What is your methodology and timeline for issue validation projects? When validating issue remediation, do you focus only on assessing the design of controls or do you also evaluate their operating effectiveness? Do you have different approach for high risk issues vs lower risk issues?

794 views2 Comments

Sort by:

VP of Finance in Travel and Hospitality8 months ago

My guidance is this:
1. Low risk issues can be closed with control owner attestation or simple inquiry.
2. Medium risk issues can be closed with observation or examination.
3. High risk issues are closed with either reperformance or substantive testing.

Of course, the devil is in the details. It depends on the actual issue itself and a bit of context around the overall audit engagement's results. For example, if an audit is issued with an Unsatisfactory opinion and there were five medium risk issues, one high, and three low, we'd likely follow the guidance above. If it was an engagement and we noted it was satisfactory, with one medium risk issue, we very well might just perform inquiry/observation.

Chief Audit Executive in Banking8 months ago

Our timeline is 30 days from notification that the issue has been resolved. We focus on the design of the controls and periodically will evaluate the operating effectiveness of the controls. His risk issues have a third level of review by the Chief Audit Executive.

Content you might like

Is Excel still the best tool for nearly everything FP&A related?

Yes53%

Yes, but only if your business is a certain size19%

No27%

View Results

Has anyone been successful in implementing a FinOps Cost Optimization policy to turn down idle cloud instances during off hours (nights/weekends)? DId you start with non-prod environments? How are you handling logging/monitoring alerts during that time?

Looking at implementing a new ERP system and was wondering how much budget would be required / types of systems anyone has implemented / timeframes etc?

How will your team's headcount change in 2020?

Increase52%

Stay Flat41%

Decrease6%

View Results

We are in the process of reviewing our Account Reconciliation policy. Any industry best practice resources you have found helpful in putting together yours?

What is your methodology and timeline for issue validation projects? When validating issue remediation, do you focus only on assessing the design of controls or do you also evaluate their operating effectiveness? Do you have different approach for high risk issues vs lower risk issues?

Sort by:

Content you might like

Is Excel still the best tool for nearly everything FP&A related?

Has anyone been successful in implementing a FinOps Cost Optimization policy to turn down idle cloud instances during off hours (nights/weekends)? DId you start with non-prod environments? How are you handling logging/monitoring alerts during that time?

Looking at implementing a new ERP system and was wondering how much budget would be required / types of systems anyone has implemented / timeframes etc?

How will your team's headcount change in 2020?

We are in the process of reviewing our Account Reconciliation policy. Any industry best practice resources you have found helpful in putting together yours?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Current State of Software Developer Experience

Unlocking the Potential: GenAI's Impact on Product Innovation and Growth

Buyer Journey Mapping: 2023

Take Your Insights On-the-Go