What You Will Learn
1. Outsourcing/Third-Party Contracting
- key areas that require a proactive approach
- the four key points of failure
- unrealized expectations: what they are and why they occur
- the most critical risk areas and what to audit for in each
- most critical impacts on the audit process
- metrics and their huge impact on success
- automating the oversight and vendor management processes
- critical audit issues and concerns surrounding tenancy environments
2. Mergers and Acquisitions
- areas of critical audit involvement
-- actively engaging in all of the critical stages of the process
-- determining the primary causes of failure in M&A: what we should be doing
-- how do we prove what really happened at the end of the day
- auditing the key stages of M&A activity
-- the decision-making process
-- the contract
-- due diligence: what to do, when and how
-- the integration
-- the final outcome
3. New Systems Design/Acquisition
- the 12 deadly sins of systems implementation: why new systems/platforms fail and/or drive up the cost of implementation
-- moving to a new application platform: what’s the business reason?
-- overspending our project scenario (OOPS)
-- unrealistic timelines
-- the phase 2 syndrome: never happens!
-- failure to do a total systems/personnel impact analysis
-- implementing a platform contrary to the established design criteria
-- back to the future
-- ACE: the awful consultant experience
-- data, data everywhere, but I can’t answer your question: the DRIP issue
-- SCORE: system-centric oversight and risk evaluation
-- the dog and pony show
-- getting cooked by the boilerplate contract
- monitoring the consultants
- key areas of risk and audit interest: understanding the risks associated with the 12 deadly sins and ensuring that management has addressed them 4. Embracing New Technology
- critical non-technical risk areas that need to be audited to ensure they are addressed with appropriate controls/mitigation techniques
- cloud computing
-- data integrity
-- data accountability
-- legal jurisdiction
-- contractual obligations
-- the great cloud train
- social networking sites/corporate and personal utilization and the risks they bring
-- spoofing
-- compensated blogging
-- protection of confidential information
-- protection of proprietary information
- highly transportable mass storage devices
-- all shapes and sizes
-- data security
-- data availability
-- key areas that should be restricted
-- the risks surrounding who, what, where, why, and how
- embracing new technology as an internal audit strategy
-- hardware
-- software
5. Internet Presence
- risks and concerns of the corporate website that need to be audited
-- cost to value scenario
-- key metrics that need to be monitored
-- site content control
-- impact vs. intent
-- who is in control?
- related environments |
