Slide Heading Enhanced Professional Development Skills Norm Kelson, CPA, CISA, CGEIT The Kelson...
-
Upload
jesse-gilbert -
Category
Documents
-
view
214 -
download
0
Transcript of Slide Heading Enhanced Professional Development Skills Norm Kelson, CPA, CISA, CGEIT The Kelson...
Slide Heading Enhanced Professional Development Skills
Norm Kelson, CPA, CISA, CGEITThe Kelson Group
November 18, 2009
© The Kelson Group, 2009
Agenda
Slide Heading
Identifying our skill set needs
Fulfilling the skill set
Enhancing our staff
Providing value to the organization
© The Kelson Group, 20092
How Has the Audit Landscape Changed?
General Controls, 20%
Existing Applications, 25%
New Applications, 25%
Technical Audits, 30%
Historical Focus
© The Kelson Group, 20093
How Has the Audit Landscape Changed? (2)
AS5, 60%IT General
Controls, 10%
All Applications, 30%
SOx Era
© The Kelson Group, 20094
How Has the Audit Landscape Changed (3)
SOx Testing, 10%
GRC, 10%
IT Gen Ctrl, 25%Bus Process, 40%
Technical Audits, 15%
Today
© The Kelson Group, 20095
How Has the Audit Landscape Changed (3)
SOx Testing, 5%
GRC, 25%
IT Gen Ctrl, 20%
Bus Process, 40%
Technical Audits, 10%
Within 5 Years
© The Kelson Group, 20096
What Do I Need to Know About My Organization?
• Internal Audit– Mission– Audit Charter
• Business– Long term strategy– Industry– Best practices within industry– Regulations
• Technology– Current architecture– Architecture of the future
• Application Portfolio– Applications topography– Applications functionality
© The Kelson Group, 20097
What Do I Need to Know About My Organization? (2)
• IT Service & Delivery Architecture & Practices– In House– Out Sourced
• Governance Framework– COSO?– IT Governance Framework – CobiT/ITIL
• Compliance Approaches & Requirements– AS5– GLBA– PCI-DSS– HIPAA– Federal/State/Local data privacy requirements
• Enterprise Risk Management Approach
© The Kelson Group, 20098
Senior Management Drivers
© The Kelson Group, 20099
Chief Audit Executive
CIO
C-Suite
Board of
Directors
Regulators
Exte
rnal
Au
dito
rs
Business U
nit
Managem
ent
Drivers for Audit Services
ValueControls
Security
Com
plia
nce
Governance
IT Audit Universe
• Which Audit Landscape?– Historical– SOx Era– Today– Next 5 years
© The Kelson Group, 200910
Skills Required
• Communications & Interpersonal Skills– Ability to relate to audit customer– Understand their needs– Argumentation skills– Communicate to technical and non-technical constituencies – written and oral
• Business skills– Industry expertise– Finance/accounting subject-matter competency
• Business process – Understanding of business process– Specific processes to enterprise
• Controls management– Controls framework– Control objectives
© The Kelson Group, 200911
Skills Required (2)
• Risk management– Risk assessment methodologies– Enterprise-adopted risk management process
• Value management– Ability to relate control requirements and risk management into a
value to the organization• Project management
– Ability to manage internal audit projects– Ability evaluate effectiveness of enterprise and business projects
• IT Technical– Core technical functions– General IT functions
© The Kelson Group, 200912
Take Inventory
• Results of Enterprise Risk Assessment– Essential Audits – Rated “A”– Needed Audits – Rated “B”– Nice to Have Audits – Rated “C”
• What resources needed for “A” and “B” audits?– FTE’s– Skills
• What resources available?• Result is your delta
13© The Kelson Group, 2009
Auditor Skill Sets
© The Kelson Group, 200914
Financial
Operational
Business Process /
Applications / Projects
Gen
eral
IT C
ontr
ols
Tech
nica
l IT
Con
trols
Financial Auditor
Business Auditor
IT Audit Generalist
IT Audit Technical Specialist
Subject Matter Experts
• Sources– Financial / Operational / Business / IT Auditors– Internal rotation from technical department– External
• Non-core audit requirements• Internal SME deficiency
© The Kelson Group, 200915
Essential Training
• Internal Audit Concepts• Business / Industry Concepts• Finance/Accounting – scope for IT
auditors more limited• Business psychology – as needed• Communications, Argumentation, Written
& Oral Presentation• IT Technical – core functions
© The Kelson Group, 200916
How Do I Receive Value from Internal Audit
• Invest in good personnel– Talented staff– Competent and focused training– Reasonable compensation– Reasonable working conditions and tools
• Allocate resources to your staff’s strengths• Identify and select audits that fit the risk
assessment• Keep audit rotations to a minimum of 24 months
© The Kelson Group, 200917
How Do I Receive Value from Internal Audit (2)
• Use staff for recurring audits, assign consultants to specialty and non-recurring audits
• Consider building audit teams by line of business– Cohesive team– Lessens learning curve– Include IT audit in Line of Business team
• Keep turnover to a minimum (cost of replacement extremely high)
• Budget reasonable time to an audit – don’t squeeze staff
© The Kelson Group, 200918
How Can I Build a High Performance Team
• Resolve Personnel Issues• Provide Opportunity• Empower• Provide training• Support team
19© The Kelson Group, 2009
Personnel Issues
• Understand the drivers of each generation• Economics push staff
– Recognize burnout– Build for tomorrow – don’t deplete the staff– Mirror staff with management expectations
• Employee Mentoring– Understand employee career goals
• Seek opportunities within company• Keep employee for reasonable period of time• Outplace employees not fitting in
– Provide an open door policy to assist employee in performing duties• Manage but don’t micro-manage• Run interference where appropriate
– Support employee within and outside department– Respect
© The Kelson Group, 200920
Training
• Meaningful training to fit Audit Plan• Design training plan for each staff member
– Technical training• Specific expertise• Industry expertise
– Management skills• Leadership• GRC management• Project management
– Business skills• Presentation skills (oral and written)• Finance/Accounting• Industry concentration
• Quality programs• Training program tailored to the needs of each employee• Consider distant learning, where possible
– Give staff time to utilize distant learning
21© The Kelson Group, 2009
Certification
• Encourage obtaining and maintaining certifications for job function:– Audit related:
• CPA, CISA, CIA, CFE– Security related:
• CISM, CISSP– GRC
• CGEIT, IT Risk – (soon to be announced)• Certification preparation
– Reimburse for certification test fees, reasonable refresher or study courses
– Time off to sit for test– Time off for preparation (reasonable)
• Certification maintenance– Reimburse for yearly fees– Provide training opportunities and reimbursement to maintain
certification in good standing
22© The Kelson Group, 2009
Management
• Build a team of complimentary skills• Foster open dialogue• Provide feedback• Meet with customers – foster relationships
and represent department
23© The Kelson Group, 2009
Key Areas for Professional Skill Enhancement
• Governance and related practices• Understanding for financial processes• Understanding business processes• Maintaining core IT technical skills• Improving soft skills
© The Kelson Group, 200924
Contact Information
Norm Kelson
Telephone: (781) 784-4390
Email: [email protected]
© The Kelson Group, 200926