Operational Auditing Handbook - Auditing Business and It Processes

Read more

Informationen zum Autor Andrew Chambers is Professor of Internal Auditing at London South Bank University and professor emeritus of Cass Business School, London. He runs Management Audit LLP specializing in auditing and corporate governance work, and is a member of the international Internal Auditing Standards Board. Graham Rand specialises in IT auditing, risk management and operational review. His career, in the UK and overseas, has featured involvement in a range of organisations, principally in the electrical retail, financial services and public sectors. Much of his current consultancy is on Information Management, Records Management, IT Security and providing support on the development of Risk Management and Information Security environments. Klappentext Never out of print since 1997, and substantially updated for this second edition, The Operational Auditing Handbook has earned an international reputation as a hands-on, practical manual for internal auditors and managers to enable them to carry out audits and reviews of a wide range of business activities including:* Finance and accounting* Sarbanes-Oxley compliance* Purchasing* Operations and production* Marketing and sales* Distribution* Personnel and management development* Research and development* Information technology* Security* Environmental responsibility* Subsidiaries and remote operating unitsThe Operational Auditing Handbook clarifies the underlying issues, risks and objectives for a wide range of operations and activities and is a professional companion, with many checklists, for those who design self-assessment and audit programmes of business processes in all sectors. Reflecting the strategic importance of information technology today, this second edition is considerably expanded in this area with leading edge material. Other completely new material includes clear, authoritative guidance on how to achieve effective of governance, risk management and internal control processes. Zusammenfassung * Fully updated to take account of developments in internal control and COSO, corporate governance under Sarbanes-Oxley, and in audit processes particular to financial institutions in light of the credit crunch. Inhaltsverzeichnis Preface xv Acknowledgements xvii Part I Understanding Operational Auditing 1 1 Approaches to Operational Auditing 3 Definitions of "Operational Auditing" 3 Scope 4 Audit Approach to Operational Audits 12 Resourcing the Internal Audit of Technical Activities 16 Productivity and Performance Measurement Systems 19 Value for Money (VFM) Auditing 22 Benchmarking 23 2 Business Processes 27 Introduction 27 An Audit Universe of Business Processes 28 Self Assessment of Business Processes 30 A Hybrid Audit Universe 30 Reasons For Process Weaknesses 30 Identifying the Processes of an Organisation 32 Why Adopt a "Cycle" or "Process" Approach to Internal Control Design and Review? 35 Business Processes in the Standard Audit Programme Guides 35 The Hallmarks of a Good Business Process 36 Academic Cycles in a University 37 3 Developing Operational Review Programmes For Managerial and Audit Use 40 Scope 40 Practical Use of SAPGs 41 Format of SAPGs 45 Risk in Operational Auditing 50 4 Governance Processes 75 Introduction 75 Internal Control Processes being Part of Risk Management Processes 75 Risk Management Processes being Part of Governance Processes 76 Objectives of Governance, Risk Management and Control Processes 77 The COSO View of Objectives 78 Should there be a Single Set of Objectives? 80 The Internal Governance Processes 81 The Board and External Aspect...

List of contents

Preface.
 
Acknowledgements.
 
PART I UNDERSTANDING OPERATIONAL AUDITING.
 
1 Approaches to operational auditing.
 
2 Business processes.
 
3 Developing operational review programmes for managerial and audit use.
 
4 Governance processes.
 
5 Risk management processes.
 
6 Internal control processes.
 
7 Review of the control environment.
 
8 Reviewing internal control over financial reporting - the Sarbanes-Oxley approach.
 
9 Business/ management techniques and their impact on control and audit.
 
10 Control self assessment.
 
11 Evaluating the internal audit activity.
 
PART II AUDITING KEY FUNCTIONS.
 
12 Auditing the finance and accounting functions.
 
13 Auditing subsidiaries and remote operating units.
 
14 Auditing contracts and the purchasing function.
 
15 Auditing operations and resource management.
 
16 Auditing marketing and sales.
 
17 Auditing distribution.
 
18 Auditing human resources.
 
19 Auditing research and development.
 
20 Auditing security.
 
21 Auditing environmental responsibility.
 
PART III AUDITING INFORMATION TECHNOLOGY.
 
22 Auditing information technology.
 
23 IT Strategic Planning.
 
24 IT Organisation.
 
25 IT Policy Framework.
 
26 Information Asset Register*.
 
27 Capacity Management
 
28 Information Management (IM)*.
 
29 Records Management (RM)*.
 
30 Knowledge Management (KM)*.
 
31 IT sites and Infrastructure (including physical security).
 
32 Processing Operations.
 
33 Back-up and Media Management.
 
34 Removable media.
 
35 System and Operating Software (including patch management).
 
36 System Access Control (or logical security).
 
37 Personal Computers (including laptops and PDAs).
 
38 Remote Working.
 
39 Email.
 
40 Internet Usage.
 
41 Software Maintenance (including change management).
 
42 Networks.
 
43 Databases.
 
44 Data Protection.
 
45 Freedom of Information.
 
45 Data Transfer and Sharing (Standards and Protocol Guidelines).
 
47 Legal Responsibilities.
 
48 Facilities Management.
 
49 System Development.
 
50 Software Selection.
 
51 Contingency Planning.
 
52 Human Resources information security.
 
53 Monitoring and Logging.
 
54 Information Security incidents.
 
55 Data Retention and Disposal.
 
56 Electronic Data Interchange (EDI) and the use of secure networks.
 
57 Viruses.
 
58 User Support.
 
59 BACS (i.e. automated cash/funds transfer).
 
60 Spreadsheet design and good practice.
 
61 IT Health Checks.
 
62 IT Accounting.
 
APPENDICES.
 
App 1: Index to SAPGs on Wiley;s website.
 
App 2: SAPGs - use in relation to business processes.
 
App 3: International data protection legislation.
 
App 4: International freedom of information legislation.
 
Bibliography.
 
Index.