Admin ji
by Admin ji
CISA Domain 5 Complete Video Lectures
December 18, 2021 in CISA
CISA Domain 5 constitutes about 27% weightage in CISA exam. This is highest among all domains, hence it is the most important domain of CISA exam. Domain 5 is also known as Protection of Information Assets. you can complete entire Domain 5 with the help of below 8 videos. Special thanks for Success Accelerators for creating these helpful videos
Domain 5_Video 1:
Domain 5_Video 2:
Domain 5_Video 3:
Domain 5_Video 4:
Domain 5_Video 5:
Domain 5_Video 6:
Domain 5_Video 7:
Domain 5_Video 8:
Do share it with your friends and bookmark this page for future reference
by Admin ji
CISA Domain 4 Complete Video Lectures
December 18, 2021 in CISA
CISA Domain 1 constitutes about 23% weightage in CISA exam. This is the second highest after domain 5. Domain 14is also known as INFORMATION SYSTEM OPERATIONS AND BUSINESS RESILIENCE. You can complete entire Domain 4 with the help of below 3 videos. Special thanks for Success Accelerators for creating these helpful videos on CISA
CISA Domain 4_Video 1:
CISA Domain 4_Video 2:
CISA Domain 4_Video 3:
Do share it with your friends and bookmark this page for future reference
by Admin ji
CISA Domain 3 Complete Video Lectures
December 18, 2021 in CISA
CISA Domain 3 constitutes about 12% weightage in CISA exam. It is least among other domains but still important foundation to start with IT domain. Domain 3 is also known as INFORMATION SYSTEM ACQUISITION, DEVELOPMENT AND IMPLEMENTATION. You can complete entire Domain 3 with the help of below 14 videos. Special thanks for Success Accelerators for creating these helpful videos on CISA.
Domain 3_Video 1:
Domain 3_Video 2
Domain 3_Video 3
Domain 3_Video 4:
Domain 3_Video 5:
Domain 3_Video 6:
Domain 3_Video 7:
Domain 3_Video 8:
Domain 3_Video 9:
Domain 3_Video 10:
Domain 3_Video 11:
Domain 3_Video 12:
Domain 3_Video 13:
Domain 3_Video 14:
Do share it with your friends and bookmark this page for future reference
by Admin ji
CISA Domain 2 Complete Video Lectures
December 18, 2021 in Uncategorized
CISA Domain 2 constitutes about 17% weightage in CISA exam, hence it is also an important domain . Domain 2 is also known as governance and management of IT . you can complete entire Domain 2 with the help of below 5 videos. Special thanks for Success Accelerators for creating these helpful videos
Domain 2_Video 1:
Domain 2_Video 2
Domain 2_Video 3
Domain 2_Video 4
Domain 2_Video 5
Do share it with your friends and bookmark this page for future reference
by Admin ji
CISA Domain 1 Complete Video Lectures
December 18, 2021 in CISA
CISA Domain 1 constitutes about 21% weightage in CISA exam, hence it an important foundation to start with. Domain 1 is also known as Information System Auditing Process. you can complete entire Domain 1 with the help of below 9 videos. Special thanks for Success Accelerators for creating these helpful videos
Domain 1_Video 1
Domain 1_Video 2
Domain 1_Video 3
Domain 1_Video 4
Domain 1_Video 5:
Domain 1_Video 6
Domain 1_Video 7
Domain 1_Video 8
Domain 1_Video 9:
Do share it with your friends and bookmark this page for future reference
by Admin ji
Some Segregation of duties rule in P2P Function | P2P SOD Rules
September 25, 2021 in Internal Audit
In this post we will discuss some SOD rules that should be implemented in Procurement to pay function. These are some general rules that may be or may not be apply to a specific company. These SOD rules are for reference only and recommended for large scale organisations
| SOD | Rule No. | Rule | Rule Type | Area |
| PR | 1 | PR creator and approver should not be same | Maker Checker control | P2P |
| 2 | PR Approver should be at higher grade than PR Creater | Maker Checker control | P2P | |
| 3 | PR approver should be HOD of User Department | Maker Checker control | P2P | |
| 4 | PR cannot be changed post approval | general | P2P | |
| 5 | PR approver and PO Approver for any specific case should be different | Conflict of Interest | P2P | |
| PO | 6 | PO creator and approver should not be same | Maker Checker control | P2P |
| 7 | PO Approver should be at higher grade than PO Creater | Maker Checker control | P2P | |
| 8 | PO approvers should not be same at all levels | Maker Checker control | P2P | |
| 9 | PO date should be after PR date | general | P2P | |
| 10 | PO qty and PO value must be mandatory fields | general | P2P | |
| GRN/SRN | 11 | GRN/SRN creator and aprover should not be same | Maker Checker control | P2P |
| 12 | GRN/SRN Approver should be at higher grade than GRN/SRN Creater | Maker Checker control | P2P | |
| 13 | GRN/SRN must be done by the user receiving the material/services | Maker Checker control | P2P | |
| 14 | GRN date should be after PR and PO date | general | P2P | |
| 15 | PO and GRN rights should be with different user | Conflict of Interest | P2P | |
| Vendor Master | 16 | Vendor creation required maker checker | Maker Checker control | P2P |
| 17 | Edit/deletion vendor details must have maker checker | Maker Checker control | P2P | |
| 18 | Inactive to active -Change in the status require approver | Maker Checker control | P2P | |
| 19 | Blocking of vendors requires approval | Maker Checker control | P2P | |
| 20 | Blacklisted vendor must be blocked permanently with aproval | Maker Checker control | P2P | |
| 21 | Vendor Master data maintainence and vendor master confirmation with different user | |||
| Material/Service Master | 22 | Creation of Material code/service requires maker checker control | Maker Checker control | P2P |
| 23 | Edit/deletion of codes must have maker checker | Maker Checker control | P2P | |
| Invoice | 24 | Park and post by different user | Maker Checker control | P2P |
| 25 | Posting rights must be with the user have a higher grade than Parker | Maker Checker control | P2P | |
| Payment process | 26 | Payment processing should be with treasury department only | Conflict of Interest | P2P |
| 27 | Payment processing must have approval matrix | Maker Checker control | P2P | |
| 28 | Payment processing and entry by different user | Conflict of Interest | P2P | |
| 29 | Park – post payment entries with different user | Conflict of Interest | P2P | |
| 30 | Payment processor is different from BRS | Conflict of Interest | P2P | |
| 31 | Vendor creation and payment processing should be different users | Conflict of Interest | P2P | |
| 32 | Treasury team should not credit vendor | Conflict of Interest | P2P |
Do share it others and comment below your opinion on the same . You can also add if we have missed something.
Shared by : Alkit Jain
by Admin ji
Quality Assurance in Internal Audit
August 28, 2021 in Internal Audit
While internal audit units fulfill their duty to develop and add value to the activities of their organizations, they should also constantly monitor the effectiveness of their own activities. With the establishment and implementation of the “Quality Assurance and Improvement Program”, the assurance of effectiveness and compliance with standards in internal audit activities is ensured. The internal audit units within the scope of this program, which must be fulfilled in accordance with the current standards of internal auditing, must be self-evaluated by competent internal auditors and the results must be reported to the internal audit units and reported to the top managers by the unit heads. It is considered appropriate that self-assessments, which provide the internal audit units with the opportunity to reach a certain level of maturity by constantly reviewing their goals, objectives and activities, should be seen as a means of keeping alive and developing the intention and capacity of internal audit units to fulfill their mission and meet expectations, rather than a necessity.
The chief audit executive should establish policies for periodic internal quality reviews of the internal audit activity.
Internal reviews, internal audit activity and oversight; should evaluate its quality, compliance with standards and the internal audit unit’s audit guidelines, the method of adding additional value to organization, and whether performance indicators have been achieved.
Continuous Internal Evaluations
Continuous internal evaluation efforts are to ensure that the customary practices and policies used to manage the internal audit activity comply with the standards. This can be achieved:
• Mission Oversight and Control,
• “Check Lists” that ensure the control of the realization of every stage of the internal audit activities in accordance with the methodology,
• Feedback from the supervised and participants,
• Review of working papers by auditors who were not participated in the relevant audit,
• Realization rates of performance indicators.
The most important element of the quality program is compliance with IIA standards. For this, audit activity performance measures should be developed by internal audit units.
This includes:
• Internal audit processes,
• The level of contribution to the development of internal control, risk management and management processes,
• The rate of reaching the main targets and the determined goals,
• Internal audit competence, innovation,
• Percentage of audit recommendations implemented,
• Staff productivity,
• Increasing the cost-effectiveness of the audit process,
• Increase in the number of activity plans in process developments,
• Appropriate task planning and management,
• Efficiency in meeting the needs of right holders,
• Management’s expectations from internal audit and the number of management requests,
• Number of complaints about the internal audit department.
Are appropriate measures that can be used to support a review of the internal audit activity?
Of course, it is possible to increase these dimensions.
by Admin ji
All about Operational Audits
July 30, 2021 in Internal Audit
What is Operational Audit ?
An operational audit process is the series of steps an auditor takes to evaluate the operational activities of a given company or other organization. The process is similar to the processes for other audits, but more in-depth. It serves as a detailed look at all of the internal departments and processes that make up a business’s operations. Whereas a regular audit evaluates financial statements, an operational audit examines how a company conducts its business, with the aim of increasing overall effectiveness.
Goals to perform an operational audit
The goal of the operational audit process is to determine whether the internal controls of the business, such as policies and procedures, are sufficient to produce an optimum level of efficiency and effectiveness. The outcomes gleaned from the audit are most useful to the management team, who can take these recommendations on board to streamline future processes.
Here are three of the primary outcomes of a successful operational audit:
- Increase efficiency: Gain a greater understanding of how future policies and procedures can boost effectiveness.
- Identify risks: Businesses run many operational risks, ranging from health and safety issues to cyber threats. A full operational audit identifies risks like these, as well as potential problems related to fraud and compliance.
- Learn internal controls: By examining each step of the operational process, an audit can dive deeper into the impact of any changes to internal controls.
Since operational audits focus on efficiency and effectiveness, these also involve identifying deficiencies in a company’s operations. These deficiencies may come from processes, procedures, or systems that involve wastage of resources. As a result, operational audits may differ from one company to another. On top of that, its scope may also vary based on the company’s requirements. Usually, these audits may occur on a lower or broader level.
Operational audits also help internal auditors with identifying risks, which is a critical internal audit area. Usually, these involve singling out the operational risks that companies face. These may further include other risks such as IT risks, health, and safety risks, litigation risks, etc. An operational audit can identify any risks that companies face due to their operations and any problems related to fraud and compliance.
An operational audit, according to a specific area of activity, is organized in two phases:
1. An analysis of the functions of the company in order to understand the functioning of the organization: At the heart of this phase, processes and procedures are identified and analyzed. Their correct application is evaluated. This phase also makes it possible to establish a matrix of processes and their interdependencies, for example, to avoid redundant processes.
2. An analysis of the efficiency of the processes: This phase consists of analyzing the performance of a process by analyzing its revenues (direct and indirect) and its costs (direct and indirect).
During the execution phase, internal auditors will focus on going through a company’s operations. As mentioned, it will include reviewing processes, procedures, and systems. During this process, they will validate the control involved in each step and how these controls are performing. Similarly, they will identify any deficiencies that will exist within these processes and procedures. This step is usually the longest and requires a lot of resources.
Article by :
Also see : Internal Auditors … Do more….
by Admin ji
Relationship Between Internal Control & Internal Audit
June 26, 2021 in Internal Audit
Internal Control is part of the first line of defense because it is the responsibility of Operational Management, which itself is accountable to Senior Management. Internal Audit is part of the third line of defense. It even assesses the effectiveness of the first (Operational Management functions) and second (Risk and Compliance Management functions) lines of defense. Moreover, unlike Internal Control, Internal Audit may report directly to the Board of Directors and specifically the Audit Committee, in order to maintain a certain independence and objectivity when assessing other functions in the company that operate at the first two lines of defense.
Although there is a strong and mutual relationship between them, internal control and internal audit are two different concepts. The importance of internal control and internal audit, which is a part of it, in achieving the objectives of the administrations, in the fulfillment of their activities more effectively and efficiently, in the reliability of the financial reports presented to the public, is a reality accepted by everyone. In this sense, it is very important to raise awareness about internal control in administrations.
Internal control is the creation and implementation of the necessary control systems and methods to reduce the impact of possible risks. It is the management’s responsibility to establish an effective internal control system, to operate and monitor this system as required.
Internal auditing is an important but different dimension of internal control. Managers obtain information about the nature of internal controls from the reports of the internal audit function created as part of the internal control structure. Internal audit units examine whether the internal control systems installed in the administrations work properly and report to the senior management. In other words, internal audit units provide information to management regarding internal controls, make evaluations and make proposals. The internal audit activity helps the organization have effective controls by evaluating the effectiveness and efficiency of controls and encouraging continuous improvement.
Despite his duties and powers, the internal auditor is not responsible for the dysfunctional financial management and the effectiveness of the internal control environment and management. The internal auditor is only responsible for the success of the internal audit. Managers are responsible for the success of internal control.
Internal audit provides information, evaluations, and recommendations to management regarding internal controls. However, no matter how valuable information internal audit provides to management, it should not be seen as a substitute for an effective internal control system. On the other hand, an effective and strong internal control structure reduces the work of internal audit as well as management, allowing these functions to deal with more important issues.
Although internal control activities operate as an uninterrupted process, the internal audit function begins to work after the activities are carried out and evaluates the events after they occur.
Internal control is a process that ensures the accuracy and reliability of the activities, and internal audit tests and reports the accuracy and reliability of the activities.
Internal auditing is a service for management. Examining and evaluating internal control and providing assurance to the top management are within the scope of internal audit functions. Internal audit itself is part of the organization’s internal control system and includes all aspects of internal control, not just financial control.
It is essential that internal audit maintains its distance from management control. Thus, the institution will be aware of its responsibility for management control and will strive to carry out internal control effectively. The internal auditor is only responsible for the success of the internal audit. Managers are responsible for the success of internal control.
Internal audit should help the organisation have effective controls by evaluating the effectiveness and efficiency of operations and encouraging continuous change.
Article by :
by Admin ji
5 Myths About Internal Audit
June 6, 2021 in Internal Audit, opinion
5 Myths About Internal Audit
Myth – Internal Audit is a burden(cost centre) on company
Reality: A well organised Internal audit function is boon for any company
Myth: Internal Auditors are only fault finders
Reality: Internal auditors are watch dogs. They not just find faults but also provide solutions for the process lapses
.
Myth: Internal Audit is an easy Job
Reality A lot of people argue that finding a fault in some process is very easy but doing the same task on a daily basis is tough. My point is, how can an Internal auditor find a loophole in a process if he doesn’t understand it completely. For example, there will be some grammatical errors in this post and only those can find them, who have a good command over English. Also, the level of learning in this profile is unmatchable
Myth : Internal Auditors revolves around finance only :
Reality: Internal audit basically covers each and every aspect of the organisation. If you are keeping yourself limited to finance, then probably you are not exactly doing internal Audit
Myth ; Internal Audit is a low paying job profile :
Reality : No. It isn’t. If you are into core internal audit then you won’t find yourself under paid. Pay depends upon industry to industry
Written by : Alkit Jain