Shatter Silos to Identify More Risk

If you want to increase the effectiveness of your audits and find risks that haven’t been identified before, you need to shatter your silos so you can identify more risk.

Too often, audits are performed on one process, one category, or one system: Earning Commissions, Windows Servers, or Wire Transfer. Each one of those is a separate silo (one for oats, one for corn, one for rice).

Continue reading →

Advertisement

Mack-the-Auditor Gets Audited! Part 1

Usually, I’m the one doing the auditing, but this time, I (Mack) was the one who was audited.

It was a great experience for me.

Well, sort of. No one likes being audited (ahem). But it gave me a fresh perspective of how others feel when I audit them.

This is the first of 3 posts; this post contains some background info on the project that was audited, and the second one discusses the audit and the results, and in the third post, I describe my perspective on the whole thing, and some takeaways.

Continue reading →

FREE Fraud Investigation Quiz

Quiz yourself to discover how much you know about fraud investigations.

While you may not be tasked with leading an investigation, you might need to work with those working on such an investigation. Either way, do you know the basics?

This quick, 5-question quiz from the Journal of Accountancy will indicate what you know AND what you don’t. And whether you get each answer right or wrong, the answers provide additional information. Continue reading →

Infographic: Profile of a Fraudster

The Association of Certified Fraud Examiners recently posted an infographic entitled: Profile of a Fraudster.

Continue reading →

FREE Frank (Catch Me If You Can) Abagnale video

Frank Abagnale, the real-life con artist depicted in the Catch Me if You Can movie, talks about his life as a fraudster in a free video.

Back in the 1960s, Abagnale posed as an Pan Am airline pilot, a pediatrician, an FBI agent, and a lawyer. He was a master at conning people and passing bad checks. He even conned his dad (see ‘First Con’ heading).

Continue reading →

Top 10 Reasons to be an IT Auditor

Here’s my list of the top 10 reasons to be an IT auditor:

10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.

9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).

Continue reading →

ACL Tutorials on YouTube

Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.

Continue reading →

Bank No Longer Invites Hackers In

Remember the Security Scout adventure where I roamed the basement of a major bank and found questionable security issues? If you missed it or need a refresher, read Major Bank Invites Hackers In?

Guess what happened at the bank?

Continue reading →

Test Your Internal Control Knowledge (Quiz)

Check out the 10-question quiz at The Journal of Accountancy regarding internal control. You don’t need to be a CPA to take it, as only 1 question leans toward the financial realm. Like most good quizzes, the answers are provided at the end, along with an explanation.

Continue reading →

Why a Wastebasket Audit?

Most auditors and security analysts have never performed a wastebasket audit. Why do a trashcan audit?

Continue reading →

History of Data Analytics (a la Coderre)

I was rummaging around and found some old articles by David G. Coderre, one of the gurus of data analytics (I mentioned him in my Teach Yourself ACL post). Even though this articles are old, I found some rich history, interesting facts, and some audit ideas.

Continue reading →

90’s High 5 for Auditors

Richard Chambers, the president and CEO of the IIA, noted 5 defining events and their impact on internal auditing in the 90’s decade.

1. Adoption of the Professional Practices Framework (2002)
2. Financial Fraud and the Ensuing Corporate Failures (2002)
3. Cynthia Cooper Named a Time Magazine “Person of the Year” (2002) – whistleblower at WorldCom (I had to look it up myself)
4. Release of The PCAOB’s Auditing Standard Number 2 (2004) – which was then superseded by AS 5
5. Global Economic Crisis (2008-2009)

Catch all his comments here. I think #2 is going to keep occurring with surprising regularity.

Attackers Don’t Help Companies, PCI Does

Is PCI still relevant? Some are proclaiming that PCI is irrelevant due to the recent, high-profile breaches. David Mortman disagrees, and I’m on his side.

Continue reading →

Teach Yourself ACL

You can teach yourself how to use Audit Command Language (ACL), the data analytics software from www.highbond.com. ACL is used by internal auditors and others to:

Continue reading →