government, auditors at all levels are using the Internet (mainly e-mail)
as a communication device. As folks have gotten more comfortable with e-mail, the chat rooms,
forums, and bulletin boards have followed and have all found a place as ways to enhance
communication.
Q. How has your organization integrated the use of the Internet into auditing?
My staff and I use the Internet constantly as a source of information but also as a communications channel. We use our intranet to publish audit findings and to get updates to those findings from customers. We also use our intranet as a vehicle to educate our clients on controls
and to establish a presence for the audit function within the organization.
208 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. What Internet resources do you use, and how have they helped you and your organization?
Of course we use e-mail constantly. We use the World Wide Web for information and an intranet
to publish and update findings. We also have created a Y2K archive online (using the intranet)
as a way to organize documentation on the project for the many folks who are auditing that
project. We have also found that digital storage is less expensive than filing cabinets and so
all our workpapers are slowly but surely being converted to storage in private pages on the
intranet as well. What using the intranet as a data storage device does for us is to speed the
work of the external auditors. Now they can find literally hundreds of documents about our
organization on our intranet, saving them time and our staff from having to answer so many
repetitive questions.
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
Our agency today is unrecognizable in comparison to what it was six or seven years ago. This
is due to our use of LANS, WANS, and the Internet. Paper has not disappeared but it is used in
a wholly different way.
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
I think the auditing professional has ridden the wave with the other functions in the organization. It has been my experience that auditors in general are not particularly creative or
innovative, and I am not sure that many of our colleagues are as comfortable with technological change as perhaps they should be if they are going to not just survive but thrive. As time
goes by and folks who have been raised with computers enter the profession, hopefully we will
see the same level of innovation as we have seen in some other professions. Unfortunately, I
think that many auditors use these new tools because they feel they have to, not because they
like them or want to do innovative things with them.
Q. What Internet skills do you see as the most critical for new auditors?
I think new auditors need to know how to set up audit relevant Web pages and to incorporate
databases into them so that control-related information can be shared dynamically on a real
time basis. No one is interested in yesterday’s news anymore. Auditors can use the many tools
of the Internet (as of intranets) to review more concurrently and to be true management consultants on controls. To do so they must go beyond elementary skills like e-mail and the Web to
the design of databases to convey control information on systems when and where it can do
the most good. Above all, new auditors have to know the systems design and development
process thoroughly if they are going to make a relevant control contribution to the modern
organization. The Internet is only one small piece of all this.
___________________________________ Chapter 6 — Internet Resources for Auditors 209
Q. What role do you see for the Internet in the future of internal auditing?
The Internet is just a tool, albeit an important one. As with any tool, its usefulness is only
limited by the creativity and imagination of those who use it. If the internal auditing function
can remake itself as constantly as its parent organizations of today have to remake themselves,
then the Internet will be a critical tool in internal audit survival. If new tools are used to
continue old ways of doing things, then these tools really won’t matter very much at all.
Q. Any other thoughts on how auditors could be using the Internet that you would like to
share?
Just to say that the Internet can be an isolating experience for folks and so they resist it
sometimes... although we have used it to build our CFE chapter in Richmond, we do not
simply have online meetings. We try to get the membership together several times a year so
folks can see and get to know each other in the flesh. It’s important to remember the human
element. For those times when schedules and distance do not permit, the Internet is truly a
wonderful tool to do just about anything anyone is imaginative enough to think up.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 211
Chapter 7
Practical Applications for
Using the Internet as an Auditing Tool
While there has been much written about how others use the Internet, I thought it would be valuable to provide practical examples of how auditors are actually using the technology. Its true value
comes from how you use it as an auditor in both your professional and personal life. This chapter
should be considered a work in progress. The examples provided are a starting point for how to use
the Internet from a professional perspective. Auditors who are using the Internet were asked to
offer their experiences and suggestions for your benefit. Messages were also posted on numerous
mailing lists for feedback on how other audit and accounting professionals use this resource. The
responses are included in the section called “Heard from the ‘Net.” The following ideas come not
from a theoretical background, but from practical experiences in using the Internet for audit-related purposes. They cover many of the tools, applications, and resources that are included in this
book. Areas that may seem to be duplicated should be considered carefully as many auditors may
use the same tool but in different ways.
I have found uses for the Internet in every audit project and special assignment in which I have
participated. At the beginning of each new project I send out an e-mail message to each of the
relevant discussion groups and newsgroups. If the subject deals with a topic that is relevant to
local government, my contact list includes e-mail discussion groups covering state and local government audit issues. If the subject deals with reengineering or security, I contact appropriate lists
for those subjects. I also conduct searches of Web sites using several of the search tools. The
reason for this is that different search tools give differing results. I have found that different search
tools use different types of logic, so you need to review the query logic prior to structuring and
submitting the request. Remember that the object is to find the information in the most efficient
and effective way possible. I use the available audit resource lists to locate appropriate sites, and
have managed to put together contact distribution lists in my e-mail program so that I have a
network of human resources.
Marketing the Audit Function
An effective method of marketing the audit function is by creating a home page for the internal
audit office. As discussed in Chapter 6, a number of audit departments have created home pages.
Those pages contain a great deal of valuable information, but most importantly they give the audit
department exposure. Creating a home page can also provide some structure as to how the audit
department uses the Internet. If an audit director has concerns about staff inappropriately browsing
the Internet, the best course of action may be to create a home page with links to “useful” Internet
resources. Many browsing software programs allow the auditors to save a home page created on
212 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
another system for modification and use on their own system. Auditors can find HTML references
from the Internet such as the ones at http://lcweb.loc.gov/global/html.html. View and save the
source of a page that looks fairly simple and start from there. Begin with a text only as you may
have initial difficulty with graphic images. Once you get the hang of the text editor commands, try
adding some graphics GIF files. There are several HTML (and freeware HTML) editors available
for download from the Internet (also listed in the URL above), but you may prefer just a plain
ASCII text editor.
Saving a home page created by another audit organization is efficient because it provides a foundation for your own audit office. This feature allows you to open a local file (the home page) on
your computer. Because the URL is a universal address for the sites, you can then access the audit
resources directly from a local home page rather than connecting to the remote site home page.
The ability to save pages to a local computer and modify them for your office means that you can
create and share useful HTML audit pages rather than starting from scratch. By combining useful
resources for staff along with information about the department, you can create a tool that serves
both internal and external customers to the internal auditing function.
Professional Organizations on the Internet
Professional accounting and audit organizations are establishing home pages on the Internet to
meet the needs of their members and to attract new members. The Institute of Internal Auditors
(http://www.theiia.org/), the American Institute of Certified Public Accountants, AICPA (http://
www.aicpa.org), the Information Systems Audit and Control Association (http://www.isaca.org),
the National Association of Local Government Auditors, (http://www.nalga.org/), the Association
of Government Accountants (http://www.agacgfm.org/), and the Association of Certified Fraud
Examiners (http://www.cfenet.com) all have established sites on the Internet. Some organizations
originally created their Web sites on other organizations’ servers such as FinanceNet or the Rutgers
Accounting Web and then moved to their own servers. Regardless of how these organizations
choose to present their Web site, they all have one common theme — sharing information about
their association, training opportunities, professional certifications, standards, and more. Professional associations on the Internet provide an important service by promoting professionalism and
encouraging networking with peers regardless of where they are located.
Where are the Auditors?
If only I knew someone who had the answer to that question. Sometimes it is a matter of finding
another peer who may have already found an answer. So the question becomes where can I find
other audit professionals in my area to network with? One way is simply to ask someone for their
e-mail address when you meet them. Including your e-mail address on your business card helps
this process along. Another way is to post a message on a discussion list or audit-related newsgroup
to connect with other auditors with similar interests.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 213
There is also an online directory of auditors, accountants, and financial professionals who have
registered their e-mail addresses along with other pertinent information. The AuditNet Accounting/Audit/Finance E-mail Directory is the most comprehensive listing of auditors, accountants,
and financial professionals available on the Internet. Financial professionals voluntarily e-mail a
registration form to [email protected] for listing in the directory. The format for submitting a request is included in the resources section of this book.
If you are trying to locate an e-mail address and you know the person’s name but not their phone
number or address, you have a number of alternatives. An excellent place to start is one of the Web
sites such as AnyWho (http://www.anywho.com/). Fill out the form with the name and state and
AnyWho will provide you with all the people who meet those criteria that are listed in the telephone directory. Another option is the Four11 Online User Directory, which is like an Internet
White Pages. This is a free subscription-based service. Send an e-mail to [email protected] and
they will send a registration form. As more people register, there is a greater likelihood of finding
other auditor e-mail addresses. Another possibility for finding auditors is the PeopleSearch site at
http://www.peoplesearch.com/. The site provides a simple form asking for the name of the individual you are looking for. It will then launch multiple search tools to find matches, including the
e-mail address. PeopleSearch located two of my three e-mail addresses using the name Jim Kaplan
even though my e-mail username was jmkaplan and jkaplan.
If the auditor you are looking for has posted a message on a Usenet newsgroup recently (within the
last six months), you can use the DejaNews page (http://www.deja.com). The site searches Usenet
postings under the auditor’s name and retrieves the message they wrote or are mentioned in. You
can then get their Internet address. Finally you could post a message on one of the audit-related
discussion lists asking other auditors if they know the e-mail address of the auditor. Professional
organizations are already beginning to include e-mail addresses on new member and renewal applications. Member directories will be a primary resource for finding peers. These directories will
eventually be available online, providing an easy-to-reach resource for auditors looking to connect
on the Auditbahn. Internet address books have become a standard tool for auditors as the Internet
matures as an important communications medium.
CPE Options for Auditors on the Internet
One thing that all professional auditors and accountants have in common is the need to stay up to
date on professional developments and the latest methodologies. Professional standards and certifications include minimum requirements for continuing professional development or education
(CPE). While CPE requirements are mandated by each organization such as the AICPA, IIA, IMA,
or the federal government, the ways to obtain CPE are varied. The Internet provides several options for efficiently locating training materials or actually obtaining training from the convenience
of your home or office.
214 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Auditors may use the Internet for finding audit-related course offerings, ordering catalogs via email, and registering online. The USDA Graduate School Government Audit Training Institute
provides online course listings along with descriptions at http://216.1.143.50/programs_services/
auditing/gatp.cfm. Auditors may view course schedules and descriptions, obtain late-breaking news
on courses, and pre-register for classes. Another Internet site with course listings is MIS Training
Institute (http://www.misti.com/). Course offerings include modern internal audit and information
systems audit and security.
Other CPE options include books and audio and video training cassettes on audit/accounting topics. Using Webcrawler (http://webcrawler.com) and CPE Accounting for the query, I located the
following sites for obtaining CPE material:
• Bisk Publishing Co. (http://www.bisk.com) describes itself as “a pioneer in the development of alternative teaching methods for tax, accounting, and business law education.” Their
inventory includes accounting and auditing CPE programs, including the CPA Review and
CPEasy (a library of CPE programs). The site includes a demo of their CPE program, catalog,
state board of accountancy requirements, and other professional information.
• CCH Inc. (http://www.cch.com) is a global provider of tax and business law information,
including CPE programs. The site provides many tax and accounting online CPE courses
available for a $25 flat grading fee.
• Gleim Publications (http://www.gleim.com) is a name familiar to accountants and auditors
who have prepared for the CPA, CIA, or CMA exams. Their material includes study guides
and questions from past exams, sections providing information on the CPA, CIA, and CMA
exams, how to pass the exams, and order forms for their books and software.
The most exciting and innovative way to obtain CPE is over the Internet (online). Some CPE
providers realize that it is becoming more difficult to obtain quality training, given current budget
and time constraints. An article in The Wall Street Journal estimated that it costs professionals
between $50-$75 for each hour of CPE, taking into consideration travel costs, time away from
work, etc. The following sites provide an opportunity for professional auditors to earn CPE on the
Internet:
• CPENet (http://www.cpenet.net/) is a nonprofit online continuing education service providing accounting, tax, and auditing training to professionals. The purpose of CPENet is to reduce the cost of high-quality, continuing professional education. CPENet is a National Association of State Boards of Accountancy (NASBA) continuing education sponsor. Examples of
course offerings include auditing automated applications, EDI, operational auditing, management controls for personal computers, and auditing efficiency of operation.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 215
• Another option is CPEInternet at http://www.cpeinternet.com/, which provides continuing
professional education for accountants and auditors via the Internet. The course catalog includes training in business, accounting/auditing, taxation, consulting, and more. There are
free demos and course previews available. The course fees average $15 per CPE unit.
The trend of providing new ways of delivering continuing professional education and training will
continue. As the number of auditing and accounting professionals using the Internet increases, so
will this method of meeting CPE requirements.
Using the Internet to Find Audit Jobs
Finding a job can be a daunting task for auditing professionals. Using the Internet for this purpose
provides auditors with another method of approaching career-enhancing moves. According to the
1998-1999 Occupational Outlook Handbook (OOH), employment of accountants and auditors is
expected to grow about as fast as the average for all occupations through 2006. Furthermore, the
OOH states that “accountants and auditors who have earned professional recognition through
certification or licensure should have the best job prospects.” This does not take into consideration
the impact of downsizing and restructuring. There is therefore no guarantee that the job held by an
auditor or accountant today will be there next week or next year. This makes it imperative that
auditors do some career planning just in case they find themselves on the short end of a corporate
restructuring exercise.
Making a career move requires the same type of planning performed by an auditor when approaching a new assignment. The planning process begins with obtaining background information for the
project. In this case an auditor should begin by brushing up on the essential tools for a career
move. The basics for resume preparation, job search techniques, and interview tips are available in
books or directly online via the Internet.
Auditors should begin by checking out the Online Career Center at Monster.com (http://
www.occ.com/) for tips on career assistance. The site includes career advice from nationally syndicated columnists, articles from The Wall Street Journal National Business Employment Weekly,
publication recommendations, resume tips, and do-it-yourself outplacement. Career Magazine
(http://www.careermag.com/) also contains tips and links to other career-related sites on the Internet. Auditors looking for specific job search strategies using the Internet should check out The
Riley Guide Employment Opportunities and Job Resources on the Internet by Margaret F. Riley
(http://www.dbm.com/jobguide/). This comprehensive site provides tips on using the Internet to
find a job.
When completing the planning portion of the career search, auditors must then focus on job opportunities. Robert Half of Atlanta (http://www.roberthalf.com) provides job listings for information
systems, accounting, and financial professionals. JOBS-ACT is a moderated mailing list of em-
216 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
ployment opportunities for accounting and finance jobs, including cash management, audit, and
tax. To subscribe to this mailing list, send an e-mail message to [email protected] with the message SUBSCRIBE in the subject line and body.
There is also an archive file available that may be obtained by sending the command ARCHIVE
JOBS-ACT to the list address.
There are also some general sites available that auditors can use for their job search. America’s
Job Bank (http://www.ajb.dni.us) is a cooperative effort of individual State Employment Services.
The State Employment Service has long recognized the need to help individuals and jobs connect.
Using the technology of the Internet, this program provides auditors with nationwide access to
employment opportunities in the public and private sector. There is no cost for employers who list
jobs or for financial professionals who use the service to find employment. Funding for the program comes from unemployment insurance taxes paid by employers. Using a self-directed search,
auditors may locate opportunities for jobs. CareerMosaic also provides a self-directed search page
(http://careermosaic.com/cm/usenet-help.html). There is a form for auditors to complete using a
simple text query for job description, title, organization, city, state, and zip code.
Auditors must understand that this is another means of locating opportunities and is not meant to
replace other strategies. As more employers and financial professionals become comfortable with
this method of conducting a career search, the number of opportunities and candidates using the
service will expand.
Practical Applications from Auditors on the Internet
As I travel the Auditbahn, I meet auditors from around the world. This global cyber community of
auditors is forging a path for future auditing professionals through their utilization of the Internet.
I asked fellow professionals whom I met in my travels over the Internet to write about their experiences using the Internet. As you read you will recognize tools, applications, and resources covered in previous chapters. This is not meant to be a duplication, but rather to illustrate how these
savvy auditors are utilizing those tools in an auditing environment. You should use these experiences as a starting point for your own methodology for incorporating the Internet as an audit tool
in your professional environment.
The Internet: A Tool for Practical Auditors
by Slemo Warigon, University Auditor, Webmaster, and List Coordinator
The Internet needs little by way of introduction. It radically changed the way we do things or
approach audit projects. The Internet offers every auditor the means to visit a wide variety of
places across the world, make an infinite number of stops, and browse the vast expanse of cyberspace for as long as he/she wishes. Every auditor can do this for professional research or general
curiosity, conveniently and inexpensively.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 217
I use my Internet access primarily to communicate with the customers during the course of an
audit. After conducting an in-person entrance conference with the customers, I tend to carry most
of the discussions, interviews, and follow-up with them via e-mail. The use of e-mail greatly
improves record-keeping and reduces paper waste. When I have some audit questions to ask, I
simply e-mail the questions to customers. The customers can, at their earliest convenience, respond to the questions. They don’t necessarily have to be physically in their office to respond to
the questions. Once I receive their e-mail messages in response to my questions, I simply print and
file the printout in the audit working papers with appropriate cross-references. Additionally, I
maintain electronic records of all contacts with the customers.
The majority of customers I worked with using this method have indicated that this method of
communication is both convenient and appropriate. It gives them the time and flexibility to think
over the questions very carefully and respond to each question with enough detail in a straightforward manner — knowing that their messages will be kept as audit records. Certain customers
who feel “threatened” by the presence of an auditor find this method extremely helpful.
In addition, I use my Internet access to conduct professional research and network with other
auditors. Scholarly publications and literary materials on the Internet are limitless. Numerous
educational institutions and corporate entities have digitized practically all their library resources
in such a way that they can be accessed electronically by anyone with Internet access. Thus, if I
need to conduct research on a topic of interest (e.g., prudent business practices related to credit
card sales and refunds), I can locate relevant information by browsing WWW, Gopher, and FTP
sites using various search engines and services. Alternatively, I can post an inquiry on various
professional discussion lists such as AUDIT-L and get some practical suggestions from other
auditors as to how to find the needed information or how best to approach the research. Auditors
generally embrace The IIA’s motto of “Progress Through Sharing” by freely sharing their experiences and viewpoints on a variety of topics. In this information age, an effective auditor cannot be
an island unto himself.
My Internet access is also invaluable to the performance of computer-assisted auditing. I can issue
a job control language (JCL) command to have an output (e.g., year-end cash disbursement transactions) downloaded to my account in a customized format (e.g., fixed or variable length). This
can be done conveniently without asking or waiting for the computer center personnel to send me
the output. I can then download the output to my desktop computer where I can unleash the full
power of my generalized audit software (e.g., ACL or IDEA) not only to manipulate the data for
comparative analysis, but also to perform substantive audit tests. This affords me the best opportunity to effectively and efficiently examine almost all the transactions for propriety and compliance
with established policies, procedures, regulations, and prudent business practices.
With special access privileges, I can use my Internet access to review the individual accounts of
other Internet users within our organization. I review these accounts to determine: (1) whether
users are using easily guessed passwords, (2) the last time users changed their passwords, (3) that
218 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
authorized accounts are used for business or specifically designated purposes, and (4) that different classes of access privileges given to all users are commensurate with their official positions
and responsibilities as defined in the organization-wide Information Security Policy. Using my
Internet access, I can also monitor network traffic on all local area networks (LANs) to determine
how computing resources are being utilized by various departments. This provides the needed
input to make a practical recommendation on prioritizing the computing resources usage by all
departments to achieve optimal performance during both peak and non-peak periods.
These are just few examples of the practical applications of the Internet as an invaluable audit tool.
Auditing effectiveness is significantly improved when a competent auditor is married to the Internet in a happy matrimony of productivity and innovation. It is a tool that can innovate various
auditing processes and improve human relations with the customers as well as improve your productivity. Use the Internet to further broaden your horizons and explore new frontiers in your
auditing career. The sky is the limit.
Using the Internet as an Audit Tool at Edith Cowan University
by Tony Lazzara, Senior Auditor, Edith Cowan University, Australia
The Management Review and Audit Branch at Edith Cowan University (ECU) have undertaken a
number of highly successful audits within the University, which were significantly influenced by
incorporating the Internet as a research and information gathering tool. The Internet enabled us to
consult the world, enhancing the quality of our reports and proving that “internal audit” can and
does “add value” to the organization. The audit of ECU’s human resources division provides an
example of how the Internet was used on a project.
The ECU Approach
Management Review and Audit’s Approach
Our approach to audit is undoubtedly similar to most audit units where customer focus is a highly
held value. Supporting the process:
1. All members of the team believe in being open and consultative with client staff.
2. Management are considered partners in the audit process.
The Internet is primarily used during the Pre-Audit Research, Best Practice Research, and Reporting phases of our audit.
How the Internet Was Used — Human Resources
Pre-Audit Research
We began the review of human resources (HR) by performing pre-audit research so the team could
gain an understanding of the issues impacting the client. This provided us with an opportunity to
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 219
gain a shared understanding with the customer and enhance our credibility. The Internet was utilized in the following ways.
We found a number of useful HR sites with searches on the World Wide Web, which added to our
knowledge of the HR issues. Examples of sites visited include the National Association of College
and University Business Officers (NACUBO) that benchmarks HR functions, the Canadian Association of Human Resource Systems Professionals, and various University Human Resource home
pages.
We conducted archive searches on various “audit” discussion lists, including Audit-L, AAudit-L,
IntAudit-L, and ACUA-L. We sent requests for information to “audit” discussion lists and some
HR discussion lists that we identified. We used the information gained during this phase during the
strategic analysis. At the completion of the strategic analysis, we selected four issues for detailed
review.
Best Practices Survey
Along with the client, the audit team developed a best practices survey focusing on the four issues
selected. We dispatched the survey to hundreds of auditors via the audit discussion lists, and also
to organizations and individuals identified during the pre-audit research. In addition, we sent specific segments of the survey to targeted “specialist” discussion lists. For example, training and
development questions were sent to an Australian discussion list serving staff development specialists; human resource management information systems questions were sent to a closed list of
information technology practitioners tackling the same issues within Western Australia. Responses
to the survey not only provided invaluable benchmarks, but also a range of options/solutions to the
problems we were encountering during our detailed testing. The major advantage of these options
was that they were practical solutions successfully applied in other organizations. We summarized
the survey responses and made them available to participants.
Reporting
The audit discussion lists again proved their value when we arrived at findings to which we wanted
to make practical and appropriate recommendations. We provided scenarios to the list and found
we were inundated with suggestions, advice, and offers of help. These proven solutions involved
less risk and were much easier to sell to management as viable alternatives to “doing nothing.”
This project illustrates how the Internet has become an integral component of a successful audit
approach adopted at Edith Cowan University. Before working at Edith Cowan University, I was
an auditor whose knowledge of the Internet was limited to what I saw on the news and read in the
papers. I never imagined it could become such an integral component of a successful auditing
approach. Through the use of the Internet we also feel we are contributing to achieving The Institute of Internal Auditors’ motto of “Progress Through Sharing.”
220 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
The Internet as an Audit Tool
by Raymond M. Cochran ([email protected]), Director of Internal Audit,
Columbia University
Besides using the Internet as a research tool to find answers to your many audit questions, have
you thought of it as an audit tool? Here are several examples of how to accomplish this.
1. Educational programs. Many audit departments today are developing internal control and other
training programs. The World Wide Web and e-mail programs can be used as supplements to these
educational programs and may some day become mainstays of the educational programs. At
Columbia University, we promote internal control training and use the Web to supplement it.
None of our internal control policies and procedures is confidential, so they are all published on
the Web. Any user at Columbia University may access these policies and procedures at any time.
Also, because none of it is protected by security devices, it is openly available to the public (http:/
/www.columbia.edu/cu/ia/).
Further, since these policies and procedures are now published in “HTML” format (hypertext),
they can easily be woven together with and linked to policy and procedure manuals which will be
published electronically by other offices such as controller, personnel, and purchasing.
2. Interactive Forms. We are also developing a control self-assessment (CSA) program at Columbia University. CSA is an exciting current topic for internal auditing departments, and while we
are not at the cutting edge of this subject, we have put our Control Self-Assessment Questionnaire
on the Web (http://www.columbia.edu/cu/ia/guide/self.html) for all departments and units to access and browse. At the moment the entire form can be downloaded, printed out, completed, and
sent back to internal auditing in hard copy. In our vision of the future, this form (and many other
forms) will be accessible by our users, filled out online, and returned electronically.
Just think of the possibilities this technology will enable. The limitation today, of course, is that
security on the World Wide Web is not reliable, so no confidential material can be handled this
way. But it is not too far in the future that the Web will provide interactive and confidential information to auditors.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 221
The Internet as an Audit Tool
by Dyan G. Hudson, CISA, EDP Audit Supervisor,
Texas Office of the Attorney General
The Internet is the newest innovation in audit tools and has become the premier forum for networking with auditors around the world. Through the vast resources of the Internet, audit programs and expertise can be shared and research on laws, regulations, standards, and new technologies can be conducted.
The two most useful audit tools available via the Internet are electronic mail (e-mail) and search
engines and catalogs. E-mail provides a quick and convenient means to communicate with auditors around the world. The sender and receiver can handle mail at their convenience, without
concern for time zones, toll charges, and work interruption.
E-mail also provides a means to simultaneously distribute information to a large number of people
worldwide. Electronic mailing lists provide this service by allowing a sender to mail a message to
one receiver (a “list server”), which then automatically distributes the mail item to any individuals
“subscribed” to the mailing list. Although similar to magazine or newspaper subscriptions in some
ways, subscriptions to these mailing lists are free.
Several mailing lists have been developed to promote the sharing of information among auditors.
Typical “postings” to these mailing lists include questions, requests for audit programs, and sharing of audit experience and expertise.
The following case study illustrates the use of e-mail and mailing lists in an audit environment. A
recent posting on a mailing list discussed audit programs for CICS, a mainframe transaction control system. As a result, not only was a CICS audit program distributed to several list subscribers,
but another related audit program for MVS (mainframe operating system) was distributed as well.
Matt Thompson, an information systems auditor, noted that his audit manager “was really impressed by the MVS audit program” obtained through the mailing list. “It was the best that he had
ever seen.” Matt went on to say that “using the Internet as a resource tool is new for our department. This took much work to get approved. After seeing the valuable resource, my boss now
KNOWS that he made the right decision in supporting the use of the Internet.”
In addition to the use of e-mail, significant improvements in research and audit planning can be
gained through the use of Internet search engines. Because millions of resources exist on the
Internet, efficiency is the most notable concern of executive management where the Internet is
concerned. Unless the auditor knows how to effectively search the Internet, hours or even weeks
can be wasted searching for a specific item of information.
222 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Therefore, search engines and online catalogs are crucial to an auditor’s effective use of the Internet. Search engines allow the user to enter a key word or phrase, which results in a list of resources
that include that key. Connecting to each resource is then accomplished with only a click of the
mouse. Numerous search engines exist and each varies slightly in the scope of the search performed. The Internet Sleuth (http://www.thebighub.com/) and search.com (http://search.cnet.com/
) are two of the more comprehensive search tools currently available because they provide interfaces to several other search engines.
Online catalogs and targeted resource lists can also be vitally important in audit research. Catalogs
operate somewhat differently than search engines. They include a catalog of Internet sites usually
indexed by topic or industry. Resource lists are targeted catalogs of resources specific to a profession or industry. For example, the AuditNet Resource List is an example of a targeted catalog.
The following case study illustrates the use of search tools and catalogs in an audit environment.
An EDP auditor was recently tasked with “selling” digital signature technology for internal approval processes to executive management in her organization. Naturally, the first step was research. And the first resource for researching this technology was the Internet. Using search engines, literally hundreds of pages of supporting material were located, including legal issues, controls, technological definitions, and security considerations. This research, accomplished within a
few hours’ time, would have taken weeks and been far less thorough without the Internet.
In conclusion, the Internet is becoming a highly valuable audit tool. Between e-mail and mailing
lists for networking and search engines for efficient research and audit planning, the Internet may
become one of your most valuable audit tools.
Electronic Mail — The Cheap and Cheerful Way to Surf the ‘Net
by Denis Kelly ([email protected]), Senior Computer Auditor,
Electricity Supply Board, Dublin, Ireland
Looking at all the computer and audit journals these days one would believe that the only way to
harness the power of the ‘Net was by the World Wide Web (WWW) option. This is bolstered
further by the great hype around multimedia. What many auditors forget is that plain old electronic
mail (POEM) or e-mail was one of the first and probably, in my opinion, the most useful service on
the ‘Net. Using e-mail, I have been able to exploit many if not all the popular services on the ‘Net.
In addition to one-to-one communications with my colleagues and friends in the auditing profession, I have been able to use other services such as:
•
•
•
•
Listservers and Newsgroups.
FTP.
Gopher.
Archie and Veronica.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 223
You can even access the WWW if you wish. Unlike online access, e-mail links to the ‘Net via
gateways or mailservers. These do not pose the same security risk as direct links so it should be
easier to make the case to your employer. With e-mail you can have a permanent presence on the
‘Net without being online all the time. As I will explain later, searches and file transfer requests
can be submitted at any time and will be processed in the background. Background processing is
less intrusive in your daily schedule by allowing you to prioritize tasks more easily and still respond quickly once a high priority message is received. Replies from colleagues at the other side
of the planet in 30 minutes or less is not uncommon. Getting into a daily routine of clearing down
your inbox keeps the mail under control and helps you to get the best from the service.
How Can E-Mail be Used to Get at the ‘Net?
There are two main ways of exploiting the ‘Net using e-mail. The first is based on one-to-one
contact with colleagues and discussion forums by subscribing to discussion groups or journals
distributed over the ‘Net (many are free). The second is to search for information using many of
the servers that provide e-mail access to services such as FTP and Archie.
1. Discussion Forums. Contacts with colleagues will be built up over time. Listservers and
newsgroups are the best point to start. A few of my favorite audit lists are CISACA-L, a forum for
information systems auditors; INFSEC-L, a forum for information systems security; and AUDITL, a general audit forum (details and subscription information for these forums are included in the
next section on discussion groups).
Listservers are systems that are used to distribute copies of all e-mail received to everyone who
has subscribed to that list. Newsgroups operate in a similar way. Lists may be moderated, so much
of the “junk mail” or “noise” seen on more open forums such as newsgroups is filtered out. Many
lists keep archives that can be searched for previously posted material.
There are many interesting and free publications available on the ‘Net. These are distributed to all
those who subscribe or can be picked up via FTP (explained later in this section). Try a few of
these for size:
• Double Entry - a regular publication dealing with financial and accounting issues. Subscribe
to Accounting News by sending an e-mail to [email protected].
• Internet-on-a-Disk is a newsletter of public domain and freely available electronic texts. To
subscribe, send an e-mail to [email protected].
• Disaster Recovery - A regular publication dealing with disaster recovery issues. Available by
sending a SUBSCRIBE message to [email protected] for disaster-recovery.
These will provide you with a regular source of information and many contacts in the profession.
What’s so nice about all this is that you can simply sit back and get all this by sending only one
mail message to each server. However, these forums depend on individuals contributing and sharing experience and information. So do play your part.
224 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
2. Searching the ‘Net. The ‘Net is the largest “bookstore” in the world but the indexing is a problem. So you need to know where to look to find what you want. The tools most widely used are
Archie, Veronica, Listserver Digests, and a whole lot of online databases. To access these you
simply send an e-mail to the appropriate server with a list of commands. The server interprets the
commands, runs them, and mails you the outcome and any output produced. There are e-mail
servers for all the main services such as FTP, GOPHER, WAIS, Archie, and Veronica. One of the
most useful servers is the RFC Request for Comments) Store, which provides a wealth of information on how to use the Internet. Two RFC that are very helpful to us are: RFC 1402 and RFC
1580. To find out how to use the store, simply send an e-mail to [email protected] with
HELP:HELP in the message.
Top 10 Tips for Audit E-Mail Surfers
1. Get to know the ‘Net. Explore it. The ‘Net is the future.
2. Build up a good contact list of colleagues. Look out for the best contributors to discussion
forums and put their addresses in your address book.
3. Use the AuditNet Resource List (ARL) and make sure you get the up-to-date list monthly.
4. Subscribe to a few good discussion groups and contribute even if it is only to ask a question.
Don’t oversubscribe or your mailbox will get overloaded. Be selective and remember: it’s as
easy to unsubscribe as it is to subscribe.
5. Harvest the gems of knowledge as you come across them and build up your own mini information store. This is particularly useful with discussion groups where useful material can
come up at any time.
6. Most servers have a “Help” facility, so use it. Just send a mail message to the server with
Help in the body.
7. Be inventive and persistent with your searches. Sometimes the gems are slow to find but
well worth the wait.
8. Some servers can be very slow; it’s worth trying around to find the fastest ones.
9. If you are using FTP over e-mail and you visit a site for the first time, send a “dir” command
to get a directory listing. It can be very revealing and useful for finding more information
later.
10. Be courteous on the ‘Net and be familiar with Netiquette.
Use of the Internet as an Audit Tool
by Bradley Carroll ([email protected]), Internal Auditor, Carter’s Childrenswear
“Emerging Issues.” “Current Practices.” “Technology.” “World Class.” These are all common
buzzwords in the auditing profession. One of the newest tools to fit these buzzwords is the use of
the Internet as an audit tool.
The use of the Internet has allowed me to gain immediate insight to other auditors’ points of view
from across the world. Not only do I not have to limit my discussion to my local chapter of The
IIA, I also do not have to wait for a monthly publication to summarize the emerging issues or
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 225
current practices. The instant feedback on discussion topics provides me with ideas to introduce
to my organization’s audit group, as well as issues to be aware of during an audit.
The willingness of auditors to share information and provide ideas to one another is truly exhibited
through the Internet. I have been able to exchange ideas with auditors literally from around the
world. I have been able to implement some ideas from those auditors into my audits, and have
provided information that I hope others have been able to use.
The exchange of ideas and audit programs is facilitated through many home pages on the Internet,
especially the Auditors Sharing Audit Programs (ASAP). Auditors may contribute audit programs
to this page, and other auditors may review these programs and apply them to their audits. The
AuditNet Resource List (ARL) has been extremely valuable in “surfing the net.” The listing of
Audit/Accounting/Finance pages on the Internet not only lists the URL for the page, it also gives
the auditor a description of the information found on the page. Through using the ARL, I found
four newsgroups of interest to me. I receive daily updates on emerging issues, and auditors from
around the world contribute their personal opinions on the subjects.
I have also been able to review resumes and classifieds posted online. Reviewing these allows me
to understand the supply and demand in the field of auditing. In a world that is technologically
changing daily, a good place to start reviewing resumes for a position would be the Internet. Someone
with the skills and knowledge to post a resume online gives the appearance that they will be able
to move ahead in the technological world as it changes.
In short, the Internet has greatly facilitated communication among auditors. It allows for quicker
responses and feedback on issues than do the traditional methods. Also, because connection to the
Internet is through a local phone number, the cost of communications is reduced. We now have a
faster, more economical way to communicate with colleagues. Welcome to the future.
Internet Usage to Assist an Audit Consulting Project
by David A. Crowell, CISA, ([email protected]), Phillips Petroleum Company
The vice president of a large staff function determined a letter was needed to detail acceptable
Internet usage in his department. The executive asked the information technology section of the
internal audit organization to research the subject and provide a first draft of proposed guidelines.
Having been assigned the task, it seemed appropriate to access the Internet to identify what policies other organizations may have posted as examples. To start, “search engines” were used with
various combinations of words that might lead to sites with this information. Words such as “Internet,” “policy,” “acceptable,” “usage,” and “corporate” were used in various combinations for this
search. In actuality, this process turned up limited useful information. While a few university
policies were identified, little was found from a corporate point of view.
226 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
The next option pursued was contacting “electronic acquaintances” with whom I had communicated in the past. Having seen their names as respondents to inquiries over a “list server” to which
I subscribe, I had been in touch with them previously regarding common areas of interest. From
these contacts I obtained copies of their organization’s policies as well as the location of an online
repository for policies.
Finally, we found useful information from Web sites identified in an article on this subject appearing in ComputerWorld.
Through using three approaches to locate data on one resource (Internet usage policies), I obtained
information that proved to be instrumental in developing a set of acceptable guidelines for our
legal department and the requesting vice president.
One last observation, obtaining the exact information needed from the Internet is like many other
problems: it helps to come at it from multiple angles. Where one approach may not be successful,
another might well be right on target. It is important to brainstorm various keywords to be used in
Web searches as they are instrumental in the retrieval process and will yield differing results. In
addition, multiple “search engines” should be used as they can also produce significantly different
results.
Utilizing the Internet to Assist in a Business Process Reengineering
by Richard B. Lanza, Assistant Audit Manager, U.S. Lafarge Corporation
Business process reengineering and the Internet are two issues likely to be on the front burners of
most auditors’ minds. The following discussion should provide a direction to those embarking on
this type of study or who want to understand that portion of the ‘Net related to this topic.
At my organization, the internal auditing department believed the purchasing and stores inventory
functions could be improved. We needed to locate data sources to not only support our initial
concerns but to also supply fresh ideas to the process. Although these sources came to us in many
forms (internal questionnaires, telephone interviews, discussions with other companies), we found
the Internet provided an ample supply of new thoughts and firsthand experiences.
As we reviewed our organization’s processes, we found that computer-assisted audit software
could prove to be an invaluable tool. The data files provided a palette from which to paint a picture
of health or disease with relation to our vendor and stores management. For example, by stratifying and summarizing expenditure data, we were able to determine that our payment mix was
weighted toward small vendors, invoices, and checks. Through other analysis we found our payment terms and frequency were surprisingly not at optimal levels. You may begin to ask yourself,
“How does this relate to the Internet”? Well, my department maintained a mailing list on the
Internet for users of ACL (Windows or DOS-based software used to produce auditing-related
reports), which acts as a means for exchanging “war stories” using the software. This list led to
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 227
new thoughts on how to use the software for the purposes of this study and elsewhere, and acts as
a sounding board for any concepts our department is developing.
We also found that through accessing the following sites, many doors have been opened and new
contacts made regarding the subject of our search — business process reengineering. After each
resource, we provided our personal experiences with the sites to assist auditors in their search on
this subject.
Business Process Improvement Online (http://www.dtic.dla.mil/dodim/bpr.html) is a Department
of Defense site devoted to business process reengineering. Reference materials (over 200 documents), software tools, and frequently asked questions can be reviewed. We found this site supplied all of the most common literature related to reengineering. It not only had each publication’s
title and author, but it provided summary information which we included in our final product. In
summary, if you want to review every noteworthy publication on the subject of process improvement and access all the buzzwords necessary for your final product, review this site.
The GAO Report Database (http://www.access.gpo.gov) houses GAO reports with a useful search
utility (which yielded 24 reports related to best practices). These reports provided real-life experiences and, in many cases, dollar amounts that were easily applied to our organization. We were
especially impressed with their work on inventory turnover of spare parts in their Army base
facilities.
The American Society for Quality Control (http://www.quality.org/) maintains information, but
we found it was best as a home page for quality-related sites. There is something for everyone,
depending on your needs.
The Business Process Resource Center (http://bprc.warwick.ac.uk/index.html) at the University
of Warwick provides links to other sites on the topics of reengineering business processes, discussion forums, and a glossary of terms, articles, reports, and documents. Although this site appears
to be interesting, we weren’t able to review it prior to our final report.
The Internal Auditing World Wide Web (http://www.bitwise.net/iawww) was established to act as
a warehouse of internal auditing knowledge with electronic discussions, professional people lists,
and professional interest groups. The lists and groups were useful in contacting others working on
related projects.
The Internal Audit Newsgroup (Alt.business.internal-audit) was formed for the discussion of internal auditing related subjects. We found this site to be a bit sparse, but no rock should go unturned.
The Anet mailing lists are a forum for discussions regarding auditing, financial and managerial
accounting, accounting systems, and technological advancements. We found these lists most useful, mostly due to the breadth of professionals they reach. Based on one e-mail for information
228 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
regarding a procurement credit card system, we received three policy statements from other audit
departments and related advertisements from banks offering the cards.
An Auditor’s Use of the Internet — Lost in Cyberspace
by George Valente ([email protected])
The Internet and its related tools and resources — to name a few, Usenet, chat, search engines,
bulletin boards, FTP sites, and World Wide Web pages — provide the auditor with a rich source of
information and software. If this is truly the information era, and the Internet with its tools provides access to the information superhighway, doesn’t it follow that the auditor needs to use the
information superhighway to succeed during this information revolution known as the Internet —
the auditor’s on-ramp to the information superhighway? What follows is one auditor’s personal
experiences and perspective based on an ancient Japanese philosophy known as ying and yang.
The philosophy is based on one’s ability to see both good and bad... the rice and the chaff. Similarly the Internet holds both good and bad tools and information. Many inexperienced in this
philosophy consider hackers, their software tools, and knowledge of computer security vulnerabilities as bad (ying). The ethical and professional auditor believe both hacker software and their
knowledge is worthless and bad (ying).
For example, there is a keystroke capturing software program coded by a hacker that was solely
designed to silently run and steal user IDs and passwords — the ying. The software tool was
meticulously coded in assembler language and loads automatically upon boot-up, contains stealth
characteristics, captures both successful and unsuccessful log-on attempts noting date, time, user
ID, and password. Only a hacker would create a bad (ying) software tool to record user IDs and
passwords. This certainly has no real application for a professional auditor! Or might I say, What
a great audit tool — Yang!
The stealth password stealing software was used on a special security investigation of a regional
stock brokerage office. The controller was suspicious that information was being leaked concerning junk bond ratings. The software was loaded on all the DOS-based PCs for one month. The log
files were then retrieved and analyzed for many situations (i.e., for unsuccessful log-on attempts,
log-on attempts after normal business hours, and access by inappropriate people). The analysis led
to Saturday afternoon log-ons to the junk bond files by the secretary for a vice president (so we
thought)! The secretary was cleared of involvement, but a review of the building access log found
that the regional vice president frequently visited the office on Saturday afternoons. Yes, this
hacker software certainly has no place in a professional auditor’s bag of tools.
Hacker’s Tool? (Ying) or Auditor s Tool (Yang)?
Another hacker tool acquired on the information superhighway is the war dialer. This is another
one of those software programs that a professional auditor would deny having possession. Hackers use the software to systematically dial phone numbers in search of a computer. The phone
numbers are later used by the hacker to attempt unauthorized entry. Ying.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 229
This was acquired from the Internet and used in a unique way. We set it up to dial the full range of
known organizational phone numbers to determine if employees were connected to the Internet
through a local phone line. The audit concluded that during normal business hours only those
employees with express permission were using the Internet for approved business use. We then ran
the software after normal business hours and found one instance where a contractor was leaving a
computer on all night. Using PC Anywhere, the machine was being access from his office after
business hours to gain access to the organization s network of databases. Both of the tools were
downloaded from the Internet using FTP (file transfer protocol).
When assigned to do a post implementation review of Novell 3.x, I used Web search engines
(software used to search the Internet for information) to find known security weaknesses and more
importantly the fix or software patch. The audit checklist/program was created by using the information found on the information superhighway regarding known Novell security weaknesses. The
audit steps were performed, recommendations made, and solutions implemented. All the information was found on the Internet using a search engine.
Heard from the ‘Net!
In the time that I have been using the Internet I have found it to be a very useful tool for audit
purposes. In order to understand how useful it is from other auditors’ perspectives, I posted a
request on audit-related discussion groups, including mailing lists and Usenet newsgroups. I requested information on how auditors, accountants, and other financial professionals are using the
Internet. I posted the message on various discussion lists and asked how auditors are using the
Internet to help in their jobs and the benefits of using the Internet. I received the following responses.
We use the Internet mainly for e-mail for client communications and more and more between our
staff “in the field” and our office. For our EDP audit department, the Internet is a main source for
our knowledge on EDP affairs.
The Creditanstalt-Bankverein (CA), one of the largest Austrian Banks (and a KPMG client) has
started a program that allows their customers to use the Internet for financial transactions. The
transaction records have to be encrypted with PGP, Phil Zimmerman’s program “Pretty Good
Privacy,” which uses RSA and IDEA cryptographic algorithms for encrypting and signing messages. These messages can then be sent via Internet mail to the bank in the same way bank statements are sent back to customers. PGP, although not an Internet standard, is currently the most
popular way for encryption and digital message signatures used in Internet e-mail. It is available
for a number of platforms and in (at least) three different versions, which are all interoperable:
one for non-commercial use within the U.S. and Canada, one for commercial use within these
countries, and one for use outside the U.S. and Canada. This is due to U.S. patent law and export
restrictions. The U.S. non-commercial version and the International version (which is used by CA)
230 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
are free software and available on many Internet FTP-servers. This seems to be the first time that
a large bank depends on free software for the security of financial transactions over the Internet.
— Ronald Bron <[email protected]>
1. Helping a Big 6 accounting firm with a problem — e-mailed me in the morning re an encryption problem. I was able to dig out the article that discussed the problem and convey it to them
that afternoon where it raised some controversy but was able to solve their problem.
2. Internal auditors in Australia (for Australian Universities) have their own discussion group.
They use this as a synergistic means to leverage and share knowledge, e.g., questions re how
much savings in external audit fees have been made as a result of IA doing extra or normal
work for the EA at various times during the year (very interesting response - not much if at
all!!!). So how can we lobby as a group to change this.
3. Danger - same audit discussion group as in 2 above — One university’s auditor asked for help
for appropriate software to carry out a surprise software copyright audit of his university’s
PCs. Anyone listening in on the group (say, myself) could have rung my colleagues at that
university and warned them to clean up their machines. As it was I reiterated to my colleagues
that this process was happening at another university and that they should ensure that all
software that they are running is legal!!
4. Searching the Internet for information on a particular technical topic.
5. Requesting help from the many news/discussion groups that are on the ‘Net.
6. Undertaking technical training online (refer Ben Wright’s latest seminars on EDI).
— Rodger Jamieson <[email protected]>
I use the Internet to:
1. Access professional information and tools, such as audit guides.
2. Get suggestions as to how to proceed with professional problems.
3. Obtain preliminary information, such as relevant sections of the CFR.
4. Keep in touch with what is occurring in other college auditing departments.
5. Keep up to date on computer security issues.
I have found it of immense use to be able to communicate with colleagues when I want to start an
audit in an unfamiliar area; others are quite willing to offer help in getting me pointed toward the
right texts, audit aids, etc., some of which can be downloaded directly to my site. I frequently get
ideas for areas that might be auditable and that may need an independent mind to look out for
them, from questions and answers posted. I save some messages for their value as standards,
pointers to law or precedent, or starting points for developing financial or other policy. Access to
such resources as a searchable copy of the CFR, policy pages at other colleges and universities,
state and federal forms and publications, and general information databases is very useful. It is
beneficial to me and my employer that I have quick access to many related professional organizations and the information they freely provide as content at their pages.
— Ted Agresta [email protected]
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 231
The use of e-mail has allowed me to obtain fresh new ideas that others may have or audit techniques that others may have used on a specific topic that I am currently auditing above and beyond
those that I have considered myself. The Internet has been useful as a resource to examine to
obtain information on where to search for information on various auditing subjects.
— Michael Garcia <[email protected]> CPA, Director of Internal Audit,
Seton Hall University
In response to your posting, I wanted to point out my audit resource page at http://
ourworld.compuserve.com:80/homepages/bfelmly/audit.htm. It contains many URLs pertaining
to auditing and network security and is quite extensive. You might want to use it as an example (or
maybe an example of what not to do <g>).
Our IA organization at Bellcore uses an internal home page containing links to internal and
external reference and auditing resources as our default Netscape home page. It has proven useful
in cutting down the time required for audit pre-work. In another successful (while unrelated to
your inquiry) attempt to facilitate research, we have placed all audit reports and workpapers for
the past five years on a local Netware server and indexed them using text indexing software.
Hence a keyword search on any subject will find all prior audits that contained that subject. The
indexing software can open the selected documents in MS Word (among many other WP formats)
where they can be read, printed, or pasted into a current audit document. Our pre-fieldwork time
has decreased by a factor greater than 50% overall.
— Bradford Felmly <[email protected]> CISA, Staff Manager, IS Audits, Bellcore
At ECU, we have integrated the NET as part of the audit process. The resource list that you have
prepared is a critical component of our research on the ‘Net. Basically, our approach is:
1.
2.
3.
4.
5.
Pre-audit Research: Homework on the activities about to be audited. Consultation and informal interviews with various stakeholders, literature review, search on the ‘Net and on CDROM... etc... at the end of this phase, we have the entry interview. Establish a project team
with management.
Strategic Analysis: Risk assessment of activities within the area (e.g., faculty). Includes SWOT
analysis. From that document, choose with management. 3-4 critical issues.
Best Practice Research: Develop questionnaire with our client. Separate surveys for staff,
stakeholders. For worldwide input, use various stakeholders. For worldwide input, use various mailing lists from the AuditNet Resource List. Most important one to us is typically
ACUA.
Fieldwork: Carry out standard auditing techniques to confirm information and gather sufficient, appropriate evidence.
Reporting: Findings and recommendations. Recommendations are based on Best Practice
Survey. Developed with management to ensure ownership. Concise report with a one-page
action plan.
232 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
6.
Quality Assurance: Best Practice Survey sent to our client to measure satisfaction of audit
work by the client.
— Denys Martin <[email protected]>
Two years ago, I began to study management controls programs and responses (annual report) to
OMB. Using the Internet and the contacts established, I recommended various methods to strengthen
management controls at the Institution in an effort to reduce the risk of fraud, waste, and mismanagement of resources in our day-to-day business. One particular accomplishment to note was a
referral I received for an instructor for our senior managers. That referral led to my auditing a
course at a local training organization and the subsequent contracting of a man with exceptional
qualifications and demeanor who will assist us in “rolling out” the Institution’s revised policy and
instructing the directors of our museums, research facilities, and offices about their responsibilities under the Integrity Act, including a risk assessment and annual letter of assurance.
I have also been able to respond to the calls for help from others including the comptroller for U.S.
Central Command, an internal audit manager with the Royal Melbourne Inst. of Tech. in Australia, and an official at the Ontario Ministry of Labor in Canada....all requesting sample documentation in their quest to do as I have done.
As part of my work with cross-functional teams, I’ve introduced myself and the team goal (the
latest one being our development of an SI-wide document management system), and gotten feedback on what types of products agencies are using, cautions about things that don’t fall within the
parameters of certain regulations, and offers to site visit. So, one e-mail on a list saves me
unbelievable time in making cold calls.
— Regina Zalewski <[email protected]>
Through the use of mailing lists such as those provided by ANet and by TAPNet and Internet sites
provided by the Auditor’s Resource List, I am able to communicate questions or discover people
who appear to have resources that I am missing as a sole practitioner in South Central Washington.
The Internet has provided me with a network of “co-workers” that has enabled me to expand my
knowledge base and ability to serve my clients. Thus, I am able to consult with others in the field.
Being able to search government and regulatory sites for up-to-date legislative and regulatory
information has enabled me to familiarize myself with external restraints on clients’ businesses.
This awareness has helped me alert clients to potential restraints of which they may not have been
aware, thereby increasing the value of my services to them. This enables me to consult resources
that were not previously available to me, or that were not cost-effective for the limited use to which
they were put.
Analytical review has been enhanced by the ability to Telnet into the Federal Reserve and other
sources that provide contemporary information as to the operating environment that existed dur-
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 233
ing the period under audit. Prior to Internet, I had to subscribe to services that gave information
that was stale. I was comparing current year information to information from the prior year both
from the client’s records as well as external information. With EDGAR and other resources, there
is more up-to-date information available to use for analytical review purposes.
Specialized mailing lists and newsgroups provide other resources for gathering information or
determining potential new members for my “network of sources.”
— Earl Hall, Coordinator of the Washington Accountant’s Network ([email protected])
From a local government auditor:
1. Part of standard audit procedures to obtain information in audit planning.
2. Accessing shared audit programs.
3. E-mail to others in profession.
4. Use Yahoo and other search engines for special project research.
5. Keep informed of changes in standards (GASB, FASB etc.).
6. Mechanism to market audit services and inform citizens of county auditing.
From another local government auditor:
Since we currently have access only to Internet mail functions, our use of the Internet is restricted
to mailing lists and document servers. We use these resources primarily as networking and research tools. In the past I found numerous sites on the Web to be valuable resources for technical
information that helped me in audit planning.
From a university professor:
I use the ‘Net to discover what issues are being discussed in the “real world” (on information
systems, information systems audit, and government/not for profit listservs), to increase my knowledge of the issues, to look for a new job(!), to find financial information on firms and government
entities (primarily for my students), for “recreation” (like learning about foreign countries, languages, golf, etc.), to keep abreast of higher education issues and curriculum development, to see
what conferences are “happening,” to download software, etc., etc., etc.!!
From a Defense Department auditor:
I use the Internet to screen for information and topics of interest to my organization pertaining to
IG/audit/financial issues. For example, the information regarding the legal case pertaining to
electronic government records destruction was of interest to our legal department.
From several DOD auditors:
My partner and I use the Internet to send and receive data (messages and files) from field offices
and clients. From our desks, we can only access the Internet through e-mail. I have subscribed to
several mailing lists and this sometimes provides useful information. The organization has two
PCs with WWW access. We sometimes use those to retrieve laws, regulations, and other information.
234 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
I subscribed to 11 areas of FinanceNet to receive up-to-date information regarding changes that
affect us. I intend to participate in some of the financial groups you provided 9/5/95. I am also a
CGFM and a member of AGA, ASMC, and the Finance Corps Assn (I’m former military). I’ve
forwarded messages to various committee members of AGA, AGA education chairperson, the
mentor chairperson, and our newsletter chairperson/editor. I am extremely interested in the CPE
opportunities offered through the Internet as I am unable to participate in some of our center’s
CPE classes.
Once I figure out how to get lists of e-mail subjects I plan to download what I believe will be
extremely timely data that affects my job every day. I also intend to use Internet for research for a
few papers I want to write and try to get published.
As I stated, I’m a newbie and feel that I’ll obtain valid, timely information that can only increase
my skills, my accuracy, and professional development. (OK, OK I know I sound like a commercial
- but I believe it.)
From a government agency auditor:
I got access to the Internet about a month ago. Thus, I am still exploring new ways to use the
Internet for my work. So far, I have used it mostly to establish criteria for possible findings. There
are numerous laws and regulations that are online. I’ve used it to get the latest news on auditing
standards such as FASAB. Specifically, I am using the Internet to find the status of the exposure
draft issued by FASAB on Property, Plant, and Equipment. This would ensure that I’ve addressed
such topics when the audit report is issued and it might prevent some embarrassment.
From a state auditor:
In the last six months, I’ve used WWW, FTP, Gopher, and e-mail extensively as research tools for
finding Unix and Internet standardization & security information, and for collecting sample policies on Internet usage and governmental WWW home page development.
I have also used these tools to refer to various federal laws and regulations, and to link to the
IGnet to determine how my internal audit and investigative function might benefit from meetings,
training sessions, and other activities sponsored by the federal Inspectors General.
Finally, I have subscribed to several different audit, security, and technology-related mailing
lists. On a limited basis, I also tried to use a few Usenet newsgroups with mixed success.
From a government agency auditor:
As an auditor, I frequently make inquires for information through the Internet, both domestically
and internationally. I have found it to be a very efficient and effective tool to communicate with. I
have also used the Internet to have information (such as OMB regulations, agency memos, and
letters) delivered to my address very expeditiously. I have found that as I am performing an audit,
I can easily jot down critical ideas and questions and receive an immediate response from the
source. I don’t know what to do without it!
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 235
From several college and university auditors:
I just found out about a few sites on the Internet where I can receive news from other auditors and
accountants.
WWW to get irc code cites; various hardware & software Web sites for financial information and
downloads; investment information; samples of information on various comparable cities; keep
up to date on GFOA and other professional organizations.
•
•
•
•
Gopher to do research (Michigan has most helpful Gopher).
FTP to download software updates.
Mail via ‘Net to communicate directly with peers & suppliers.
Home page as means of disseminating info.
From an internal auditor:
I find the Internet extremely useful in being able to discuss issues with fellow colleagues in the
same profession. The Web has also been great for looking up any sort of information regarding
any topic.
From a retail auditor:
As a real estate auditor, there is a need for audit-related information in construction, mall operations, joint ventures, real estate taxes, etc.
I used the Internet to search the Internal Revenue Code that the federal government has put online.
There are taxes or credits a J.V or corporation can take in real estate transactions. Also, other
government Internet sites provide info on environmental remediation (which is part of our responsibility).
Other areas we review are insurance charged to properties we lease/rent or pay a pro-rata portion
of. Each state has a state insurance board that publishes the unique ranges of liability you can
expect to pay based on criteria for their respective state.
We are always on the lookout for new types of audit approaches and are willing to upload audit
programs, guides, and some procedures related to real estate/construction auditing. Have not
been able to find a location where these can be accumulated.
From several internal auditors:
1. To poll fellow audit professionals on practices their companies employ.
2. To source internal audit literature/articles.
3 To keep abreast of internal audit seminars and conferences.
• Subscription of Mailing-Lists ACL-L, AUDIT-L, INFSEC-L
• Temporarily subscription of EDI-L
236 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
•
•
•
•
Auditors sharing audit programs
NIST, NASA, COAST sources
Security and policy handbooks available within the ‘Net
Investigation of software products
Important findings:
• Internet is useful for “quick & dirty” information requirements and in most cases without any
fees.
• Not all information sources are “valid,” time to find out “good” sources can be time consuming.
• Internet “service access points” (brokers) that means dedicated people within audit department with Internet skills are recommended to support their colleagues and avoid “surfing.”
• For complete information with a high precision and recall I will still recommend to use information scientist within libraries or commercial information brokers with access to commercial database providers such as DIALOG, DATA*STAR, or others.
And finally, for the 1999 IIA International Conference in Montreal, Quebec, Denys Martin asked
for input from the global audit community on audit uses for the Internet. The following are excerpts from the submission by S. Ramakrishnan of Chennai, India, selected by Denys as one of the
best.
How can Internet be used for audits?
The possibilities are audit resources, books, articles, etc., through Internet; value addition in
audits - obtaining relevant, useful information; e-mail for timely reporting, feedback, etc., of reports and transfer of files; jobs through the Internet and many more; audit resources, articles, etc.,
through Internet:
Value Addition to Customer
Here is a sample of what we do:
We set up meetings with client executives that we can supplement their efforts at locating information that will be vital to them. They share their concerns with us and then we “go for it.”
Instances where we have helped clients are:
One of our clients said they have hardly any literature on “vanilla planting.” By our continuous
efforts we were able to locate excellent sources of information on the topic.
Also by searching for relevant books in Amazon.com, we also told them the books that are available on the topic. The great thing about Amazon is that you can give them a topic and tell them to
keep you informed as and when a book on that topic arrives.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 237
Another client wanted information on scrap reduction in his industry and the latest information on
new scrap reduction methodologies. By posting a question on the WWW board on the concerned
product (through the WWW virtual library) we were able to generate enough information for them
to proceed further.
The value addition comes from :
General information on cost reduction/cost containment efforts.
E-Mail
E-mail is the most common application of all on the Internet. There are a lot of e-mails that are
free. We use e-mail to:
• Keep the client informed of planning/starting of audit.
• Keep in touch on the progress of audit.
• Transfer draft reports, comments.
• Transfer files containing information, including Excel /Word/Powerpoint files and comments
thereon.
• Send final reports.
• Respond to client queries.
The time that is saved is enormous and one is able to send the reports to even another corner of the
world almost free and instantaneously. E-mail can also be used to share information among fellow
professionals. Another advanced form of communication is chat. Here you can chat in real time
with fellow professionals and colleagues. There is no ceiling on size of files you can transfer. Try
ICQ (for I seek you) at http://www.mirabilis.com.
Doing Audits through Internet:
The time is not far off when we should be able to handle jobs in U.S. or Australia sitting in
Chennai. In view of differing time zones, it will save much time and cost for auditors abroad to get
their jobs done in Asia while they sleep, much like offshore software. If a person in India uses ACL
or IDEA and uses the same Microsoft products, it should not be difficult to do the audit work
anywhere. We had recently done a job for a Canadian firm of CAs entirely through the Internet.
They transferred the files over the ‘Net and we finished the job and sent it back to them back over
the ‘Net!
Problems
When you have posed any problems in a discussion forum, you have to go and check often whether there has been any response. There are so many forums of interest to everyone - locating
the one which interests you is a tough job sometimes. The potentials of Internet audit have not just
been realized. Imagine writing an article like this from India in the pre-Internet days. Just impos-
238 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
sible! The starting point is for every auditor is to realize that there is so much that can be done
through Internet.
Author’s Note:
What I have provided here are examples of how you can use the Internet in an audit environment.
There is little doubt that the Internet has matured into an important tool for auditors. As it continues to grow and more auditors and audit organizations connect, the Auditbahn will be an effective
resource for the profession. The Internet as an audit tool will be integrated into the audit process
for the next generation of auditors. I have also provided the basics of how the Internet can be used
as an audit tool. It is time for you to get behind the wheel and head out for the Auditbahn. Rest
assured that whatever applicability the Internet has for you as an auditor today, the future will
provide you with even greater opportunities. Be creative and look for ways to integrate the Internet
into your work and use it as an audit tool. I welcome your ideas on how you have found the Internet
useful to you as an auditor. Share those ideas with others and you and the entire profession will
benefit.
Interview: Michael Awad, President, IAD Solutions
(http://www.auditleverage.com)
IAD Solutions’ main product is AuditLeverage. Based in Microsoft Access, Audit Leverage is a
flexible, user-friendly software package that integrates and automates the entire internal audit
process:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Automated workpapers (including online, tailored audit programs, as well as live links to
Web sites and workpapers prepared in Excel, Word, ACL, scanned images, etc.).
Staffing and scheduling of audits.
Timekeeping and department-wide time summaries.
Budget-to-actual comparisons for audit time and expenses.
Audit Location Risk Assessment.
Annual audit planning & budgeting.
Database searches of your audit findings, enabling you to research the audit history of a
particular organization location or control issue across the entire enterprise.
Audit committee reporting and statistical summaries of audit activities and recommendations.
Automated follow-up log, which keeps management accountable and flags repeat findings.
Remote replication capability, meaning that auditors can work remotely on laptops, off-line,
and then dial in (to either the corporate server or an ISP) to synchronize their data with the
server’s version back at the office. (This enables auditors and managers to review workpapers
remotely.)
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 239
Q. As a relatively new player in the audit software market, why did you choose the Internet
as a medium to reach the audit community?
As a former internal auditor myself, I have seen auditors’ increased awareness and use of the
Internet to search out answers to their real-world business challenges. The importance of an
appealing, informative Web site has definitely surpassed that of an expensive, glossy brochure, which usually ends up in the trash or filed away somewhere. Print media rely on the
“push” method of data transfer, which makes less and less sense in this era of information
overload. A Web site, on the other hand, relies on the “pull” method of data, i.e., auditors go
and get the information when they want it; it is not thrust upon them before they are ready to
process it. Any audit software organization without a professional, appealing, and informative
Web site would definitely not be taken seriously by potential customers in today’s audit software market.
Q. What role will the Internet play in the future of departmental management systems for
auditors?
The Internet will play an increasingly significant role in internal audit department automation
in several ways:
(1) Electronic workpapers. In audit department management systems such as Audit Leverage, hyperlinks to Web sites can now become part of electronic workpapers just as easily
as a Word or Excel document can. Some examples would include:
a) An intranet page containing background information on a particular organization
location or product line.
b) An extranet page containing background information on a particular industry or on
the financial markets.
2) Using the intranet to give non-auditors limited access rights to the department’s database. Sure, it’s nice for all of the auditors to have LAN access to the department’s database. But what’s even nicer is for non-auditors to have some access rights to this database
as well, not only to satisfy their own information needs, but also to eliminate work for the
audit department. For example, instead of asking a customer to type up responses to an
audit report, an internal control questionnaire, a location risk assessment, or customer
evaluations of auditor performance — only to have an auditor reenter this data into the
database — why not just have the customer enter this data directly into the database? Of
course, this was possible before the days of the intranet, but only by relying on drive
mapping using the organization’s LANs and WANs. For those of you who have attempted
to convince a non-technical customer in your organization’s Thailand office that it is
worth one frustrating hour of his time to set up a drive mapping over the WAN so that he
can save the auditors some duplicate data entry, you know that he’ll want to continue
doing things the old way: using paper — or, at best, e-mailing documents back and forth.
However, if you tell that same customer that he can reliably and instantly access the audit
department’s database using his Web browser, he might very well be convinced.
240 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
To this end, both of the major technology platforms in use today for audit department management software — Microsoft Access (in the case of Audit Leverage) and Lotus Notes — recognize the emerging importance of the intranet and are providing development tools to enable
auditors to phase out their reliance on their organizations LANs and WANs. In the case of
Lotus Notes, the answer is Domino, and in the case of the Microsoft platform, the answer is
Active Server Pages. Both of these technologies enable the user to access the convenience and
power of industrial-strength database applications — with the ease and familiarity of the
good old-fashioned Web browser.
(3) Shared library of useful hyperlinks. It is now possible to use tools such as Audit Leverage
to build and organize a dynamic virtual library of useful hyperlinks for the whole department to share — pointing to Web sites ranging from corporate policies and procedures, to
www.AuditNet.org, to the Web sites of the major airlines.
(4) Rescuing Lotus Notes applications that would otherwise have to be abandoned. Some
internal auditors who have successfully been using Lotus Notes to manage their department are being put on notice that their own IT departments intend to phase out technical
support for all Lotus Notes applications in the organization. These audit departments
need not abandon their well-functioning Lotus Notes systems, however, thanks to a new
revenue stream discovered by several Lotus Notes-based software providers: offering the
use of their own hardware and Lotus Notes software (at a remote site) to host an audit
department’s entire Lotus Notes database. The auditors then access this database exclusively on the Internet using their Web browser, without even needing Lotus Notes installed
on their laptops. This way, all the parties end up happy:
- Corporate IT achieves its objective of moving to a Microsoft standard and no longer
has to provide Lotus Notes technical support or to administer the dedicated hardware
that Lotus Notes requires.
- The auditors don’t have to abandon the Lotus Notes system they’re already using.
- If the size of the audit department increases, no additional costs are incurred. In
contrast, a department not utilizing a remote Lotus Notes hosting service would have
to pay a user license fee of $80 or more for each additional auditor needing a copy of
the Lotus Notes software on his or her laptop.
Q. How will you determine the effectiveness of using the Internet to market to audit professionals?
For each request that we receive from potential customers for more information about our
software, we track the source of the referral in order for us to determine the relative effectiveness of our various publicity efforts: conference exhibits (such as IIA, ISACA, and MIS), print
ads in Internal Auditor magazine, Web search engine, and (coming soon) Web advertising on
such sites as www.AuditNet.org and www.ITAudit.org. In addition, by looking at the log file of
our Web page, I can tell which internal auditing departments have browsed our site. I then
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 241
categorize these companies by size, industry, and country in order to determine the relative
effectiveness of our promotional efforts in each market.
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
Internal auditors are fortunate in that most of them work for organizations that are very willing to invest in their professional development. On-site training classes at my employer provided me with an introduction to the Internet as well as to other technologies, such as Microsoft
Access, upon which I eventually built Audit Leverage. Only after founding the organization
and beginning to market the software, however, did I become aware of the vast array of audit
resources that were available.
Just as reading or math is most effectively taught to youngsters in the context of the things that
they care about more than school — such as counting change at the candy store, or reading
Star Wars books — so digital literacy and Internet search skills are most effectively taught
(and self-taught) to auditors in the context of things that they care about more than auditing —
such as vacation planning Web sites or sports discussion groups. Such personal-interest Web
sites brought me to the point a couple of years ago where I was comfortable searching the
Internet, and it was then that I began to use the Internet more in my work as an internal
auditor.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
Our use of the Internet is not limited to reaching potential customers. As we promote our
software, we also leverage our Web presence as a strength. For example, we plan on providing
Web-based technical support, including postings of frequently asked questions and firsthand
accounts from our customers concerning the creative ways in which they have used the Audit
Leverage software to accomplish their business objectives. Also, we draw attention to the fact
that we use the Web creatively to do such things as post an online library of custom-made
reports that the various Audit Leverage clients have designed, so that other Audit Leverage
customers can benefit from their creativity.
Along these same lines, we are in the process of setting up a virtual community, on the Internet, of Audit Leverage users. In the days before the Internet, users of a particular software
package had to travel across the country to meet and interact with each other, and even then,
such conferences were usually not held more than once per year. In today’s world, virtual
communities on the Web enable users to interact with each other much more easily, with the
convenience of their own schedules and within their own offices, without the need to travel to
yet another auditors’ conference.
242 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. What Internet resources do you use, and how have they helped you and your organization?
a) Because I travel so frequently to internal auditing conferences all over North America, I
have saved thousands of dollars and untold hours using discount travel sites such as
priceline.com, travelocity.com, cheaptickets.com, bestfares.com, and lowestfare.com, to
name a few. In addition, Internet maps and driving directions have saved me countless
hours; I’ll never buy an atlas again.
b) In my recent efforts to hire a computer programmer to help me with enhancements to the
Audit Leverage software, I posted a help-wanted ad to an Internet job-posting service
(www.wji.com) focused exclusively on computer programming-related jobs. In response, I
received 60 resumes via e-mail within the first week alone, many of which were from very
experienced candidates who comprise an extremely high-quality applicant pool from which
I can hire. As recently as five years ago, I might have had to spend lots of money and time
advertising in a number of different magazines (and the response time would have been
dismal), or worse yet, spend a couple of thousand dollars on a headhunter.
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
Because I keep in touch with my customers almost exclusively through e-mail, my printing and
postage costs have been reduced almost to zero. Similarly, because my demo can be downloaded from the Web, I didn’t have to spend $500 on a CD-burning machine or incur the
additional expense of the demo CDs themselves, as well as the time commitment and the delay
involved in send them via postal mail.
Q. What effect have the Internet and the World Wide Web had on the auditing profession?
It has enabled auditors to embrace change and take risks in trying new audit approaches and
technologies (such as department management software), because the Internet has made it
much easier than before to find out from other auditors (through auditor newsgroups, for
example) whether or not such things are prudent and worthwhile risks.
Q. What Internet skills do you see as the most critical for new auditors?
You’ve got to know how to use Web search engines to find “exactly” what you’re looking for.
There’s such a huge sea of online audit resources out there that it’s all too easy to spend hours
sifting through search results that aren’t exactly what you’re looking for.
_________ Chapter 7 — Practical Applications for Using the Internet as an Auditing Tool 243
Q. Any other thoughts on how auditors could be using the Internet that you would like to
share?
The Internet offers a wide array of online seminars on topics ranging from Microsoft Office
training to specialized classes on audit-related topics. These can be particularly useful for
internal auditors with a CPA or other professional designation that requires a certain number
of continuing education hours each year.
Continuing Internet Education
The following books cover additional subjects with which auditors should be familiar.
1. Business on the Internet, Vince Emery, Coriolis Group Books.
2. Firewalls and Internet Security, William R. Cheswick and Steven M. Bellovin, Addison Wesley
Publishing Company.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 245
Chapter 8
Troubleshooting Internet Error Messages
(or What Do Those Error Messages Mean?)
“Well, everybody in Casablanca has problems. Yours may work out.”
— Humphrey Bogart
Dealing with Common Internet Error Messages
Due to the volatile nature of the Internet, auditors are sure to encounter the inescapable error
message. The cacophony of Internet error messages is one of the more frustrating, but ever present,
issues that auditors have to deal with when connecting to Internet resources. Auditors spend a
great deal of their time considering how to say things the right way so that audit comments and
reports deliver the right tone. It is no wonder then that when confronted with messages like “Bad
Request!” “Unauthorized!” “Forbidden!,” auditors take offense and lose patience with the online
experience. While the tone of these Internet error messages may be inappropriate, it is their lack of
clarity and void of any semblance of assistance that drives most auditors crazy.
Auditors should approach these error messages as they would like to see their customers react to
the first reading of an audit report — calmly and with reason. There is really nothing personal
about these cryptic messages. In fact the messages and dialog boxes are providing you with answers that may be valuable in helping you troubleshoot the problem. The following is a list of
some of the more common error messages that you will, at one time or another, encounter while
traversing the Auditbahn. Along with a description of what each error message means, suggestions
have been provided on what action you can take to deal with them. It may take some time for you
to become comfortable with the implications of each message or choice, but once you do, you can
view them as “recommendations” and learn how to accept and use or discard them.
Numerical Error Messages
400 - Bad Request
What it means —
This error message means that there is something wrong with the address you typed. It could be
that the server you are contacting does not recognize the document you asked for, perhaps it no
longer exists, or maybe you are not authorized to access it. It could also be due to incorrect syntax
in the Uniform Resource Locator (URL).
246 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
What you can do about it —
If you typed the address, check to make sure you entered it correctly. Pay special attention to case
(uppercase and lowercase letters), colons, and slashes. Try to type the URL again. If the error
message is still displayed, try backtracking through the URL by deleting the final segment of the
URL and hitting the Enter (or Return) key. If you continue to receive an error message, it is
possible that the document no longer exists or the URL is incorrect. If possible, try contacting the
site administrator to get more information about that particular document and its availability.
401 - Unauthorized or Authorization Required
What it means —
Do you normally access the site with a password? Password protection is a way of controlling
access to certain Web sites or pages within sites. This error usually occurs when an Internet site is
protected and the server did not receive the correct encryption ID or password for entry. You may
be accessing a site that is protected by a password or some means of encryption identification.
Either you have not registered for the site, or you used the wrong information, or you typed your
username or password incorrectly. There are sites that also prohibit access from certain domains.
The system administrator may have a block on certain domain types.
What you can do about it —
Check to make sure that the address you are trying to reach is correct. If you are sure that you are
a registered user of the site and have a username and password, reenter your information in case
you made a mistake and pay attention to the keyboard when you type. Passwords and usernames
(like URLs) may be case sensitive, so if your Caps Lock is on, take it off. If this still does not work,
you may want to contact the site administrator by e-mail and ask if your username and password
were disabled for some reason. The site administrator’s name is usually listed on the home page of
the Web site. If there is no site administrator identified, send an e-mail to whatever contact is listed
on the home page.
403 - Forbidden or Connection Refused by Host
What it means —
This is similar to the 401 error because it is a denial of service. Sometimes site administrators do
not want certain documents to be accessible and may have set a flag for “read permissions” or
dedicated access privileges only. There are also occasions when a site administrator has incorrectly configured the server’s “read permissions.” The document or the site may be either blocked
for certain domains or there may be password protection enabled. This error could also appear
because the site requires registration for access. Finally, it is also possible that the server is not
properly configured.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 247
What you can do about it —
Make sure you have entered the correct Web address. If there is a password and you know the
password, try again. If you do not know the password but think you should have access, contact the
site’s Webmaster and ask for the password. If you are sure that you do not have privileges to
access that site or the document that you are trying to obtain, go no further. Trying to hack a site
because you cannot obtain a document is both risky and foolish.
404 - File Not Found
What it means —
This is a common error that occurs when a host server is unable to locate the HTML (Hypertext
Markup Language) document requested. The Internet world is constantly changing, and documents are moved from one location to another. This usually means the document that was requested no longer exists at the address you provided. It may simply be a mistyped URL, the name
of the document could have changed, or it could mean that the document no longer exists. It is
possible that the page may have been moved to a new address. Perform a Web search for the site’s
name to see if still exists. If the individual that maintains the Web site cancels their account with
their ISP and moves to another, their site will no longer be available. Both educators and college
students frequently set up audit-related Web sites only to have them disappear upon job changes
for the former and graduation for the latter. To protect against loss of these pages I would recommend seeking approval from the document originator to save the specific HTML documents to
your hard disk.
What you can do about it —
Begin with the assumption that you typed the document name incorrectly. Try moving one level up
by deleting the last part of the URL to the nearest slash. If the site is still active, check to see if a
link to the document you are looking for exists in the parent directory. Check to make sure that the
capitalization is correct, every word is spelled properly, and punctuation is in the right places.
Common errors include periods, slashes, and spaces (which are not allowed in Web addresses). If
this fails, contact the site administrator and ask if the document is still available and what the new
address (URL) is.
500 - Server Error
What it means —
This is one of those errors over which you have no control. It means that the server is either not
configured properly or there is an internal software error.
248 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
What you can do about it —
Short of contacting the site administrator there is little that you can do when you receive a 500 Server Error. If you continue receiving this error message, try again later to see if the problem has
been resolved by the server’s administrator. If you know the e-mail address of the administrator,
send him or her a message.
501 - Not Implemented
What it means —
This error message appears when a Web site is unable to support certain features in your browser.
This occurs, for example, when a site has Web pages with forms that you complete and send to a
third party. Basically, the server does not support the specific feature that you requested.
What you can do about it —
Contact the site administrator and request that the server be upgraded to accommodate your needs.
If enough users make the request, there is a chance that the host organization will comply.
502 - Service Temporarily Overloaded
What it means —
The Web site’s lines are all being used and it cannot process your request. It could also be that
maintenance is being done to the server.
What you can do about it —
Try again later when the server is not so busy. At certain times of the day or night, traffic may be
lighter. This is one of those situations where persistence is a virtue.
503 - Gateway Timeout or Service Unavailable
What it means —
This type of error can originate from several sources: connection timing out, server problems, Net
problems, or client problems. Your Internet service provider’s server could have gone down during your connection session, preventing you from accessing any Web site. Another reason for this
error could be that the gateway connection (the one between the LAN and the Internet) is not
functioning properly. Finally, something may have happened to your PC causing the timeout —
perhaps something as easy as a lost modem connection or something internal to your system.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 249
What you can do about it —
Wait a short time and try again. If the error persists, identify the source of the problem (access
provider, gateway, or your system) by process of elimination. If you are trying to access a Web site
and the error message appears, try connecting to your mail server. If you are able to get your mail,
you are still connected and can eliminate a lost connection as the cause. Access provider and
gateway causes may be temporary, but perhaps a message to the Web administrator could help if
the problem is continuous or persistent.
Non-Numerical Error Messages
Connection Refused by Host
What it means —
This error message is similar to the 403 – Forbidden error message. You may be prevented from
accessing the document because it is blocked for your domain or password protection may be
enabled. When the network connection is refused, it could also mean that too many users are
trying to access the same page. Try back in a few minutes or during non-peak hours.
What you can do about it —
If you suspect a password-protection problem, try the normal password access troubleshooting
routines. If you do not have a password but feel you should have one, contact the Web administrator or access the main page and apply for a password. You could also try again in a few minutes or
during non-peak hours if the problem is too many users.
Failed DNS Lookup
What it means —
This is similar to the 404 – File Not Found error message, except that it applies to an entire domain
rather than just a single document. It means that the Domain Name System (DNS) is unable to
translate the address you provided into a valid Web address. DNS errors are sometimes caused by
traffic congestion or if the server is temporarily unavailable. It is also possible that the domain no
longer exists.
What you can do about it —
Retype the address again to make sure it is right. Click the “reload” or “refresh” button as it could
just be a temporary DNS lookup problem. Try again later. It is possible that the server is not
responding due to a large number of requests (busy signal). If the server is temporarily down or
250 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
offline for some reason, there is not much you can do except to try again later. Contact the site
administrator to report the problem.
File Contains No Data or Document Contains No Data
What it means —
You have accessed the right site but there is no Web document there. It is possible that the site is in
the process of being updated.
What you can do about it —
Look for the document somewhere else on the site by deleting the HTML document reference.
Recheck the site for the document you are looking for. Contact the site administrator for assistance
in locating the document.
No Helper Application Defined
What it means —
Helper applications are separate programs that deal with files that your Web browser is not set up
to handle. Helper applications define certain file types and the associated applications that run
them. When you access a Web site or try to run a file from a Web site, it looks at your system to
locate the appropriate application to launch and run the file. This error message means you have
accessed a file that requires a helper application, and you either do not have the application or your
browser cannot find it.
What you can do about it —
The dialog box will usually tell you the file type that is missing. Some Web browsers allow you to
select helper applications in the “Preferences” or “Options” menu item, where you should see an
option to choose “Programs,” “Helpers,” or “Viewers.” You can also add or modify helper applications using Microsoft Explorer. Each file type provides a description, including the file extension (like .txt for text file), a content type (called the MIME type, which is server information that
tells the browser what kind of information it is, like “text/plain”), and then the location and name
of the helper application used to process that file. Your browser allows you to modify existing
helper applications, add new ones, and remove old ones.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 251
Following is a partial list of common file extensions and MIME-types. Again, the MIME-type tells
the Web server how to send the file and tells the Web browser what kind of application to use to
open the file. You should be able to set up a helper application to view any of these file types with
the Helper Application button. For example, PDF files require the Adobe Acrobat Reader Program freely accessible from http://www.adobe.com. Download and install the program and the
next time you access a PDF file on the Internet, the application will automatically launch and open
the PDF file.
User tip: If a file extension ends in .doc, Web browsers will recognize this as a Microsoft Word
document. Because Word documents can contain Macro viruses, auditors should consider downloading Microsoft’s free Word Viewer. This application, freely available from the Microsoft Web
site at http://www.microsoft.com, provides added protection from Macro viruses that may reside
in a Word document.
.gif = image/gif
.htm = text/html
.html = text/html
.jpe = image/jpeg
.jpeg = image/jpeg
.jpg = image/jpeg
.js = application/x-javascript
.ls = application/x-javascript
.mocha = application/x-javascript
.mov = video/quicktime
.pbm = image/x-portable-bitmap
.pdf = application/pdf
.ps = application/postscript
.qt = video/quicktime
.rtf = application/rtf
.tif = image/tiff
.tiff = image/tiff
.txt = text/plain
.wav = audio/x-wav
.zip = application/zip
See also: No Helper Application Defined or Viewer Not Found
252 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Host or Site Unavailable
What it means —
The computer is telling you that it either cannot locate what you are asking for or the site could be
undergoing routine maintenance.
What you can do about it —
Recheck the address and try again or wait and try accessing the site later. Check the URL for
possible typographical errors, including case sensitivity. You can also hit Control/Refresh or Reload and see if the Web site comes up.
See also: Unable to Locate Host, Failed DNS Lookup
Unable to Connect to <Web Address>
What it means —
When your browser cannot reach the Web site that you want, this message may pop up. This could
occur for any number of reasons. It is possible that you typed in the address incorrectly. The site
may have moved to a new address. The site may no longer be available. It could even result
because of network problems or a busy Web server.
What you can do about it —
Make sure that the Web address (or URL) that you typed exactly matches the address you were
given. Ensure that the capitalization matches, that all words are spelled properly, and that all the
punctuation, like dots (.) and slashes (/), are correctly placed.
If you are sure that you have the right address entered in your browser, there might be a Web server
problem. If the server is down or there is too much traffic, wait a moment, click the Reload button,
and try again.
You should try to connect to other Web sites as well. If you can connect to other sites, the problem
rests with that one site, so try again later. If you cannot connect to any sites, you might be having
a problem with your connection or your computer. Reboot your computer and try connecting
again.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 253
The Requested URL Was Not Found
What it means —
When your browser cannot find a Web site with the address you gave, this message could appear.
Certain browsers might display a “cannot open” or “cannot retrieve” message including the address you provided.
What you can do about it —
Use the Refresh or Reload button to try to connect to the site again. If that does not work, wait and
try again later. You should also clear out the disk cache for your browser. Depending on the browser,
you will choose a menu item called “Preferences” or “Options.” Choose one or more of the following commands; Delete the “Temporary Internet Files,” “History Files,” “Purge Cache,” “Clear
Cache,” or “Empty Cache.”
Try connecting to other Web sites. If you can connect to other sites, the problem is with that site, so
try again later. If you cannot connect to any sites, you might be having a problem with your connection or your computer. Reboot your computer and try connecting again.
Can’t Parse HTTP
What it means —
This is another case of your Web browser being unable to recognize the Web address you entered.
What you can do about it —
Some older browsers may require the “http://” before the Web address, so if you omitted it, reenter
the address including the “http://.”
As in other situations, make sure you entered the Web address correctly. Spelling, punctuation, or
capitalization errors will affect your browser’s ability to find the page you are looking for. Use the
Reload or Refresh button to try and reconnect to the site, or wait and try again later.
Clear your Web browser’s disk cache or history files. Try connecting to another Web site. If you
can connect, the problem is probably with that one site, so try again later. The problem could also
be with your computer so as a last resort, reboot and try again.
254 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Network Connection Was Refused by the Server
What it means —
When a server encounters more traffic than it can handle, the system will generate this message.
What you can do about it —
Wait and try again at a later time.
See also: Too Many Connections — Try Again Later
NNTP Server Error
What it means —
This error occurs when you are trying to log on to a Usenet newsgroup, but you are unable get to
it. The Usenet server is something that is made available by your Internet service provider or your
site administrator. If your ISP or site administrator disabled access to the Usenet or the newsgroup
is not available, you will get this message.
What you can do about it —
Ensure that you typed the Newsgroup name correctly. If that does not help, try again later. If the
problem persists, contact your access provider or site administrator and report the problem. If your
organization prohibits Usenet access, there is little you can do. The only alternative would be to try
using a Web-based Usenet service.
Permission Denied
What it means —
File Transfer Protocol (FTP) directories use “permissions” defining who can read and write to the
FTP site directories. If you try to perform an action for which you do not have “permission,” you
will receive this error message. Anonymous FTP sites may allow you to download files but not
upload files to the site directory. Some anonymous FTP sites may only permit uploading to a
special directory. It could also be that you issued an improper command or the site is too busy to
complete the upload or download.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 255
What you can do about it —
Try again at another time when there is less traffic (late at night or early in the morning). If you can
determine where the FTP server resides (county or time zone), this may affect when it is best to
connect. Send a message to the site administrator to report persistent access problems.
Unable to Connect to <FTP Site>
What it means —
This error message indicates that your browser (or FTP program) cannot get to the FTP site you
want. Various situations could cause this error. If you typed in the FTP address incorrectly or if the
site moved or was disconnected, this error message would pop up. Perhaps the FTP server is
temporarily down for maintenance or too many users are trying to access it at the same time.
Sometimes anonymous FTP sites limit the number of users that can access simultaneously.
What you can do about it —
Make sure that you typed the FTP site address correctly. Ensure that the capitalization matches, all
words are spelled properly, and all the punctuation, such as dots (.) and slashes (/), are correctly
placed.
If you are sure you have the correct address, wait and try accessing the site again later. You could
also try connecting to a different FTP site. If you can connect to other sites, the problem is probably with that one site, so try again later. If you are experiencing connection problems to other
sites, the problem could be with your connection or your computer. Reboot and try again if you
want to confirm that your connection or computer is not the problem.
Too Many Connections — Try Again Later
What it means —
This is a common error message with FTP servers that have a volume of users. If there is too much
network traffic, the server could be busy or actually have gone “down.”
What you can do about it —
Use the Reload/Refresh function or try to connect to the site later. You could also clear the cache
where temporary files are stored to speed up your computer. Try connecting to other sites. If you
can connect to other sites, then the problem exists with that one site.
256 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Sometimes displayed as “Too Much Network Traffic “ or “Network Connection Was Refused by
the Server.”
See also: Network Nonnection Was Refused by the Server
Too Many Users
What it means —
It means exactly what you would expect. Too many users are trying to access the server and it is
unable to handle the overload.
What you can do about it —
Try again later. This is one of those situations where you should consider connecting during offhours if the site is popular. Remember to factor in time zones, both domestic and foreign. If it is an
FTP site you are trying to access, check and see if they have any mirror sites, perhaps in a different
time zone.
Unable to Locate Host or Server
What it means —
Usually accompanied by “Server Does Not Have a DNS Entry.” This error indicates that the site
either does not exist or the ISP connection is down. Your browser cannot find the host (server) for
the site you are trying to reach.
What you can do about it —
Hit the Reload/Refresh button. Check the address to make sure that you did not type it incorrectly.
Try accessing another Internet site. If the error message persists, most likely there is something
wrong with the connection. Perhaps if you empty the browser cache and try again, you will be able
to establish the connection.
Viewer Not Found
What it means —
This error is similar to the “Helper Application Not Found” error message. Basically the browser
is trying to launch an application for a file you requested from the server — perhaps a PDF file or
other application that you need installed on your computer.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 257
What you can do about it —
Usually the error will also provide information about the viewer needed for the file. Follow the onscreen instructions in the dialog box. If you are unable to locate the viewer for the file, perhaps you
could send a message to the site administrator asking for assistance.
You Can’t Log On as an Anonymous User
What it means —
This error refers to FTP sites that do not allow unregistered or unauthorized users.
What you can do about it —
This message covers a multitude of sins. Some FTP sites allow access to people who are not
members, some do not. Others may allow nonmembers, but limit the number of visitors. Another
possibility is that your browser does not support anonymous FTP access. The way most browsers
handle this is to submit “anonymous” as the user ID and your e-mail address as the password.
What you can do about it —
Either try again later after the rush hour or enter your user ID and password manually (using FTP
software such as WS-FTP). Remember: your ID is anonymous and your password is your e-mail
address.
See also: Too Many Users
Not Found
The requested object does not exist on the server. The link you followed is either outdated or
inaccurate, or the server has been instructed not to let you have it.
See also: 404 – File Not Found
258 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
10 Tips for Troubleshooting Internet Error Messages
The following tips for troubleshooting Internet error messages should cover most of the situations.
Treat them as general problem-solving guidelines that should be followed as part of any troubleshooting scenario.
1. If you physically typed in the address, review it for errors. The most common errors are
spelling typos. If you accessed the Web site via a link from another site, look at the link
properties to determine if perhaps the Webmaster made an error in entering the link. Remember that Webmasters are only human and sometimes address errors start with them. If
you find that the Webmaster has an incorrect link, let him or her know so the error can be
corrected. This not only helps you but also all the other auditors trying to connect to that site.
2. Check that the case of the letters in a URL is correct. Unix programs can distinguish the
difference between uppercase and lowercase letters. Browsers will not translate these for
you.
3. Use the Reload/Refresh feature of your browser. Often, error messages result from temporary situations or “hiccups” in the network. The Reload/Refresh feature may help establish
the connection. Temporary delays and errors on the Internet are a common occurrence.
4. Clear the history file or clean the cache. Files residing in your computer cache may prevent
you from connecting to the most current page in the Web site. Each browser handles cache,
history, or temporary files differently. They are used to speed up access to Web sites, but in
certain scenarios they may in fact slow down or prevent you from establishing a current
connection.
5. Try backing out the HTML document reference. Webmasters often relocate documents on
their Web sites. Documents ending in “htm”- “html”- “pdf” - or other file formats may have
just moved to a different directory. Backing out these documents may put you in the main
page (or sub-page) of the site and you can determine the new location for the reference.
6. Make sure you typed the Web address correctly. Punctuation or capitalization errors may
prevent a browser from finding a page you are looking for.
7. If you believe that you have the correct address for the Web site, the problem may reside
with the Web server where the Web page exists. The server could be down for routine maintenance, upgrade, or other service-related reasons. It may also be possible that too many
people are trying to access the server at once. As the number of people using the Internet
grows without a concurrent increase in the network bandwidth, this problem may persist.
The best thing to do may be to try again later in the day.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 259
8. If you are connected via a modem, disconnect and then reconnect. A bad connection can
impact your ability to reach Web sites.
9. Rebooting your computer is a final resort before contacting the site administrator or
Webmaster. Shutting down the system and then reestablishing the connection may help determine whether your system or connection was part of the problem.
10. If you still cannot reach a site, send an e-mail to the Webmaster at that site with the error
message you are receiving and the circumstances under which it occurred. Try to be as
specific as possible. In order to determine the cause of the error, the Webmaster will need all
the relevant facts such as the site address and document, what you did (or didn’t do) before
the error message came up, and any other pertinent information you might have.
Interview: Alan McCafferty, Founder and President,
OPTIMUM Technology (http://www.optimumtechnology.com)
Since 1993 OPTIMUM Technology has developed custom and standard software solutions for
both public and private sector organizations. OPTIMUM Technology markets a series of advanced
but easy-to-use software tools under the banner of QS3 technology. QS3 technology has been
designed to operate in a Windows 9X/NT environment. The tools are used for implementing robust, functional and efficient business information systems that compliment MRP or ERP systems
and combine the ISO requirements and other international standards such as automotive and aerospace. Configuration options give the organization freedom of choice with an open architecture
that is scalable from a single user to an enterprise user. QS3 is comprised of four core components
QSAK (rated Editor’s Pick by ZDNet), QSCK, QSDK, and the QS3 Communicator.
OPTIMUM Technology’s Internet Strategy
They see the Internet as a tool to freely and securely communicate via systems both locally or
across vast boundaries such as provinces, states, and countries.
Q. Why is QSAK important for auditors and how will they be able to use it through the
Internet?
QSAK without the QS3 communicator allows the user to generate audit findings and reports
rapidly and with minimal user input. These reports can then be transferred to an Internet
format (HTML) with a click of a button thus reducing the need to reenter or reformat the
report line by line. By adding the QS3 Communicator, QSAK then becomes a fully interactive
tool that can take full advantage of the Internet as a means of communication between users.
260 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Q. Why did you decide to provide your software freely to the audit community?
In the same fashion that other items (not necessarily software) have become standards, we see
electronic auditing as requiring a global standard. In order to provide the best possible product and service, we decided to offer QSAK freely as a means of getting international feedback
about the product and to increase the user base. Our choice to deliver it primarily via the
Internet was to allow a primarily invisible market to sample and experiment with our product
without the constraints of time or training. It is our interest to unite auditors globally under a
familiar easy-to-use system at their own pace. Where QSAK starts by sharing itself, we hope
that users will follow by sharing resources with each other via the vehicle that is QSAK.
Q. What impact has the Internet had on the delivery of your product?
The Internet has been the main mechanism for international marketing and sales of the QSAK
product. The Internet also allows for a global distribution of the product at a much lower unit
cost as compared to a traditional model. Internet marketing does not properly fit into the
traditional method as it is based more heavily on delivering the proper solution to every user
instead of the traditional “high profile” clientele. For this reason, Internet marketing seems
to be more focused on word-of-mouth to advertise products. Along that line is the Internet’s
ability for users to freely give and share true testimonials of the product without interference
by manufacturers or corporate entities.
Q. As the Internet enters the new millennium, auditors are becoming more “digitally literate.” How did you acquire “digital literacy”?
Just like all other departments, an organization’s audit group has been shrinking steadily
since the beginning of the 1990s. At the same time, the level of work has increased dramatically with the introduction and acceptance of standards such as ISO 9000 and 14000. Auditor
rules and practices will remain the same regardless of which standard is implemented. Therefore the introduction of new tools and techniques such as the Internet should not be intrusive
but intuitive. It is the responsibility of software designers and developers to integrate the
technology in such a way that it allows users to use it without requiring retraining.
Q. The Internet has fostered an “Electronic Progress Through Sharing” philosophy. How
has your organization contributed to this philosophy through the use of the Internet?
The Internet is home to an entire community of users covering every aspect of technology
available. It has fostered a haven for all users to share and participate in equally and its
scalability allows for any depth of concentration or specialty. We have provided QSAK as the
vehicle to unite auditors on a global scale.
____________________________ Chapter 8 — Troubleshooting Internet Error Messages 261
Q. How has your organization integrated the user of the Internet into auditing?
QSAK with the QS3 Communicator takes advantage of the Internet to allow auditors the ability to share information rapidly with minimum user intervention. The final step is to fully
integrate the Internet’s globability into the product.
Q. What Internet resources do you use, and how have they helped you and your organization?
Resources that are relied upon for information and continued self-learning within the organization are the Internet’s newsgroups and WWW resources that can be located by performing
rudimentary searches via major channels on the WWW.
Q. How has the Internet changed the way your organization does business, and what impact has that change had on auditors?
In the same manner that business is moving to an e-commerce model using the Internet as a
mechanism for connecting clients, business, and suppliers, auditors will be able to take advantage of the same technology. The electronic world is faster, more efficient, and easier to
master than the traditional model. By using the tools made available by the computer and the
Internet, we are saving auditors time, money, and resources by significantly reducing once
critical - now obsolete functions associated with traditional auditing models (paper trails, for
example).
Sharing information freely is the key to learning. By openly teaching others the specific skill
that one has acquired, it opens for the exchange where the teacher becomes the student. This
role-sharing environment is essential to the progress and development of ideas on a global
scale.
Q. What Internet skills do you see as the most critical for new auditors?
Those new to the Internet should make themselves comfortable with its main channels. Learning to use search engines and navigate the WWW would be fundamental skills required. Next
would be the ability to utilize the newsgroups as an interactive tool for creating and solving
problems.
Q. What role do you see for the Internet in the future of internal auditing?
The future of auditing will continue on its path of fewer auditors with more audits. It will be
the responsibility of the auditor to have a competent tool set that will allow a single auditor to
perform like today’s entire team.
_____________________________________ Appendix A — Auditor’s Internet Glossary 263
Appendix A
Auditor’s Internet Glossary
Internal auditors who tour the Internet need a digital vocabulary guide to help navigate the terrain.
While they may not need a glossary of every Internet term, an understanding or familiarity with
basic terminology will certainly help. This glossary is specifically geared to auditing professionals.
ACUA (Association of College and University Auditors) - Active professional association with
listservs, a Web site, and numerous audit-related resources.
ANet - Part of the International Accounting Network. Site is centered at Southern Cross University in New South Wales, Australia. Maintains extensive mailing lists devoted to accounting
and auditing topics. ANet is a cooperative venture of a number of individuals and primarily
academic institutions around the world. It seeks to provide a networked, electronic forum for
the exchange of information and the discussion of issues in the broad accounting and auditing
discipline and provides a repository for a range of information in the discipline. It includes a
variety of electronic mail discussion groups and an online database of information. ANet is
run as a joint venture with the School of Business at Bond University.
AOL (America Online) - A commercial online service popular because of its ease of use.
Archie - A tool (software) that allows searching indexes of files stored on anonymous FTP servers. Requires knowing the file name.
ARPANet (Advanced Research Projects Administration Network) - The precursor to the
Internet. Developed in the late 60s and early 70s by the U.S. Department of Defense as an
experiment in wide area networking.
Article - An e-mail message sent to a mailing list and distributed to subscribed members. Also a
posting to a Usenet newsgroup.
ASAP (As Soon As Possible or Auditors Sharing Audit Programs) - A service of AuditNet that
allows auditors to share audit programs with peers by allowing them to be posted on a FTP
site.
ASCII (American Standard Code for Information Interchange) - Describes files that are stored
in clear text format. Sometimes referred to as DOS text.
AuditNet - A conceptual model for a central electronic resource for the audit community that
would provide a link for auditors worldwide. The initial concept has evolved into a network of
resources available for auditors. The AuditNet concept now has the auditor as the hub of a
264 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
wheel. The spokes of that wheel represent resources available for professional auditors. Some
of those spokes are connected by pointers via the Internet, while some are islands unto themselves. A listing of those electronic resources is maintained, updated, and distributed monthly
via the Internet and is available as an Internet home page.
AuditZine - Compendium of articles about the Internet written by auditors and accountants. Available on the AuditNet home page.
Browser - Client-based software program providing capability to view Internet resources. Examples include Netscape Navigator and Microsoft Internet Explorer.
BTW - Short form of “by the way” used in e-mail messages.
Bulletin Board System (BBS) - Computer system providing capability to connect via phone or
network for the purpose of sharing files and information; forum for discussions and announcements. Able to operate from small standalone computer systems or larger systems.
Caching - A method of automatically saving copies of files in the computer’s memory or on the
hard disk. Caching enables you to recall previously visited Web sites quicker than downloading new Web pages.
CIS - CompuServe Information Service is a commercial online service that has a variety of business resources and forums.
Client - Software program for contacting and obtaining data from server software programs located on a remote computer. Client programs work with server programs and server programs
require specific client programs.
Commercial Online Service - Online service providers where users pay a fee to dial into a large
centralized computer system. These providers offer conferences, forums, files, news, and other
information. Examples include America Online, CompuServe, Prodigy, and others. These
services also offer a wide range of Internet services as part of their monthly fee.
Crawler - see Spider.
Crossposting - Posting one message to multiple discussion groups in order to cover a wider audience.
Cybernaut - Individual that spends time traveling online in the electronic world.
Cyberspace - Range of information resources available from computer networks.
_____________________________________ Appendix A — Auditor’s Internet Glossary 265
Cyberspeak - Terms and speech style used by cybernauts.
Dead Link - An Internet link that does not lead to a page or site, most likely because the server is
down or the page has moved or no longer exists.
Digest - Accumulation of mailing list articles sent to list subscribers periodically (daily, weekly, or
monthly).
Domain Name - Unique naming system that identifies an Internet site.
Download - Transferring information from a remote computer to your local computer.
E-Mail - Electronic mail or text messages sent from one individual to another over a computer
network.
FAQ - Documents that provide answers to frequently asked questions on Internet-related topics or
specific subjects. Provides easy means to avoid answering the same questions over and over.
FAQs are Frequently Asked Questions. Because the Internet covers so many new and unique
areas, FAQs provide a way to capture questions of a recurring nature that first-time users may
need answered. There are FAQs for just about everything you can imagine on the Internet.
They represent a worthwhile means of finding out what specific terms mean without having to
ask questions that may prove embarrassing. There are no “stupid questions,” but on the Internet, some questions may incur the wrath of a globally insensitive family.
Finger - Software tool on the Internet for locating individuals at other sites.
Firewall - A computer or server set up to monitor traffic between an Internet site and the Internet.
The purpose is to keep unauthorized persons from tampering with a computer system.
Flame - Caustic or obscene message of disagreement for an opinion or statement included in an email message or posting to a newsgroup.
FTP (File Transfer Protocol) - An Internet protocol that allows users to download files from
specific accessible file servers. Users can search FTP archives for specific files using a software application called Archie. The ASAP FTP site is an example of audit applicability.
GIF - Picture file used in Internet documents such as World Wide Web pages.
Gopher - Menu and text-based system on the Internet for sharing information. Client and server
program that requires using a client program on the local computer (or connecting to a client
program on a remote computer) which connects to a Gopher server on a remote system.
Developed at the University of Minnesota whose mascot happens to be a gopher.
266 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
History Log - A list of document titles and URLs that browsers automatically store in memory.
These are dynamic logs that document all the Web sites visited while browsing the Web.
Home Page - The opening page of a World Wide Web site. Acts as a guide by providing links to
the other pages associated with that particular site.
Host - Computer on the network that provides services to other computers on the network.
HTML (Hypertext Markup Language) - Formatting language used to create documents for use
on the World Wide Web. HTML documents are used by client browser programs to link to
other sites or documents on the Internet.
HTTP (Hypertext Transport Protocol) - Protocol or language used for moving hypertext files
over the Internet.
IAWWW - The Internal Auditing World Wide Web was the first Web resource on the Internet
devoted to internal auditing. The IAWWW was established in June 1994 and continues as a
valuable electronic resource for auditors.
IMHO (In My Humble Opinion) - Used in electronic forums, newsgroup and discussion list
postings. IMO (In My Opinion) is a less humbling cyberspeak.
International Accounting Network - Providers of information on the Internet about accounting
and auditing. The providers are the University of Exeter in the UK which hosts the Summa
Project, Rutgers University in New Jersey which hosts the Rutgers Accounting Web (RAW),
Southern Cross University in Australia which hosts A Net, School of Accountancy (SOA) at
the University of Hawaii, and the Nordic Accounting Network (NAN) maintained by the Department of Accounting at the Swedish School of Economics and Business Administration in
Helsinki, Finland. Each service provider runs a World Wide Web server with a wide variety of
information. Each of the providers is working to mirror the other two services in order to build
a truly international resource of accounting and auditing knowledge. Summa, RAW, NAN,
SOA, and ANet will be working to build expertise and sources of information in particular
areas and sharing this knowledge with the other providers.
Internet - Global interconnected network of computers using the TCP/IP protocol.
Internet Explorer - Web browser developed by Microsoft Corporation.
Intranet - Connection of two or more networks.
ISP (Internet Service Provider) - A commercial entity that provides Internet access to individuals usually via a dial-up connection.
_____________________________________ Appendix A — Auditor’s Internet Glossary 267
Java - A computer programming language whose programs can run on different types of computers and/or operating systems.
Keyword - A word by which subjects can be searched on online services and databases.
List Owner - Individual in charge of a mailing list.
Listserv - A widely used type of mailing list software. Other types of list server software include
majordomo and listprocessor (listproc). The software runs automated mailing lists by recognizing commands received via e-mail messages.
Login - Account name used to access a local or remote computer system (noun). Can also be used
as a verb (as in login to a computer system).
Lurker - Usenet or discussion group member that posts occasionally but reads the group posting
on a regular basis.
Mailing List - System providing capability to send a message to a single address, which in turn is
forwarded to all members of the list. Provides discussion capability to a large group of individuals at different locations.
Meta Search Engine - A server that passes queries on to many search engines and/or directories
and then summarizes the results.
Mirror - Internet site containing a copy of information located at another site in order to distribute
the number of individuals accessing the site or reduce the response time for users.
Moderated - Mailing list or newsgroup monitored by one or more individuals to ensure that the
topics and messages posted are relevant to the topic for which the list was created.
Mosaic - First developed WWW browser program for accessing the resources of the World Wide
Web.
Netiquette - Acceptable behavior in network applications and tools such as e-mail, discussion
groups, mailing lists, newsgroups, etc.
Netscape - Commercial browser program for accessing the resources of the World Wide Web.
Newbie - New user to the Internet. All computer users were newbies at some point.
Newsgroups - Organized by subject matter, newsgroups are forums where anyone can ask and
answer questions, debate given issues, and discuss current or past events.
268 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
OSP (Online Service Provider) - Commercial online services that provide members with access
to the Internet.
Packet Switching - Method used to move data around on the Internet. Breaks data down into
packets or chewable bytes providing network capability to move large amounts of data with
minimum impact on the transmitting lines.
Password - Security access code for entering a computer system. Accompanied by a user name,
allows security for logging in to a remote (or local) computer system.
POP (Post Office Protocol) Mail - POP Mail is used to provide a way for e-mail programs to
retrieve mail from another computer.
PPP - Internet protocol (language) allowing a computer to use a modem dial-up for a TCP/IP
connection and act as an Internet host.
Query - Word or phrase used in conducting a search on the Internet.
RAW (Rutgers Accounting Web) - Part of the International Accounting Network.
RFC (Request for Comments) - Process used to establish standards on the Internet. RFC documents are proposed and distributed online for feedback. The discussion is facilitated by the
IETF (Internet Engineering Task Force) which assigns official numbers to the RFCs.
Router - Computer or software package that handles network computer connections. Routers
review destination address instructions received and determine the route for forwarding.
Search Engine - A server or group of servers dedicated to indexing Internet Web pages, storing
the results, and returning lists of pages that match specific queries.
Server - A server is a computer that, when asked to, sends information to another computer.
Smiley - Keyboard symbol combinations that express emotions. Sometimes known as emoticons.
Spider - Part of a search engine that surfs the World Wide Web, stores the URLs, and indexes the
keywords and text of each page it finds.
TCP/IP (Transmission Control Protocol/Internet Protocol) - Standard software language that
allows different types of computers with different operating systems to communicate on the
Internet.
_____________________________________ Appendix A — Auditor’s Internet Glossary 269
Telnet - Connecting from one computer site to another remote computer on the Internet. Telnet is
a command and a client program.
Thread - Entire discussion in a newsgroup from the original article on a topic to the last response
for that topic.
Upload - Upload means to transfer information from a local computer to a remote computer.
URL (Uniform Resource Locator) - Standard method of addressing on the Internet. Similar to a
channel on a television set. The major parts of the URL identify the type of resource (i.e.,
WWW, Gopher, FTP) and physical location of the server.
Usenet - Also referred to as newsgroups. A system of discussion groups or forum allowing a wide
variety of individuals to post and read messages on various topics.
Veronica (Very Easy Rodent Oriented Netwide Index to Computerized Archives) - Textbased search tool that queries Gopher servers and provides ability to link for successful hits.
WAIS (Wide Area Information Servers) - Text-based search tool that queries databases of information providing ranked results of hits. Allows refining the query to fine-tune the search.
WWW (Web or World Wide Web) - An Internet interface based on a hypertext technology that
links graphics and sound with text files. The Web consists of documents that can be linked to
other documents, applications, or other sites. Like a spider’s web there is more than one way
to get from one place to another on the Web.
Continuing Internet Education
The Internet Glossary and Quick Reference Guide, Alan Freedman, Alfred Glossbrenner, Emily,
Emily Glossbrenner, Amacom.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 271
Appendix B
The AuditNet Resource List (KARL)
Copyright 1994-2000 by James M. Kaplan. Single copies of this list from its networked sources or
of specific entries from their networked sources may be made for internal purposes, personal use,
or study by an individual auditor, an individual auditing department, or an educational or research
institution. The list may not be otherwise reproduced or republished in its entirety, in print or
electronic form, without permission from James M. Kaplan, [email protected].
The information on this list is the most current available and selected on the basis that it may be
helpful and useful. The author of this list makes no claims as to the accuracy of the information
contained in any of the resources and is not responsible for the content of the information provided. The author is also not responsible for any costs associated with connecting to those resources or the electronic distribution of this list. The appearance of a resource here should not be
construed as an endorsement.
Send any updates or changes to:
[email protected]
To subscribe to AuditNet-L, which includes the monthly updates to Internet Resources for Auditors, send an e-mail to [email protected] and, in the body of the message, put SUBSCRIBE
AUDITNET-L. To subscribe via a form, go to http://www.itaudit.org/auditnet_area/subscribe.htm.
Academy of Accounting Historians (http://weatherhead.cwru.edu/Accounting) - Organization that encourages research, publication, teaching, and the interchange of ideas for accounting history and its relationship to business and economic history. Site provides information
about the academy, its organization, and services offered. There is also a publication section
with links to research papers and abstracts.
Accountancy Edition-Sift (http://www.sift.co.uk) - Web search site for accounting professionals. The accountancy edition of Sift draws together a wide collection of relevant Internet
resources for an accountant doing business in the UK. Includes access to accountancy news
and organization directories (ICC, Infocheck, Dun & Bradstreet, and others), as well as a wide
collection of financial, news, and market research databases from DataStar. Maintains a set of
links to other relevant Web sites. Subscription service available.
Accountant-Finder (http://www.angelfire.com/biz/AccountantFinder/index.html) - An Internet
directory for locating accountants and accounting professionals worldwide.
272 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Accountant’s Home Page (http://www.computercpa.com/) - The Accountant’s home page includes resources for accountants and financial and business professionals. Resources include
governments, professional organizations, corporations, and universities.
Accountants’ Ledger (http://www.accountantsledger.com/) - Online magazine for accountants.
Includes feature articles, online resources, reviews, and more.
Accountants on Call (http://www.aocnet.com/) - Staffing service specializing in accounting and
financial personnel placement. This recruiting and job search Web site includes articles on
hiring for employers, career articles for job seekers, a list of FAQs, salary guide by request,
and access to the searchable database of jobs and candidates.
Accountants Online (http://www.ppn.com.hk/accountantsonline.html) - Pacific Professionals Network accounting page of information and resources. Includes What’s Hot for Accountants and Accounting Web sites.
Accountemps (http://www.accountemps.com/jobsAT/) - Web site for an international temporary financial staffing placement firm. The site provides an excellent career advisor, salary
survey, and more.
Accounting: A Virtual History (http://www.acaus.org/history/) - Web site from the Association of Chartered Accountants in the U.S. provides an excellent historical background on the
roots of accounting.
Accounting and Audit Resources (http://www.disastercenter.com/audit.htm) from the Disaster Center - Provides a comprehensive list of links to related sites. The links to accounting
and audit associations and organizations is especially useful.
Accounting and Finance Employment Opportunities (JOBS ACT) - This is a moderated mailing list of employment opportunities for accounting and finance jobs, including cash management, auditing, and tax (no entry level positions). To subscribe, send a message to JOBS
[email protected] with the word SUBSCRIBE in the subject line and the
body. Do not include your name, address, or additional text in the subject line or the body of
the message. Subscribers can obtain an archive file, which gives information on several employment BBSs around the nation by sending the command ARCHIVE JOBS ACT to the list
address.
Accounting and Finance in Hong Kong and China (http://www.cityu.edu.hk/afdragon/) The AF Dragon home page, a voluntary and independent home page on the region, provides
links to a number of accounting, auditing, and business resources.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 273
Accounting and Finance Jobs (http://www.accountingjobs.com) - A national database of accounting and finance-related jobs. This joint project sponsored by AccountingNet and
CareerMosaic focuses on employment opportunities in the accounting and finance professions.
Accounting and Tax Professionals in Public Practice and in Industry Discussion Lists. The
following lists are jointly owned and managed by Kent Information Services, Inc. and TAPNet.
If you have questions or need additional information about these lists, e-mail John Graves at
[email protected] or Jim Snell at [email protected]. Subscribe to these lists at http://
www.kentis.com/listsub.html.
AA-STDS APP - Discusses actual accounting and auditing problems and how current standards should be applied in those circumstances. Participants must agree that (1) names of the
companies that are the subject of discussion will not be identified, and (2) opinions offered by
participants will not be relied upon as authoritative, but only as a starting point for further
research. All accounting and auditing professionals are welcome to join this list.
CPA-INET USE - Focuses on (1) how CPAs in public practice are using the Internet to improve client service, lower costs, and enhance revenues, and (2) how CPAs in industry are
using the Internet to enhance administration and productivity. The Internet is a new tool being
used by CPAs in innovative ways not predicted even a year ago. This discussion group will
share new ideas and lessons learned from successful implementations as well as those that
were not as successful. Home pages will be submitted to this group for evaluation and comment. All accounting and tax professionals are welcome to join this list.
CPA-MGMT MRKTG - The CPA Management and Marketing list is dedicated exclusively
to subjects on managing and growing a CPA firm. The goal of the list is to be a forum for
discussing ideas, sharing problems, and communicating successes about firm management
and marketing. By participating in this group, practitioners will have a place to turn for access
to the most current ideas and trends and to sound out ideas and plans in a supportive atmosphere. All tax and accounting professionals in public practice are welcome to join this list.
MGMT-ACCT - The Management Accounting list discusses new issues and ideas relevant to
financial professionals working for both large and small companies. This list will help management accountants cope with the increasing corporate demands for greater organization
efficiency. Relevant topics will include a range of practical issues from “strategies used to
decrease lead times for order fulfillment” and “choosing the right combination of organization
benefits” to “strategies used in downsizing, strategic planning and financial re engineering.”
Tax and accounting professionals with an interest in management accounting are welcome to
join this list.
274 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
TAX-PRCT ISSUES - The Tax Practice Issues list is a discussion among tax professionals
working in industry and public practice. The discussion focuses on how companies and tax
practitioners are dealing with current tax issues. Members agree not to identify organization
names during these discussions or use the content of this list as a basis for taking a position
before the IRS. By participating in these discussions, tax professionals will be able to support
each other by sharing information and to become more efficient and productive. Tax and
accounting professionals with an interest in taxation are welcome to join this list.
Accounting and The Year 2000 (Y2K) Problem (http://www.bus.orst.edu/faculty/brownc/
year2000/index.htm) - Web site for accounting professionals and students to keep up to date
on the issue.
Accounting, Auditing & Accountability Journal (http://www.mcb.co.uk/cgi-bin/mcb_serve/
table1.txt&aaaj&journal1.htm) - Provides information about the journal and selected articles. Subscription information provided.
Accounting Discussion List and Newsgroup - FinanceNet established a discussion list
([email protected]) for news, notices, announcements, and accounting standards of
interest to public accountants. They also set up a corresponding newsgroup (fnet.accounting)
to encourage posting of comments, questions, best practices, and more between accountants in
the public and private sector and educators. Send message to e-mail [email protected] for
more details.
Accounting Education (http://www.accountingeducation.com/) - Web site for academic accountants provides access to news, reviews, jobs, events, journals, links to sites, and a library
of articles.
Accounting Education Ideas (http://www.swcollege.com/vircomm/gita/gita.html) - from SouthWestern College Publishing. Provides ideas from accounting professors for teaching the subject. Topics include classroom management tips, icebreakers, management accounting ideas,
statement preparation and analysis, assets, liabilities, and equity. There are also spreadsheet,
internal control, and other project ideas.
Accounting Faculty Directory (http://rarc.rutgers.edu/raw/hasselback/) - Web site of the
Prentice Hall On-line Accounting Faculty Directory, a database compiled by James R.
Hasselback. The site provides search capability based on name, school, or location.
Accounting (Big 5) Firms on the Internet
Arthur Andersen (http://www.arthurandersen.com/) - Web site provides information about
the firm and its history as well as sections for global best practices, interactive tools, and
business links.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 275
Deloitte & Touche (http://www.dttus.com) - Site provides information about D&T as well
as an excellent Hot Topics section (http://www.dttus.com/dttus/hot/hotlist.htm) with timely
information on software products, surveys, and breaking news items of interest to accountants
and auditors. Deloitte Touche Tohmatsu TAXNET (http://www.deloitte.com.au) Deloitte Touche Tohmatsu Australian division is now on the World Wide Web. Site includes information
about Deloitte, tax publications, career information, and more. Touche Ross UK (http://
www.deloitte touche.co.uk/) site for the UK Division of Deloitte Touch. Includes a hot topics
area, information about the firm, and Inside Fraud, the quarterly fraud bulletin.
Ernst & Young (http://www.ey.com) - U.S. site provides financial reporting briefs, a financial reporting and accounting 1995 update, gateways to other E&Y sites, and career opportunity information. Ernst & Young (http://www.eycan.com) E&Y Canada provide information
about the firm’s services and career opportunities. Includes news releases, tax briefs, links to
the Department of Justice of Canada (French or English), and links to other business resources.
E&Y England (http://www.ernsty.co.uk/welcome.htm) includes the complete publication of
Cadbury Corporate Governance: Reporting on Internal Financial Control. E&Y Africa (http:/
/www.mbendi.co.za/ernsty) provides information on their services.
KPMG - Peat Marwick Web Sites KPMG US (http://www.us.kpmg.com) - Provides
updates on KPMG, services, employment, and a library that contains links to accounting and
tax-related sites. KPMG Online Canada (http://www.kpmg.ca) includes industry studies and
links to business resources. KPMG Australia (http://www.kpmg.com.au) includes tax information for Australia and links to other resources.
PricewaterhouseCoopers (http://www.pwcglobal.com) - Web site contains firm history,
insights and solutions, and career information.
Accounting Research Network (http://www.ssrn.com/) - Publisher of the Journal of Financial
Abstracts and other documents. After the startup phase this will become a fee-based service.
Accounting Research Tools (http://www.rutgers.edu/Accounting/raw/aaa/facdev/research/
indexed.htm) - Provides access to scholarly journals, databases, and publications maintained
by the American Accounting Association.
Accounting Studies on the Internet (http://www.rutgers.edu/Accounting/raw/miklos/
study.htm) - A publication that covers a basic understanding of the Internet, the issues of
security, online auditing, advertising opportunities, and more.
AccountingNet (http://www.accountingnet.com/) - Site is designed as a complete utility on the
Web for accounting-related information, products, and services. Serves as a communication
network between CPAs and state societies, and as a marketing tool for CPAs. Includes a job
search database and a well-organized page with links to accounting resource material.
276 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
AccountingNet Forum (http://www.accountingnet.com/) - Provides the opportunity for accounting and auditing professionals to communicate with others on various topics of interest, including technology and the Internet.
AccountingStudents (http://www.accountingstudents.com/) - Web site for accounting students
provided by AccountingNet. Links to scholarships and discussion forum listings, tips on taking the CPA exam, job information, a research library, accounting firms, GAAP and GAAS
guides, and more.
AccountingWeb Newswire (http://www.accountingweb.co.uk/email_lists.html) - Free twice
weekly digest of all the recent news and developments on the Web site sent to subscribers to
AccountingWEB. It keeps you up to date with all the important events of relevance to the
world of accounting. To add or remove your name from this mailing list, go the URL provided
above. To subscribe to by e-mail, send a message to [email protected] and in
the BODY of the message type: SUBSCRIBE ACCOUNTINGWEB-NEWSWIRE youremailaddress. (Knowledge Assembly Resource)
AccountingWEB (US) Newswire (http://www.accountingweb.com/) - The AccountingWEB
Newswire is a free weekly digest of all the recent news and developments on the Web site sent
to subscribers of AccountingWEB. It keeps you up to date with all the important events of
relevance to the world of accounting, giving you an edge on those less well informed. (Knowledge Assembly Resource)
AccountNetGuide (http://www.accountnetguide.com/) - Page of Internet information resources
for accountants. Includes mailing lists, newsgroups, and more.
AcctInfoPlus (http://www.bs.ac.cowan.edu.au/acctinfoplus/) - An accounting resource metacenter developed for the academic and professional community. Site includes the Summa
Project, and the Nordic Accounting Network, among others, links users with the latest Internet
resources and conferences in accounting. Links are organized by general topics covering academic, regulation, and professional interests.
ACL (http://www.acl.com) - An integrated system of software providing complete control over
data access, management, analysis, and presentation. The site offers information about their
products, trade shows, seminars, and training schedules as well as online support and the
Audit Central page - A Guide to Web Audit Sites. For more information, send e-mail to
[email protected].
Acquisition Best Practices (http://[email protected]/BestP/BestP.html) - Web site
provides links to Office of Federal Procurement Policy Best Practice guides.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 277
Acquisition Reform Network (http://[email protected]/index.html) - Joint Project
of the National Performance Review, Office of Federal Procurement Policy, and others, focuses on procurement-related issues. There is an Acquisition Best Practices area where auditors may find ideas on reinventing procurement within their organization.
Activity-Based Costing Resources (http://www.saffin.hq.af.mil/FMC/ABC/index.htm) - Web
site provides links to an ABC dictionary, bibliography, software models, periodicals, and more.
ACUA Homepage (http://www.acua.org) - Homepage of the Association of College and University Auditors, an international professional organization focusing on internal auditing in
higher education institutions. Site includes information about the organization, scheduled events,
links to document libraries, and other interesting Web sites.
ACUA-L - List Association of College and University Auditors on Bitnet. ACUA-L is a listserv
on Bitnet for college and university auditors. Closed list for college and university auditors.
ADM PLUS for Windows (http://www.pleier.com) - Web site of Joseph Plier & Associates
provides information about their audit automation software. There are links to newsletter and
conference announcements. Also, a full-featured, 90-day Evaluation Version or a Production
Version of ADM PLUS for Windows is available for downloading.
Advanced Technology Program (ATP) Audit Guidelines (http://www.atp.nist.gov/atp/psagco.htm) - Provided by the Office of Inspector General, U.S. Department of Commerce. The
ATP is a cost-sharing program between government and industry to pursue high-risk, enabling
technologies with significant commercial and economic potential.
Affiliated Conference of Practicing Accountants (http://www.acpaintl.org) - Web site provides information about the organization and the programs offered.
Air Force Audit Agency Headquarters AFAA Home Page (http://www.afaa.hq.af.mil) - Contains links to audit and accounting information, downloadable files, government sites, and
Web reference sites, including a dictionary, thesaurus, and the CIA World Factbook.
Air Force FAR Site (http://farsite.hill.af.mil/) - Web site set up by the Air Force for Federal
Acquisition Regulations.
Alabama State Auditor’s Office (http://agencies.state.al.us/auditor/) - Web site provides information about the office, staff, press releases, and more.
Alaska Division of Legislative Audit (http://www.legis.state.ak.us/legaud/web/default.htm) Site provides summary and full text of audit reports.
278 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
All Business Network Accounting and Taxation (http://www.all-biz.com/accountg.html) Includes links to accounting courses and educational initiatives, working papers, articles, professional and academic accounting associations, as well as other accounting-related resources.
The Resource Directory includes links to accounting firms, tax and computerized accounting
information, and newsgroups.
AllCLEAR – SPSS Inc. (http://www.spss.com/allclear) - Ideal for quality, auditing, IS, training, and human resources. allCLEAR turns a simple text outline into a flowchart automatically.
Alliance for Redesigning Government the National Academy of Public Administration - Established the Public Innovator Learning Network with the goal of building an information
network for people making government work.
American Accounting Association Auditing Section (http:/raw.rutgers.edu/raw/aaa/audit/)
- Site provides background information, announcements for accounting conferences and paper deadlines, links to accounting and auditing sites, and technical resources.
American Accounting Association Government and Nonprofit Section (http://
www.bs.ac.cowan.edu.au/aaagnp/) - Web site provides information about the organization,
research papers, and teaching material.
American Accounting Association Government & Nonprofit Section mailing list (AAAGNPL) - The purpose of this list is to share information of specific interest to AAA GNP members,
including notice of upcoming AAA GNP meetings and their agenda, and to facilitate discussions on a various topics of interest to AAA GNP members. In general, this newsgroup is of
interest to anyone in the government or nonprofit areas of accounting, especially those interested in academic research in areas such as governmental auditing and finance, public choice,
public interest and the U.S. Governmental Accounting Standards Board standard-setting process, and behavioral accounting research relating to governments. To subscribe to the AAA
GNP newsgroup, sponsored by the International Accounting Network (ANet), simply send the
following e-mail message: subscribe AAAGNP-L your first name your last name to
[email protected].
American College of Forensic Examiners (http://www2.acfe.com/acfe/) - This is a not-forprofit organization for professionals involved in forensic examinations and consultation. There
are links to criminal justice sites and other forensic links that provide information about forensic accounting (Zeno’s Forensic Page). Certain areas on this page are restricted to members.
American Health Information Management Association (http://www.ahima.org/index.html)
- Web site provides background on the organization, searchable clinical and non-clinical library databases, online publications and articles, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 279
American Institute for Chartered Property Casualty Underwriters (http://www.aicpcu.org)
- Provides information about property and liability insurance.
American Institute of Certified Public Accountants (http://www.aicpa.org/) - The AICPA
home page includes general information, member matters, catalogs, conference notices, research links, a Newsflash of professional happenings, and more.
American Institute of Certified Public Accountants Online (http://www.aicpa.org/forums/
index.htm) - the Web site for the Forums, an interactive resource for CPAs and other accounting professionals. There are online discussion areas where professionals can exchange ideas
and share concerns with other members of the accounting community. Registration is required
to access the forum. The Web site provides instructions on how to use the forum, usage policy,
and a directory of topics which includes audit, accounting, information technology, and more.
American Payroll Association (http://www.amerianpayroll.org/) - Contains articles on payroll topics, information about the organization, and more.
American Productivity and Quality Center (http://www.apqc.org) - Site is devoted to TQM
and benchmarking issues. There is information about the center, membership details, and services offered. The site also includes selected articles on benchmarking, reengineering, and
total quality from their publication, Continuous Journey Magazine. For more information,
send message to [email protected].
American Society for Quality Control (http://www.quality.org/) (ASQC) - Professional organization for persons employed or interested in the field of quality science.
American Society of Military Comptrollers (http://www.asmconline.org) - The professional
organization for military controllership (professions of financial management in the Department of Defense and Coast Guard). The site includes information about the organization, local
chapters, membership, career opportunities, professional development, and more. The links
section provides access to many additional resources for DoD financial professionals.
American Society of Women Accountants (http://www.aswa.org/) - Site provides information
about the organization, membership, scholarships, and a directory of chapter presidents. This
organization represents a good networking tool for auditors.
Ameritech Internal Audit Services (http://www.ameritech.com/corporate/internalaudit/
index.html) - Web site provides information about the office and the services offered. Auditors will find information on self-directed work teams, benchmarking, and more.
Anchorage Internal Audit (http://www.ci.anchorage.ak.us/Services/Departments/Audit) - Web
site provides information about the office, their annual audit plan, and links to reports.
280 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
ANet (http://www.csu.edu.au/anet) - A cooperative venture of a number of individuals and academic institutions around the world seeking to provide a networked, electronic forum for
information exchange and the discussion of accounting and auditing issues. The site includes
a variety of electronic mail discussion groups and an online database of information.
ANet Mailing Lists (http://www.csu.edu.au/anet/lists) - One of the major services provided by
ANet is mailing lists in a range of areas. The principal mailing list is ANews-L, which provides information on a variety of upcoming events, new publications, and important developments on the Internet. Subscribe to the ANews-L list by sending e-mail to [email protected]. In the subject line of the message, type SUBSCRIBE. Archives of the various ANet lists are maintained at http://www.csu.edu.au/lists/anet/lists. ANet
mailing list subscriptions should be sent to [email protected] with the subject line “subscribe” and the message body left blank. Replace listname with the name of the
list to which you would like to subscribe. For example, subscribe to AAudit-L by sending your
request to [email protected]. For general information on subscribing, go
to http://www.csu.edu.au/anet/lists/list_protocol.html.
AntiOnline (http://www.antionline.com/) - A megasite devoted to the subject of computer security. Site includes a virtual library based on user level, archives, special reports, a local file
search engine, and more.
ANZ Internal Audit Group Mailing List (http://www.curtin.edu.au/curtin/audit/
mailing%20list.htm) - Allows for the free exchange of ideas for internal auditors of Australian and New Zealand universities and other interested participants. The site provides information for subscribing to the ANZUIAG-L list. This list was previously called INTAUDITL).
ANZUIAG (http://www.curtin.edu.au/curtin/audit/anzuiag1.htm) - Web site for the Australian & New Zealand Internal Audit Group at the University of South Australia. This page
provides links to other Australian and New Zealand Universities.
Application Review Questionnaire (http://www.umanitoba.ca/admin/internal_audit/html/
application.html) for an environmental controls system.
Appraising Your Auditors (http://www.icas.org.uk/members/framewk7.pdf) - A report from
the Institute of Chartered Accountants of Scotland. The report provides a framework for the
review and appointment of auditors by listed companies.
Arizona Auditor General (http://www.auditorgen.state.az.us/) - Web site provides a navigation guide that explains about the office and its reports. There are links to performance, financial, and investigative audit reports issued by the office. The Services section includes manuals, forms, and newsletters issued by the office. They also have employment information and
links to other related audit sites.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 281
Arizona Society of Certified Public Accountants (http://www.ascpa.com/) - Site provides information about the society, accounting information, links to other sites, and the Newsledger.
Arkansas State Auditor Home Page (http://www.state.ar.us/auditor/auditor.html) - Provides
information about the office and its services.
Arthur Andersen KnowledgeSpace® for Internal Auditors (http://www.knowledgespace.com)
- A customized source of internal audit resources, tools, methodologies, checklists, and selfassessment surveys. The site provides access to Arthur Andersen’s Global Best Practices knowledge base for business process improvement. You can sign up online for a free 30-day trial of
this subscription-based Web site.
AS/400 Security Page (http://home.earthlink.net/~vleveque/) - An excellent resource for security and disaster recovery information. The site has links toAS/400 and IBM sites, general
resources for security and disaster recovery, security vendors, and more.
Association for Computing Machinery (ACM) (HTTP://www.acm.org) - Largest and oldest
international scientific and educational computer society in the industry. ACM provides members with a forum for sharing knowledge on developments and achievements. There is a Special Interest Group (SIG) for Security, Audit, and Control.
Association of Certified Fraud Examiners (http://www.cfenet.org/) - Site for the organization
of professionals who investigate fraud. Provides information about the association, the certification program, the Code of Professional Ethics, and more.
Association of Certified Fraud Examiners - Central Pennsylvania Chapter (http://
www.paonline.com/cfe/) - Web site provides chapter information, news, links to the National
Association, and other related sites.
Association of Chartered Accountants in the U.S. (http://www.acaus.org/) - Home page for
the professional organization representing U.S.-based chartered accountants. Includes information about the organization, an accounting bookstore, a history of accounting, and links to
other sites.
Association of Chartered Certified Accountants (http://www.acca.ca) - Web site provides information about the organization, news, events, links to resources, and more.
Association of College and University Auditors Audit Exchange Library (http://www.acua.org/
library.htm) - This resource contains audit programs, audit reports, questionnaires, guides,
program reviews, etc., focusing on audits for institutions of higher education. An index is
available showing a list of all files available and a brief description of each file.
282 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Association of Credit Union Internal Auditors (http://www.acuiainc.org) - International organization for internal auditors in the credit union industry. Site provides information about
membership and more.
Association of Government Accountants (http://www.agacgfm.org/) - The official site of the
educational organization dedicated to the enhancement of public financial management. Web
site provides information about the organization, links to local chapters, publications, conferences, education and training, news, and more.
Association of Government Accountants Austin Chapter (http://members.aol.com/
AGAAustin/main.html) - Web site provides information about the AGA, the chapter, employment opportunities, and more.
Association of Government Accountants Dallas Chapter (http://members.aol.com/
AuditorDeb/agadal.htm) - Site includes information about the AGA, the chapter, and more.
Association of Government Accountants New Mexico Chapter (http://www.whiptail.com/
aga/) - Site includes information about the chapter, the organization, training and conferences,
and more.
Association of Healthcare Internal Auditors (http://www.ahia.org/) - Professional organization for healthcare internal auditors dedicated to the advancement of the healthcare internal
auditing profession. Site provides information about AHIA, Code of Ethics, position papers,
and a planned audit library
Association of Inspectors General (http://www.lib.jjay.cuny.edu/ig/) - Web site provides information about the organization representing state and local Inspectors General and other
public inspection and oversight entities. There are links to IG offices and various Internetbased professional development initiatives.
Association of Practicing CPAs (http://www.ap-cpa.org/) - A forum for CPAs to network with
other CPAs by mentoring, teaching, learning, and sharing business opportunities. Includes
links to their newsletter, a CPA directory, and related resources.
Association of Public Pension Fund Auditors, Inc. (http://www.appfa.org/) - An organization
whose members are responsible for internal auditing of public pension funds. The site provides information about the organization, conference schedules, audit programs, their listserv,
and more.
Auburn University Internal Audit Department (http://www.auburn.edu/~auaudit/) - Home
of the Internal Audit Department. Provides information about the department, Frequently Asked
Questions, a Guide to Internal Controls, Ask an Auditor, the Fraud Hotline, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 283
Audimation (http://www.audimation.com) - A distributor of IDEA software. The site has links
to information about the product, its uses, training, upcoming events, and demo downloads.
Audit Commission (http://www.auditcommission.org/) - An independent government body in
England and Wales responsible for appointing auditors in local government, setting standards,
preparing special studies, and defining comparative performance measures.
Audit Exchange Library (http://www.acua.org/library.htm) - Inventory of audit programs from
the Association of College and University Auditors.
Audit Manual (http://iron.utsystem.edu/home/AUD/manual/tab_cont.htm) - From the UT
Systems Audit Office includes details on organizational structure, office policies and procedures, and sample documents.
Audit Methodology Manual (http://www.sao.state.tx.us/Manuals/meth.htm) - From the Texas
State Auditor’s Office. Represents their comprehensive guide on audit-related topics, techniques, and methods. The Manual is an excellent resource for state and local government audit
offices looking for guidance on a broad range of audit issues. The Manual is in Adobe Acrobat
PDF format and auditors may download individual sections or the entire manual.
Audit Process Handbook (http://www.hhs.gov/progorg/oas/tap.pdf) - The DHHS OIG Audit
Process Handbook in PDF format was developed to give auditors tools to conduct audits and
prepare reports. It lays out a systematic approach designed to keep the audit focused, involve
all team members throughout the process, and facilitate report preparation.
Audit Program Guides (http://www.ci.tampa.fl.us/audit/audit_guides.htm) - From the City
of Tampa’s Internal Audit Department. Available in Adobe Acrobat PDF format. The audit
guides cover many functional and program areas of local governments such as fixed assets,
inventory, cashiering, and more. Local government auditors should bookmark this site for
future reference.
Audit Programs (http://iron.utsystem.edu/home/AUD/programs/programs.htm) - From the
UT Systems Audit Office. Includes programs and questionnaires for internal controls, information technology, payroll, and more.
Audit Report Search Site (http://www.osc.state.ny.us/nsaa/) - From the National State Auditors Association. Provides audit reports from state auditors around the United States. There
are summary paragraphs describing key information and a link to the complete report.
Audit Report Writing Guide (http://www.psc-cfp.gc.ca/audit/metod1-e.htm) - From the Public Service Commission of Canada. Provides guidelines for the design, style, and content of
the reports they publish. This document is an excellent resource for audit organizations developing their own guide.
284 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Audit Sentry - HIS Financial Products (http://www.ihsfinancial.com/products/audit/
audit.html) - A user-friendly Lotus Notes® or Windows 95®-based system that streamlines
the audit process, from planning and performance to reporting.
Audit Serve Inc. (http://www.auditserve.com) - Site provides technical articles on audit and
security, discussion topics, question postings, system software release tracking, and job postings.
A section of the home page is also devoted to year 2000 software issue. Issues relating to the
century date change problem are described and a tracking system is provided which identifies
whether software and hardware platforms are year 2000 compliant. The home page also contains a description of products and services offered by Audit Serve. For more information,
send message to [email protected].
Audit Software and Security Utilities (http://www.rawnet.co.uk/) - Site provides downloadable
demos of audit-related software and security programs, including a Random Password Generator, NT and Netware Security, Software Inventory, and more.
Audit Survival Guide (http://www.stanford.edu/dept/Internal-Audit/docs/guide/) - From
Stanford University. Provides information for staff on the audit process. This is a great resource for internal marketing of the audit function through demystification of the audit process.
Audit Techniques Guide (http://www.irs.ustreas.gov/prod/bus_info/mssp/index.html) - I.R.S.
market segment specialization program provides audit guides uses by examiners for 11 different industries. Good reference material for auditors reviewing air charters, architects, tobacco
industry, and more.
Auditbahn Glossary (http://www.auditnet.org/tag.htm) - Glossary of Internet terms for auditors, accountants, and financial professionals. The glossary is part of the AuditNet Project.
For more information, contact [email protected].
AuditForce (http://www.auditforce.com/) - Consulting organization that provides internal audit
and compliance expertise. Site has an e-zine with articles on topics of interest to auditors,
including Internal Auditing and Controls in the Reengineered Company.
Audit-L Discussion List - A generalized audit discussion list open to all auditors irrespective of
industries and organizations. The list is intended to have a diverse membership so that broad
perspectives from all auditors can be gained through interactive communication. While many
specialized lists were created to address unique needs of specific industries or special interest
groups, the concept of this list recognizes that many audit issues cross industry/organizational
lines. Send subscription request to [email protected] with one line in
the body of the letter: SUB AUDIT-L yourname.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 285
Auditing Government Funding (http://www.dhfs.state.wi.us/grants/Audit/IntroAud.htm) Web site from the Wisconsin Department of Health and Family Services provides information
related to grants and contract audits.
Auditing the Human Resources Function (http://www.auxillium.com/audit.htm) - Audit program provided by a Human Resource Consulting Firm outlines the basic approach as well as
information that should be included to cover a regulatory compliance review.
Auditmall (http://www.vfauditmall.com/) - Web site for VF Internal Audit: The internal audit
department of VF Corporation, a Fortune 500 apparel company. Topics include our internal
audit philosophy, internal controls, control self-assessment, employment opportunities, links
to related sites, and much more.
AuditMasterPlan (http://www.jebcl.com/) - AMP is a computer-based risk assessment, planning, and work tracking system for internal auditors. The site provides information about the
product, and a downloadable demo is available.
AuditNet Auditors Sharing Audit Programs (ASAP) - In the interest of “Progress Through
Sharing,” auditors began submitting audit programs to listservs to share with their peers that
requested assistance. The audit programs are those submitted by auditors in the worldwide
community of AuditNet. If you would like to contribute a program, send it via e-mail to
[email protected], or those auditors with AOL access may send the file to
[email protected] using the attach file feature.
AuditNet Communication Network for Internal Auditors (http://www.auditnet.org/
acnia.htm) - An electronic bulletin board providing internal auditors with a place to communicate with other professionals. Areas include internal auditing best practices (AuditBest),
conferences and training seminars (AudiTrain), Internet books of interest to internal auditors
(AuditBooks), job notices (AuditJobs), and other timely information.
AuditNet E-mail Directory (http://www.ecu.edu.au/mra/resources/auditnet.html) - The
AuditNet E-mail List was established for the purposes of fostering electronic communications among audit professionals in government, industry, and academic institutions. Listing in
the AEL is by request. The e-mail directory is being maintained at Edith Cowan University
( http://www.cowan.edu.au/mra/home.htm) . E-mail the following request to
[email protected]
286 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Please include me in a directory of e-mail addresses of auditors. I understand that this information will be used as a networking tool for auditors to maintain a communications link. Full
Name (your REAL name, please):
E-mail Address:
Occupation:
Company/Organization Name:
Organization’s Web Page Address (if applicable):
Industry Title:
City:
State:
Country:
Your Personal Web Page Address (if applicable):
AuditNet Home Page (http://www.auditnet.org/) - This site contains information about the
components of AuditNet, including the ARL, ASAP FTP site, AuditNet E-Mail Directory, and
more. Links to the ARL and indexed pages facilitate connecting to related resources.
AuditNet Internet Use Policy Resources for Internal Auditors (http://www.auditnet.org/
iupaudit.htm) - Site provides links to policy resources for Internet use, security, e-mail, and
other related topics.
AuditNet Resource List Home Page (http://www.auditnet.org/karl.htm) - The official hypertext
version of the AuditNet Resource List that provides the most recent version of KARL, including links to each of the resources.
AuditNet Year 2000 Resources for Auditors (http://www.auditnet.org/y2kaudit.htm) - Site
provides links to year 2000 resources for auditors.
AuditNet-L is a monthly mailing from AuditNet that provides the latest additions to the AuditNet
Resource List, new audit programs added to Auditors Sharing Audit Programs, and more. To
subscribe to AuditNet-L, which includes the monthly updates to Internet Resources for auditors, send an e-mail to [email protected] and in the body of the message put SUBSCRIBE AUDITNET-L (your name).
Auditor Assistant (http://www.auditorassistant.com/) - A teamwork-based audit system using
Lotus Notes. The site includes a description of how the system works, requirements, and a
downloadable preview version of the program.
Auditor General of Canada (http://www.oag-bvg.gc.ca) - The Annual Reports of the Auditor
General of Canada are available on the Internet. The reports contain detailed information
about the office and are organized based on the results of studies and audits completed. There
_____________________________ Appendix B — The AuditNet Resource List (KARL) 287
is a searchable index built into the reports. There is also information about the office and
publications and other materials.
Auditor of the Commonwealth of Massachusetts (http://www.state.ma.us/sao/) - The Office
of the State Auditor Web site provides information about the office and its divisions.
Audit-Y2K Discussion List ([email protected]) - Discussion list devoted
to year 2000 issues for auditors. This non-moderated list is open to all auditors interested in
the year 2000 issue. Dyan Hudson, University of Texas at Austin, is the list owner. Subscribe
by sending an e-mail request to [email protected] with the message Subscribe
Audit-Y2K (your name).
AuditZine (http://www.auditnet.org/aud_zine.htm) - A compilation of articles related to audit
and accounting uses of the Internet. Provides links to articles or a bibliography entry of the
article for ease of location.
Australian Computer Emergency Response Team AUSCERT (http://www.auscert.org.au)
is funded by the Australian Academic Research Network (AARNet) for its members. Located
at The University of Queensland within the Prentice Centre, AUSCERT is a full member of
the Forum of Incident Response and Security Teams (FIRST). AUSCERT maintains an anonymous FTP service at ftp://ftp.auscert.org.au. This archive contains past SERT and AUSCERT
Advisories, and other computer security information.
Australian National Audit Office (http://www.anao.gov.au/anaohome.html) - Web site of
Auditing for Australia provides audit reports, audit strategy, better practices guides and publications, and more.
Australian Society of CPAs Online (http://www.cpaonline.com.au) - Site includes information
about the society, membership, regulations, professional development, services available
through the Microsoft network, and available information resources.
AutoAudit - Paisley Consulting (http://www.paisleyconsulting.com) - Paisley Consulting provides products and services that improve the efficiency and effectiveness of internal audit
departments. Site includes the AutoAudit software, which is a complete workflow automation
system designed to increase the productivity and effectiveness of medium and large-sized
audit firms.
Bank Administration Institute (http://www.bai.org/) - Provides information about BAI, links
to emerging issues, and Certified Bank Auditor training material demo.
288 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Bank Internal Auditing (http://members.xoom.com/bankauditing/) - An e-library for bank
internal auditing with links to related resources.
Bankers Trust Software (http://www.bankerstrust.com/soft/) - Site provides information about
financial and risk management systems. One system that may interest auditors is The Auditor’s
Workstation, a Lotus Notes-based system. for streamlining the audit process.
Barefoot Auditor (BFA) (http:/www.thebarefootauditor.com/) - Site with information about
the Barefoot Auditor, a software auditing program. Downloadable demo is available from this
site.
Becker CPA Review (http://www.beckercpa.com/) - Site provides details about their CPA review course. There is an excellent description of careers in accounting and pay scales that
would be useful for students exploring accounting-related positions.
Benchmark Auditing in the Federal Audit Community (http://www.hhs.gov/ignet/faec/
bmrk.html) - Is an initiative from the Federal Audit Executive Council and resides on the
IGNet server. The site provides information about benchmarking, including a definition, the
reasons, and the auditor’s role. There is a list of references, a Code of Conduct, and links to
other benchmarking sites.
Benchmark Project Guide (http://www.dtic.mil/c3i/bprcd/0135.htm) from the DoD Electronic
College of Process Innovation is a tutorial on How to Prepare for and Conduct a Benchmark
Project. Excellent resource for auditors looking at organizational analysis issues.
Benchmarking and Best Practices (http://www.tbs-sct.gc.ca/tb/iqe/bmrkg_e/indexe.html) Web site for the Treasury Board of Canada provides benchmarking and best practice information useful for auditors. The main page for their site also includes links to quality service
guides for various aspects of government operations.
Benchmarking Human Resources (http://www.wa.gov.au/gov/psmo/pubs/directory/guides/
hrpp/wdu/benchmk.html) - A navigation guide from the Western Australia State Government. This discussion paper provides an overview of HR benchmarking and strategies for
identifying meaningful HR performance indices.
Benefits-L Internet Resource is a comprehensive list of benefits resources for human resource
professionals. This is an excellent point of reference for auditors and financial professionals
to research and obtain background for reviews in the benefits area. Coverage includes health
management, human resource information systems, payroll, ERISA, unemployment insurance, workers compensation, and other benefits-related issues. URL is http://www.mtsu.edu/
~rlhannah/employee_benefits.html. The coordinator also maintains an employee benefits list.
To subscribe, send a message to [email protected]. Leave subject blank and type in the
message area: subscribe BENEFITS-L (your name).
_____________________________ Appendix B — The AuditNet Resource List (KARL) 289
Best Practices Procurement Manual (http://www.fta.dot.gov/fta/library/admin/) from the
Federal Transit Administration provides recipients of Federal Transit Administration (FTA)
funds suggested procedures, methods, and examples for conducting third-party procurements
to assist them in meeting FTA standards.
Beta Alpha Psi (http://www.bap.org/index.htm) - Web site of the National Accounting Fraternity has information about the organization, scholarships, chapter links, student pages, and
more.
Better Practice Guides (http://www.anao.gov.au/bpgs.html) from the Australian National Audit Office are reports on specific areas of interest to auditors along with best practice information. Includes guides for selecting suppliers, travel, effective control, performance information, and more.
Binomial International (http://www.binomial.com) - Site for Disaster Recovery Planning contains valuable information for auditors. Also includes links to over 400 DRP sites. A free
monthly newsletter is available by sending a message “subscribe disaster recovery” to
[email protected] or via the homepage.
Bisk Publishing Company (http://www.bisk.com/) - Site for the provider of educational materials for auditors and accountants. Site search engine available to locate information.
Board of Audit of Japan (http://www.jbaudit.admix.go.jp/engl/) - Web site provides status
and history of the office and their audit activities.
Boston College Internal Audit (http://www.bc.edu/bc_org/fvp/ia/home/home.html) - The Information Security and Internal Control Awareness home page from the Boston College Internal Audit Department. Site includes information about the office, network security, software
copyright information, end-user computing, and AuditNews that covers articles of interest to
auditors compiled from other journals.
BrainTree Security Software (http://www.sqlsecure.com/) - Vendor Web site provides information about their products for security solutions for relational databases. White papers available on PeopleSoft data security and more.
Brevard County Internal Audit (http://199.241.8.81/pages/interaud.htm) - Provides information about the office and online versions of recent audit reports.
British Columbia, Office of the Auditor General (http://www.oag.bc.ca/) - Site provides information about the office and the reports produced. Also includes links to other related sites.
290 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Building and Auditing a Trusted Network Environment with Netware 4.x (http://
developer.novell.com/research/appnotes/1994/april/a1frame.htm) - Online guide from
Novell includes a security overview, security basics, and audit guidelines for Novell networks
using Netware 4.x.
Bureau of Economic Analysis (http://www.bea.doc.gov/) - Web site for the nation’s economic
accountant.
Business English Online (http://eleaston.com/biz/bizhome.html) - This wide and varying index covers all matters of business language. Business English Online links to sites that help
users with their language in business presentations, multi-lingual assistance, and business
writing. Resources range from glossaries of accounting definitions to vocabulary quizzes of
real estate terms.
Business Ethics Resources on WWW (http://www.ethics.ubc.ca/resources/business/) - Provides links to sites related to the subject.
Business Finance (http://www.businessfinancemag.com) - Provides practical information for
the financial manager. Selected sections of the magazine will be available online. Includes a
comprehensive list of Web Resources for Controllers.
Business Fraud Detection Services (http://getzoff.com/business_fraud/business_fraud.html)
- Site of a fraud examination consultant. Includes a checklist of 20 ways to detect fraud.
Business Netiquette International (http://www.bspage.com/1netiq/Netiq.html) - Provides a
guide for business to business e-mail. Auditors new to the online world will find this a useful
resource for proper business communication formats for new technology.
Business Now (http://www.ey.com/idea/real/bus_now.ra) - A television news magazine in online
in Real Audio which is available for download at http://www.real.com
Business on the Web Management Guide (http://www.butlergroup.co.uk/) - Go to free publications section. This is an excellent guide that auditors can use in evaluating the organizational decision to establish a Web site. The Guide includes a chapter on security issues.
Business Process Resource Centre (http://bprc.warwick.ac.uk/index.html) at the University
of Warwick provides links to other sites on the topics of reengineering business processes,
discussion forums, a glossary of terms, articles, reports, and documents.
Business Research on the Internet (http://www.intellifact.com/tutorial.htm) - A tutorial on
doing business research. It covers online research basics, finding company information, keeping up with business news, researching markets and industries, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 291
Business Researcher’s Interest (http://www.brint.com/BPR.htm) - A comprehensive site of
links to business process reengineering and innovation. Includes papers, handbooks, projects,
tools, and links to other BPR resources and related sites.
Business Resources on the Internet (http://lib-www.lanl.gov/infores/bus/bus.htm) - Web site
provides a comprehensive list of business resources useful for auditors such as business information databases, directories, electronic publications, and more.
Business Software Alliance (http://www.bsa.org/bsa/) - A worldwide organization charged with
fighting software piracy on behalf of their members, the industry’s leading publishers of productivity software. Site provides statistics on software piracy, reports, and an FTP archive of
files. There is a comprehensive guide to software management available, which includes all of
the elements to set up a software management program.
Business Tools (http://www.toolkit.cch.com/tools/tools.htm) - Web site from CCH that provides a comprehensive list of ready-to-use templates, checklists, and model business documents. You never know when one of these documents may come in handy!
Business Upshot (http://www.ey.com/upshot/) - A business magazine and newsletter from Ernst
& Young. There are articles and ideas from more than 200 E&Y publications as well as an idea
clearinghouse, career information, and more.
Business Week Enterprise (http://enterprise.businessweek.com/) - A resource center for small
business owners from Business Week. Site includes a News Center covering current issues
from the small business owner’s perspective. Also contains advice columns, site recommendations, financial calculators, and more.
CA-Xchange (http://www.cax.org/) - Web site that is described as a meeting place for Canadian
chartered accountants and friends. There is information about the organization, links to other
relevant sites, and members-only links.
California Institute of Technology Internal Audit Department (http://www.cco.caltech.edu/
~iaudit/~iaudit.html) - Web site provides information about the office, internal control descriptions, the audit process, and more.
California State Association of County Auditors (http://www.co.sanmateo.ca.us/controller/
auditchf.htm) - Web site provides a list of California counties and their auditors, a list of
audits performed with contacts, and links to other sites.
California State Auditor (http://www.bsa.ca.gov/bsa/) - Site provides information about the
office, employment opportunities, audits reports issued by both the Bureau of State Audits as
well as the Auditor General. Audit reports may be ordered from this Web site.
292 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
California State Controller’s Office (http://www.sco.ca.gov/) - Details about the office, including responsibilities and functions. The home page provides links to the Controller’s Monthly
Revenue Updates, Controller’s Quarterly Reports, and a response to the May 1995 Performance Audit. The response is an excellent example of a detailed plan with corrective action
identified.
Can-AccTech (www.can-acctech.com) - The Canada-Accounting Technology centre features a
discussion list where Canadian accountants, financial professionals, accounting technology
developers, and resellers can swap ideas, problems, and experiences in an open exchange of
views.
Can-AccTech - Discussion list where Canadian accountants and financial professionals can swap
ideas, problems, and experiences in an open, unmoderated exchange of views and comments.
The Can-AccTech discussion forum may lead to the development of further information sources
and assistance in technology matters specifically geared to the needs of accountants and financial professionals. To join Can-AccTech, send an e-mail message to:
[email protected]. and, in the e-mail message body state: subscribe can-acctech.
You will receive, via return e-mail, an acknowledgement of your free subscription, along with
information on how you can participate in Can-AccTech. If you have any questions about
Can-AccTech, please e-mail the list owner, Richard Morochove, at: [email protected]
Canadian Environmental Auditing Association (http://www.mgmt14k.com/ceaa/) - Organization dedicated to development of the practice of environmental auditing. Site provides
background on the organization.
Canadian Institute of Chartered Accountants (CICA) established a Chartered Accountants of
Canada Web homepage (http://www.cica.ca). The site will contain links to the provincial institutes. There are also links to accounting and consulting practices of accounting firms, national and international accounting organizations, and activity areas including accounting and
audit. While much of the site is under construction, there are excellent links to environmental
accounting resources and activities.
Canaudit (http://www.canaudit.com/) - Web site for continuing education/training for internal
audit, and information systems audit. Features include information about their services, a newsletter, and more.
Carratu International (http://www.carratu.com/) - Web site of a fraud and security consultant.
Includes a description of services offered and bulletins (in Adobe Acrobat format) on corporate fraud, risk analysis, and more.
CaseWare (http://www.caseware.com/) - CaseWare International is a producer of engagement
and reporting software.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 293
CCH Incorporated (http://www.cch.com/) - Site for the publisher of tax, accounting, and auditing materials.
Cellular Telecommunications Industry Association (CTIA) Antifraud Internet Mailbox The CTIA Fraud Task Force set up a hotline tip box for reporting incidents of cellular phone
hacking. CTIA is soliciting information on any type of illegal phone activity. The mailbox is
administered by Decision Strategies International (DSI), a Washington, DC-based investigative consulting firm. Send Task Force messages to cell [email protected] or anonymously
[email protected]. Encrypted messages can also be sent using PGP. The PGP public
key for Decision Strategies can be obtained by sending an e-mail message to [email protected],
with [email protected] in the body of the message.
Center for Performance Measurement (http://www.icma.org/abouticma/programs/performance/index.cfm) - Web site from the International City Manager’s Association is dedicated
to helping local governments measure, compare, and improve municipal service delivery. The
site contains sample performance measures for selected services and a library of articles on
the topic of performance measurement.
CERIAS (http://www.cerias.purdue.edu/index.html) - Web site for the Center for Education
and Research in Information Assurance and Security. There are links to the various programs
supported by the Center including COAST.
CERT (http://www.cert.org/) - The Computer Emergency Response Team Coordination Center
site is a focal point for computer security concerns of Internet users. There are links to CERT
advisories, the CERT ftp archives, FAQs, and more.
Certified General Accountants’ Association of British Columbia (http://www.cga bc.org/) Site provides information about the association, tax tips, links to accounting associations, and
more.
Certified General Accountants’ Association of Canada (http://www.cga canada.org) - Provides information about the CGA structure, programs, publications and more.
CFO Council (http://financenet.gov/cfo.htm) - Link to the organization of the chief financial
officers and deputies of the largest federal agencies, OMB, and treasury officials that work
together on improving federal financial management.
CFO Publishing Online (http://www.cfonet.com/) - Web site for CFOs, treasurers, controllers,
and other financial executives. Current and archived issues of Treasury & Risk Management
and CFO Magazine.
294 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
CGA Magazine (http://www.cga-canada.org/eng/magazine/defaults.htm) - Web site of the
monthly bilingual journal of the Certified General Accountants’ Association of Canada. Professional journal with informative and timely articles on various accounting-related subjects.
Chartered Institute of Management Accountants (http://www.cima.org.uk/) - Web site provides information about the CIMA and describes management accounting.
Chartered Property Casualty Underwriters Society (http://www.cpcusociety.org/index2.htm)
- Web site of insurance professionals containing information for consumers covering areas
such as insurance law, finance, ethics, and management.
CharterNET - Web server for the Institute of Chartered Accountants in Ireland (ICAI). This site
(http://www.icai.ie/) provides information about the ICAI services and online library of materials. There is also a description of the business network reaching out to chartered accountants
working in industry, commerce, and the services sector.
Check Fraud: A Guide to Avoiding Losses (http://www.occ.treas.gov/chckfrd/contents.htm)
from the Office of the Comptroller of the Currency provides guidance on a major organizational issue. Guide sections include check fraud schemes, prevention measures (internal controls, training, check-cashing guidelines), and more.
Chesapeake Audit Services Department (http://www.chesapeake.va.us/services/depart/audit/audit.html) - Web site provides contact information for the office.
Chesterfield County Internal Audit (http://www.co.chesterfield.va.us/ManagementServices/
InternalAudit/iahome.htm) - Web site provides information about the office and an e-mail
contact.
Chicago Housing Authority Inspector General (http://www.thecha.org/Inspect_Gen.htm) Web site provides information about the office, job opportunities, and more.
Clark County Internal Audit (http://www.co.clark.nv.us/intaudit/Intaudit.htm) - Web site
provides information about the office, audit process, audit plan, audit programs, and more.
Clerk’s Internal Audit Department (http://www.clerk.collier.fl.us/internal_audit.htm) - Web
site of the Collier County Clerk of the Circuit Court Internal Auditor provides information
about the office, audit plan, reports issued, and more.
Client Satisfaction Measurement Questionnaire (http://www.psc-cfp.gc.ca/audit/metod2e.htm) from the Public Service Commission of Canada provides a format for measuring audit
customer satisfaction. This questionnaire is an excellent resource for audit organizations interested in measuring customer satisfaction.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 295
CoActive Connection (http://www.coactiveconnection.com) - The Tongren and Associates Web
site provides information on CoActive Audit, CoActive Control, CoActive Governance and
CoActive Risk as well as a library of articles on the above principles.
COBIT (http://www.isaca.org/ct_dwnld.htm) - The Control Objectives for Information Technology from ISACA. The Executive Summary, the Framework, and the Control Objectives
are available for download in Adobe Acrobat (PDF) format.
COBIT Listserv (COBIT-List) - Created to facilitate discussion about COBIT among members.
By exchanging knowledge through the listserv, subscribers are sure to find answers to their
questions and advice for improving implementation procedures. Subscribe to the COBIT listserv
by sending the following e-mail message to: [email protected], SUBJECT SUBSCRIBE
cobit-list, and leave the MESSAGE BODY blank.
Code of Federal Regulations on the WWW (http://www4.law.cornell.edu/cfr/34cfr.htm) The Code of Federal Regulations is the official, subject matter order, compilation of the federal regulations of a general applicability and legal effect that are currently in force. In accordance with section 1510(d) of title 44 of the U.S. Code, the Code of Federal Regulations is
compiled by the Office of the Federal Register of the National Archives and Records Administration. The Code is divided into 50 titles by subject matter. Each title is divided into sections. Sections within a title may be grouped together as subtitles, chapters, subchapters, parts,
subparts, or divisions. Titles may also have appendices that may be divided into sections,
rules, and/or forms.
Colorado State Controller’s Office (http://www.state.co.us/gov_dir/gss/acc/) - Web site for
the organization that manages the financial affairs of the state by providing financial information, issuing fiscal policies, ensuring timely recording of the budget, and providing accounting
consulting services to state agencies. The site includes general information as well as reports
and publications.
Columbia University Internal Audit (http://www.columbia.edu/cu/ia/) - The Columbia University Web site has a section devoted to their internal audit department. The section includes
A Guide to Internal Controls, Internal Control Issues, and Auditing at Columbia University: A
Service to Management. The last document is an excellent guide that other audit organizations could follow to educate management and departments about internal auditing.
Commonwealth of Australia Department of Finance (http://www.finance.gov.au/) - Provides
information about the Australian Department of Finance including mission statement, organization structure, and links to other organizations. There is also a link to the Commonwealth
Budget, which could assist auditors in reviewing budgets for their own organizations.
296 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Compliance Desk (http://www.compliancedesk.com/) - Provides news and resources for the
compliance professional. There are links to year 2000 resources, articles, news, and reference
for the banking industry. Hot links are provided to the Top 100 Banks and the Top 100 Bank
Holding companies and more.
Comprehensive Info-Surety Database (http://pc31.ca.sandia.gov/) - Site maintained by Dr.
Frederick Cohen contains a potpourri of security-related information, including numerous
articles related to IT audit, lists of attack and defense methods, studies of emerging information protection technologies, national infosecurity technical baselines, and other information
to aid the auditor in keeping current and effective on leading edge security issues.
Computer and Network Security (http://www.netsurf.com/nsf/index.html) - Netsurfer Focus
addresses the issue of computer and network security. This electronic magazine is available on
the Web site and also via e-mail. To obtain Netsurfer Focus directly via e-mail, send message
to nsdigest [email protected]. In the body of the message type: subscribe nsdigest html or
subscribe nsdigest text .
Computer-Assisted Audit Tools and Techniques (CAATT-L) - A forum for exchange of ideas,
experiences, and information related to automated audit tools and techniques, such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and automated audit workpapers. It is a closed discussion list hosted by RAIN, a regional
networking services provider. To subscribe, include “subscribe” in the body of your e-mail
message to [email protected]
Computer Control and Audit Guide (http://arts.uwaterloo.ca/ACCT/acct.html) - Prepared
by Professor J. Efrim Boritz, a recognized accounting scholar. It is an overview and reference
source pertaining to computer control and audit issues with which an accountant or financial
manager should be familiar. This guide can be used as a text in a course or for self-study. This
guide is organized into three logically related parts as follows: risks and exposures in computer-based information systems; computer controls, objectives, standards, and techniques;
and computer auditing issues. Go to People-Faculty-J. Efrim Boritz for the Guide.
Computer Operations, Audit, and Security Technology (COAST) (http://
www.cerias.purdue.edu/coast/) - Project Computer security research project in the Computer Science Department at Purdue University. Exploring new approaches to computer security and computer system management. COAST has a comprehensive archive containing tools,
papers, technical reports, documentation, announcements, alerts, security patches, and newsletters. Areas of interest include, but are not limited to, access control, authentication, criminal
investigation, e-mail privacy, firewalls, and incident response.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 297
Computer Security Awareness Training (http://wwwoirm.nih.gov/sectrain/index.html#intro)
- A computer-based training course. There is also an accompanying document available for
download with an overview of basic computer and information security practices.
Computer Security Institute (http://www.gocsi.com/) - Web site of the oldest international
membership organization for training information security professionals. This site provides
excellent information on computer security issues, including current issues and trends, technology links, and valuable Guides to Computer Security for Managers in the areas of e-mail
security, Internet security, computer viruses, communications fraud, and computer security
awareness. Free registration required for online access to the Guides.
Computer Security Publications from NIST - send e-mail to [email protected] with
the message “send index” for a list of NIST computer security publications. To retrieve copies
of the publication via e-mail, send message “send <document filename>. The NIST also distributes a Computer System Security Laboratory Newsletter via the Internet. Send e-mail message to [email protected] with the message “subscribe csl newsletter”.
Computer Security Resource Clearinghouse (CSRC) (http://csrc.ncsl.nist.gov/) - The NIST
Computer Security Division maintains an electronic clearinghouse to encourage the sharing of
information on computer security. The CSRC contains computer security awareness and training information, publications, conferences, and software tools as well as security alerts and
prevention measures. The CSRC system is available 24 hours a day, seven days a week. NIST
does not charge a usage fee for this service. Access the CSRC system via the Internet (http,
gopher, and ftp). To connect via Gopher and FTP, use the following: gopher csrc.ncsl.nist.gov
or 129.6.54.11 ftp csrc.ncsl.nist.gov or 129.6.54.11. For users with internet accessible e-mail
capability, send e-mail to: [email protected] with the following message: send filename</
em>, where filename is the name of the file you wish to retrieve. Users can also use a http
client by dialing into the CSRC at 301 948 5717.
Computerized Accounting Home Page (http://www.accounting.org/) - Site maintained by SBT
Accounting Systems as a courtesy to accounting users and professionals. Provides analysis of
computerized accounting software and reviews of current systems. Also contains links to audit, accounting, and business-related sites. For more information, send e-mail to [email protected].
Confederation of Asian and Pacific Accountants (http://www.capa.com.my) - Web site for a
professional organization provides information on projects, articles, publications, links to other
CAPA bodies, an Accountant’s Forum, and more.
Conference Audit Guide (http://www-tradoc.monroe.army.mil/irac/guides/g-conf.html) Provides information and guidance for performing audits of conferences, symposiums, and
workshops.
298 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Connecticut Auditor of Public Accounts (http://www.state.ct.us/apa/) - Web site provides information about the office, types of audits performed, reports, employment information, and
more.
Connecticut Office of the State Comptroller (http://www.state.ct.us/otc/) - Home page provides an overview of the office, press releases, reports, manuals, and an excellent page of links
to other State Comptrollers on the Net.
Construction Financial Management Association (http://www.cfma.org/) - Site provides information about the organizations, publications, a job bank, and more.
Continuous Quality Improvement Server - The CQI Server (http://deming.eng.clemson.edu)
at Clemson University’s Department of Industrial Engineering supports global efforts in quality improvement and education in quality. CQI includes tutorials on CQI, links to the Deming
Electronic Network, the Community Quality Electronic Network, discussion lists on TQM,
and other quality-related sites.
Control Co-Assessment (http://www.vfauditmall.com/CCA/ccashop.HTM) - Provides the VF
Corporation’s approach to control self-assessment.
Control, Risk and Governance (http://www.cica.ca/) - from the Canadian Institute of Chartered
Accountants provides an overview of the Criteria on Control, the exposure draft CoCo report,
newsletters, publications, and articles from CA Magazine. Look under Studies and Standards
in What’s New July-September 1998. Great resource for auditors implementing CSA.
Control Self-Assessment (http://vpf-web.harvard.edu/audit/home/CSA_frame_bot.html) From Harvard University provides an introduction, questionnaire, guidance on completing the
questionnaire, and reference material.
Control Self-Assessment Center (http://www.theiia.org/csa/csa.htm) at The IIA provides comprehensive information and material on CSA, including qualification, certification, conferences, seminars, and educational products.
Control Self-Assessment (CSA-L) Mailing List - An unmoderated discussion list devoted to
Control Self-Assessment and open to anyone with an interest in discussing issues related to
CSA. CSA is a process that allows work groups to identify or refine the business and quality
objectives that they should be fulfilling, while assessing the adequacy of plans and controls in
place to meet those objectives. To join the list, send a message to [email protected]
with the text SUBSCRIBE CSA-L. You will receive an acknowledgment and a message with
administrative issues.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 299
Control Self-Assessment Resource Center (http://www.jhw.com/~jhw/csa/) - Web site provides links to CSA resources available on the Internet.
Control Self-Assessment Workshop (http://iron.utsystem.edu/home/AUD/OTHERINF.HTM)
- Participant Manual is available from the UT System Audit Office. The manual serves as an
excellent example of a training document for the CSA process.
Controls Assessment Tool (http://oig.ufl.edu/cat.htm) - Comes from the University of Florida
Office of the Inspector General. The survey consists of questions that address controls in a
variety of business processes, such as Planning and Policy Making, Budgeting and Performance Measurement, Procurement, Personnel and Fiscal Management, and more.
Corporate Credit Card Best Practice Guide (http://www.audit.nsw.gov.au/corpcd98/
crdtcard.htm) - From the Australian Government provides a policy, controls over card issues, operational controls, and more.
Corporate Governance (http://www.corpgov.net/) Web site covers issues related to management accountability within organizations. There are links to sample policies, library reference
materials, forums and more.
Corporate Review, Evaluation and Audit (http://www.ncr.dfo.ca/communic/cread/english/
index_e.htm) - Web site of the Canadian Department of Fisheries and Oceans audit organization which access to their service standards and reports and links to other sites.
Corporate World Wide Web Strategy: Development, Implementation and Audit (http://
ourworld.compuserve.com:80/homepages/bfelmly/webdoc.htm). This is an excellent guide
for information systems audit professionals for understanding auditing issues associated with
the Internet and the Web.
Cost Accounting Discussion List - The Southeast Conference on College Cost Accounting sponsors this list dealing with cost accounting issues, OMB Circulars A 21, A 110, A 128 and other
related issues. To subscribe, send message to [email protected]
Cost Estimating Handbook (http://www.jsc.nasa.gov/bu2/PCEHHTML/pceh_c.htm) - An
excellent resource tool for auditors and accountants. The Handbook provides statistical techniques and development guidelines for cost estimation, acceptance criteria for cost estimation,
guidelines for auditing and analyzing a cost estimation relationship, elements of good estimating practice, and more.
300 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Cost Performance Model for Assessing WWW Service Investments (http://
www.ctg.albany.edu/projects/inettb/SpreadSheets.html) - A set of tools designed to assist
organizations in estimating the likely costs and benefits of developing a Web-based service.
This is an excellent tool for auditors looking to evaluate the organizational cost and ROI for
Web-based services.
Cost Principles - Procedures for Developing Cost Allocation Plans (http://www.hhs.gov/
progorg/grantsnet/state) - An implementation guide for OMB Circular A-87.
Council of Higher Education Internal Auditors (http://www.wlv.ac.uk/ias/cheia/
welcome.html) - Web site provides information about the organization, newsletter, internal
audit links, and an e-mail discussion list.
Count (http://www.count.org/) - Web site dedicated to providing tips and resources for accounting students, educators, and professionals. The site includes a job center, articles, and a software section.
County Auditor’s Association of Ohio (http://www.caao.org) - Professional organization Web
site provides a directory of county auditors, a virtual tour, and fiscal responsibilities.
CPA Exam Home Page (http://www.ais cpa.com/) - Site sponsored by Accounting Institute
Seminars provides information about changes in the CPA exam, the exam structure, applying
to take the exam, and answers to recent exams. This is a good resource for auditors planning
for the CPA exam. They also include a schedule of upcoming AIS seminars for candidates.
CPA Journal (http://www.cpaj.com/) - A subscription publication directed at public practitioners, management, educators, and other accounting professionals. The Web site provides
access to the lead story as well as a comprehensive collection of links to Internet resources for
CPAs.
CPAnet (http://www.cpalinks.com/) - Site includes links under categories such as the Audit
Zone, CPA toolbox, Tax Zone, Government, Orgs and Firms, an articles archive, and more.
CPANews (http://www.webnetcpa.com/cpanews/) - A weekly electronic newsletter dedicated
to reporting events, developments and news for CPA firms, and financial professionals.
CPAonline.net (http://www.cpaonline.net/) - Web site for professional accountants provides a
free subscription to the Accountant’s Ledger magazine, a free e-mail account, a free Web page,
a free listing in the Accountants Referral Service, and access to the Accountants Conference
Center. Registration required.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 301
CPAS-L Internet Accounting List/Forum for CPAs is a free list/forum for CPAs in public
practice, private industry, and government. The list, hosted by Loyola University Department
of Accounting, provides an unmoderated forum for discussion of all aspects of the practice of
accounting. Subscribe by sending an e-mail to [email protected] and leave the subject line
blank. Message should read SUBSCRIBE CPAS-L first_name last_name firm/company/organization.
cpaSPAN (http://www.cpaspan.com/index.html) - Web site forum for trustees and administrators of multi-employer employee benefit plans. The 1040 Corner and employee benefit news
section includes related articles on fraud, Year 2K, derivatives, and more.
CPA Wire (http://www.calcpa.org) - Home page of the California Society of CPAs. Provides
information about the organization, meeting information, links to other state societies, and
more. For more information, send message to [email protected].
CPEInternet (http://www.cpeinternet.com/) - Provides continuing professional education for
accountants and auditors via the Internet. Course catalog includes training in business, accounting/auditing, taxation, consulting, and more. Free demos and course previews available.
CPENet (http://www.cpenet.net) - A nonprofit, online continuing education service designed by
a group of certified financial professionals, all of whom have been active as practitioners and
trainers for many years. CPENet originates from our concern that outsourcing, downsizing,
and slashed training budgets are making high quality CPE more and more difficult for CPAs,
CIAs, CISAs, CMAs, CFEs, and CGFMs to obtain. The purpose of CPENet is to reduce the
cost to the individual professional of high quality, continuing professional education. CPENet
is a National Association of State Boards of Accountancy (NASBA) continuing education
sponsor (#95 000739 97). E-mail comments to: [email protected].
CPE-Tracker (http://www.cpe-tracker.com/) - Web site for Continuing Education tracking and
resources for professionals provides various services for auditors and accountants. Services
include searching for CPE, tracking, CPE requirements, CPE providers, and more.
CRA Wiz – PCI Services Inc. (http://www.pciwiz.com) - CRA Wiz™ is a family of Windows™
based software tools for compliance professionals in the CRA and Fair Lending fields. The
three tools are the Database Analyzer, the Geocoder, and the Mapper. All are Windows™
based and can be operated and purchased as an integrated system or independently of each
other.
Creative Financial Staffing (http://www.cfstaffing.com/index.html) - Web site for an accounting and financial placement firm. Includes articles for companies about staffing, human resources, and accounting industries. There are resume, job search, and interviewing tips for job
seekers. There is also a financial and accounting salary guide.
302 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Credit Union Internal Auditors Association (http://www.cuiia.org/MainPg.htm) - Web site
provides information about the CUIAA, a useful discussion forum, and more.
Credit Union Internal Auditors Mailing List - Discussion list for credit union internal auditors.
To join this Internet mailing list, send an e-mail to [email protected] and include the
following: “subscribe cu-ia” in the body of the message.
Crystal Reports – Seagate Software (http://www.crystalinc.com/crystalreports) - Seagate
Crystal Reports accesses more than 30 data sources, has powerful data analysis capabilities
and report type options, and produces presentation-quality output.
CTI-CCC-AUDIT - Auditing and accounting mailing list sponsored by the CTI Centre for Accounting, Finance and Management at the School of Information Systems, University of East
Anglia, UK. The list is open to anyone interested in auditing who wants to be in contact with
others with similar interests. This is a listserv. To subscribe, send an e-mail message to
[email protected] and state in the message Join cti-acc-audit Firstname Lastname.
Curtin Control Assessment (http://www.curtin.edu.au/curtin/audit/iad7b.htm) - A management tool utilized at the university enabling managers to informally assess their control processes.
Curtin University Internal Audit Department (http://www.curtin.edu.au/curtin/audit/
index.htm) - Web site includes their charter, mission, resources, and links to other Internet
locations.
Customer Service Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/cus_ser.e.html) - from
the Treasury Board of Canada provides information for conducting a review in this area.
Cybercop Home Page (http://www.well.com/user/kfarrand/index.htm) - Site provides a number of links to crime prevention and investigatory resources. The training schedule for the
Financial Fraud Institute at the Federal Law Enforcement Training Center. For more information, contact [email protected]
Dallas City Auditor (http://www.ci.dallas.tx.us/html/city_auditor.html) - Web site provides
information about the office, FAQs, and a program description.
Data Collection and Analysis Site (http://www.deakin.edu.au/~agoodman/sci101/) - Web site
from Deakin University in Australia provides a comprehensive guide on the scientific process
of collecting and analyzing data. Particularly useful chapters for auditors on surveys, sampling, and techniques.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 303
Data Extraction and Analysis Mailing List. Established March 1, 1995, on America Online to
be a moderated discussion forum for the exchange of ideas related to the use of ACL, IDEA,
Microsoft Access, and any other data extraction and analysis software. ACL, IDEA, and
Microsoft Access are PC-based software that allow users to easily read, analyze, and report on
data. On a biweekly basis, the moderator sends a summarized document that organizes the
ideas sent during the previous two-week period. The mailing list is not a forum for technical
questions (other than idea questions such as “Is it possible to use ACL for accounts receivable
test work and does anyone have a good way to do this?”). All technical assistance questions
should be directed to ACL, IDEA, Microsoft Access, or other software technical support. All
messages and subscriptions should be sent to [email protected] with one line in the body of the
letter: SUB DE&A. It would be appreciated by the moderator if the person’s real name, organization, software type, and number of years’ data extraction and analysis has been used be
included in the message.
Day Timer Resource Library (http://www.daytimer.com/resource/library/) - Provides online
articles on time management.
D.C. Inspector General (http://www.dcig.org/) - Provides information about the office, media
releases, reports, and more.
Decision Strategies (http://www.dsfx.com/) - International investigative consulting and business intelligence firm serving a worldwide corporate, legal, government, and financial industry clientele. The Decision Strategies home page contains an electronic newsletter on topics of
interest to the audit community.
Defense Contract Audit Agency (http://www.dcaa.mil/) - Web site for the agency responsible
for performing all contract audits for DoD and providing all accounting and financial advisory
services for contracts and subcontracts in DoD organizations. Site includes background information about the organization, vision and goals, audit guidance, and more. Auditors involved
in reviewing contracts will find useful guidance at this site.
Delaware Auditor of Accounts (http://www.state.de.us/auditor/index.htm) - Office of the
Auditor of Accounts for the State of Delaware. Provides information about the office and links
to economy and efficiency reports issued by the office.
Denver Auditor’s Office (http://www.denvergov.org/dephome.asp?depid=228) - Provides information about completed audits, city budget, technology update, and more.
Department of Accounting, Finance, & Information Systems
(http://
www.afis.canterbury.ac.nz/acct.htm) - University of Canterbury, Christchurch, New Zealand.
This is a WWW site with subjects on accounting, finance, and information systems.
304 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Department of Commerce Inspector General (http://www.oig.doc.gov/) - Web site provides
information about the office, online reports, and more.
Dial-Up Auditor (http://www.InfoProtect.com/) - A PC-based communication and database
software risk identification tool that quantifies exposure to unauthorized dialup access. The
site has information about the product as well as a downloadable demo.
Directorate of Counter Fraud Services (http://www.doh.gov.uk/dcfs/index.htm) - Web site
provides information about health care fraud in the United Kingdom, the types of fraud, and a
fraud strategy.
Disaster Recovery Journal (http://www.drj.com/) - Home page for a magazine dedicated to
business continuity. Links are available to a variety of disaster recovery sites, disaster recovery service providers, and selected articles and highlights from past issues.
Double Entries. To receive this list, register your name and e-mail address via the Register option
on the AccountingEducation.com Web site. Go to http://www.accountingeducation.com. To
be
removed
from
this
list,
please
send
e-mail
message
to:
[email protected].
Dr. Solomon’s Audit (http://www.drsolomons.com/) - Vendor of a PC auditing solution. Also
includes useful information about the subject of PC auditing.
Duke University Internal Audit (http://www.duke.edu/web/iaudit/audit.html) - Web site provides information about the office, a self-assessment survey, and more.
DuPage County Auditor’s Office (http://www.co.dupage.il.us/auditor/index.html) - Local
government audit office that includes the role of the county auditor, summaries of revenues
and expenditures, and abstracts of audit reports issued the county auditor. Contains links to
federal, state, and local government sites and specifically sites of interest to local government
professionals.
East Texas State University - ETSU established a Gopher home page which includes the Audit
Resources List, Contingency Planning/Disaster Recovery Planning Guidelines, Information
Security Standards, Information Security & Risk Management (Policy, Standards and Guidelines) gopher://etsuodt.etsu.edu:70/11/Administrative%20Departments/Internal%20Audits.
Economic Crime Prevention (http://www.rcmp-grc.gc.ca/html/ecbweb.htm) - Web site that
provides information about current criminal behavior trends in such areas as fraud, computer
crime prevention, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 305
Economic Indicators (http://www.gpo.ucop.edu/catalog/econind.html) - from the Government
Printing Office provides access to the monthly federal economic indicators. Great site for
statistical economic analysis information.
Economics, Essential Principles (http://william-king.www.drexel.edu/top/prin/txt/
EcoToC.html) - A hypermedia text on the subject. The comprehensive text covers both micro
and macroeconomic principles and is a good refresher for auditors on economic principles and
theories.
Economics of the Internet (http://www.sims.berkeley.edu/resources/infoecon/) - Web site provides data on the economics of the Internet, Information Goods, Intellectual Property, and
Related Goods. Worthwhile site for auditors looking for background information for Internet
audits.
EDI Implementation Guide (http://www.pa.gov.au/ec/ediguide/editoc.htm) - from the Australian Government. Provides control audit and security issues, implementation plans, standards, and more.
EDIFICAS Schwiez (http://www.firmnet.ch/edificas/) – An awareness group formed to establish EDI accounting and auditing guidelines. Includes an excellent article, “The Auditor in the
EDI Environment,” which discusses the auditor’s role, answers to new requirements, and the
auditor’s use of information technology.
Edith Cowan University Management Review and Audit (http://www.cowan.edu.au/mra) ECU MRA site includes information about the function and their audit plan. Also includes
articles written by staff, links to other Internet audit resources, e-mail discussion lists, and
search tools.
Effective Control Guide (http://www.anao.gov.au/bpg_framework/home.htm) from the Australian National Audit Office covers the control issues and provides a control framework for a
government organization.
Electronic Accountant (http://www.electronicaccountant.com/) - An accountant’s Web magazine and resource guide. This e-zine includes reviews of accounting software, a buyer’s guide,
and online discussion groups, including accounting and auditing.
Emory University Office of Internal Audit (http://www.cc.emory.edu/IAD/home.html) - Web
site provides background information, staffing, mission, and more.
Employment Opportunities in Public Financial Management - FinanceNet established a discussion list ([email protected]) for notification of Federal, state, and local employment
opportunities in public financial management. A corresponding newsgroup (fnet.fin.jobs) en-
306 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
courages discussion and dialog on employment issues in the public financial management
profession. Send message to e-mail [email protected] for more details.
Enterprising Associates (http://members.aol.com/EAlimited/OURPAGE/index.htm) - An
information technology audit, computer security, and consulting practice. The site includes
The Computer Advisory with articles on computer security and auditing. A free ram resident
utility providing a fix to the year 2000 problem for PCs is also available for download.
Environmental Accounting Project (http://www.epa.gov/opptintr/acctg/) - Mission is to encourage and motivate business to understand the full spectrum of their environmental costs,
and integrate these costs into decision making. The site provides links to many resources, case
studies, and other information on environmental issues.
Environmental Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/envguid.e.html) from
Consulting and Audit Canada provides information for reviews in this subject.
Environmental Auditing Program (http://www.pca.state.mn.us/programs/audit_p.html) Provides information from the Minnesota Pollution Control Agency, including audit checklists for above ground tanks, underground tanks, spills, and more.
Environmental Finance Financial Tools Guidebook(http://www.epa.gov/efinpage/guidebk/
guindex.htm) - EPA reference guidebook of more than 250 tools for financing environmental
programs. Great reference tool for auditors reviewing environmental programs and their respective financing.
Environmental Protection Agency Office of the Inspector General (http://www.epa.gov/
oigearth/) - Web site provides information about the office branches, audit reports, and more.
Their customer service rules and strategic plan provide excellent sample frameworks for other
audit offices.
Ethical Business Guide (http://nt1.ids.ac.uk/eldis/hot/ethics.htm) - Web site with links and
material covering non-financial benchmarks of institutional/corporate activity, including social and environmental impacts and anti-corruption measures.
Ethics and Security Site (http://www.unm.edu/~dave) - University of New Mexico Security
Administrator Dr. David Grisham established a comprehensive FTP site ([email protected]) of
policies for ethics and security.
European Accounting Association (http://www.birmingham.ac.uk/EAA/) - Site contains information about the EAA, its publications, conferences, and links to other resources.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 307
European Court of Auditors (http://europa.eu.int/ca/intro.html) - Organization that monitors
the European Unions finances and points out areas where management improvements are
needed. Page provides all the details on organization and duties of this body.
Exec (http://www.unisys.com/execmag/framesets/resources.htm) - An electronic journal for
senior managers from Unisys. The publication includes timely articles on subjects like electronic commerce.
Facilitation Skills Course (http://www.dtic.mil/c3i/bprcd/4122.htm) from the DoD Electronic
College of Process Innovation is a complete workshop on the topic. Excellent resource for
auditors implementing a CSA approach in their organization.
Fairfax County Internal Audit Office (http://www.co.fairfax.va.us/gov/audit/) - Web site provides information about the organization, a local government audit survey, annual audit plan,
Internal Audit Manual with forms (Adobe and WordPerfect format), links to fraud, performance and audit related sites, and more.
FDIC Bank Examination Manual (http://www.fdic.gov/regulations/compliance/manual/
index.htm) - The table of contents of this Federal Deposit Insurance Corporation Compliance
manual links the auditor with files in Adobe Acrobat format. This could be a useful resource
for bank auditors.
FDIC Information Systems Handbook (http://www.fdic.gov/regulations/information/
informationindex.html) - The Interagency guide for regulatory examiners for examining
information systems operations in financial institutions and service bureaus. The Handbook
includes an overview of IS concepts, practices, IS controls, and sample audit programs. This is
a valuable resource for IS auditors. The files are in Adobe Acrobat format.
Federal Financial Accounting Concepts and Standards (http://www.gao.gov/policy/
volume.pdf) - The General Accounting Office (GAO) has posted an electronic version of
Volume I, Original Statements of Federal Financial Accounting Concepts and Standards, on
its home page. The document is in Adobe Acrobat PDF format.
Federal Government Information on the Internet (http://wwwnhc.nhmccd.cc.tx.us/public/
lrc/gov/gov.html) - Provides links to agencies, departments, and more.
Federal Grants Management Publications (http://www.thompson.com/tpg/fed_gts/) - Thompson Publishing Group’s federal grants management publications provide news and regulatory
information about topics including compliance and audits. Publications of interest to auditors
include Federal Grants Management Handbook, Resource Guide To Federal Program Compliance Audits, Section 504 Compliance Handbook, and Single Audit Information Service. The
site includes newsletter articles related to each of the above subjects.
308 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Federal Information Processing Standards (http://www.nist.gov/itl/lab/fips/) - Online access
to the FIPS, developed by NIST for government use. FIPS have been developed for information processing areas such as hardware, software, security, telecommunications, data, and operations standards, and are widely accepted by private industry. Auditors have found them
useful for research, comparison, and audit planning.
Federal Register (http://www.access.gpo.gov/su_docs/aces/aces140.html) - Web site for the
official daily publication for Rules, Proposed Rules, and Notices of Federal Agencies and
Organizations. Contains archives going back to 1995.
Federal Reserve Economic Data (http://www.stls.frb.org/fred/) - Provides historical U.S. economic and financial data such as daily interest rates, monetary and business indicators, exchange rates, and regional economic data. Another great resource for audit projects involving
financial analysis based on key economic indicators.
Federal Sentencing Guideline Manual (http://www.ussc.gov/1997guid/tabcon97.htm) from
the United States Sentencing Commission provides the most recent guidelines and policy
statements on the guideline sentencing process.
Federal Trade Commission Inspector General (http://www.ftc.gov/oig/oighome.htm) - Web
site provides their mission, a statement of reinvention principles, audit reports, and links to
other resources.
Federation of Tax Administrators (http://www.taxadmin.org/) - Provides information about
the organization, publications, electronic commerce, and more.
FedStats (http://www.fedstats.gov/) - Site maintained by the Federal Interagency Council on
Statistical Policy provides access to statistical information produced by more than 70 agencies.
Fedworld (www.fedworld.gov) - Over 135 Federal Government BBSs, including Office of Management and Budget.
FinanceNet (http://financenet.gov) - Professional governmental financial management network
of organizations, agencies, and departments. Share information and ideas for improving financial management throughout all levels of government. Accountants, auditors, and financial
managers participate and share financial management information, ideas, news, experiences,
software, comments on financial documents, best practices, resources, etc. Gopher to
[email protected]. FinanceNet Mailing Lists and a FinanceNet Newsgroup are
now available. For more information on FinanceNet mailing lists, send e-mail to e-mail
[email protected]. Point your newsreader to news.financenet.gov for this new Usenet news
group.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 309
Financial Accounting Foundation (http://www.fasb.org/) - The FAF site contains information
on how to obtain Financial Accounting Standards and Government Accounting Standards as
well as current press releases of both organizations.
Financial/Accounting/Insurance Jobs Page (http://www.nationjob.com/) - NationJob Network
provides list of accounting, audit and financial positions available across the U.S.
Financial Action Task Force (http://www.oecd.org/fatf/) - An inter-governmental body dedicated to the development and promotion of policies to combat money laundering. The policies
aim to prevent proceeds from being used in future criminal activities and from affecting legitimate economic activities. The site provides annual reports on money laundering, an evaluation of preventive measures, recommendations from members, and more.
Financial Data Finder (http://www.cob.ohio state.edu/dept/fin/fdf/osudata.htm) - Ohio State
University Department of Finance site provides links to over 140 finance-related Web sites,
including financial news sources, economic databases, financial data, a database of financial
criminals, and more.
Financial Management Association International (http://www.fma.org/) - The FMA is a professional association of finance practitioners, academicians, and students founded to develop
a continuing relationship between financial theory and practice. The site includes a one-stop
shopping guide to finance on the Internet.
Financial Management of the Firm (http://garnet.acus.fsu.edu/~ppeters/fin3403/) - Provides
all the material for a course on financial management. The site contains lecture material, inclass and practice problems, and exams. There are also tables for the time value of money,
using a financial calculator, and Web-based information.
Financial Managers Society (http://www.fmsinc.org/index.htm) - Web site for the only notfor-profit professional society dedicated to serving the technical and professional needs of
bank, thrift, and credit union financial officers. Site includes information about the organization, regulatory issues, employment opportunities, and more.
Financial Ratios (http://www.americanexpress.com/smallbusiness/resources/managing/
ratios.shtml) page from American Express provides a guide for understanding 10 key financial ratios. Auditors who perform financial statement analysis should consider bookmarking
this page.
Financial Reporting in Government (http://www.pwc.gmu.edu/course/govt490/) - Pilot online
course focusing on a critical analysis of current governmental accounting and financial reporting at the state and local level as well as a presentation of the main tenets of the current model
for financial accounting and reporting. This document is a work in progress by Dr. John Sacco
of George Mason University in Fairfax, Virginia.
310 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Financial Scandals (http://www.ex.ac.uk/~RDavies/arian/scandals/) - Page provides links to
sources of information on the subject. Includes general sources on corruption, bank scandals,
insurance fraud, forensic accounting, and more. Auditors may find the links to resources to
finding people useful in conducting fraud audits.
Financial Times (http://www.ft.com/) - Site of the publication that provides business, economic,
and political news. Free service after registration.
FINWeb (http://www.finweb.com) - Financial Economics WWW server managed at the University of Texas at Austin. Provides a list of Internet resources with substantive information
concerning economics and finance-related topics. Includes the Financial Economics Network,
the Journal of Finance, the Financial Executive Journal, and Resources for Economists on the
Internet. Also includes services such as EDGAR providing SEC reports and statements on
publicly traded companies.
Firewalls FAQ’s (http://www.v one.com/pubs/fw faq/faq.htm) - As organizations establish Internet connections, auditors are asked to review security issues associated with connectivity.
Frequently Asked Questions (FAQs) may help auditors address some of the issues. This Web
site provides answers to commonly asked questions.
Firewalls Mailing List - This is a listserv devoted to the subject of firewalls and internet security.
Any auditor concerned with information security and the issue of firewalls should subscribe to
this list. Subscriptions should be sent to [email protected] with the message subscribe firewalls digest. I would recommend the digest version rather than the direct mail (nondigest) version.
Florida Auditor General (http://sun6.dms.state.fl.us/audgen/) - Web site provides information
about the office, report summaries by subject, a report listing, and the rules of the auditor
general.
Florida Comptroller (http://www.dbf.state.fl.us/index.html) - Web site provides an overview
of the organization, financial highlights, comptroller’s newsletter, consumer alerts, and more.
Florida Government Accountability Report (http://www.oppaga.state.fl.us/government/) Free Internet service for legislators and the public to monitor the activities and performance of
about 400 state government agencies and programs.
Florida Inspectors General Network (http://fcn.state.fl.us/dms/sec/fignet/fignet.html) - Web
site created to provide a central information resource for the Florida IG community. Includes
IG related state statutes, audit reports from state agencies, and Web information references.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 311
Florida Institute of CPAs (http://www.ficpa.org/) - Web site provides legislative updates, job
links, and other sites of interest to Florida CPAs.
Florida Legislature Office of Program Policy Analysis and Government Accountability (http:/
/www.oppaga.state.fl.us/) - In addition to reports and manuals, the site contains F-GAR, an
electronic encyclopedia, and search engine covering 400 state programs, performance measures, and accountability ratings.
Florida Progress Corporation Audit Services (http://www.fpc.com/audits) - Web site is provided as a service to the audit community. Includes audit programs and internal control questionnaires, an Excel statistical sampling routine, and more.
Forensic Accounting and Litigation Support (http://www.forensicaccounting.com/) - Web
site provides information about this field of business-related investigations.
Forensic Investing (http://www.bus.lsu.edu/accounting/faculty/napostolou/forensic.html) Web site created by two University professors that covers forensic accounting issues, including Red Flags, SAS Number 82, and other useful information for auditors reviewing financial
statements.
Framework for Internal Control Systems in Banking Organisations (http://www.bis.org/
publ/bcbs40.htm) from the Bank for International Settlements is available for download from
their Web site.
Franklin County Auditor (http://www.co.franklin.oh.us/Auditor/) - Local government Web
site provides information about the office and the services they offer.
Fraud Control Policy (http://www.law.gov.au/aghome/commprot/olec/LECD/fraud2.html)
is part of a report from the Australian Commonwealth Law Enforcement Board. The report
includes a section on best practice for fraud control with the policy, reporting of fraud information, case handling, and fraud training. Auditors should check the attachments on criteria
against which fraud risks can be measured and quality assurance guidelines.
Fraud Defense Network (http://www.fdn.net/) - Provides resources for insurance fraud investigators.
Fraud Report (http://www.hm-treasury.gov.uk/pub/html/docs/fraud/9596fr/main.html) - A
report from the United Kingdom that analyzes reported fraud in Government Departments.
The report provides details on the types and causes of the frauds, how they were discovered,
and more. Auditors should check out the section of the report for guidance on managing the
risk of fraud.
312 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Fraud Report Newsletter (http://www.fraudreport.com/) - Provides users with anti-fraud articles, legislative updates, and upcoming events. Free subscription available on the site.
Full Cost Initiative Implementation Guide (http://ifmp.nasa.gov/codeb/fullcost/) - Developed
by NASA provides a comprehensive accounting and management approach to costing services.
Gainesville City Auditor’s Office (http://www.afn.org/~auditor/) - Web site provides a profile,
annual audit plan, recent audit reports, peer review information, and policies and procedures.
Gallaudet University Management and Advisory Services (http://www.gallaudet.edu/
~auditweb/index.html) - Web site provides information about the office, audit programs and
review kits, links to other resources, and more.
GASB (http://www.gasb.org) - Site for the Government Accounting Standards Board. Provides
information about GASB, GASB Happenings, documents, publications, and standards.
GASP PC Auditing (http://www.attest gasp.com) - Home page of Attest Systems, the publisher
of GASP Software for PC software and hardware auditing. Site includes a downloadable demo
of the product used for conducting enforcement audits for the SPA and software publishers.
Send e-mail to info@attest gasp.com.
General Accounting Office Resources on the Net
General Accounting Office (http://www.gao.gov) - The site includes GAO reports and
testimony, decisions of the Comptroller General of the U.S, GAO policy and guidance materials, special publications, and more.
GAO Daybook - The U.S. General Accounting Office, Congress’ watchdog agency, has a
mailing list service for a daily electronic posting of the GAO Daybook. The “GAO Daybook”
is the daily listing of released GAO reports and testimony. Subscribe to the GAO Daybook by
sending an e-mail message to: <[email protected]> with the message “subscribe
daybook” (NO quotes). For additional info about GAO services, send an e-mail message to
[email protected] with “info” in the body.
GAO Federal Information Systems Control Audit Manual (http://www.gao.gov/policy/
12_19_6.pdf) from GAO provides guidelines for auditing information systems.
GAO Financial Audit Manual (http://www.gao.gov/policy/fam/fam.htm) - GAO manual
(Volumes 1 and 2) for conducting audits includes the methodology and tools. The manual is in
Adobe Acrobat format.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 313
GAO General Policies/Procedures and Communications Manual (http://www.gao.gov/
policy/gppm-cm.pdf) - Provides guidance on their methodologies, including sampling,
workpapers, reporting, and more.
GAO Report Database on the Internet (http://www.access.gpo.gov) - General Accounting
Office reports are now available on the Internet through the Government Printing Office Access Service.
General Services Administration Inspector General (http://www.gsa.gov/staff/ig/audit/
httoc.htm) - Site provides a straightforward audit plan for the office.
Generally Accepted System Security Principles (http://web.mit.edu/security/www/
gassp1.html) - from The International Information Security Foundation (I2SF) provides uniform organizational guidance for security issues.
Georgia Department of Audits (http://www.state.ga.us/Departments/AUDIT/) - Home page
of the State Auditor for Georgia. Includes a description of the department and each of the
divisions. The Performance Audit Operations Division has a list of completed report topics,
reports in progress, sources of related information, employment opportunities, and more.
Gleim Publications, Inc. (http://www.gleim.com/) - Publisher of accounting and auditing examination preparation material.
GNA Internal Controls and Procedures (http://www.gnacademy.org:8001/uu-gna/admin/finance/newpages/page8.htm) - Web page provides an excellent description of a financial
control system, including goals for control procedures and general and specific procedures.
GovBot (http://ciir2.cs.umass.edu/Govbot/) - Database was developed by the Center for Intelligent Information Retrieval and includes more than 500,000 searchable pages from U.S. government and military sites.
GovCon Discussion Groups (http://www.govcon.com/) - Government contractors site that includes discussion groups for audit, accounting, and financial management issues. KPMG Peat
Marwick is moderating a new discussion group on Government Audit and Reviews. If you
have a question on issues affecting the performance and resolution of government contract
audits (DCAA, IGs, etc.), post it online. Access to the site is free but registration is required.
Government Audit Training Institute (GATI) (http://216.1.143.50/programs_services/auditing/gatp.cfm) - Web site provides information about the organization, courses available, details on registration, and more.
314 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Government Auditing Standards (http://www.ignet.gov/ignet/internal/manual/yellow/
yellow.html) - Web site for the GAO Government Auditing Standards or Yellow Book.
Government Auditor’s Resource Page (http://www.trib.infi.net/~zsudiak/GARP.html) - U.S.
Department of Education Office of Inspector General home page which provides information
on resources for government auditors. Includes links to Thomas (legislative information on
the Internet), Internet search tools, audit resources, sources for government documents, and
links to other government resource indexes.
Government Contractor’s Glossary (http://www.govcon.com/) - Site provides a reference guide
for professionals dealing with government contracts. Also contains an acronym table. Source
documents for this guide include Federal Acquisition Regulations (FAR), Armed Services
Pricing Manual (ASPM), and the DCAA Contract Audit Manual (DCAAM). Access to the
Glossary is free but site registration is required.
Government Executive Magazine (http://www.govexec.com) - Electronic version of an independent business magazine of government. Includes discussion of leading edge information
on budgets, procurement, technology, and virtual government. The Reinvention Center has
information of interest to auditors.
Government Finance Officers Association
The following information related to the GFOA is available on the Internet:
GFOA (http://www.gfoa.org) - Contains links to “Happenings in Financial Management,”
“Documents, Publications, and Standards,” and “GFOA Policies and Recommended Practices.
GFOA Employment Opportunities (http://www.gfoa.org/employ/empann.htm) - Employment opportunities from the GFOA Newsletter are now posted in the Personal, Training, and
Employment Opportunities section of the GFOA Web page.
GFOA Mailing List - The GFOA has an electronic Internet mail list on FinanceNet. The
GFOA will post announcements and other important information via this mailing list. For
information on this and other FinanceNet mailing lists, send e-mail to e-mail
[email protected]. To post information to the GFOA mailing list, send message to
[email protected].
Government Reinvention Center (http://www.govexec.com/reinvent) - This Web site from
Government Executive Magazine includes full text articles on government reform, links to
agencies and organizations involved in reinvention, background documents, and a conference
calendar.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 315
GovNews (http://www.govnews.org/) - The International GovNews Project is a topical-based
news discussion service providing auditors with information on various financial areas. The
discussion groups are also available via Usenet. There are discussions on performance measures, internal controls, audits, and more.
Graduate School USDA (http://grad.usda.gov) - Provides information about courses offered by
the organization, including the Government Audit Training Institute (GATI). For more information, send message to [email protected].
Grant Administration and Audit Resources (http://www.dhfs.state.wi.us/grants/Resources/
IntroRes.htm) - Web site from the Wisconsin Health and Family Services Department provides links to federal sites, audit requirement sites, department resources, and more.
Group of 100 (http://www.group100.com.au/home.htm) - Web site for an association of senior
accounting and finance executives representing major public companies and government owned
enterprises in Australia includes commentary on relevant policies and issues.
Guide to Cost-Based Decision Making (http://www.sao.state.tx.us/manuals/cost.htm) from
the Texas State Auditor’s Office, is designed to assist management in developing more comprehensive cost accounting information to enhance the ability of decision makers to identify,
analyze, and control the causes of costs, as well as establish links between cost information
and program efficiency and effectiveness.
Guide to Minimizing Computer Theft (http://www.rcmp-grc.gc.ca/html/ccprev.htm) - Provides information on methods to safeguard computer assets.
Guide to Performance Measurement (http://www.fpm.com/journal/mattison.htm) from the
Foundation for Performance Measurement provides non-financial indicators.
Guide to the World Wide Web for Research and Auditing (http://www.tetranet.net/users/
gaostl/guide.htm) - David Henry of GAO provides auditors with the basic instructions on
using the Web as an auditing/research tool.
Hacked (http://www.2600.com/hacked_pages/) - Provides reproduced copies of hacked Web
sites. This is a good site for auditors who are looking at the risks of connecting to the Internet
and setting up organizational Web sites.
Handbook for Audit Committee Members (http://www.gt.com/resources/assurance/role/
roletoc.html) - Good reference from Grant Thornton for auditors who need to provide guidance to the audit committee. Includes sections on reviewing internal controls and working
with internal auditors.
316 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Harcourt Brace Professional Publishing (http://www.hbpp.com/) - Site provides information
about their accounting and auditing research material and services. Site sponsors the CPA’s
Weekly News Update and each week highlights the top five accounting Web sites.
Harris County, Texas Auditor’s Office (http://www.co.harris.tx.us/auditor/default.html) Site includes information about the office, staff, organization charts, and financial information.
Harvard University Internal Audit (http://www.harvard.edu/internal_audit/HUIA.html) Site provides information about the office, audit tools and techniques, policies and procedures, and publications on passwords and software copyright. The questionnaire for conducting a departmental review is a useful document that can be customized by other audit organizations.
Health and Human Services Office of Audit Services (http://www.hhs.gov/progorg/oas/
index.html) - Web site provides reports, manuals and guides, employment opportunities, and
more.
Health and Human Services Office of the Inspector General (http://www.dhhs.gov/progorg/
oig/) - Web site provides information about the office, audit and inspection reports, and a link
to the HHS Redbook, a compendium of OIG recommendations that have not been substantially implemented.
Healthcare Financial Management Association (http://www.hfma.org) - Professional association for financial professionals in the healthcare field. Provides information about the association, publications, special interest groups such as a CFO forum, professional certification
programs, and more.
Henrico County Internal Audit (http://www.co.henrico.va.us/audit/) - Web site contains information about their mission, staffing, audit committee, audit charter, e-mail contacts, external audit, and the office history.
Hiring Policies and Procedures Manual (http://vms.www.uwplatt.edu/~pers/contents.htm)
from the University of Wisconsin Platteville provides a good example of guidelines for a
human resources department.
Home Office Computing (http://www.smalloffice.com/) - Site contains resources and information for running a successful small business.
Hong Kong Audit Department (http:/www.hk.super.net/~audskli/welcome.htm) is one of the
oldest departments in the Hong Kong Government. The site includes information about the
office, types of audits performed, links to audit reports, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 317
Howard County Auditor’s Office (http://www.co.ho.md.us/auditor/index.htm) - Web site for
this Maryland local government jurisdiction includes background information, charter, links
to audit reports, and more.
HR Links (http://www.shrm.org/hrlinks/) - The Society for Human Resource Management
maintains this home page of human resource links on the Internet. The site includes links to
information on compensation and benefits, diversity, flexible work arrangements, labor relations, safety and health, and more.
H.U.D. Audit Guides (http://www.hud.gov/oig/oigguide.html) - Provides a link to their consolidated audit guide.
HUD OIG (http://www.hud.gov/oig/oigindex.html) - The U.S. Department of Housing and Urban Development Office of the Inspector General Web page includes a mission statement,
hotline information, list of IG offices, testimony from the IG, the semiannual report to Congress and audit reports covering management of programs by HUD and others, technical assistance and useful information about audit requirements, and links to other audit-related information and search tools.
Human Resource Management Self-Assessment Guide (http://www.hr.state.tx.us/cfdocs/apps/
hrsag/icg-f.html) from the Texas State Auditor’s Office serves as a tool for evaluating areas
to improve. Shows organizations how to address identified deficiencies in human resource
management.
Human Resources and the Internet (http://www.ilr.cornell.edu/library/reference/GUIDES/
HRI_Manual/default.html) - Site provides human resource professionals links to Web sites,
articles, and programs on how the Internet can aid in their work. Topics such as Diversity in
Employment, Retirement, and Benchmarking and Best Practices link to a multitude of information from sources, including the U.S. government, the International Personnel Management Association, and the Institute for Global Communications. There are also links to online
human resources magazines; Internet, Intranet, and HTML guides; and more.
Hyperstat Online (http://www.ruf.rice.edu/~lane/hyperstat/contents.html) - An introductory
hypertext statistics book that auditors will find useful as a refresher text. The site also provides
links to other related statistics sites.
ICAA (http://www.icaa.org.au) - The Institute of Chartered Accountants in Australia maintains
a site on the Web and a site on CompuServe. There is general information about the Institute,
membership, student news, and more.
Idaho Legislative Auditor (http://www.state.id.us/legislat/audit.html) - Web site provides online
executive summaries of legislative fiscal audits for the various departments, boards, and commissions of the Idaho state government.
318 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
IDEA Software Users Discussion List - IDEA-LIST is a non-moderated discussion list and forum to exchange ideas and information among users of IDEA (Interactive Data Extraction and
Analysis). IDEA is a productivity tool for auditors, accountants, and financial managers that
can help display, analyze, manipulate, or extract data from other computer systems. Send
subscription requests to [email protected] with one line in the body of the
letter: SUBSCRIBE IDEA-LIST. For more information, you can e-mail him at
[email protected].
IFCI Risk Watch (http://risk.ifci.ch/) - Guide to Regulation and Control of Financial Risk provides an Introduction to Risk, Key Risk Concepts, a Risk Library, and Glossary. The site also
provides an overview of the 13 key risk concepts.
IGNet (http://www.ignet.gov) - Internet-based electronic communications network dedicated to
improving the effectiveness of the inspector general community and to provide public access
to IG reports. Site includes links to IG home pages, Internet resources via a virtual library, the
IGNet Internet Search list, related organizations, and more. The site includes the Interactive
Yellow Book, a valuable tool for government and non-government auditors. The Job Opportunities home page lists IG vacancies and links to other sites related to career planning and job
search strategies.
IGNet Mailing List - IGNet distributes a number of mailing lists to the IG community. Audit
information is available to auditors based on prior registration and approval by the IGNet
Coordinator. Interested parties must register with IGNet by e-mail to <[email protected]>.
Send the following registration information in the first message and save a round trip: name,
organization, position, mailing address, voice number, fax number, e-mail address. Upon approval, IGNet will send a welcome message telling about the features of IGNet, including the
mailing lists.
Illinois Auditor General (http://www.state.il.us/auditor/audhome.htm) - Web site provides
information about the auditor general’s office, agencies audited and audit reports, career opportunities, and more.
Illinois CPA Society (http://www.icpas.org/) - Home page of the state professional association
representing Certified Public Accountants. Includes financial management information, articles from Insight Magazine, and links to accounting related resources. Some areas of this site
are restricted to members.
Importer Audit Program (http://uls.tradecompass.com/ecs/demo/imports/comptools/catkit/
exhibit2.html) - Provides audit procedures and steps used by regulatory auditors for conducting compliance audits of importer’s customs systems.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 319
Independent Commission Against Corruption (http://www.icac.nsw.gov.au/) - Exposes and
minimizes corruption involving the New South Wales public sector through investigation,
corruption prevention, and education. Site features include background information on the
commission, publications, reports, and more.
Indiana State Auditor (http://www.state.in.us/acin/auditor/index.html) - Web site provides
information about the office, staff, and more.
Indiana State Board of Accounts (http://www.ai.org/sboa/) - Web site provides information
about the office, guidelines, manuals, reports, job opportunities, and more.
Indiana University Internal Audit (http://www.indiana.edu/~iuaudit/main.html) - Web site
provides information about the staff, organizational structure, information and publications,
and more.
Indirect Cost Guide Web Page (http://www.usia.gov/abtusia/legal/icguide/intro.htm) - The
Office of the Inspector General at the U.S. Information Agency posted a downloadable copy
of OMB Circular A122-A Guide for Establishing Indirect Cost Rates for Nonprofit Organizations. For more information, send message to [email protected].
Information Management Forum (http://www.infomgmtforum.com/) - International association of information and business executives. Site provides information on strategic uses for
information technology and implementation planning and management. Discussions include
current trends, year 2000 issues, and more. There are abstracts of reports on technology research, technology management, and transcripts of CIO presentations.
Information Professionals Network (IPN) (http://www.best.com/~jcook) - The IPN is a worldwide network of information and investigative professionals. These professionals include licensed private investigators, business intelligence analysts, legal, court & public record researchers, Certified Fraud Examiners, information brokers, and law/corporate librarians. This
is a private network designed to provide a forum suited to international professional networking and news. IPN also publishes an electronic journal. Message areas include information on
financial fraud and forensic accounting. (Note: use of these services is available only to IPN
members.)
Information Security Discussion List - INFSEC-L is a non-moderated Internet discussion list
intended to foster open and constructive communication among information security and auditing professionals in government, industry, and academic institutions. Discussion is encouraged on a broad range of topics and issues related to information security. Initial subscriptions
to the list are screened by the list owner to ensure addition of only appropriate individuals.
Send subscription request to [email protected] commerce.edu with one line in the body
of the letter: SUB INFSEC-L your name.
320 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Information Security SWAT Team (http://www.axent.com/swat/swat.htm) - A compendium
of security resources for the advanced user from a security vendor, Axent Technologies. Categories include Attack Signatures, Threats, Security Tasks, Security Resources, and Hacker
Links.
Information Security Zone (http://www.information-security-zone.co.uk/) - Web site from a
corporate training organization with a multitude of links to sites on topics such as general
security, viruses, cryptography, firewalls, and more.
Information System Audit and Control Association (ISACA) on the Internet
CISACA-L. The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe, send a one-line message to [email protected] with
the message SUBSCRIBE CISACA-L (yourname). Leave the subject line blank. Messages
sent to [email protected] will be distributed to all subscribers. If you have any
problems, please send e-mail to [email protected].
ISACA Central Indiana Chapter (http://www.adpc.purdue.edu/CISACA/main.htm) Provides information about chapter events and links to other Web sites. For more information,
contact [email protected]
ISACA Central Maryland Chapter (http://ubmail.ubalt.edu/~gfilomena/isaca/
isacatop.html) - Provides information about monthly meetings, newsletter, membership, certification, conferences, technical articles, and more. For more information, contact
[email protected].
ISACA Chicago Chapter (http://www.isaca chicago.org) - Provides information about
monthly meetings, newsletter, conferences, job opportunities, auditing resources, and more.
For more information contact [email protected].
ISACA Foundation (http://www.isaca.org) - Home page of the organization provides information about membership, certification, education, chapters, and more.
ISACA Houston Chapter (http://www.isacahouston.org) - Web site provides information
about the chapter, events, officers, and more.
ISACA Illinois Chapter (http://www.cnsnet.net/org/isaca/) - Site of the Central Illinois
Chapters of ISACA includes information about the organization, career opportunities, professional education, and audit and research links.
ISACA London Chapter (http://members.aol.com/isacalondn/) - Web site provides information about the chapter, certification, chapter meetings, and links to audit resources.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 321
ISACA National Capital Area Chapter (http://isaca washdc.org) - Provides information
about monthly meetings, newsletter, membership, certification, conferences, technical articles,
and more. For more information, contact [email protected].
ISACA New England Chapter (http://challenge.tiac.net/users/isacane/index.html) - Provides calendar of events, information about the New England chapter, and a history of ISACA.
For more information, contact [email protected].
ISACA New York Metropolitan Chapter (http://www.isacany.org/) - Site includes local
chapter information, the CISA program, and links to sites of interest, including audit and
unique security resources.
ISACA Philadelphia Chapter (http://www.libertynet.org/~isaca/) - Home page of the
Philadelphia chapter of ISACA provides information about the organization, local events,
newsletter, links to other related resources, and more.
ISACA Puget Sound Chapter (http://www.isaca psc.org) - Provides information about
monthly meetings, newsletter, membership, certification, conferences, and links to other sites.
ISACA St. Louis Chapter (http://www.iwc.com/isaca/) - Web site provides meeting information, job listings, a chapter history, links to other related organizations, and more.
ISACA Toronto Chapter (http://www.isaca.toronto.on.ca/auditres.html) - The Toronto
chapter of ISACA includes a page of links to audit resources on the Internet, including Usenet
news groups.
Information Technology Performance Measures (http://wwwoirm.nih.gov/itmra/
perform.html) - Web site from the National Institutes of Health provides performance measures for help desks, LANs, links to other sites, and more.
InformationWeek Interactive (http://www.iweek.com) - IW is a weekly newsmagazine oriented to business and technology managers. Frequently covers issues of interest to auditors on
topics such as security and software management. Good resource for auditors to stay current
on information technology hot issues. Provides WAIS search for back issues.
InfoSec Heaven (http://all.net) - Web site of Dr. Fred Cohen provides a comprehensive database
of information security links and articles separated into categories of attacks and defenses and
viewpoints. There is also a link to the InfoSurety Database at Sandia Labs.
Infowar.com (http://www.infowar.com/) - Winn Schwartau’s comprehensive Web site on information security. Premier site for information security resources and links. Categories include
tools, utilities & jobs, resources, survey & studies, discussion and chat groups, the Journal of
Infrastructural Warfare, and more.
322 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Inside Fraud Bulletin (http://www.maximag.co.uk/) - A publication from Maxima Group that
focuses on all aspects of fraud, including embezzlement, management fraud, audit, and more.
The Web site has links to past issues.
Inspector General Social Security Administration (http://www.ssa.gov/oig/oig1.htm) - Web
site provides information about the office, audit reports, job announcements, and more.
Institute for Business and Professional Ethics (http://www.depaul.edu/ethics/) - Web site at
DePaul University devoted to the subject of ethical behavior. Includes professional and ethics
resources, an ethics calendar, Ethics Beat, and more.
Institute of Chartered Accountants of England and Wales (http://www.icaew.org.uk) - This
is the site of the ICAEW Summa Project Accounting Information Service World Wide Web
information server for accounting academics, students, and professionals. The project is funded
by a grant from research committee of the ICAEW. The WWW site is at the University of
Exeter, Devon, UK. Provides access to a number of accounting, auditing, and finance-related
resources such as FINWeb, EDGAR, the Security and Exchange Commission’s online database, the Financial Executive Journal, Global Network Navigator (source of information about
Internet resources), and more.
Institute of Chartered Accountants of Ontario (http://www.icao.on.ca) - Site provides information about the Institute, upcoming events, and more.
Institute of Internal Auditors (IIA) Resources on the Internet.
IIA - The Institute of Internal Auditors established e-mail addresses for the headquarters staff.
Address e-mail by using the first initial of the staff member’s first name plus their last name
followed by @theiia.org. General inquiries can be sent to [email protected].
Institute of Internal Auditors Inc. (http://www.theiia.org) - The IIA home page provides
information about The Institute, its mission, programs, and services. The site is organized
under the various centers for business, learning, and practices. The global audit resource center has links to industry and audit specialty groups, discussion groups, forums, and a site for IT
auditors.
IIA Central New York Chapter (http://sumweb.syr.edu/internal_audit/iia.htm) - Home
page includes list of meetings, conferences, and seminars, links to IIA, ISACA, and Audit/
Security home pages.
IIA Charlotte Chapter (http://www.charweb.org/organizations/professional/iia/iia.htm)
- Site provides information about the local chapter, dinner meetings, seminars, and links to
other sites.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 323
IIA DC Chapter (http://www.dciia.org/) - Web site provides information about the organization, chapter officers, and links to other related sites.
IIA Hawaii Chapter (http://hei01.hei.com/~iia/) - Site provides a history of the chapter and
links to audit-related sites. The chapter’s newsletter, The Bottom Line, containing articles on
internal auditing is also available.
IIA New York Chapter (http://www.nyiia.org) - includes information on meetings, membership, Statement of Responsibilities, Objectives, Code of Ethics, and more.
IIA Salt Lake City Chapter (http://www.viphosting.com/~slciia/) - Site provides information about the chapter, newsletters, seminars, and dinner meetings, and links to other IIA
chapters and headquarters.
IIA San Jose Chapter (http://www.sjiia.org/) - Site provides a calendar of events, seminar
schedule, newsletter articles, employment information, links to audit sites, and more. For more
information, send message to [email protected].
IIA Twin Cities Chapter (http://www.iiatc.com/) - Home page of the Minneapolis/St. Paul
IIA chapter provides the newsletter and other information about The IIA.
IIA United Kingdom (http://www.iia.org.uk/) - Site provides information about the organization from an international perspective. Includes links to publications, training, recruiting,
and more.
Institute of Management Accountants (http://www.rutgers.edu/Accounting/raw/ima). This
site provides comprehensive information on IMA programs and services. Includes Cases from
Management Accounting Practice, Statement on Management Accounting 4 P, Practices and
Techniques for implementing Activity-Based Costing, and more.
Institute of Management Accountants ILLOWA Chapter (http://www.netexpress.net/~ima)
is the Iowa and Illinois chapter Web site for this professional association. Includes information about the chapter, the Institute, educational opportunities, newsletters, and more.
Institute of Management and Administration (IOMA) (http://ioma.com/) - The leading publisher of business and management information. Each month their newsletters bring actionable, productive articles to managers and executives in virtually every industry sector, all at
the same high editorial standards that challenge the popular cliches that fail to address today’s
new and pressing problems. The Administration section includes an Accounting and Taxation
category with links to a number of other sites mentioned in the ARL.
324 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Institute for Professionals in Taxation (http://www.ipt.org/) - Web site for a professional organization dedicated to minimizing the cost of tax administration and compliance for ad valorem
and sales and use taxes. Site provides information about the organization, employment opportunities, research links, reference materials, and more.
Insurance Fraud Bureau of Massachusetts (http://www.ifb.org/) - A unique and multifaceted
investigative agency dedicated to the systematic elimination of fraudulent insurance transactions. Features include their quarterly publication, FocusFraud, and links to other law enforcement, crime prevention, and research organizations.
Insurance Fraud Fightback Site (http://www.geocities.com/ResearchTriangle/1528/) was
designed to stimulate discussion among auditors and fraud examiners about ways of expanding our toolkits via the inclusion of state-of-the-art electronic tools to proactively seek out
insurance fraud activities. Site includes articles written by the site developer and links to other
related resources.
Insurance Fraud Management Advisory Panel (http://www.aisg.org/ifm/ifm.html) is an organization that brings together property/casualty fraud units and claims management to share
information and build effective anti-fraud programs.
Interactive Data Extraction & Analysis (http://www.cica.ca/idea/) - Home page for IDEA, an
audit automation package. Provides information about the product, a downloadable demo,
Guidelines for Requesting Computer Data, and an article dealing with the year 2000 issue.
What’s New provides updates about the product, training opportunities, and links to IDEArelated topics.
Inter-Agency Benchmarking and Best Practices Council (http://www.va.gov/fedsbest/
index.htm) - Site created as a central resource for sharing information on benchmarking and
best practices. Includes a code of conduct for benchmarking, databases for best practices and
BPR, links to other related sites, and more.
Internal Audit Newsgroup (Alt.business.internal-audit) - Internal audit newsgroup formed
September 5, 1994, for discussion of internal auditing-related subjects. Open forum to share
ideas, proposals, experiences, hopes, fears, and vulnerabilities. Access via Usenet newsreader,
or on America Online Internet Center, or GO Usenet on CompuServe.
Internal Audit Stakeholders (http://athens.bitwise.net/iawww/) - A database of internal audit
professionals that have voluntarily listed their names, areas of interest, and e-mail addresses
on the Internal Auditing World Wide Web site. This is a great resource for auditors looking for
peer professional contacts. Look in the People Section.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 325
Internal Auditing and Fraud Investigation (http://users.aol.com/marksimms/mrsweb/
index.htm) - Site focuses on topics dealing only with internal auditing or fraud investigations.
Includes links to relevant articles and Web resources.
Internal Auditing Resource Center (http://members.tripod.com/~sisaac/index.html) - Web
site from Automation Consulting links to auditing software, auditing sites, and more.
Internal Auditing World Wide Web (IAWWW) http://www.bitwise.net/iawww - Developed
as a prototype demonstration project, the site functions as a warehouse of information and
knowledge pertaining to the internal auditing profession and functions across associations,
industries, and countries. This is a premier source of information on the internal auditing
profession. Send e-mail to [email protected].
Internal Control (http://137.21.52.50/CTRL.HTM) from the State University of New York at
Brockport provides information about their program. The site includes a definition, human
resource internal controls, general and specific standards, and more.
Internal Control and Financial Management Manual (http://www.state.ct.us/otc/accdir1/
acctitl.htm) is Connecticut’s Accountability Directive issued jointly by the Office of the State
Comptroller, Office of Policy and Administration, and the Auditor of Public Accounts.
Internal Control Guide (http://www.icaew.co.uk/internalcontrol/) - Draft from the ICAEW
provides internal control guidance for directors of listed companies incorporated in the United
Kingdom.
Internal Control Guide (http://www.jhu.edu/~oams/guide/guide.htm) developed by Johns
Hopkins University. The Guide focuses on the policies and procedures of the University but
could easily be adapted to other organizations.
Internal Control Guide (http://www.state.ma.us/osc/homeview/CONTROL/Contents.htm)
- Massachusetts Comptroller General guide for state departments. Straightforward format that
could be adopted by other auditors.
Internal Control Resources (http://pw1.netcom.com/~jstorres/internalaudit/index.html) - Web
site has a comprehensive set of links to articles, books, organizations, resources, and more.
Internal Revenue Service (http://www.irs.ustreas.gov/) - Site of the IRS Digital Daily, providing access to tax forms and publications for businesses and individuals, and more. There is a
text-only version at http://www.irs.ustreas.gov/plain/ for auditors with slower connections.
Internal Review Guide (http://www.asafm.army.mil/ir/irgd/ir-gd.htm) from the U.S. Army
provides details of the process used in conducting audits of their operations. Excellent example of a comprehensive audit program targeted toward meeting customer needs.
326 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
International Computer Security Association (http://www.ncsa.com) - ICSA (formerly NCSA)
established a site on the WWW for Information Security, Reliability, and Ethics. NCSA manages this site in addition to the CompuServe forums which host online training seminars,
public forums, and libraries. NCSA’s InfoSecurity Resource Catalog provides information on
books, guides, training, and tools. This site provides an overview of why the issue of computer
security is important. Highlights include NCSA’s role and services offered. The Computer
Ethics and Responsibilities section includes files relating to the basic principles such as Unacceptable Internet Activity, Ten Commandments of Computer Ethics, Privacy Policy for Corporate Electronic Messaging, and Electronic Commerce Business Cybernetics. The Information Security Resource section includes the OnLine Catalog of InfoSecurity Resources, links
to other security-related resources, and security vendors. For information about the NCSA,
send an e-mail message to [email protected] and you will receive a reply within minutes about
services available.
International Federation of Accountants (http://www.ifac.org/) - Home page of the worldwide organization for the accountancy profession. Site provides information about the organization, standards, discussion papers, and more.
International Finance and Commodities Institute (IFCI) (http://Finance.Wat.ch/ifci) - Foundation promoting the understanding of financial risk management instruments and commodities. Site includes links to financial and derivative-related Web sites. The homepage includes
a query box to locate specific information within the site. Timely reports, research papers,
listings of education, and information products make this a worthwhile site for auditors, accountants, and financial professionals who need information on financial instruments.
International Financial Encyclopedia (http://www.euro.net/innovation/Finance_Base/
Fin_encyc.html) - Web site of an Interactive Financial Encyclopedia. There is also a link to
Innovation’s Guide to Management and Technology, an online book that is a professional’s
survival guide for technology in the information age. Book sections include Accounting (Control and Monitoring), Finance, and Economics. This is an excellent desktop reference for
auditors interested in the impact of technology on the organization.
International Group of Accounting Firms (http://www.igaf.org/) - Worldwide organization of
CPAs, CAs, or their professional equivalents.
International Organization for Standardization (ISO) Online (http://www.iso.ch/) is the organization that developed standards for quality management and established an online support
unit to provide facts on ISO 9000. The ISO 9000 Forum provides answers to various frequently asked questions as well as background information on the standard.
Internet Administration Policy Guide (http://www.elronsoftware.com/) - Provides an executive overview on the subject and includes an acceptable usage policy template.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 327
Internet Guide for Accounting Discussion List (http://www.swcollege.com/acct/inet_acct/
subscribe.html) is for exchanging information relating to accounting professionals’ use of
the Internet. Free subscription available from the site.
Internet Guide to the U.S. Government (http://www.uncle-sam.com/guide.html) - Web site
provides links to all branches of the federal government, independent agencies, and commissions.
Internet Learning Materials for MBA Students (http://bized.ac.uk/fme/) - Web guide from
BizEd focused on MBA studies. Sections provide links and research tips for accounting and
finance, business economics, human resource management, marketing, strategy, and operations management.
Internet Prospector (http://w3.uwyo.edu/~prospect/) - A research-oriented Web site for the
nonprofit community. The site is updated monthly and provides links to search tools and information that auditors can use. There is a monthly newsletter subscription (free) available on the
site so that you can receive the updates via e-mail. (Knowledge Assembly Resource)
Internet Research Course (http://www.ffg.com/courses/) - A free subscription e-mail course
from ForeFront, a developer of Internet software productivity products. Course includes sections on Effective Search Techniques, Internet Search Engines and How They Work, A Stepby-Step Process for Gathering and Organizing Internet Information, and more. Auditors will
find this a useful addition to their Internet audit toolkit.
Internet Security Policy Guide (http://csrc.nist.gov/isptg/) from the NIST Special Publication
series is designed to help organizations create an Internet-specific information security policy.
Internet Security Reference Guide (http://www.tdmi.com/pilot/pilot_guide/introduction.html)
- A publication from a security vendor that provides a comprehensive source document on the
subject. Topics include the network security policy, firewalls, attack responses, glossary, and
more.
Internet Security Systems (http://iss.net) is a vendor of network security software. This site
provides information on their products and FAQs on security, a list of security discussion
groups, and links to other security sites. There are also downloadable free security tools available from ISS. The site contains an article on the threat of hacking, which is worthwhile
reading for an understanding of the threats present on the Internet. For more information, send
e-mail to [email protected].
Investigations Manual (http://www.ig.navy.mil Publications_Investigations_Manual_Frame.
html) - Excellent guide for conducting investigations from the Office of the Naval Inspector
General’s office.
328 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Investigators Guide to Sources of Information (http://www.gao.gov/special.pubs/soi.htm) GAO publication that provides a comprehensive list of resources useful in conducting investigations. The guide is downloadable as a PDF file and requires the Adobe Acrobat reader (also
available for download). Guide was updated in April 1997 and now includes a chapter on an
Investigator’s Guide to the Internet. Auditors will find the selected Internet sites for investigate reference worth reviewing.
Investigators Toolbox (http://www.virtuallibrarian.com/it/index.html) - A meta-site of links
to researcher resources such as companies, databases, and more. Great information resource
for auditors.
Iowa Office of the State Auditor (http://www.state.ia.us/government/auditor/index.html) Web site provides information about the office.
Ireland Comptroller and Auditor General (http://www.irlgov.ie/audgen/default.htm) - Web
site includes organization details, press releases, publications, and areas of interest/current
projects.
IRS Worker Classification Training (http://www.irs.ustreas.gov/prod/bus_info/training.html)
- Guide from the IRS provides help in determining whether workers should be classified as an
employee or independent contractor.
IS Audit and Security Review Kits (http://www.gallaudet.edu/~auditweb/kits.html) from
Slemo Warigon at Gallaudet University includes ready-to-use IS/IT audit program and security review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of
questions organized to lead you through the audit or review. This is an excellent site for
jumpstarting an IS security review or audit.
IS Audit Consulting & Recruiting Services (http://www.isaudit.com/) - Web site with job
postings, information on happenings in the IS job market, and more.
IS Audit List (isaudit-list) - The IS Audit list server provides IS auditors with a forum to freely
discuss topics affecting the profession, including career development issues. The site is sponsored by Gerry Myers Associates, an IS Audit Consulting and Recruiting firm. To subscribe to
the list server, address your request to [email protected] with the word SUBSCRIBE in
the subject field only. You will receive an acknowledgment welcoming you to the list with
important information on using the list server.
IS Auditing Business Research Projects (http://www.csupomona.edu/~cis/gallegos/
msbaproj.html) - Web site containing project topics and abstracts for student research going
back to 1983. Many recent projects cover Internet-related topics.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 329
ISSA (http://www.issa-intl.org/) - Site of the Information Systems Security Association provides information about this international organization of information security professionals.
There are links to security-related sites, security tools and utilities, and security-related list
servers.
ITAudit.org (http://www.itaudit.org/) - The IIA Web site dedicated to information technology
(IT) information needs of auditors at all levels. Features include a forum for timely, interesting articles on IT topics, a reference section containing links to useful information resources
on the Internet, including AuditNet, a conference section with threaded and interactive discussions, and a Yellow Pages section containing links to technology products and services auditors need.
Jefferson Laboratory Internal Audit Department (http://www.jlab.org/div_dept/audit/
index.html) - Web site provides the charter, strategy, methodology, reports and work plans,
and more.
Journal of Accountancy (http://www.aicpa.org/pubs/jofa/joahome.htm) - The professional
journal of the American Institute of Certified Public Accountants. The site includes articles
and indexes from 1977 to current.
Journal of Financial Abstracts published by the Financial Economics Network and devoted to
the electronic publishing of abstracts in research in financial economics and related topics.
The JFA is free and distributed electronically via the Internet. To subscribe, send e-mail to
Wayne Marr at the following address: [email protected].
Kansas City Auditor’s Office (http://www.kcmo.org/auditor) - Site provides information about
the office and the type of audits performed.
Kansas Legislative Division of Post Audit (http://skyways.lib.ks.us/kansas/kslegPAUD/
homepage.html) - The audit organization of Kansas government. The site provides information about the organization, its functions, missions, goals, and performance measures. There
are links to other audit organizations, search engines, and more.
Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (http://csrc/
nist.gov/nistpubs/800-10/) - NIST Special Publication 800 10 provides auditors with an excellent introduction and overview of firewall issues. Useful document in planning audit reviews of Internet connections.
Kelley Blue Book (http://www.kbb.com/) - Provides vehicle values for new and used cars and
motorcycles. Good industry standard resource for auditors looking at inventory valuation guidelines for fleet vehicles.
330 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Kentucky Auditor of Public Accounts (http://www.state.ky.us/agencies/apa) - Web site provides information about the office, reports, an employee index, and more.
King County Auditor’s Office (http://www.metrokc.gov/auditor/) - Home page provides information about the office, e-mail addresses for the staff, a list of current projects, an index of
audit reports issued including the executive summaries (organized by agency, topic and year
issued), and links to other audit-related sites.
Knowledge Base (http://trochim.human.cornell.edu/kb/index.htm) - An online textbook for
an introductory course in research methods. Auditors conducting any sort of online research
will find this site useful.
Knowledge World (http://www.ec2.edu/kworld/index.html) - A comprehensive Web site covering issues on knowledge management, including a small business advisor, education center,
white paper, and more.
Korean Board of Audit and Inspection (http://www.bai.go.kr/) - Web site for the agency that
monitors the performance of Korean government operations. Information available includes a
history of the organization, annual report, and links to other Korean sites.
Lambers CPA Review (http://www.lamberscpa.com/) - Site of the publisher of professional
exam review guides for CPA, CIA, and CMA.
LAN Security Guidelines (http://www.utoronto.ca/security/) - Go to LAN Security Guidelines. Site provides checklists for administrators to evaluate and adjust LAN security. This is
a comprehensive document that covers everything from access controls to virus protection.
Includes a section on LAN audit considerations.
LeaseAudit (http://www.leaseaudit.com) - Web site contains the role of a lease audit, lease
language, court decisions, and links to other related sites. There is also information about
Lease Audits: The Essential Guide available from the sponsor of the site.
Legal/Accounting Web (http://www.cloud9.net/~kvivian/html/legal_accounting_web.html) Site from Kaye Vivian, a marketing communications consultant, provides comprehensive information on marketing and practice development for professional firms. Includes links to
sites, articles, jobs, marketing tips, and more.
Legal Investigator Links (http://www.teleport.com/~pagrue/) - The private
[email protected] page provides links to sites of interest to investigators. There are
resources such as the Detective Information Network, Criminal Justice Links, Computer Network Security, the FBI, and others. There is also a link to several privacy-related sites.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 331
Legal Services Corporation Audit Guide (http://oig.lsc.gov/lscpages/aud1.htm) - Provides
guidance to auditors and recipients of LSC grants.
Legal Services Corporation Office of Inspector General (http://oig.lsc.gov/aud/cs3recov.htm)
- Web site provides a link to their Audit Guide and Compliance Supplement, and allowable
cost/cost principles.
Legislative Analyst’s Office (LAO) (http://www.lao.ca.gov/) - The LAO provides analysis to
the California legislature on financial and policy issues. As an independent legislative oversight body, the LAO advises lawmakers on the financial impact of policy issues, including
state and local government implications and the use of information technology as a tool to
make government more effective. Documents include budget analysis, reports, policy briefings, and special publications.
LGNet (http://www.ig.org/) - The Local Government Network sponsored by the Innovations
Group on the WWW provides information services for local government professionals. Valuable resource for local government auditors and accountants with information on performancebased measurements, document imaging, reinvention projects and more. The Innovations Group
issues a quarterly newsletter called Local Government Online that highlights ways cities and
counties are using electronic communication to improve productivity, save money, and provide excellent service to citizens.
Licensing and Software Management Guide (http://www.microsoft.com/piracy/licensing/
samguide.asp) - Provides an effective system for software acquisition, distribution/use, copyright law, and more. Includes sections on software audits, audit tools, audit resources, preparing for an audit, initial analysis, conducting, and reporting.
Litigation Cost Control Resource Center (http://www.tiac.net/users/svoltz/freebies.htm) Web site dedicated to information on controlling the cost of litigation. A free Litigation Cost
Control Manual and other advice is available by e-mail.
Locating Canada’s Incorporation Records (http://w3.uwyo.edu/~prospect/caincorp.html) Web site with contact information for national, provincial, and territorial public records.
Locating U.S. Incorporation Records Online (http://w3.uwyo.edu/~prospect/secstate.html) Web site provides links to secretaries of state sites, official state corporation databases, IRS
nonprofit data, and more.
Lorain County Auditor (http://www.loraincounty.com/auditor/) - Local government Web site
provides information about the office and the services they offer.
332 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Louisiana Inspector General (http://www.state.la.us/oig/inspector.htm) - Web site provides a
history of the office, mission statement, public reports, and more.
Louisiana Legislative Auditor (http://www.lla.state.la.us/) - Web site provides information about
the office, types of audits performed, reports issued, and more.
Louisiana State Division of Administration (http://www.state.la.us/doa/doa.htm) - Site of the
organization that oversees the management of state financial administration.
Maine Office of Program and Legislative Audit (http://www.state.me.us/legis/opla/
reports.htm) - Web site of the Maine legislative audit function provides access to reports
issued.
Majengo Software (http://www.majengo.com/) - Vendor of audit productivity solutions that
will speed up audit work, cut costs, and provide a new quality standard for audits. Demos
available for download from their Web site includes AUDITJOB, which lets you recycle
workpapers from previous years and jobs and publish standard template forms, audit programs, and check lists; INSIDE OUT, a trial balance processor, and HORSE’S MOUTH, which
automates workpapers.
Management Control (http://www.mc2consulting.com/govpage.htm) - Web site for corporate
governance, accountability, and management control provides information and articles on the
subject for internal auditors. The site advocates a collaborative approach involving various
disciplines and stakeholders. This site provides excellent information on control self-assessment and coactive control topics.
Management Control Concepts (http://www.mc2consulting.com/) - Home page for audit-related consulting and training services. Includes a description of services offered and books
authored by the consultant (David McNamee), and links to audit-related sites.
Management Link (http://www.inst-mgt.org.uk/external/mgt-menu.html) - A comprehensive
site developed by Information Researchers at the Institute of Management’s Management Information Centre. There are links to sites on management skills and management sources.
Managerial Auditing Journal (http://www.mcb.co.uk/cgi-bin/journal1/maj) - Provides links
to illustrative articles and subscription information.
Managerial Cost Accounting Guide (http://www.va.gov/cfo/pubs/CostGuide/default.htm) Available on the Veteran’s Administration Web site. The Guide includes tools and techniques
for implementing a managerial cost accounting system. There is an introduction to project
management, implementation strategies, organizational analysis, costing methodologies, team
charters, position descriptions, statements of work, and more. The Guide, in Word97 format,
provides a free viewer download for those professionals that do not have the program.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 333
Manatee County Internal Audit (http://www.clerkofcourts.com/internal.htm) - Web site provides information about the office, services provided, published audit reports, and more.
Maricopa County Internal Audit (http://www.maricopa.gov/internal_audit/default.html) Provides information about the department and an index of audit reports issued.
Maryland Association of Certified Public Accountants (http://www.macpa.org/) - Site includes information about the association, a comprehensive listing of resources, and CPE opportunities.
Maryland Comptroller of the Treasury (http://www.comp.state.md.us/main.htm) - Provides
information about the office, services offered, and links to general taxpayer assistance for
Maryland residents and businesses.
Massachusetts Office of Inspector General (http://www.state.ma.us/ig/ighome.htm) - Web
site for the state watchdog agency. Site provides information about the office, publications
issued, and more.
Massachusetts Society of CPAs (http://www.mscpaonline.org/) - Well-organized Web site for
the state society includes information about the organization, a record retention guide, Internet
from A to Z (links and resources for business), and more.
Massachusetts State Auditor (http://www.state.ma.us/sao/) - Web site provides information
about the office and its divisions.
Massey University Accountancy Department. (http://cc server6.massey.ac.nz/0/massey/depts/
ac/dp.htm) - This site provides discussion papers from 1981 on a variety of accounting/audit
topics. This is a great resource from New Zealand for background material in preparing for or
researching audit methodologies or new potential audit areas.
Measure.net (http://measure.net/index.htm) - Web site dedicated to improving corporate performance measurement systems provides an Idea Exchange, a Resource Center, and information about performance measurement audits.
Medina County Auditor (http://www.medinacountyauditor.org/) - Local government Web site
provides information about the office and the services they offer.
Methodware Ltd. (http://www.methodware.com/) - Web site for Advisor software products
which automate international frameworks such as COBIT and COSO, and assist organizations
perform control self-assessment, quality reviews, risk evaluations, and more. The web site
also includes examples of customized solutions.
334 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Metro Office of the Auditor (http://www.metro-region.org/glance/auditor/dow.html) - Helps
the Portland Metro regional government achieve honest, efficient management and full accountability to the public. Links to reports, a newsletter, and more.
Metropolitan Water District of Southern California (http://www.mwd.dst.ca.us/audit/docs/
audhome.htm) - Audit department home page includes information about the department,
charter, work plan summaries, and more.
Michigan Office of the Auditor General (http://www.state.mi.us/audgen/) - Home page includes information about the office and their reports.
Micro-Computer Security Checklist (http://www.fis.ncsu.edu/audit/selfaccs/intcont/
selfeval.htm) - Web site from the North Carolina State University internal audit department
provides a guide for department managers.
Micrografx, Inc. (http://www.micrografx.com/flowcharter) - FlowCharter is a business drawing, diagramming, and charting tool. It can be used to create organization charts, network
diagrams, statistical control charts, and flow diagrams of any type.
MicroMash Accounting Reviews (http://www.micromash.com/) - Provides information about
their review courses for the CIA, CPA, CMA, CISA, CFM, and more. They offer tutors, indicators (practice exams), and downloadable demos of their programs.
Microsoft Network Industry Accounting Forum (http://www.microsoft.com/industry/acc/) Site includes articles and products of interest to accountants. There is a downloadable version
of Microsoft’s Software Auditing Resource Kit for designing software audit applications.
Milwaukee County Department of Audit (http://www.co.milwaukee.wi.us/depart/daudit.htm) - Web site provides information about the office and the services offered.
Minnesota Office of the Legislative Auditor (http://www.auditor.leg.state.mn.us/) - Web server
for the Legislative Auditor’s Office. The OLA server includes history of the office, information about the Financial Audit Division, and Program Evaluation Division. Copies of audit
reports, including a report on Performance Budgeting. Provides links to the Minnesota legislature Gopher server, and federal, state, and Internet information resources of interest to auditors.
Minnesota Office of the State Auditor (http://www.osa.state.mn.us) - Web site provides information about the office, online access to reports, and downloadable files from prior periods.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 335
Minnesota Society of Certified Public Accountants (http://www.accountingnet.com/society/
mn/) - MNCPA online site provides information about the organization, articles from their
newsletter, CPE opportunities, and more.
MIS Metrics and Benchmarks Scoreboard (http://mis.tqn.com/blbench.htm) - Provides staffing, budget, salary, and spending information from MIS executives.
MIS Training Institute MISTI (http://www.misti.com/misti) - Web site contains information
on seminar offerings and links to other Internet sites. The MISTI curriculum includes courses
in modern internal audit and information systems audit and security. They also offer a variety
of products and services, including topical conferences, video training, publications, and more.
Mississippi Joint Legislative PEER Committee (http://www.peer.state.ms.us/index.html) Web site for the Mississippi Performance Evaluation and Expenditure Review Committee
provides access to reports from 1974 to present in Adobe Acrobat format. There are also FAQs
and links to other sites of interest.
Mississippi Office of the State Auditor (http://www.osa.state.ms.us/) - Web site provides information about the function, public documents, press releases, and links to other sites of
interest.
Missouri State Auditor’s Office (http://www.auditor.state.mo.us/) - Site includes information
about the office, details on reporting fraud, waste and abuse, summaries of reports, and more.
For more information, send e-mail to [email protected].
Montana Legislative Audit Division (http://www.mt.gov/leg/audit/) - Site provides information about the organization, access to reports, goal, audit standards, employment opportunities, and more.
Multnomah County Auditor’s Office Home Page (http://www.multnomah.lib.or.us/aud) First county auditor’s office to establish a home page on the Web. Includes summaries of
recent auditor’s reports, an index of past reports, a profile of the office, and an auditor’s
column. The page is directed at Portland citizens with access to the Internet, to let them know
about the county auditor’s office.
Municipal Bond Scandals (http://lissack.com/) - Site provides overview of scandals and problems affecting the municipal bond industry in the U.S. Includes definitions and common
terms, search capability, and a large index of relevant articles.
MuniNet Mailing List - FinanceNet mailing list targeted to municipal and township financial
managers and clerks. The list will be a distribution and discussion list for issues relating to
financial management of municipalities, townships, and counties within larger geopolitical
336 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
jurisdictions. To subscribe, send e-mail to [email protected] and include message “subscribe MuniNet (FirstName LastName).
NALGA Local Government Auditing Quarterly Audit Abstract Database (http://
www.execpc.com/~milcoaud/) - Provides the listing of audits performed by local government auditors that appeared in their newsletter, the Local Government Auditing Quarterly.
The Local Government Audit Newsletter (LGAQ) contains abstracts of audits performed by
members of the National Association of Local Government Auditors. This database contains
information about those abstracts, including reference to the newsletter containing the abstract. The program searches the database for selected keywords and displays information
about the abstracts that match those keywords. The information includes where to find the
abstract in the newsletter and who produced the audit so that you may contact them. The
downloadable database is available in both DOS and Windows format. An older copy of the
database is available as a zip file on the ASAP FTP site. Retrieve and extract the file and
follow the installation instructions.
NARA IG (http://www.nara.gov/ig/) - The National Archive and Records Administration Inspector General’s Office homepage provides a wealth of resources for IG offices. The site
provides information about the role of the IG and the audit and investigation units. There are
links to other related sources and a Guide to Internet Legal Research with links to areas of
special interest to IGs, statutes, case law, regulations, legislative history, and more.
NASA Office of Inspector General (http://www.hq.nasa.gov/office/oig/hq/) established a home
page on the WWW. Provides the mission statement, information on their hotline, and summaries of the audit and investigation sections, including sample audit findings.
National Association of Enrolled Agents (http://www.naea.org/) - Site provides information
about the association and its members, how to find a tax advisor, tax links, tax news, and
electronic commerce resources.
National Association of Financial Services Auditors (http://www.nafsa.com/index.htm) - Web
site provides information about the organization, conferences, membership, and more.
National Association of Local Government Auditors (http://www.nalga.org/) - Home page
for NALGA the organization formed to bring together professional local government auditors.
The site includes information about the organization, annual conferences, and excerpts from
the Local Government Auditing Quarterly.
National Association of Purchasing Management (NAPM) (http://catalog.com/napmsv/) Silicon Valley Chapter maintains a World Wide Web page on the Internet. Includes resources
for purchasing and supply management professionals. Purchasing articles include topics such
as Software Licensing Flexibility, Paperless Purchasing, and Getting Started With EDI. The
_____________________________ Appendix B — The AuditNet Resource List (KARL) 337
site also includes a library collection of books, video and audio cassettes on purchasing, materials, operations, and business management.
National Association of State Auditors, Comptrollers and Treasurers (http://sso.org/nasact/
nasact.htm) - Web site for the organization which includes public financial management,
treasury, and audit reports. Provides links to state auditors and treasurers on the Web, state
comptroller, and state auditor issues.
National Association of State Boards of Accountancy (http://www.nasba.org/) - This Web site
provides information about the organization, a listing of individual state boards of accountancy, a national registry of CPE sponsors, and more. Some areas are restricted to members
only.
National Association of State Budget Officers (http://www.nasbo.org/) - Web site for the professional organization for state finance officers. The site includes a list of available publications, links to budget related links, and more. The Budget Links page also includes sites related to performance measurement.
National Association of State Information Resource Executives (http://www.nasire.org/) Clearinghouse of state government information on the Internet. Selectable categories include
Auditors, Finance and Administration, and Information Resource Management. Categories
provide links to related information servers.
National Association of Trust Audit and Compliance Professionals (http://www.natacp.org)
- Web site for trust, audit, and compliance professions provides information about the organization, membership, career opportunities, and more.
National Audit Office (http://www.open.gov.uk/nao/home.htm) - Home page for the independent public sector audit organization in the United Kingdom. This office reports on the economy,
efficiency, and effectiveness of departments and related parts of the government. The NAO
publishes up to 50 value-for-money audits annually. A listing of the reports available is on the
site as well as press notices that provide an abstract for each report. The Annual Report summarizes their work and results achieved.
National Council on Compensation Insurance (http://www.ncci.com/index.html) - The largest workers’ compensation data, statistical and research corporation. Web site contains information about products and free publications.
National Credit Union Administration (http://www.ncua.gov/) - Web site of the independent
federal agency that oversees federal and state credit unions. Online information for auditors
includes guidelines for operations, an accounting manual, the FFIEC IS Examination Handbook, and Financial Performance Report Guide.
338 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
National Criminal Justice Reference Service (http://www.ncjrs.org) - The NCJRS established
a Web site containing various resources from the National Institute of Justice, the research and
development agency of the U.S. Department of Justice. Includes updates from the Office of
Justice and the Office of National Drug Control Policy. Also provides information about products and services sponsored by NCJRS.
National Health Care Anti-Fraud Association (http://www.nhcaa.org/) - An organization composed of private health insurers and federal/state law enforcement officials dedicated to the
detection, investigation, and prosecution of healthcare fraud.
National Library of Australia Department of Finance (http://www.finance.gov.au/) - Site
provides Australian government information from the Department of Finance. The Information Technology and Systems area includes IT Acquisition Council Guidelines as well as
information on publications such as Implementing Financial Management Information Systems.
National Society of Accountants (http://www.nsacct.org/) - Web site provides information about
the association, job links, legislative issues, and more.
National Society of Insurance Premium Auditors (http://www.nispa.org/) - Web site includes
background information, industry news, publications, and more.
National Society of Public Accountants (http://www.nspa.org) - Site provides information about
the NSPA, a national organization representing local practitioners, and small businesses. There
is information about publications, course availability, membership, and more.
Naval Inspector General (http://www.ig.navy.mil/New_Look.html) - Web site provides information about the office, online publications, and more.
Nebraska State Auditor of Public Accounts (http://www.nol.org/home/auditor/index.html) Home page that provides information about the organization, including the Special Audits and
Evaluation Unit which operates a hotline. Includes examples of complaints and concerns.
Netherlands Court of Audit (http://www.rekenkamer.nl/en/index.htm) - The official audit
organization for the government. The site includes performance and regularity audit manuals,
summaries of audit reports, the legal basis for the office and more.
Network 1 Security Related Links (http://www.network 1.com/) - Consulting firm with links
to security-related Web pages and security-related newsgroups.
Network-list, the official CPA Guide discussion list, is provided for immediate discussion of
accounting topics by interested parties. To subscribe to Network, send an e-mail message to
_____________________________ Appendix B — The AuditNet Resource List (KARL) 339
[email protected], with the words “subscribe network” in the message body. Note:
you must send your request from the e-mail account you wish to use. If you do not, your e-mail
message must read “subscribe network other_email_address”, with the e-mail address you
wish to use substituting “other_email_address.” Send mail to Network recipients via
[email protected]. Note: you must be subscribed in order to send messages.
Network Risk Assessment Users Manual (http://wwwoirm.nih.gov/security/) is available in
either Word or WordPerfect format from the NIH Information Systems Security page.
Nevada Legislative Counsel Bureau Audit Division (http://www.leg.state.nv.us/lcb/audit/
audit.htm) - Web site provides information about the office, list of reports issued, organizational structure, and more.
New Hampshire Legislative Budget Assistant (http://www.state.nh.us/lba/index.html) - Web
site for the audit division provides their mission, staff directory, summaries of reports, and
links to other sites.
New Jersey Office of the State Auditor (http://www.njleg.state.nj.us/html98/olsaudit.htm) Web site provides information about the office, mission statement, and full text of recent audit
reports in Envoy format (free reader available).
New Mexico Military Institute Internal Audit (http://www.nmmi.cc.nm.us/audit/Guest.html)
- Site provides information about the department, FAQs, and links to other resources.
New Mexico State Auditor (http://www.saonm.org/) - Web site of the office responsible for
safeguarding New Mexico taxpayers’ money.
New Mexico State Treasurer (http://www.stonm.org/) - Web site of the office responsible for
accounting for taxpayers’ money. Site provides access to public reports.
New South Wales Audit Office (http://www.audit.nsw.gov.au/) - Site includes information about
the office, roles and responsibilities, reports and publications, and more.
New Technologies Inc. (http://www.forensics-intl.com/intro.html) - A security consulting firm
that offers training and tools for computer forensics. Site provides articles, software, visual
aids, and more.
New York State Office of the State Comptroller (http://www.osc.state.ny.us) - Well-organized
Web site provides information about the office, audits of state agencies, local government
services and audits, the State Comptroller’s Assistance Network (SCAN), and links to other
useful sites and more.
340 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
New Zealand Controller and Auditor-General (http://www.netlink.co.nz/~oag/) - Office of
the controller and auditor-general of New Zealand provides general information, recent reports, speeches, and international affiliations.
Nijenrode Business Resources (http://library.nyenrode.nl) - Comprehensive list of business
resources maintained by Nijenrode University in the Netherlands. Provides links to business
resources on the Internet.
NJH Security Consulting, Inc. (http://www.njh.com/) - Web site for a security consultant specializing in Internet penetration testing and Web security. Items of interest to auditors include
articles on security-related issues and problems.
Non-Federal Audits Team Home Page (http://home.gvi.net/~edoig) - Provides a “one stop
shopping” for information pertaining to Single Audits and other audits of Education Programs
(SFA Audits, Lender Audits, etc). (Non-federal means audits of Federal Funds performed by
Non-Federal Auditors). Information is organized by source (GAO, OMB, PCIE, ED, etc.).
There are links to other related sites.
Nordic Accounting Network (http://www.nan.shh.fi) - Site is part of the International Accounting Network. Includes regional archives of information as well as links to the other network
members. For more information, send message to [email protected]
North Carolina Office of the State Auditor (http://www.osa.state.nc.us/) - Provides information about the State Auditor’s Office, online access to selected audit reports, e-mail request for
other reports, and links to other sites.
North Dakota State Auditor (http://www.state.nd.us/auditor/) - Web site provides information
about the office, links to audit reports, FAQs, employment information, staff directory, and a
fraud hotline.
Northeast Insurance Anti-Fraud Group (http://www.geocities.com/WallStreet/Exchange/
1276/) - An organization of investigative professionals dedicated to finding fraud in the insurance industry. Site includes topics of past and future meeting and links to other related sites.
Northern Territory Auditor-General’s Office (http://www.nt.gov.au/ago/) - Web site provides
information about the office and their reports.
Nova Scotia Office of the Auditor General (http://www.gov.ns.ca/legi/audg/) - Provides information about the office and the services offered. Includes annual reports by the auditor general.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 341
NPR Report (http://www.npr.gov) - From Red Tape to Results, hypermedia document. The Federal Reinventing Government report is available with word search capability on the WWW.
Go the Library section.
NT Bugtraq (http://www.ntbugtraq.com) - A mailing list for the discussion of security exploits
and security bugs in Windows NT and its related applications.
NYCComptNet (http://www.comptroller.nyc.ny.us) - Office of the New York City Comptroller
established an Internet connection and offers other localities ideas on how to improve their
financial systems and reporting, internal controls, and performance measures via the Internet.
Occupational Safety and Health Administration (OSHA) Web site (http://www.osha.gov)
which includes general information about the agency, standards, news releases, fact sheets,
publications, OSHA Compliance Assistance Tools, and safety and health related links on the
Internet. Auditors with OSHA audit responsibilities should include this site on their hot list.
Office of the Auditor General, Alberta, Canada (http://www.oag.ab.ca/) - Web site provides a
report on government accountability and links to annual reports.
Office of the Auditor General, New Brunswick (http://www.gov.nb.ca/audgen/index.htm) Web site provides information about the office and their publications.
Office of the Auditor General, Newfoundland and Labrador (http://www.gov.nf.ca/ag/) Web site provides information about the office, entities subject to audit, reports, and more.
Office of the Inspector General EPA (http://www.epa.gov/oigearth/index.htm) - Provides information about the organization, reports, strategic plan, and more.
Office of the Inspector General University of Florida (http://oig.ufl.edu/) - This Web site
contains a wealth of information for auditors in the college and university environment and
others. Includes a checklist for accounting and administrative controls, control summaries for
time records and leave, and tax compliance issues. The UF Software Copyright Policy is an
excellent model that includes policies and guidelines, resources, and training materials. There
are also links to other sites including the Florida Legislature.
Office of Management and Budget (http://www.whitehouse.gov/OMB) - Site contains links to
selected OMB circulars, bulletins, and regulations.
Office of the Provincial Auditor, Ontario, Canada (http://www.gov.on.ca/opa/en/ieng.htm) Web site provides information about the office and links to audit reports by ministry and by
program.
342 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Office of the Provincial Auditor, Saskatchewan (http://www.legassembly.sk.ca/provaud/) Web site provides information about the office, reports issued, and more.
Ohio, Auditor of State (http://www.ohio.gov/auditor/) - The Ohio State Auditor Office provides information about the office and its division, audit reports released, technical bulletins,
publications, links to related sites, and more.
Ohio Office of the Inspector General (http://www.ohio.gov/watchdog/) - Web site provides
information about the office such as mission and history. There are summaries of investigations, investigation reports, annual reports, FAQs, and more.
Ohio Society of CPA s (http://www.ohioscpa.com/) - CPA access site provides information about
the organization, news, information exchange, CPE, links to the Top Ten Web Sites for Accountants, and more.
Ohio State Internal Audit (http://www.busmgmt.ohio-state.edu/internal_audit/
osuiawww.htm) - Web site provides their mission statement, services and types of audits,
information about the staff, and an organization chart.
Oklahoma State Auditor (http://www.state.ok.us/~auditor/) - Web site includes agency information, audit reports, and forms.
OptionFinder (http://www.optionfinder.com/) - An electronic meeting tool that gets everyone
involved and keeps meetings on schedule. This keypad-based group polling system is used by
many organizations in the control self-assessment process.
Orange County Florida Audit Division (http://www.comptroller.co.orange.fl.us/audit/
audit.html) - Provides information about the office, the audit process, a fraud hotline, and a
list of published reports back to Fiscal Year 1987.
Orange County Internal Audit Department (http://www.oc.ca.gov/audit/index.htm) - Web
site for this California county provides information about the office, control self-assessment,
internal control, and more.
Oregon Secretary of State Audits Division (http://www.sos.state.or.us/audits/audithp.htm) Web site includes information about the office, report summaries, fraud hotline, and more.
Organization of Local Government Auditing (http://www.olga.org) - OLGA is an initiative of
Scandinavian auditing firms responsible for the auditing local government entities in their
respective countries. The Web site provides information about the organization and their members as well as links to other audit organizations.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 343
Orlando Internal Audit Office (http://www.ci.orlando.fl.us/departments/audit/) - Web site
provides their mission statement, a list of audit reports available, links to their hotline, revenue
auditing, and more.
Paisley Consulting (http://www.paisleyconsulting.com/) - Web site for a vendor of products
that address the needs of today’s changing internal audit departments. Products include
AutoAudit (audit automation software) and Workforce (audit staff scheduling software).
Patton & Patton Software (http://www.patton patton.com/) - Home page of the developers of
Flow Charting software. Provides information about the organization and its products. There
are links to flowcharting resource materials, including application stories, helpful publications and sources, common symbol definitions, and sample charts and diagrams. E-mail support is available.
Pennsylvania Auditor General (http://www.auditorgen.state.pa.us/) - Interactive tour of
Pennsylvania’s Taxpayer Advocate provides information about the office, audit results, and
career opportunities.
Pennsylvania Institute of Certified Public Accountants (http://www.picpa.com/) - Site contains information on education, government relations communications, including the table of
contents for its journal and pointers to its officers and chapters.
PeopleSoft Security, Audit, and Control Discussion Group (PSSAC-L) - A listserv devoted to
PeopleSoft Security, Audit, and Control. For those of you interested in subscribing to this list,
send an e-mail (with your signature feature turned off) to: [email protected].
Include no subject line. In the body of the message, type: subscribe PSSAC-L yourfirstname
yourlastname (example: subscribe PSSAC-L Jane Doe).
Performance Assessment Guide (http://www.dtic.mil/performance/paguide.html) from the
Department of Defense provides a Quality and Productivity Self-Assessment Guide, a Guide
for Developing Performance Measures, a Guide For Measuring Customer Satisfaction, Quality and Productivity Self Assessment Questionnaires, and more.
Performance Based Management Guide (http://www.itpolicy.gsa.gov/mkm/pathways/
8-steps.htm) from the General Services Administrations provides eight steps to develop and
use information technology performance measures effectively.
Performance Based Organizations (http://www.npr.gov/library/pbo/guide1.html) from the
NPR Web site provides a conversion guide for organizations that are shifting to a performance-based environment.
344 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Performance Indicators Page (http://www.auditcommission.org) - Provides comparative measures for local government and public safety entities. Results are in Microsoft Excel format
with separate spreadsheets for England, Wales, and police data.
Performance Management (http://www.ey.com/publicate/pm/) - Download library from Ernst
& Young contains practical articles on topic in Adobe Acrobat format.
Performance Management (http://www.oecd.org/puma/mgmtres/pac/) - Web site for the Organization for Economic Co-operation and Development (European Countries). The site identifies and explains key performance management issues, performance management publications, work methods, links to other sites, and more.
Performance Management Guide (http://www-hr.ucsd.edu/~staffeducation/guide/) is an excellent publication from the UC San Diego on managing employee performance. Auditors
reviewing the human resource department for their organization can use this guide as a model
for setting up an employee performance management system.
Performance Management System Audit Guide (http://www.qao.qld.gov.au/guidelin.html)
from the Australian Queensland Audit Office provides an audit approach, methodology, audit
considerations, criteria, and more.
Performance Measurement Best Practices (http://www.npr.gov/library/papers/benchmrk/
nprbook.html) is a benchmarking study report from the National Performance Review.
Performance Measurement Guide (http://www.sao.state.tx.us/) from the Texas State Auditor’s
Office provides information about setting up a performance measurement system and detail
on how agencies can establish adequate internal controls in measurement systems in order to
assist them in reporting accurate information.
Performance Measurement Handbook of Tools and Techniques (http://www.orau.gov/pbm/
resources/handbook1/handbook1.html) is an excellent resource for auditors involved in
performance measurement. The Handbook is available in HTML format or may be downloaded in PDF format for printing.
Performance Measurement Info (http://financenet.gov/financenet/start/topic/perf.htm) FinanceNet has a number of files and reports available on performance measurement.
Performance Measurement Office (http://www.qed.qld.gov.au/about/pmo/index.htm) - Web
site of the Queensland Education Department includes information about the office, performance information, a school planning and accountability framework, a measurement listserv,
and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 345
Performance Measurement Office (http://www.qed.qld.gov.au/about/pmo/index.htm) - Web
site of the Queensland Education Department includes information about the office, performance information, a school planning and accountability framework, a measurement listserv
and more.
Performance Measurement Resources (http://www.zigonperf.com/performance.htm) is a set
of free resources to help you with performance measurement problems. There are articles,
links, and sample performance measures for various job categories.
Performance Measures for Procurement (http://www.itpolicy.gsa.gov/perfmeas/pathways/
pp8ahow.htm) is a government task force report that provides best practices and procurement
performance measures.
Performance Measures List Archives (http://www.mailbase.ac.uk/lists/lis-perf-measures/) lisperf-measures for library and information science professionals maintains an archive of their
discussions. The list supports work in performance measurement in the library and information community throughout the world. Subscription details are available from this site.
Performance Pathways (http://www.itpolicy.gsa.gov/mkm/pathways/pathways.htm) - Web
site from the Office of Government-wide Policy provides a central resource for information
related to the development and use of performance measurement.
Performance Planning Guide (http://www.ospl.state.nc.us/planning/hcontent.html) from the
North Carolina Office of State Planning provides an excellent step-by-step process for setting
up a performance management system.
Philadelphia Office of the City Controller (http://www.libertynet.org/~citycont/) - Web site
provides information about the office, access to city economic information, and a searchable
audit database.
Point of Sale Discussion List (POS-List) was created for discussions related to business software such of POS, OE, Retail, Mail Order, Accounting, and more. To subscribe to pos-list,
send an e-mail to [email protected] with the message subscribe pos-list.
Portland City Auditor’s Office (http://www.ci.portland.or.us/auditor/pdxaudit.htm) includes
general information about the City of Portland, Oregon Audit Services Division. Includes list
of all audit reports issued, abstracts of audits, and links to other resources.
Practical Guide to Corruption Prevention (http://www.icac.nsw.gov.au/
pub_corruption_prevention/pub2_27_1cp.htm) prepared by the Independent Commission
Against Corruption is an excellent resource for developing a fraud and corruption program
within organizations. Modules include risk assessment, ethics, cash handling, purchasing, and
more.
346 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Premium Audit Advisory Service (http://www.aisg.org/paas/paas.html) provides publishing
resources and training for premium audit departments.
Prentice Hall Publishing (http://www.prenhall.com) - Searchable site for accounting, audit,
and technology books.
Preventing Business Fraud (http://www.ioma.com/newsletters/pbf/) - A newsletter from the
Institute of Management and Administration. Provides recent articles on the subject.
Princeton Office of Internal Audit (http://webware.princeton.edu/Audit/) - Site provides information about the office, their charter, objectives, audit guidelines, and links to other useful
resources.
Procurement Policies and Procedures Handbook (http://www.state.ma.us/osd/phand/) for
the Commonwealth of Massachusetts includes best value guidelines, role of procurement for
managers, contract categories, and more. This is a good reference document for auditors reviewing and comparing best practices.
Professional Ethics Resources on the WWW (http://www.ethics.ubc.ca/resources/professional)
- Provides links to sites on the subject.
ProfessionalCity.com (http://www.professionalcity.com/) is a vertical industry portal that provides research material and information regarding related products and services for specific
professions. There are currently “neighborhoods” for law, marketing, and accounting.
Professionals Online (http://www.prosonline.com) - Directory of WWW sites organized by
profession. Classifications include accounting, finance, business, and more. Resources for
accountants are organized into CPA Exam, Theory, Practice, Auditing, Commercial Law, Tax,
SEC Accounting, and more. Financial resources include business and personal finance and
digital cash.
Project Management Institute (http://www.pmi.org) - Web site for the organization for project
management professionals includes information about the organization and available resources.
The site includes a comprehensive Guide to the Project Management Body of Knowledge.
The Guide is in PDF format and requires an Adobe reader (available for free). The Guide
alone makes this site a sure bookmark for all auditors, accountants, and financial professionals.
Public Service Commission of Canada Audit and Review (http://www.psc-cfp.gc.ca/audit/
internet/recourse.htm) - Site includes information about the PSC, monographs and reports,
methodologies used, and links to other related site.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 347
Purdue University Internal Audit (http://www.purdue.edu/OOP/AUDIT/index.html) - Web
site provides information about the office, a guide to internal controls, links to other resources,
and more.
QS-9000 Auditor’s Checklist (http://www.isogroup.iserv.net/qslist.html).
QSAK (http://www.optimumtechnology.com/OptProdQSAK.htm) software used to schedule,
manage, analyze, and conduct internal audits, assessments, tests, and inspections. This management tool is designed to organize, direct, document, and report on internal and external
audits. Free limited version is available for download from Optimum Technology’s site.
Quality Auditor Home Page (http://www.geopages.com/WallStreet/2233) - Resource page for
quality auditors. Includes links to the ASQC, the Quality Auditor division, listserv for Good
Laboratory Practices, newsgroups, and more.
Quality Digest Magazine (http://www.tqm.com/digest/index.html) - The Quality Digest electronic magazine covers quality management issues. Examples of topics include how to, case
studies, benchmarking, reengineering, and more. The site maintains both current and back
issues.
Quality Network (http://www.quality.co.uk/quality/index.htm) - Site provides links to resources
on quality management, ISO 9000, environmental and safety management. Will include environmental and safety management auditing advice.
Quality Online Forum (http://www.qof.com/) - A subscription service available via dial-up or
via the Internet. There are links to proprietary databases, resources, and other quality sites.
Queensland Audit Office (http://www.qao.qld.gov.au/) - Home page includes information about
the office and links to other sites.
RACF-L ([email protected]) is a discussion list devoted to the topic of Remote
Access Control Facility. Auditors in organizations that use this security tool should consider
subscribing to this e-mail discussion group. You can join this group by sending the message
“sub RACF-L your name” to [email protected]. Note: This is a high volume list specifically designed for audit and security personnel using RACF.
Raptor Systems Security Library (http://www.raptor.com/lib/) - Provides links to a variety of
security articles.
Real Estate Accounting Professionals Forum (http://www.reap.com/reap/) - Site sponsored
by a financial products vendor includes a discussions area with topics on software support and
managerial issues. There are software reviews, sample products, and links to related Internet
resources.
348 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Republic of Singapore Auditor General’s Office (http://www.gov.sg/ago/) - Site provides information about the office, types of audits performed, and the 1994/95 Report. For more information, send e-mail to [email protected].
Research Institute of America (http://www.riatax.com) is a publisher of U.S. federal, state and
local tax information and analysis. Weekly updates on tax information, product reviews, demos,
and employment opportunities.
Researching Companies Online (http://home.sprintmail.com/~debflanagan/index.html) Provides a step-by-step tutorial on finding organization and industry information on the World
Wide Web.
RespondaNet (http://www.respondanet.com/) is the Web site for the Americas Accountability
Anti-Corruption project. The site contains information in English and Spanish including accountability, the quarterly newsletter, links to related sites, publications, event listings, and
more.
Review Information Network (http://www.tbs-sct.gc.ca/rin/Internal Audit/Index.e.html) Web site provides audit publications and guides from the Treasury Board of Canada.
Rhode Island Society of CPAs (http://www.riscpa.org/) - Site of this professional society provides links to Internet resources and information about the organization.
Risk Assessment and Control Design WWW Resource Kit (http://www.kpmg.ca/crsa/
main.htm) is a project of KPMG and includes a virtual library on the topic. There are articles
and guides and a moderated mailing list on the subject of CSA.
Risk Assessment and Risk Management (http://www.mc2consulting.com/riskpage.htm) - Web
site for a project that provides tools and articles on risk-related subjects. There is a risk glossary and internal audit risk bibliography that professionals will find useful for research and
background on the subject.
Risk Assessment Do’s and Don’ts (http://www.jebcl.com/riskdo/riskdo.htm) - Professor Boritz
provides guidance on risk assessment for internal auditors.
Risk Management Audit Guide (http://www.tbs-sct.gc.ca/pubs_pol/dcgpubs/TB_H4/
RISK_e.html) from the Treasury Board of Canada provides review guidance for auditors
including risk identification, compensation, volunteers, and more.
Risk Management and Internal Auditing (http://www.rpi.edu/dept/rmia/webpage/rmia.html)
- Site at Rensselaer Polytechnical Institute includes loss prevention policies and procedures,
Internal Control Manual, Conflict of Interest Policy Statement, and more. Most files in Adobe
Acrobat (PDF) format, which requires the Adobe Acrobat reader, available free by download.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 349
Risk Ranking and Security Controls (http://ourworld.compuserve.com/homepages/JerArdra)
- Web site of Jerry FitzGerald and Associates. Access a downloadable working copy of RANKIT(R) (and 16 page manual), a DOS-based risk ranking program and methodology that automates the ranking process. Information is also available on other information systems books
and software.
RiskList is a KPMG moderated mailing list forum for discussions on control and risk management issues. Join RiskList by sending an e-mail message to [email protected] with the
words “subscribe risklist” in the body of the message.
RISKWeb (http://www.riskweb.com) - Information resource for academics and professionals
interested in risk management and insurance issues. The RISKNet WWW server is a service
of the RISKNet mailing maintained at the University of Texas at Austin. The RISKNet mailing list provides individuals around the world with a forum for open discussion of risk and
insurance issues.
RMIT Internal Audit Group (http://www.rmit.edu.au/departments/ia/) - Web site for the auditors of the Royal Melbourne Institute of Technology. The page includes information about
the department, charter, FAQs, links to other audit sites, and more.
Robert Half (http://www.roberthalf.com) - Web site provides resources for job seekers including job openings.
Rothstein Associates (http://www.rothstein.com) - Home page for industry’s primary source of
information on disaster recovery. Contains an extensive index of material on disaster recovery
and links are planned to resources for business continuity and disaster recovery professionals.
For more information, send e-mail to [email protected]
Rutgers Accounting Web (RAW) Site (http://www.rutgers.edu/Accounting/) - located at
Rutgers University and mirrors the ANet WWW site.
St. Charles County Auditor (http://www.win.org/county/depts/sccgaud.htm) - Web site provides information about the office, their annual audit plan, links to audit reports, and more.
Saipan, Office of the Public Auditor (http://www.opacnmi.com/) - Web site for the official
auditor of the Commonwealth of the Northern Mariana Islands provides information about the
office, reports issued, government ethics, links to other resources, and more.
Sales System Control Objectives (http://www.umanitoba.ca/admin/internal_audit/admin/
internal_audit/html/sales.html) from the University of Manitoba provides system implementation control objectives for this functional area.
350 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Sampling and Surveying Handbook (http://www.au.af.mil/au/hq/selc/smplntro.htm) from the
Air University provides guidelines for planning, organizing, and conducting surveys. The site
includes guidance on selecting a sample size with a corresponding free program available for
download.
San Diego Auditor’s Department (http://www.co.san-diego.ca.us/cnty/cntydepts/general/auditor/) - Web site provides information about the department, goals, services, job information,
FAQs, and more.
San Jose Office of the City Auditor (http://www.ci.san-jose.ca.us/auditor/www.shtml) - Web
site provides information about the office, types of audits performed, FAQs, benefits to the
city, org charts, and a list of issued audit reports.
SANS Institute Online (http://www.sans.org/) - The System Administration, Networking and
Security Institute is an education and research organization for system and network administrators and security professionals. They provide resources and tools for professionals in related fields. Their e-mail newsletters are a valuable knowledge resource for IT auditors.
Scout Report for Business and Economics is an electronic newsletter from the Internet Scout
Project. The Report is published every other week and delivered via e-mail. To subscribe to
the Business & Economics Report, send e-mail to [email protected]. In the body of the
message type: Subscribe SRBUSECON.
Seattle, Office of the City Auditor (http://www.pan.ci.seattle.wa.us/seattle/audit/hpg.htm) Web site for the city’s independent auditor provides audit reports, a description of the audit
process, a whistleblower’s page, links to other audit offices, an excellent newsletter with a
performance theme, and more.
Securities and Exchange Commission (SEC) (http://www.sec.gov/) provides free Internet access to the EDGAR database. EDGAR on the Internet began as a trial project in 1993 with
New York University and the nonprofit Internet Multicasting Service. The Internet database
makes key financial information available to anyone with Internet access. There are plans to
provide e-mail requests for specific EDGAR filing documents and SEC information documents, multiple indexing of SEC information documents, and text search of SEC public information documents. The SEC site menu of services includes corporate financial information
from the EDGAR database; information on SEC operations and underlying acts; SEC-produced investor brochures, publications, and alerts; speeches, congressional testimony, press
releases, and daily information on commission enforcement actions included in the SEC News
Digest; and rulemaking proposals, as well as final rules.
Security Alert for Enterprise Resources (http://safer.siamrelay.com/online/) provides a monthly
security update for I.T. professionals and executives. E-mail notifications provide links to this
Web-based newsletter. Great knowledge resource on information technology security.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 351
Security & Hackerscene (http://bau2.uibk.ac.at/matic/) - Web site with a comprehensive set of
links to security and hacker information. Covers all aspects of Internet security on Unix, X
Windows, articles, hacker sites, security software, newsletters, and files.
Security Checklist (http://spider.osfl.disa.mil/cm/security/check_list/check_list.html) - This
site from the Defense Information Infrastructure Common Operating Environment (DII COE)
includes security checklists for Solaris, Windows NT, Oracle, and more. Files are available in
both PDF and MSW versions.
Security Magazine (http://www.secmag.com/) is a publication for corporate and commercial
buyers of security and other products in business, industry, and government. The site includes
an online database of products and articles on security issues.
Security Management Online (http://www.securitymanagement.com) - Magazine of the American Society for Industrial Security. Contains information about ASIS, editorial columns, articles, and more.
Security Newsletter, authored by noted security expert Winn Schwartau, provides the latest security tips, product news, and analysis to help reduce your network’s vulnerability. Free subscription to this e-mail newsletter is available at Network World Web site (http://
www.nwfusion.com/focus/).
Security Policies (http://www.sans.org/newlook/resources/policies/policies.htm) provided by
the SANS Institute include templates for computer usage guidelines, acceptable use statements, special access policy, incident handling, and more.
Security Resource Net (http://nsi.org/) - Site of the National Security Institute provides information on security-related topics, including computer alerts, products, a virtual security library, and more.
Sick Leave Management Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/AuditGuidance/
GUID305S.e.html) from the Treasury Board of Canada provides guidance for reviews in this
area. Sections include a model for sick leave management, planning and performing the audit,
and more.
Site Security Handbook (http://www.net.ohio-state.edu/hypertext/rfc1244/toc.html) - Product of an Internet Engineering Task Force work group. This document provides auditors with
guidance on how to deal with Internet security issues. Useful for designing audits and reviews
of Internet security.
Social Security Death Index (http://www.ancestry.com/ssdi/advanced.htm) is a freely accessible database of the Social Security Administration records of deceased individuals. Handy
tool for audits of organization retirees.
352 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Society of Management Accountants (http://www.cma canada.org/) - Home page for the organization that represents Canadian Certified Management Accountants. Site has information
about the designation, a library including articles from current and past issues of CMA Magazine, member news, and more.
Software Auditing Home Page (http://www.ex.ac.uk/ECU/auditing/welcome.html) - Site provides a review of software auditing systems, evaluations, notes, and implementation plans.
Includes links to related audit sites.
Software Information Industry Association (http://www.siia.net) - Web site provides information to keep members, developers, and users of computer software aware of SIIA activities
and developments. Information available on Publications, Anti Piracy Programs, and more.
This is a great resource for software compliance auditing.
Software Management Policy Manual (http://www.state.ct.us/otc/softmpm/smpmtoc.htm)
from the State of Connecticut provides their policy statements, agency responsibilities, and
software use policies. This excellent resource is a model for combating organizational software piracy.
Software Program Manager’s Network (http://www.spmn.com/) was created for managers of
large-scale, software-intensive development/maintenance projects to more effectively manage by identifying best management practices, lessons learned, and support. Site has a number of useful guides, including The Program Manager’s Guide to Software Acquisition Best
Practices.
Source Services (http://www.experienceondemand.com/) is the Web site for one of the leading
financial employment services. There are articles on career development, a strategic staffing
guide, the Salary Survey on Demand, and more. This is a great site for audit departments
looking to fill positions or for auditors seeking information on their worth in the job market.
South Australia Auditor General (http://www.auditsa.gov.au/) - Government Web site provides information about their office and the reports issued.
South Carolina Audit and Certification (http://www.state.sc.us/mmo/audit/audmenu.htm) Web site provides information about the office, audit program, internal control questionnaire,
and more.
South Carolina Comptroller General (http://www.state.sc.us/cg/news.htm) - Web site provides information about the organization, monthly financial reports, their Comprehensive
Annual Financial Report, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 353
South Dakota State Auditor’s Office (http://www.state.sd.us/state/executive/auditor/
auditor.htm) - Web site provides information about the office and the tasks performed.
South Florida Water Management District (http://www.sfwmd.gov/gover/2_intaudit.html) Inspector General’s Office Web site has information about the office, charter, audit reports,
and more.
Span of Control Calculator (http://www.icce.rug.nl/qr/ssocc.html) - Web site that provides a
simple formula for determining the size of an organization based on the span of control and the
hierarchical levels of management.
Spreadsheet Page (http://www.j-walk.com/ss/) - A comprehensive site with information and
links on all spreadsheet programs, books, and especially tips on what to do when you need
help with a spreadsheet problem.
Spreadsheet Research (http://panko.cba.hawaii.edu/ssr/) - A repository for research on spreadsheet development, testing, use, and technology. Sections include reports of errors in practice,
audits, development and audit experiments, questionnaire and interview studies, the year 2000
spreadsheet problem, and more.
SQL Auditor Pages (http://www.sqlauditor.com/) - Web site for a security analysis solution for
SQL Servers. Site includes information about the product, articles, FAQs, and an opportunity
for participating as a beta tester for the software.
Stanford University Internal Audit Department (http://www.stanford.edu/dept/InternalAudit) - Web site provides information about the department, their audit program, an Audit
Survival Guide for management, internal control factors, a Novell Network Security SelfAssessment, and more.
State Internal Audit Advisory Board (http://siaab.audits.uillinois.edu) - Auditing solutions,
online training, and education resources for the State of Illinois internal audit professionals.
Statistical Sampling for Auditors (http://www.hhs.gov/progorg/oas/ratstat.html) - RAT-STATS
is a package of statistical software tools used by the Office of Audit Services in the Department of Health and Human Services. It was designed to assist auditors in performing random
samples and evaluating the results. This site includes the manual and a self-extracting file for
the program.
StudyWeb (http://www.studyweb.com/) - A site designed for researching a variety of topics
using the Internet. The business and finance category includes topics for accounting, economics, federal reserve banks, finance, glossaries, investing, and newspapers on the WEB.
354 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Subrecipient Audit Guide (http://www.phila.gov/atservice/reports/audit98/auditweb/) - The
purpose of this manual is to implement the city of Philadelphia’s audit requirements for organizations and their independent auditors in preparing for and performing audits of organizations that receive financial assistance awards from the city.
Swedish School of Economics and Business Administration in Helsinki, Finland, Department
of Accounting, has a Web site(http://status.shh.fi/Depts/Redovis) which has tutorials and working papers. The Property of Audit Trail, by Anders Tallberg, analyzes the concept from the
perspective of computer security and accounting systems. Includes links to accounting-related
sites.
Symantec AntiVirus Research Center (http://www.symantec.com/avcenter/vinfodb.html) Web site from an AntiVirus software vendor provides a comprehensive database of computer
virus-related information. The site provides updates to their software, information about virus
hoaxes, and more.
Syracuse University Internal Audit Department (http://sumweb.syr.edu/internal_audit/
index.htm) - Contains useful information for all audit departments. The site includes information on the department, policies, procedures, and more. There is proactive information provided for the department’s customers such as password suggestions, computer security improvement suggestions, self-assessment documents, brochures, videos, and more. There is
guidance for university departments on self-audit for computers as well as administrative areas, including cash handling, inventory tracking, revenue, budget, personnel, and computing
issues. For more information, send e-mail to [email protected].
System Implementation Review Checklist (http://www.umanitoba.ca/campus/
adminstrative_systems/application_development/internal.htm) from the University of
Manitoba provides a comprehensive approach for a review of this area.
Tallahassee Auditing Department (http://www.state.fl.us/citytlh/auditing/audhompg.html)
- Home page provides information about the office, its staff, and a list of recent audit reports.
Tally System Corporation (http://www.tallysys.com/) produces Desktop Asset Management
tools. Site provides issues related to software and hardware management, white papers, and
links to Desktop Asset Management Associations. The White Paper on How the Internet Affects Your Business provides guidelines on smart Internet use.
Tampa Internal Audit Department (http://www.ci.tampa.fl.us/audit/index.htm) - Web site
for the city audit office. The site includes information about the office, current audit agenda,
audit programs, audit reports, tax information, links to related sites, and more.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 355
Tasmanian Audit Office (http://www.audit.tas.gov.au/) - Site includes information about the
office, audit reports, and links to other Australian audit sites.
Tax & Accounting Professional Network (TAPNet) (http://www.tapnet.com) - Provides information on the selection and implementation of accounting software systems. Professionals
can also subscribe to five e-mail discussion groups of various tax and accounting topics and
search for past articles published in Management Accounting magazine via the subject index
linked to abstracts of all articles published after October 1994.
Tax and Accounting Sites (http://www.taxsites.com) - An extensive list of tax, accounting, law,
finance, economics, and government sites maintained by Dennis Schmidt, Associate Professor of Accounting, University of Northern Iowa.
Tax-Jobs.Com (http://www.tax-jobs.com/) - Web site with job listings for tax professionals provides opportunities for employers, job seekers, and links to other related sites.
Taxpayers Against Fraud (http://www.taf.org/) - A nonprofit public interest organization devoted to fighting fraud against the federal government. The site includes information about the
False Claims Act, news releases, resources, health care information, and more.
TaxWeb (http://www.taxweb.com/) - Web site for federal, state, and local tax-related developments. Includes tax forms, filing extension information, federal and state legislation, tax research, enforcement, tax publishers, discussion groups, professional organizations, and more.
Tennessee Comptroller of the Treasury (http://www.comptroller.state.tn.us/) - Web site provides information and reports released for the office that has audit responsibility for all counties in the state.
Tennessee Valley Authority Office of the Inspector General (http://www.tva.gov/oig) - Home
page with information about the office and links to other audit, finance, and business-related
sites. For more information, send e-mail to [email protected]/.
Texas A&M University System Internal Audit Department (http://sago.tamu.edu/iaudit/
default.htm) - Web site provides information about the office, internal controls, an overview
of the audit process, and more.
Texas Comptroller of Public Accounts (http://www.cpa.state.texas.us/) - Window on state
government provides news and information, including comptroller publications, e-mail link to
the comptroller, and links to other related servers.
356 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Texas Information Resource Standards (http://www.state.tx.us/Standards/) - The Texas state
government site includes information security standards as well as a document titled Information Resources Security and Risk Management Policy, Standards and Guidelines. There are
also links to the American National Standards Institute (ANSI), Federal Information Processing Standards (FIPS), and more.
Texas Society of Certified Public Accountants (http://www.tscpa.org/) - Site provides information about the organization, including the CPA Yellow Pages, National Job Search, Government Resources, and more.
Texas State Auditor’s Office (http://www.sao.state.tx.us/) - Site has information about the mission, goal, objectives, and statement of values of the SAO. Key points of reports released
since 1994 and the full text of reports released since 04/96 is available online. Resources
include Acrobat versions of the Guide to Performance Measurement and the SAO Methodology Manual. Another downloadable file is CAFÉ (Comprehensive Analysis for Efficiency), a
visual basic application that contains summary information from various Texas state databases. Audit resource links on the Internet, employment opportunities, and training schedules
for Texas State Agency internal auditors are also included on this comprehensive Web site.
Thomas Jefferson University Internal Audit Department (http://physres2.uns.tju.edu/
internal.audit/) - Web site provides background about the organization, audit plan, internal
control guidance, and more.
Timeline Financial Reporting Forum (http://www.timeline.com/) - Site for accounting and
business professionals designed by the organization that develops financial management and
reporting systems. The site includes a page of links to resources for accounting, financial,
professional organizations, tax information, and more.
TimeSlips Corporation Web site (http://www.timeslips.com) - Provides information about the
organization’s products, including TimeSheet Professional for tracking staff time. Links to
accounting, legal, and consulting sites.
TipNet (r) - An Internet-based hotline that allows anonymous online reporting of economic crimes
such as product tampering, counterfeiting, and intellectual property piracy, available through
investigative consulting firm, Decision Strategies International. TipNet(r) designed to help
companies and trade organizations obtain valuable information that can reduce fraud and theft.
The service is set up to receive anonymous e-mail as well as encrypted e-mail using PGP
public key encryption software. For more information about TipNet(r), contact J. Jerome Bullock by e-mail at <[email protected]>.
Training and Seminar Locator (http://www.tasl.com) - Free access database to help find resources for training and professional development. Search U.S. training providers by type of
_____________________________ Appendix B — The AuditNet Resource List (KARL) 357
resource, subject, location, and date range. Eventually this service will provide online registration.
Training Function Audit Guide (http://www.tbs-sct.gc.ca/rin/ia_main/auditguidance/
GUIDE307.e.html) - from the Treasury Board of Canada provides information for reviews in
the staff training area.
Transactional Records Access Clearinghouse (http://trac.syr.edu/aboutTRACgeneral.html)
- TRAC is a data gathering, research, and distribution organization affiliated with Syracuse
University. The site accesses federal enforcement and regulatory agencies such as BATF, DEA,
IRS, and the FBI. This is an excellent site for benchmarking information, statistics, and trends
on crime and enforcement issues.
Treasury Management Pages (http://www.mcs.com/~tryhardz/tmpaa.html) - Set of Internet
information resources developed for treasury management professionals. Provides a wealth
of information on banking and corporate finance, treasury operations, and other management
topics.
Tulsa City Auditor’s Office (http://www.webzone.net/philwood/) - Web site provides links to
audit reports, audit and accounting resources, and more.
UCAR Internal Auditing (http://www.fin.ucar.edu/) - Web site for the University Corporation
for Atmospheric Research provides information about the office, FAQs, a guide to internal
controls, Ask-An Auditor, and more.
UNCW Internal Audit (http://www.uncwil.edu/ia/Index.htm) - Web site of the University of
North Carolina at Wilmington includes information about the department, their audit manual,
an excellent set of forms for control self-assessment, and more.
Union Pacific Corporate Audit (http://www.up.com/audit/) - Provides information about the
department and employment opportunities.
United Nations Office of Internal Oversight Services (http://www.un.org/Depts/oios/) - Web
site for the internal auditing function of this World Wide organization provides information
about the office, mandate, mission statement, activities, and reports.
University of Arizona Internal Audit (http://w3.arizona.edu/~audit/) - Web site provides information about the office, links to policies and procedures, and related sites.
University of Buffalo Internal Audit Program (http://www.mgt.buffalo.edu/departments/
AandL/intaudit/) - Web site for an endorsed Internal Audit Program at the University. Site
provides information about internal auditing, career opportunities, program course requirements, certification, student organizations, and more.
358 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
University of California, Berkeley Internal Audit Department (http://www.audit.berkeley.edu)
- Web site provides information about the office, planning, process, controls, and more.
University of Chicago Office of Internal Audit (http://www uccomp.uchicago.edu/audit/
audit.htm) - Site provides information about software piracy, internal control, the policy on
information technology resources, and a link to ACUA.
University of Idaho Auditing Services (http://www.uidaho.edu/admin/FnA/audit/) - Web site
provides information about the office, an Internal Control Self-Assessment Checklist, and
more.
University of Iowa Internal Audit Department (http://www.uiowa.edu/~intaudit/index.html)
- Site provides audit plans, mission statement, department news, and links to other university
internal audit Web pages.
University of Manitoba Internal Audit (http://www.umanitoba.ca/admin/internal_audit/
admin/internal_audit/) - Web site provides information about the office, FAQs, resources,
review checklists, and more.
University of Maryland, Internal Audit Office (http://www.umsa.ums.edu/iao/) - Site provides the IAO charter, procedural guidelines, an electronic brochure, a link to an anonymous
re-mailer, and more.
University of Massachusetts Accounting and Auditing Information (http://www.umass.edu/
acctg) - This site is designed primarily as an information source for students. There are links
to accounting sites, including accounting organizations, public accounting firms, and other
sources of information. There is also a section that provides selected course materials, including Introduction to Financial Accounting, Cost Accounting, and Auditing. Besides the syllabus and list of class projects, there are practice exams. The exams are structured like professional exams with a combination of multiple-choice and essay questions.
University of Melbourne Internal Audit (http://www.unimelb.edu.au/audit/) - Site includes a
strategic planning and management procedures manual. The manual describes a computerbased system used for planning, monitoring, and reporting audit activity. This is an outstanding example of auditors sharing knowledge and techniques in the pursuit of global audit
excellence.
University of Missouri Internal Audit (http://www.system.missouri.edu/audit/welcome.htm)
- Web site provides information about the office and frequently asked questions.
University of New Hampshire Internal Audit Department (http://marley.unh.edu/audit/
default.html) - Web site provides information about the department, policies and procedures,
FAQ, flowcharts, previously issued reports, and an excellent list of common audit findings.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 359
University of Notre Dame Audit and Advisory Services (http://www.nd.edu/~auditing/) Web site describes the office, services, policies and procedures, and more.
University of Rochester Office of University Audit (http://listener.uis.rochester.edu/audit/) Home page provides information about the office, a description of internal controls, links to
other sites, and more. There is a Top 10 List of Typical Audit Findings that auditors may find
interesting.
University of Waterloo Internal Audit Department (http://www.adm.uwaterloo.ca/infoia/
index.html) - Site provides background information on audit reviews, information on internal
controls (why they are necessary), policies and procedures, and more.
University of West Florida Office of Inspector General. (http://www.uwf.edu/~oig/oig.htm)
- Site provides information about the office, mission statement, strategic plan, audit and management advisory services. Includes links to auditing resources and more.
Unix Network Security (http://www.antionline.com/archives/documents/unix/
network-security.html) - A paper that provides a UNIX network security architecture based
on the Internet connectivity model and firewall approach to implementing security.
U.S. Army Audit Agency (http://www.hqda.army.mil/AAAWEB/) - Web site provides information about the agency’s mission, vision, values, goals, and strategic plans. There are links to
audit-related sites, government sites, and search engines.
U.S. Army Financial Analysis Package (http://www.hqda.army.mil/AAAWEB/finance.exe)
- Provides applications for Future Values, Current Values, Return on Investment, Inventory
Models, Learning Curves, Break Even Analysis, and Lease versus Purchase Analysis.
U.S. Army Internal Review (http://www.asafm.army.mil/IR/IR.htm) - Web site has information about their mission, services, training program, internal review guide, audit programs,
and links to other resources.
U.S. Army Statistical Sampling Program (http://www.hqda.army.mil/AAAWEB/SSS.exe) An application developed and used by the Army. Auditors may download and use this audit
program to help in statistical sampling.
U.S. Army Training and Doctrine Command Center OIRAC (http://www
tradoc.monroe.army.mil/irac/) - The Office of Internal Review and Audit Compliance Web
site contains listings of ongoing audits from Army Audit Agency, DoDIG, General Accounting Office, and local internal review audits. There are also past audit reports from GAO, Army
Audit Agency, and other select audits. The site also includes pointers to selected audit resources geared to the Internal Review Audit Community.
360 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
U.S. Code on the WWW (http://uscode.house.gov/) - The United States Code is the official,
subject matter order, compilation of the federal laws of a general and permanent nature that
are currently in force. In accordance with section 285b of title 2 of the U.S. Code, the Code is
compiled by the Office of the Law Revision Counsel of the United States House of Representatives. The Code is divided into 50 titles by subject matter. Each title is divided into sections.
Sections within a title may be grouped together as subtitles, chapters, subchapters, parts, subparts, or divisions.
U.S. House of Representatives OIG (http://thomas.loc.gov/home/audit.html) - Web site provides Financial Statements and Performance Reports issued. Reports are in PDF format and
require the Adobe Acrobat Reader.
U.S. Postal Service Inspector General (http://www.uspsoig.gov/oiginfo.htm) - Web site has
links to information about the office, hotline, reports, and more.
USA Jobs (http://www.usajobs.opm.gov/) - This is the U.S. government’s official site for jobs
and employment information. Auditors and accountants may search this site for employment
information and online career transition assistance.
User’s Guide for the Uniform Bank Performance Report (http://www.ffiec.gov/UBPR.htm)
- Guide from the Federal Financial Institutions Examination Council for an analytical tool
created for bank supervisory, examination, and management purposes.
UT System Audit Office (http://iron.utsystem.edu/home/AUD) - Web site for the University of
Texas System Audit Office. The site provides information about the office, the services they
offer, various resources including audit programs, and a participant manual for a control selfassessment workshop.
Utah Association of CPAs (http://www.uacpa.org/) - Home page provides links to local and
national accounting firms, CPE events, a CPA referral service, and more.
Utah State Auditor’s Office (http://www.sao.state.ut.us/) - Provides information about the office, a mailing list of local governments, access to audit reports, an audit hotline, and more.
Utah’s Legislative Auditor (http://www.le.state.ut.us/audit/lag.htm) - Home page of Utah’s
Legislative Auditor General. Provides information about the office, the purpose of performance audits, and abstracts of recent audit reports.
UWS Nepean Internal Audit (http://www.nepean.uws.edu.au/dvc/intaudit/) - Web site for the
University of Western Sydney Internal Audit Office. Includes their fraud control strategy,
audit plan, the role of internal audit, and links to related Internet sites.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 361
Value for Money Audit Manual (http://www.oag-bvg.gc.ca/domino/other.nsf/html/
99cam_e.html) - from the Office of the Auditor General of Canada provides standards, expected and common practices.
VassarStats Statistical Computation (http://faculty.vassar.edu/~lowry/VassarStats.html) - Web
site provides a comprehensive collection of statistical calculators for many procedures along
with examples of key concepts. There is also a table covering the platforms/browsers necessary to run some simulations.
Veris Social Security Number Verification Services (http://www.ssn-locate.com/) - Provides
methods for checking Social Security numbers for invalid, never issued, and deceased. The
services include standalone application programs and software libraries for a variety of computer systems, as well as a mail-in-processing service. SSN databases are obtained from the
Social Security Administration and updated monthly.
Victoria Auditor General’s Office Australia (http://www.vicnet.net.au/~vicaud1/aghome.htm)
– Home page includes information about the office, abstracts of reports, and links to other
audit offices and resources. Reports include a performance audit of the office by Price
Waterhouse, Privatisation: An Audit Framework for the Future, and more. For more information, send e-mail to [email protected].
Virginia Auditor of Public Accounts (http://www.apa.state.va.us/) - Web site for the commonwealth organization that conducts audit of state agencies and local governments. Site includes
audit reports for online viewing, information about the office, a directory, and recruiting information.
Virginia Department of State Internal Auditor (http://www.cns.state.va.us/dsia/) - Web site
provides information about the office, newsletters, job opportunities, a audit forum to discuss
relevant issues, and more.
Virginia Evaluation Information Online (http://jlarc.state.va.us/) - The Joint Legislative Audit and Review Commission home page providing information about members, meeting schedules and, most importantly, reports issued back to 1975. There is a chronological list of all
reports issued, an annotated index of reports, and online report summaries for selected reports
back to 1993.
Virginia Local Government Auditors Association (http://www.co.chesterfield.va.us/
ManagementServices/InternalAudit/vlgaa.htm) - Home page for the statewide organization dedicated to promoting the local government audit profession. Provides information
about the organization and upcoming training. For more information, send message to
[email protected].
362 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Virginia Polytechnic Institute Internal Audit Department (http://www.ams.vt.edu/) - Provides information about the office, policies and procedures, and an internal control guide for
managers.
Warren Gorham & Lamont (http://www.wgl.com) - WGL and Auerbach Publications established this Web site. Provides information about their publications on accounting, financial
management, taxation, and more. Includes links to related sites.
Washington State Auditor’s Office (http://www.saowa.gov/) - Site provides information about
the office, links to legal and audit resources.
Washington (State) Legislative Budget Committee (http://www.wa.gov/lbc/) - Site for the LBC
which conducts performance audits, program evaluations, special studies, and sunset reviews
on behalf of the legislature and the citizens of the state of Washington. The committee makes
recommendations to the legislature and state agencies that will result in cost savings and improved performance in state government.
Washington State University Internal Audit (http://www.wsu.edu:8080/~intaudit/
a_page1.html) - Web site provides the mission and objectives of the office, information about
audits, and more.
WebEc (http://www.helsinki.fi/WebEc/) is an effort to categorize free information in Economics on the Web. An excellent site for anything related to economics resources on the Internet.
West Virginia State Auditor’s Office (http://www.wvauditor.com) - Site provides information
about the office, guides, and reports.
West Virginia University Internal Audit Office (http://www.wvu.edu/~intaudit/index.html)
- This site provides information about the internal audit program at WVU. Includes the charter, types of audits conducted, selection and scheduling, audit policies, other resources available, and links to other audit sites.
Western Australia Office of the Auditor General (http://www.audit.wa.gov.au/) - Site provides information about the office and includes an index of reports from 1991. Recent reports
are available online.
Western Canadian Auditing Roundtable (http://www.wcar.org) - Web site for a nonprofit organization dedicated to the advancement of health, safety, and environmental auditing. Site
provides their mission and goals, a waste facility environmental review, and more.
Where in Federal Contracting (http://www.radix.net/~ambrose/) - Web site that provides a
comprehensive set of links to resources on the subject. “Where in Federal Contracting?” was
developed and is maintained by a government auditor.
_____________________________ Appendix B — The AuditNet Resource List (KARL) 363
White Collar Crime (http://www.sarnet.co.za/comcrime/index.htm) - Web site is an initiative
of a South African White Collar Crime Task Group. Provides an electronic booklet on dealing
with white collar crime, recent successes, and more.
Wichita State University Office of Internal Audit (http://twsuvm.uc.twsu.edu/~iawww/) Site includes FAQs, their charter, and a link to ACUA.
Wiley CPA Exam Review (http://www.wiley.com/cpa.html) - This site features the Wiley/
Delaney review materials for candidates preparing to take the CPA exam. Site also includes
FAQs on preparing for and taking the exam, and sample review questions.
Windows NT Security Guidelines (http://www.trustedsystems.com/NSAGuide.htm) from
Trusted Systems Services provide guidelines for securely configuring the Windows NT operating system. The 110-page guidelines were the result of a one-year project for the National
Security Agency (NSA) Research Organization.
Wisconsin Legislative Audit Bureau (http://www.legis.state.wi.us/lab/index.html) - Web site
provides information about the office and their work products.
WizRule (http://www.wizsoft.com/rule.html) - A data auditing and cleansing application that
analyzes databases and shows inconsistencies in the data. There is a demo available for download on the site.
World Tax (http://www.eyi.com/tITax.htm) - Ernst & Young’s site for international business,
tax, and accounting. The site features Tax News International, a “quarterly digest of tax information in more than 50 countries,” the 1997 Worldwide Corporate Tax Guide and the 1997
Worldwide Executive Tax Guide, which provides a summary of the corporate and personal tax
systems in more than 130 countries.
World Training Institute (http://worldtraining.com) - Web site for CPE training in taxation,
telecommunications industries, internal controls, COSO, and communication skills.
Wyoming Department of Audit (http://audit.state.wy.us/) - Web site provides information about
the organization’s divisions.
Year 2000 Audit Program (http://www.cowan.edu.au/mra/approach/year2000.html) is available from the Edith Cowan University Web site. The model covers the issues, control weaknesses and exposures, recommendations, and key controls.
Year 2000 Auditing and Accounting Guidance (http://www.aicpa.org/members/y2000/
intro.htm) is provided by the AICPA. The report is available for download in Word,
WordPerfect, PDF, and RTF formats.
364 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Year 2000 Business Continuity Plan (http://www.magnet.state.ma.us/y2k/projplanning/
businesscontinuityplan_template.htm) is a comprehensive template from the State of Massachusetts that will help auditors address key issues.
Year 2000 Contingency Plan (http://www.magnet.state.ma.us/y2k/projplanning/
contingencyplan_template.htm) is a template from the State of Massachusetts for actions to
be implemented in response to a year 2000 hazard.
Year 2000 Contingency Planning (http://www.bis.org/ongoing/index.htm) from the Bank for
International Settlements provides business continuity planning guidelines for financial institutions.
Year 2000 Disclosure Requirements (http://www.auburn.edu/slgacct/hotissue/hotissue.htm)
for state and local governments provided by the AICPA and GASB.
Year 2000 Information Center (http://www.year2000.com/) - Site covers the issue of the date
change to the year 2000. The site includes articles related to the issues, links to vendors that
will assist in the process, and links to other date related sites. There is information on subscribing to the Year2000 mailing list. For more information, send message to Peter de Jager
([email protected]).
Year 2000 Information Page (http://www.magnet.state.ma.us/sao/edp1yr2000.htm) from the
Massachusetts State Auditor Information Technology Audit Division provides a survey, report and links to state, federal, and other Y2K-related pages.
Year 2000 Page (http://www.disastercenter.com/year2000.htm) from the Disaster Center provides information and links to many resources for auditors. Site includes general information
on year 2000 as well as compliance information.
Year 2000 White Papers (http://www.myrickconsulting.com) - Web site provides discussion
papers for Y2K Project Guide, Contingency Planning, PC Application Test Report, and an
xBase Function Library.
Yipinet Knowledge Hub (http://www.yipinet.com/) - Offers CPE courses for the accounting
profession using an easy-to-navigate, full-solution Web destination for professionals who seek
continuing education. They provide CPE tracking and the site also includes an Industry Watch
that users can customize to their interests.
________________________________________ Appendix C — Sample Audit Programs 365
Appendix C
Sample Audit Programs
The Internet is an ideal environment for “Electronic Progress Through Sharing.” When I began
searching for auditing uses for the Internet, I noticed auditors posting repeated requests for audit
programs on electronic audit discussion groups (list servers and Usenet newsgroups). I knew that
other sites posted information in a Frequently Asked Question (FAQ) format and thought that this
should apply to a clearinghouse of audit programs as well. In 1985 the Auditors Sharing Audit
Programs Clearinghouse was established as another section of AuditNet. Audit programs contributed by auditors from around the world were posted in the spirit of “Electronic Progress Through
Sharing.” The following audit programs are an example of what the Internet can offer auditors in
the way of productivity resources.
Contingency Planning Audit Internal Control Questionnaire – Deborah Ray
Due Diligence: IT Action Plan – Sean De La Rosa
Dial-In Audit Program – Sapna Kapil
Insurance Audit Programme - Risk Management – Graeme Szetu
Third-Party Claims Processing Audit Program – Janet Wiseman
The ASAP Inventory is updated with new programs every month. The site is available at http://
www.auditnet.org. Auditors requesting specific audit programs must contribute an audit program
of their choosing to have their clearinghouse request added. As of September 1999, there were
more than 160 audit programs available.
366 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
CONTINGENCY PLANNING AUDIT
INTERNAL CONTROL QUESTIONNAIRE
Contributed by Deborah Ray, CISA
Prepared by:
Date:
Reviewed by:
Date:
GENERAL
1. Do any committees meet concerning disaster recovery plans?
POLICY
1. Does the Bank have written policies for disaster recovery?
PLANNING AND MAINTENANCE
1. Who is responsible for developing and maintaining the disaster recovery plan?
2. Is the disaster recovery plan reviewed regularly?
3. Has the Bank conducted a risk assessment to measure the potential impact of various disasters?
4. Are the results documented?
ANNUAL REVIEW
1. Has the plan been approved by management?
2. Is the disaster recovery plan presented to the board of directors annually for their approval?
When was it last presented?
DISASTER RECOVERY PLAN
1. How often is the disaster recovery manual updated?
________________________________________ Appendix C — Sample Audit Programs 367
2. When was the disaster recovery manual last updated?
Are copies of the plan stored off-site?
Where are they stored?
3. Is there a current inventory of items stored off-site?
CRITICAL FUNCTIONS AND RESOURCES
1. Is there an inventory of all critical equipment?
BACKUP
1. Does the Bank have written agreements with vendors for replacement of all equipment and
devises used?
2. Excluding data processing, are there provisions for use of backup equipment?
MEDIA INQUIRIES
1. Does the Bank have a formal policy regarding media inquiries?
TRAINING
1. Does the Bank provide periodic emergency response training, including evacuation procedures, to all employees?
TESTING
1. Does each location conduct periodic tests of disaster recovery plans, including emergency
evacuation?
2. Who is responsible for the actual structuring of the tests?
3. When was the plan last tested?
4. Has notification of personnel been tested?
368 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
RESPONSE TO DISASTER
1. Does the Bank maintain a record to document its response to disasters or other emergencies?
2. Who maintains the record?
PREPARED BY: ______________________________________________________________
DATE: ______________________________________________________________________
SOURCE: ___________________________________________________________________
________________________________________ Appendix C — Sample Audit Programs 369
DUE DILIGENCE: IT ACTION PLAN
Contributed by Sean De La Rosa
Prepared by:
Date:
Reviewed by:
Date:
1. Obtain a copy of the IT strategy plan, security policy, and other relevant policies introduced
by senior management. Comment on the procedures management has implemented to ensure that strategy plans are realized and what processes have been introduced to ensure that
staff adhere to security considerations.
2. The effects of year 2000 computer problems have been identified and verified by an independent party. Obtain copies of all reports and certificates verifying year 2000 compliance.
3. Comment on the extent of year 2000 testing even if year 2000 compliance certificates were
obtained.
4. Evaluate any required or possible system changes that will be needed to meet _____ Group
Requirements. An estimation of the costs involved in migrating to _____ Group Standards
should be prepared.
5. Obtain copies of recent external/internal audit reports relating to IT systems. Ascertain whether
significant concerns were corrected timeously.
6. A complete and accurate hardware and software inventory obtained and verified. Hardware
categorized into area, department, usage, processor, peripheral devices, network card, and
standalone software.
7. Ascertain what changes are planned (hardware and software) and document the motivation
for such changes. All planned changes should reflect the needs as established in the IT
strategy plan presented to senior management.
8. Valid licenses or agreements are obtained for all software on site and are verified.
9. _____ specific systems:
* Obtain full details of the computer controlled decanting system. If developed specifically
for _____, ensure that the considerations identified in point 10 are addressed.
* _____ maintain that the current sales processing and delivery system provides an impressive service level in terms of fast turnaround of orders. Obtain proof that service levels are
370 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
satisfactory and meet ____ service levels (e.g., orders placed before 12.00 p.m. are delivered to the customer by the next day).
* _____ was created to monitor cylinder movement. Verify the reliability of this system and
whether cylinders can be tracked to any locations.
10. For any software developed in-house, the following considerations apply:
* Were any people or companies involved in writing the software other than the employees
from _____? If so, obtain a copy of all relevant agreements, details of arrangements, etc.
* Do any employees have any rights in relation to the software? If so, obtain details of any
contractual agreements.
* Do any arrangements between _____ and a third party for the development of software
exist? If so, obtain copies of any arrangements.
11. Maintenance contracts for routine computer systems, specialized computer equipment, and
machinery are identified and details obtained.
12. Warranties for all routine computer systems, specialized computer equipment, and machinery are identified and details obtained.
13. All IT equipment not owned by _____ is identified, and full details on amounts still outstanding obtained.
14. Comment on the extent of long term licenses with software suppliers and the cost of such
obligations should _____ no longer require such licenses.
15. Ascertain what new systems (software and specialized hardware) are currently in the process of development and whether an approved system development methodology has been
applied.
16. Ascertain whether _____ has granted out any licenses in respect of software it uses.
17. Outsourcing agreements for IT processing are identified and copies of all such contracts
retained. This includes consultants and other contract personnel currently involved with
_____’s IT operations.
18. Ascertain what precautions management has introduced to prevent computer virus attacks
and what monitoring and corrective tools are available to eradicate detected viruses.
19. Software in escrow is identified and details provided.
20. Ascertain whether management has performed a detailed risk assessment of IT-related risks
and that the suggested IT strategy plan addresses the risks identified in the risk assessment.
________________________________________ Appendix C — Sample Audit Programs 371
21. Obtain a copy of actual/budgeted IT costs for the past three to five years. Verify that past
expenditure was well controlled and that regular report-backs to the steering committee
were provided.
22. If possible, obtain a copy of any IT cost forecasts for the next five years. Obtain comments
on any significant expenditures and verify that all suggested expenditures are supported by
the IT strategy plan.
23. Obtain an organizational chart of the IT reporting structure and a representation of the network topology.
24. Obtain detailed job descriptions and recent appraisals for all IT personnel and ensure that
they reflect current operating practices.
25. Comment on the controls implemented to ensure segregation of duties within the IT operations. Verify that segregation of duties has been maintained between the following:
* Systems development and maintenance
* Systems development and operations
* Systems development/maintenance and information security
* Operations and data control
* Operations and users
* Operations and information security
26. Ascertain whether the organization’s senior management has appointed a steering committee to oversee the IT function and its activities. If applicable, obtain copies of minutes of the
IT steering committee meetings (if any).
27. Obtain a copy of _____’s system development methodology and change control procedures
and ensure that it is compatible with Afrox’s existing framework.
28. Interviews with IT personnel are conducted to determine current operating practices.
29. Additional Concerns:
372 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
DIAL-IN AUDIT PROGRAM
Contributed by Sapna Kapil
Dial-In Administration
1. Review the process for user dial-in approval, setup on Advantis, and distribution of required
software and secure token.
2. Review the administration of the Advantis user database. Review security procedures over
dial-in to Advantis.
3. Review dial-in technical support and problem tracking.
4. Review the corporate dial-in policies for adequacy and to ensure they are up-to-date.
5. Review the process for requesting, approving, and documenting the location of all analog
lines.
6. Review the security and administration over the Blockade application.
Remote Dial-In
1. Review the corporate policy for LAN dial-in by users and vendors for adequacy and appropriate ownership.
2. Review the purchase and administrative procedures for the Security Dynamics SecurID product.
3. Review the administration of SecurID cards for remote/distributed systems.
Corporate Dial-In Direction
1. Review the status of the project to provide a centralized dial-in point for all LAN dial-in.
2. Review the corporate direction for providing Internet access.
________________________________________ Appendix C — Sample Audit Programs 373
INSURANCE AUDIT PROGRAMME - RISK MANAGEMENT
Contributed by Graeme Szetu
Insurance Audit Program
Risk Management Objective
The purpose of risk management is to reduce the group’s exposure to financial liability as the
result of accidental losses or other events causing potential or actual liabilities. Insurance is a
subset of risk management and used as a tool to manage specific risks.
Audit Objectives
a) To assess the effectiveness of the risk management process.
b) To ensure that all divisions adequately cover the insurable risks in their respective business
units.
c) To determine whether the insurance coverage is cost-effective.
d) To ensure that the procedures for reporting incidents and making claims are adequate and appropriate.
e) To determine whether uninsured risks should be insured.
Scope
A - Review of the risks identified in divisional strategic planning
B - Review of risk management in the group
C - Review of insurance policies and contracts
D - Review of insurance costs and premiums
E - Review of incidents and claims procedures
F - Review of uninsured risks
A. Risks Identified in Divisional Strategic Planning
Audit objectives: To ensure that all risks and their corresponding impact have been properly identified, and that action plans have been appropriately formulated.
1. Examine the process that management undertakes to identify and assess risks.
2. Review the risks identified by divisions and determine whether all risks have been identified.
3. Review the operational and financial impact of each risk and determine whether action plans
to manage risks are appropriate.
374 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
B. Risk Management
Audit objective: To review the risk management process and procedures to ensure that risks are
properly identified and assessed and action plans are correctly formulated.
Risks generally fall into the following broad categories:
1 - Property risks
2 - Liability risks
3 - Employee risks
4 - Operational risks
* Determine the officers responsible for risk management
* Review the procedures for managing risk in terms of:
- identification of potential claims (and future projections)
- purchase of appropriate coverage
- other action programs instituted to decrease losses/risk
- review of uninsured risks (and exposure to potential claims and deductions)
- approval of the risk management policies and procedures manual
* Review strategies used to manage risks:
- Avoid (i.e., other alternatives)
- Accept (i.e., after they are minimized)
- Diversify (i.e., other business activities)
- Share/transfer (i.e., through contracts such as insurance and joint venture partners)
C. Review of Insurance Policies and Contracts
Audit objective: To ensure that insurance policies are cost-effective in terms of adequately covering the group’s exposure to specifically identified risks.
1) Information required
Obtain the schedule of insurance that summarizes all policies. The schedule should contain the
following information:
- Policy period/insurers
- Nature of coverage, type, and description
- Premiums to be paid
- Amount of coverage and applicable limits
- Deductibles
2) Description of the business
________________________________________ Appendix C — Sample Audit Programs 375
Audit objective: To ensure that the description of the business is appropriate for insurance purposes.
Insurance premiums are determined in part by industry classification.
Review the current description of the business to determine whether it is appropriate given the
current activities and structure of the business.
3) Review of insured risks
Audit objective: To ensure that the group has adequate insurance coverage over significant risks.
Review the schedule of insured risks to ensure that all divisions are adequately covering all risks
on a cost-effective basis. This can be achieved by comparing insurance coverage from prior years
as well as reviewing loss/claim histories.
4) Annual declarations for premium renewal and adjustment purposes
Audit objective: To ensure that the relevant insurance company is advised of any material changes
in business activities or insurable items during the year that will affect insurance coverage.
Obtain memos and schedules that have been supplied to insurance companies on renewal of policies.
Specific policies require annual declarations for premium renewal. For example, payroll records
are externally audited for workers compensation purposes.
Review all declarations made when the contracts of insurance are renewed and during the course
of the year.
D. Review of Insurance Costs and Premiums
Audit objective: To determine whether costs and premiums for insurance can be reduced.
Obtain the schedule of insurance premiums by division over the last three years.
Investigate the reasons for changes in premium costs as to whether they have occurred because of
industry factors (uncontrollable) or company factors (controllable).
In the case of company factors, consider whether there are any remedial actions available that can
be implemented by management to reduce the level of incidence.
376 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
E. Review of Incidents and Claims Procedures
Audit objectives: To ensure that all incidents are reported properly, and that claims procedures are
being followed correctly.
Review the procedures over the reporting of incidents and the procedures for making claims. For
example, consider the following categories of claims:
1) Workers compensation claims
Obtain the schedule of workers compensation claims.
Review the list of current employees who are currently under workers compensation.
Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence.
- OH&S issues
- OH&S audits
- Establish an OH&S committee
- Change in work practices
- Independent advice
2) Motor vehicle accident claims
Obtain the schedule of motor vehicle accident claims.
Review the policies and procedures for motor vehicle accident claims.
Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence.
- Advanced driving courses
- Accident reporting procedures
- Police involvement
3) Property loss or damage
Obtain the schedule of property damage claims.
Review the policies and procedures for property damage claims.
________________________________________ Appendix C — Sample Audit Programs 377
Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence.
4) Theft or misappropriation claims
Obtain the schedule of theft or misappropriation claims.
Review the policies and procedures for theft or misappropriation claims.
Ensure that where perpetrators can be properly identified that all thefts or misappropriation are
reported to the police.
Consider whether there are any remedial actions available that can be implemented by management to reduce the level of incidence.
- Increased physical security (incidents versus cost)
- Increased internal controls (e.g., management review, reporting, independent review, systems)
- Computer security and backup
F. Review of Uninsured Risks
Audit objective: To determine whether the group should insure some of the risks that are currently
uninsured.
Review the list of uninsured risks and determine whether it is complete (prior year schedules may
be useful for this purpose).
Review action plans formulated to manage these risks and assess whether they are appropriate.
Determine whether the group should be insuring for any of these risks.
378 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
THIRD-PARTY CLAIMS PROCESSING AUDIT PROGRAM
Contributed by Janet Wiseman
Prepared by:
Date:
Reviewed by:
Date:
C-1 Audit Program
OBJECTIVES
The objective of the audit is to review and evaluate the administration and claims processing
services provided to the employer for the self-funded medical and dental plans in accordance with
the (Third-Party Administration) TPA Agreement, the employer Benefits by Design Medical and
Dental Summary Plan Descriptions, employer management directives, and industry standards.
Audit Steps
Field Work Performed by auditor
Workpaper
Reference
A. PRELIMINARY
1. Obtain and review the -TPA Agreement, the -Blue Cross Blue Shield of Arizona Agreement, Benefits by Design Medical and Dental Summary Plan Descriptions, Classified
Group Insurance Plan and Unclassified Retiree Medical Plan Summary Plan Descriptions, generated reports to the employer, employer generated reports to others.
2. Using data supplied by ________ to employer for the period January 1, 1998 - December
31, 1998, select a random sample of paid medical and dental claims to test.
* 195 Paid Claims
* 5 Denied Claims
* E-mail the list of claims to be reviewed.
* Schedule audit with
3. Using the documentation above, prepare a pre-audit questionnaire to document the administrative and claims processing processes at ______.
4. Perform analytical review procedures. Compare 1998 results to the prior audit.
________________________________________ Appendix C — Sample Audit Programs 379
B. TESTING
1. Interview personnel, review policies and procedures, observe process.
a. Document system flow for a claim:
* Eligibility determination
* Covered service charge determination
* * Internal () audit
* Payment processing
* Inclusion in network fee calculation
* Reporting internal & external
b. Document’s prevent/detect controls and procedures for:
* Non-standard claim forms (superbill, prescription drug receipts, etc.)
* Eligibility problems
* Employee
* Dependent
* Covered service issues
* Questionable codes/diagnosis
* Coordination of benefits
* Subrogation
* Pre-existing conditions-HIPPA
* Refund checks
* Adjustments to claims
* In the current period
* In a previous period
* Effect on network access fees calculations
* Payment/recovery
* Reporting/reconciliation of previously reported information
2. Perform a walk-through of an employer medical and dental claim from point of first receipt through payment and reporting to employer. Determine process is working as documented above.
3. Using the sample of claims selected, review claims for:
* Supporting documentation
* Eligibility of claimant
* Charge agreement to fees schedule
* Plan deductible satisfied
* Applicable out-of-pocket maximums applied, if applicable
* Coordination of benefits with other plans (e.g., Medicare)
* Claim is submitted only once
380 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
* Payment is correct
* Time from receipt of claim to payment
* Correct arithmetic calculations
4. For three test months determine that the expense used for the calculation of employer
network access fees is accurate. Determine the effect on the calculation of refunds, adjustments, and pended claims.
a. Test the PMPM fees paid by employer to for reasonableness.
5. Judgmentally select a sample of denied claims.
* Review the processor’s documentation
* Determine why the claim is denied
* Determine the denial is per the plan provisions
* Determine the beneficiary received written notification within 90 days of the denial.
* Determine if special circumstances required an additional 90 days (if so, beneficiary
notification on file)
6. Judgementally select a sample of pended claims
* Review the processor’s documentation
* Determine why the claim is pended
* Determine reasonableness of time required to resolve
* Determine final adjudication
7. Judgementally select a sample of claims with subrogation
* Review processor’s documentation
* Review correspondence
* Document result
8. Determine the time between receipt of claims and the reporting of denials, Explanation of
Benefits (EOB) to participants.
9. Compare ‘s performance with healthcare industry performance standards.
C. AUDIT REPORTING
Reporting will summarize conclusions and error rates based on the sample of claims tested. Determine reported claims expense at December 31, 1998, and network fee expense is calculated in
accordance with the plan document.
_____________ Appendix D — Digital Literacy Problem-Solving Approach for Auditors 381
Appendix D
Digital Literacy Problem-Solving
Approach for Auditors
Auditors need an approach for information problem solving in a digital environment. The following position paper from the American Association of School Librarians provides a straightforward
approach that auditors can adapt to their own environment.
Information Literacy
A Position Paper on Information Problem Solving
To be prepared for a future characterized by change, students must learn to think rationally and
creatively, solve problems, manage and retrieve information, and communicate effectively. By
mastering information problem-solving skills students will be ready for an information-based society and a technological workplace.
INFORMATION LITERACY is the term being applied to the skills of information problem solving. The purpose of this position paper is to identify the key elements of information literacy and
present a rationale for integrating information literacy into all aspects of the K-12 and post-secondary curriculum. Many aspects of both the school restructuring movement and library media
programs relate directly to information literacy and its impact on student learning.
Today, many different groups are helping to define information literacy. For example, information
literacy is one of five essential competencies for solid job performance according to the U.S.
Department of Labor Secretary’s Commission on Achieving Necessary Skills (SCANS). The
SCANS report makes the case for developing high-performance skills to support an economy
characterized by high skills, high wages, and full employment. A high-skill workforce is also
called for in President Clinton’s National Technology Policy for America.
Educators are recognizing the importance of information literacy. In 1991, the Association of
Supervision and Curriculum Development (ASCD) adopted the following statements:
Information literacy...equips individuals to take advantage of the opportunities inherent
in the global information society. Information literacy should be a part of every student’s
educational experience. ASCD urges schools, colleges, and universities to integrate information literacy programs into learning programs for all students.
ASCD is one of 60 educational associations that have formed the National Forum on Information
Literacy (NFIL).
382 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
Authors Note: I omitted three sections of the position statement covering Restructuring and Information Literacy; Curriculum and Information Literacy; and Library Media Programs. Complete
version at http://www.ala.org/aasl/positions/PS_infolit.html.
“Ultimately, information literate people are those who have learned how to learn. They
know how to learn because they know how knowledge is organized, how to find information and how to use information in such a way that others can learn from them. They are
people prepared for lifelong learning, because they can always find the information needed
for any task or decision at hand. “
— ALA Presidential Committee on Information Literacy
INFORMATION PROBLEM-SOLVING SKILLS
INTRODUCTION
The ability to access and use information is necessary for success in school, work and personal
life. The following steps represent the basic element in an information literacy curriculum.
I. DEFINING THE NEED FOR INFORMATION
The first step in the information problem-solving process is to recognize that an information
need exists and to define that need. The student will be able to:
A. Recognize different uses of information (i.e., occupational, intellectual, recreational).
B. Place the information needed within a frame of reference (who, what, when, where,
how, why).
C. Relate the information needed to prior knowledge.
D. Formulate the information problem using a variety of questioning skills (i.e., yes/no,
open-ended).
II. INITIATING THE SEARCH STRATEGY
Once the information problem has been formulated, the student must understand that a plan
for searching has to be developed. The student will be able to:
A. Determine what information is needed, often through a series of sub-questions.
B. Brainstorm ideas and recognize a variety of visual ways of organize ideas to visualize
relationships among them (i.e., webbing, outlining, listing).
C. Select and use a visual organizer appropriate to subject.
D. List key words, concepts, subject headings, descriptors.
E. Explain the importance of using more than one source of information.
F. Identify potential sources of information.
G. Identify the criteria for evaluating possible sources (i.e., timeliness, format, appropriateness).
_____________ Appendix D — Digital Literacy Problem-Solving Approach for Auditors 383
III. LOCATING THE RESOURCES
At the onset of a search a student will recognize the importance of locating information from
a variety of sources and accessing specific information found within an individual resource.
The student will be able to:
A. Locate print, audiovisual, and computerized resources in the school library media center using catalogs and other bibliographic tools.
B. Locate information outside the school library media center through online databases,
interlibrary loan, telephone, and facsimile technology.
C. Identify and use community information agencies (i.e., public and academic libraries,
government offices) to locate additional resources.
D. Use people as sources of information through interviews, surveys, and letters of inquiry.
E. Consult with library media specialists and teachers to assist in identifying sources of
information.
F. Access specific information within resources by using internal organizers (i.e., indexes,
tables of contents, cross-references) and electronic search strategies (i.e., keywords,
Boolean logic).
IV. ASSESSING AND COMPREHENDING THE INFORMATION
Once potentially useful information has been located, the student uses a screening process
to determine the usefulness of the information. The student will be able to:
A. Skim and scan for major ideas and keywords to identify relevant information.
B. Differentiate between primary and secondary sources.
C. Determine the authoritativeness, currentness, and reliability of the information.
D. Differentiate among fact, opinion, propaganda, point of view, and bias.
E. Recognize errors in logic.
F. Recognize omissions, if any, in information.
G. Classify, group, or label the information.
H. Recognize interrelationships among concepts.
I. Differentiate between cause and effect.
J. Identify points of agreement and disagreement among sources.
K. Select information in formats most appropriate to the student’s individual learning style.
L. Revise and redefine the information problem if necessary.
V. INTERPRETING THE INFORMATION
Following an assessment of the information, the student must use the information to solve the
particular information problem. The student will be able to:
A. Summarize the information in the student’s own words; paraphrase or quote important
facts and details when necessary for accuracy and clarity.
B. Synthesize newly gathered information with previous information.
384 The Auditor’s Guide to Internet Resources, 2nd Edition __________________________
C. Organize and analyze information in a new way.
D. Compare information gathered with the original problem and adjust strategies, locate
additional information, or reexamine information when necessary.
E. Draw conclusions based on the information gathered and the students interpretation of
it.
VI. COMMUNICATING THE INFORMATION
The student must be able to organize and communicate the results of the information problem-solving effort. The student will be able to:
A. Use the search information to identify the important conclusions or resolutions to the
problem to be shared with others.
B. Decide on a purpose (i.e., to inform, persuade, entertain) for communicating the information and identify the intended audience.
C. Choose a format (i.e., written, oral, visual) appropriate for the audience and purpose.
D. Create an original product (i.e., speech, research paper, videotape, drama).
E. Provide appropriate documentation (i.e., bibliography) and comply with copyright law.
VII. EVALUATING THE PRODUCT AND PROCESS
Evaluation is the ability to determine how well the final product resolved the information
problem and if the steps taken to reach the desired outcome were appropriate and efficient.
Students may evaluate their own work and/or be evaluated by others (i.e., classmates, teachers, library media staff, parents). The student will be able to:
A. Determine the extent to which the conclusions and project met the defined information
need and/or satisfied the assignment (i.e., how well did I do?).
B. Consider if the research question/problem, search strategy, resources, or interpretation
should have been expanded, revised, or otherwise modified (i.e., what could/should I
have done differently?).
C. Reassess his/her understanding of the process and identify steps which need further
understanding, skill development, or practice (i.e., how can I do better in the future?).
Copyright © 1993 Wisconsin Educational Media Association.
Adopted by the American Association of School Librarians, 1994.
Reprinted with permission of the American Association of School Librarians, a division of the American
Library Association.