#LetsSimplifyCISA - Audit Results pt.1 As we get closer to wrapping-up the processing of auditing information systems, it is paramount to understand how audit results come in place and are communicated. There are a few key concepts that one should keep in mind from the CISA exam perspective such as control objective, compensating controls, materiality of findings, and communication of audit results. Control Objective Let’s explore a practical example by thinking about “control” objectives we all have in our daily lives. The control here is to lock the door when you leave your home, quite simple right? Then every time when you are back home you should stumble upon a locked door that needs a key for you to get in. In other words, the objective is to NOT let anyone in unless they are AUTHORIZED to have the key (not just HAVE). Keep this example in mind as we keep exploring other concepts mentioned above. Compensating Control Imagine there are days you could not lock the door, or you lost a key or anything else that prevented you from accomplishing the “control” objective. Obviously, we can’t afford to just leave our home with the front door ajar. However, what we can do is to compensate for that by other factors or a.k.a controls. For example, by installing a motion detector and a camera, a not so friendly dog or even asking your friend to stay home to watch it for you till the lock gets fixed. As you can see, one can get creative with how controls can be compensated so long as they still help with the main objective. Materiality of Finding This is where it gets less obvious and more subjective. To build upon the open-door example, let’s create 2 spin offs to that scenario. Stay tuned for part 2...
Han Jumashov’s Post
More Relevant Posts
-
TURNOVER during your AUDIT is brutal. HOW can you REDUCE turnover? Use a 3rd party expert to: ✅ Manage overall timeline of the audit and PBC list process ✅ Draft audit committee materials ✅ Develop supporting schedules, reconciliations, technical memos, etc. And yes, this is a self serving post...Embark can solve this problem!
To view or add a comment, sign in
-
Explore three action items you can take to kickstart your integrated assurance program immediately, with particular attention placed on readiness within the internal audit team.
To view or add a comment, sign in
-
🔍 Unraveling Audit Misconceptions: A Deeper Dive! 🔍 As an auditor, I've encountered my fair share of surprises, but nothing quite raises eyebrows like last-minute audit cancellations, citing site unsuitability. Here's the kicker: more often than not, it's a telltale sign that something's amiss. 🚩 Let's address the elephant in the room—when clients deem their site unsuitable for an audit, it often sends alarm bells ringing. Why? Because it's usually a red flag indicating potential issues lurking beneath the surface. 🚨 But here's the thing: audits aren't about painting a perfect picture; they're about pinpointing areas for improvement. That's right—audits serve as a roadmap to staying ahead of the curve and ensuring compliance with regulatory standards. 🛠️ At Consulo Compliance, we're committed to debunking audit misconceptions and helping clients embrace audits as opportunities for growth. We believe in transparency, continuous improvement, and empowering our clients to ace their compliance game. 💼 So, if you ever find yourself questioning the readiness of your site for an audit, remember: audits aren't about perfection—they're about progress. Your imperfect sites are perfect for audits! Reach out to Consulo today and let's navigate the audit landscape together! #AuditInsights #ContinuousImprovement #ComplianceJourney 🔍
To view or add a comment, sign in
-
Five Things for Audit Professionals to Put on Their 2024 To-Do List
Five Things for Audit Professionals to Put on Their 2024 To-Do List
isaca.org
To view or add a comment, sign in
-
Audit tips. During your audit at any site, and once you identify any NC you must inform the site and agree during the close meeting. Never catch and run.
To view or add a comment, sign in
-
Audits are never fun for an organization, and it never seems to be fun for IT. Red Alert sirens always seem to be issued by IT when an audit happens. A few items of opportunity for most MSPs and IT departments listed in this recording.
To view or add a comment, sign in
-
If you're in a spring-cleaning mindset, you might enjoy this blog post from Clarissa Lucas, CIA, CISA, CIDA! Take this time to tidy up your audit processes.
Spring Cleaning Tips for Internal Auditors
clarissalucas.com
To view or add a comment, sign in
-
I help Homecare and Assisted Living operators maintain compliance, grow revenue and achieve healthy bottom lines through custom consulting.
Keeping on Yesterday's Theme of Audits and Plans of Corrections How far back do you consider too far back to go and correct findings? This question has been on my mind as we continue to assist LHCSAs with their audit plans of corrections. Ensuring compliance is crucial, but at what point do we draw the line and focus on current and future improvements? I'd love to hear your thoughts and experiences. If your agency is facing similar challenges or needs assistance with audit plans of corrections, feel free to reach out. We're here to help you navigate these complexities and ensure your agency stays on track.
To view or add a comment, sign in
-
🚨 Attention Auditors 🚨 Ever had those 'Oh no!' Moments...? .. when you are at site for an audit, but have forgotten something crucial... Let’s CHANGE this! I have a checklist that serves as your fail-safe against memory lapses and overlooked details. From content prep to on-site readiness, it always gets me covered. And you, too! 👇 Comment 'Checklist' to get a COPY. Because in auditing, forgetting is not an option! 😉
To view or add a comment, sign in
-
What's the best way to prepare for an SQF Audit? Devon DeVries reminds us to do a great internal audit! Don't check the box, but use it as an opportunity to find problems proactively :) A nugget of wisdom Allera's webinar on How To Prepare for an SQF Audit with Allera!
To view or add a comment, sign in