Taking the Integrated Audit "Stress Test"
By: Mitchell H. Levine, CISA
Audit Serve, Inc.
Most Audit Departments are convinced that they have completed the revamping of their audit universe to transform their audits into integrated audits. This article is comprised of questions intended to assess whether key integrated audit activities are being performed by your organization.
1) Have you performed an analysis of your organization to identify the key business processes which comprise the individual integrated audits?
2) Are business process walkthroughs performed to understand the business process steps required to support the business objectives of the process area being audited?
3) Are business process rules identified and documented as part of the walkthroughs which are mapped to preventive and detective controls?
4) Are IT Auditors assigned to the integrated audit? Are they required to participate in all business process walkthroughs in order to assess how business rules are or can be enforced by automated controls?
5) Are interviews conducted with each functional area which support the key business processes? As part of this interview, have workflow steps been identified and an understanding obtained of the system inputs performed to support the key business processes?
6) Have controls needed to ensure accuracy of data and the timeliness of key activities been identified?
7) Have offline manual processes been assessed to determine how they can be automated to reduce error rates?
8) For key control design issues identified, have data extracts been established to understand the impact of not having the control in place?
9) Has an analysis been performed of the components of traditional application audits which need to be included in the integrated audit taking in account those areas which should be segmented into separate IT Audits?
Mitchell H. Levine, CISA of Audit Serve, Inc. has established a seminar entitled “How to Perform an Integrated Audit” which is being offered by several local ISACA & IIA chapters. Refer to http://www.auditserve.com for additional information on this seminar.
Audit Serve also conducts Integrated & IT Audits, SOX Control Design & Testing. Email Mr. Levine at Levinemh@auditserve.com if you would like to discuss your organization's specific project requirements in order to
establish a proposal of services.