An Introductory Guide to Audit Readiness – Part 2

Continuing from Part One where we covered the key milestones in the readiness process for an audit, as well as the timelines to consider for assessments in Governance,  Risk Management, Compliance, Information Technology and Financial Reporting, we can now take a look at the following competencies within departments and their procedures for audit readiness:

  • The required leadership to support assessments
  • IT Resources (IT)
  • The procedures of internal controls, and
  • Information Technology competencies – to be covered in Part 3

Required Support from Leadership

Support from leadership is defined by the organization’s culture to adopt audit readiness, as part of a necessary company process. If leadership supports audit readiness procedures, it will often create an environment that will achieve full cooperation from all levels of the organization and typically will yield better results than an organization without leadership support.

Full adoption and support from leaders across the organization would result in complete engagement planning standards, defining who should be involved in the audit procedure and what their role will be in the readiness process.  These leaders should have an ongoing, active role throughout the entire readiness process.  

Audit Readiness for IT

To understand the audit readiness procedure for IT, means to have the right employees with the right skills, aptitudes, experience and continuing education in place, who are able to identify any drawbacks or obstacles and correct them along the way. These skilled individuals will also have the capabilities to establish practical solutions to implement, and would have the ability to analyze and address any manual or automated requirements for internal controls.  They would also have the ability to determine and/or train supporting staff required to assist in the readiness procedure.

Once IT leadership has successfully put the appropriate readiness resources in place, the resource level of the team, as well as their individual skill needs to be sustained and prepped for growth. Sustainability can be accomplished through continuous training and knowledge sharing within the department. Each resource should also receive challenging tasks or be assigned appropriate projects to challenge and grow the overall IT team skillset, further sustaining the readiness procedure.   

Assurance with Internal Controls

Internal controls requires a designed set of policies and procedures which would need to be implemented and then maintained. Maintaining these policies and procedures provides assurance for the achievement of steady and functioning business operations; compliance for regulated and any legal procedures; and lastly for any reporting.   

Once an organization has demonstrated an efficiency with their internal control procedures and has been able to prove that their organization is in good standing, it will prove to be a positive benchmark on the overall health of the organization, including its financial statements.

Please note: These guidelines from Global Shield IS, are for an organization’s general information purposes only. It is not intended to advise or give any legal or business analysis. Global Shield IS, rather offers the services to any business who have further questions related to their uncommon or unique circumstances, to contact the office for further council.  We will then assign the most appropriate adviser to address each question specifically.

An Introductory Guide to Audit Readiness – Part 1

Understanding the audit readiness of an organization, is to have the ability to identify the auditory requirements that need to be in place from an infrastructure or back-end perspective, to the preparation needed to take place from a financial reporting perspective.

Auditory requirements for an audit may include:

  • Governance
  • Risk management
  • Compliance
  • Information technology – environment
  • Financial reporting
  • The financial close process

Each of these areas may pose a significant risk to the successful execution of an audit, if not taken into consideration as an overall ‘audit requirements’ set. These particular elements for an audit are routinely overlooked or underestimated by executives and management, along with their various teams. Executives and management who need to lead these teams, rather focus on gaining the competitive edge in their industry, then at the most basic level, tend to lack the understanding and knowledge required to consult, and therefore, prepare and achieve the readiness required. Executives and management should rather turn to industry consultants for support and guidance while they focus on ‘business’ success. Turning to a professional consulting firm from the beginning, can lead to a successful audit along with reduced overhead costs while undergoing the audit itself.

The time required to prepare

In most cases, the effort and time required to readily prepare for an audit are frequently misconceived once timelines are set, or more often than not, underestimated.  While each organization’s timelines may vary depending on the unique business requirements, it can typically take from 6 to 18 months to achieve readiness.

The key milestones in the readiness process should include:

  • An overall readiness assessment
  • A compliance assessment
  • A financial reporting assessment
  • IT infrastructure/systems and data assessment
  • Corporate governance assessment
  • Any other specific to-the-business requirements needing to be included in the assessments’

IT and data assessments – the most time consuming

Global Shield IS, considers all the key milestones to be relevant, and important to include in the timeline.  Among these milestones, most notably, IT infrastructure, systems and data assessments usually require a considerable amount of time to execute.  Furthermore, specific to timelines, audit related engagements from Global Shield IS are managed professionally and supervised to ensure quality and utilize industry specific audit processes.

The timelines and processes of preparing for the IT and data specific assessments should provide any organization with a clearer understanding of their business operations, on how to perform more efficiently and effectively going forward.

Please note: These guidelines from Global Shield IS, are for an organization’s general information purposes only. It is not intended to advise or give any legal or business analysis. Global Shield IS, rather offers the services to any business who have further questions related to their uncommon or unique circumstances, to contact the office for further council.  We will then assign the most appropriate adviser to address each question specifically.

WHS enters FISCAM

02-11-2015

With the Department of Defense (DoD) continuing its efforts of moving to the Risk Management Framework (RMF), Washington Headquarters Services (WHS) Financial Management Directorate (FMD) has established an independent team, which includes Global Shield IS, to perform a Federal Information Systems Controls Audit Manual (FISCAM) assessment of its Enterprise Resource Planning application and its surrounding environment.

FISCAM was established by the Government Accountability Office (GAO) and the President’s Council on Integrity and Efficiency (PCIE) as a complement to the Financial Audit Manual (FAM). FISCAM presents a methodology for performing information system control audits of Federal and other governmental entities in accordance with professional standards such as National Institute of Standards and Technology (NIST), Special Publication (SP) 800-53.

The FISCAM methodology provides a top-down, risk-based approach which evaluates:

  • Entity-wide controls and their effect on audit risk
  • IT General and Application controls and their impact on transaction processing

The FISCAM IT controls model is depicted below. Starting with the General Control categories and ending in the Business Process Application Controls.

Untitled-1

The FISCAM team is conducting on-going testing efforts through March 31, 2015.