Mike Romeu

Adjunct Instructor

Quiz 5 – Announcement and Prep

Published October 2, 2015 | By Mike Romeu

This week’s short quiz is based on Standards/Guidelines 1201/2201 Engagement Planning and 1206/2206 Using the Work of Other Experts.

There’s an old adage attributed to Benjamin Franklin that states “If you fail to plan, you plan to fail.” That is certainly true to audit planning. The whole purpose of taking the time to plan an audit engagement, regardless of whether it is an internal or external audit, is to make sure you make the best use of the resources available to complete the engagement. That is, you achieve the objectives of the audit, within the scope, budget and timeline required, and produce the expected deliverables.

Preparing for an engagement involves getting acquainted with the activity that you will be auditing, including business processes, best practices, benchmarks and government regulations. Obtaining a good understanding of the impact of threats and vulnerabilities (i.e. risks) is always a good starting point for planning.

We can rely on the work of other experts in areas where we lack the resources, knowledge or experience to complete our task. However, we must ensure the reliability of their work before we can use it to form our opinion.

Quiz 5 will be available first thing Saturday morning. You will have until Monday @ 11:59 to complete the quiz.

Best of luck.

Posted in Uncategorized | Leave a comment

Week 05 – Laws, Regulations and Audit Planning 2

Published September 29, 2015 | By Mike Romeu

The first half of this next class we will spend on the AWA Case and the Quizzes. We will conclude our class going over a few points I want to leave you with regarding laws and regulations. Time permitting I’d like to go over a few of the more common laws and regulations, and what that means for our audit planning and execution.

In the interest of catching up with lost time I’ll deffer discussion of this topic to our time in class.

If you want to prioritize your reading focus on the Standards and Guidelines below first. The articles will help reinforce the points made in the Standards and Guidelines.

Readings:

Articles:

“Privacy and Security Considerations for EHR Incentives and Meaningful Use” by Stephen Gantz
“Understanding the New SOC Reports” by Tommie Singleton

Standards and Guidelines:

PS 1201 Engagement Planning / PG 2201 Engagement Planning
PS 1206 Using the Work of Other Experts / PG 2206 Using the Work of Other Experts

Note: GS – General Standard; GG – General Guideline; PS – Performance Standard; PG – Performance Guideline; RS – Reporting Standard; RG – Reporting Guideline

CISA Review Manual:

1.6.14 Using the Services of Other Auditors and Experts

Posted in Week 05 - Laws, Regulations and Audit Planning 2 | Leave a comment

Class Notifications

Published September 29, 2015 | By Mike Romeu

Hello All,

Please make sure you sign up for eMail notifications from our class blog and Blackboard. I already had one case of someone not getting notifications from Blackboard. I did not find any problems with the BB configurations but if someone else is having a problem please notify me ASAP.

Notifications are sent to your @temple.edu address. If you want them to go to another eMail address you must configure your Temple eMail to forward your messages. I will not configure this on my end because of the problems I’ve run with that in the past. These have caused students to miss communications because of multiple unsynchronized eMail lists.

See you in class this Wednesday.

Posted in Notifications | Leave a comment

Week 04 – Laws, Regulations and Audit Planning

Published September 24, 2015 | By Mike Romeu

We start this week talking about outsourcing. While there are multiple combinations of geographic, physical and logical configurations we focus on what is most important to the assurance and audit professional. SLAs and Contracts are perhaps the most important controls that we like to see in these scenarios, but they are worth their value only if they are actively managed.

What are the key elements of an SLA? To answer this question we walked through APO09 in the COBIT 5 Enabling Processes document. We provided the definition, objective and key activities of documenting and managing an SLA. (Hint: you may want to consider this example as you work on your case).

Finally, I introduce the subject of Laws and Regulations and their impact on Audit Planning. We will continue this subject in our next class.

Look out for my next post in the next day or so.

Posted in Week 04 - Laws, Regulations and Audit Planning | Leave a comment

Quiz Prep.

Published September 11, 2015 | By Mike Romeu

As promised, here are the study topics for the quiz. I remind you that will have 45 minutes to complete 15 multiple-choice questions. You will find the quiz on Blackboard and once you start you must finish. You will not be able to restart the quiz or go back once you start.

General Standards (GS) and Guidelines (GG)

GS 1001/GG 2001 Audit Charter
GS 1002/GG 2002 Organisational Independence
GS 1003/GG 2003 Professional Independence
GS 1005/GG 2005 Due Professional Care

Articles:

“Due Professional Care,” by Fredrick Gallegos
“What Every IT Auditor Should Know About Scoping an IT Audit,” by Tommie Singleton

Posted in Quiz Prep | Leave a comment