using it audit tools the sindicatura approach - eurorai seminar suzdal/presentation a...
TRANSCRIPT
Using IT Audit Tools :The Sindicatura approachUsing IT Audit Tools :Using IT Audit Tools :
The Sindicatura approachThe Sindicatura approach
1
Antonio Minguillón RoyAuditor Director del Gabinete Técnico ‐ Auditor and Director of the Technical Department (Unidad de Auditoría de Sistemas de Información – Information Systems Auditing Unit)
Sindicatura de Cuentas de la Comunidad ValencianaAudit Office of the Autonomous Community of Valencia
EURORAI SEMINAR EURORAI SEMINAR Public Sector Audit and Information TechnologiesPublic Sector Audit and Information Technologies
SuzdalSuzdal, 17th May 2013, 17th May 2013
2
23-24 may 2013
I RAIs Technology Forum2006
V RAIs Technology Forum2013
• IT Audit• CAATs• IT systems accountability (F/S and contracts)• IS Management
3
Sindicatura de Cuentas Sindicatura de Cuentas ‐‐ I I && II Strategic PlanII Strategic Plan
TeamMateR10.2.2
ACLw/o AX IT Audit
Team(4 people)
Audit Team
Methodology Unit
Audit manual(based on ISAs)
eWorking Papers
CAATs IT Audit Methodology
R10.3+ Modules
R10/AN¿AX?
+ IC audits+Support
+ISAs
20052005
2013/20142013/2014
8
a) Massive data testing
• Reconciling the F/S with the underlying accounting records, and later, to do a number of data extraction and sampling for audit teams
• Recalculation of payroll and a number of test
• Benford test• Data matching
b) Tests of controls
• SoD analysis
• User and access conflicts, superusers,…
9
• To make the use of ACL by audit teams as independent as possible.
• Continuous basic training for all auditors.
• Advanced training for audit champions and IT Audit Team.
• IT Audit Team supports audit teams in ACL matters (planning and executing test, scripts, obtaining data, etc), specially in complex environments.
• To standardize the use of ACL >> User guides
10
Sindicatura Audit Manual (based on NIA’s)
Guide on massive data testing using ACL
Present benefitsFuture benefits
Good planning and documentation of test
11
NonNon‐‐Recurring auditsRecurring auditsRecurring auditsRecurring audits
Time savingsTime savingsExpanding test typesExpanding test types
13
• Develop guidelines of massive data testing, including scripts and standard documentation for the most common environments (SAP, MS Dynamics, Oracle, HRMIS, etc).
• Consider costs and benefits of using AX, to make a decision about its implementation.
• Collaboration among RAIs?