Auditing IT, fraud and financial management and controls in a quick and effective way
My presentation in relation to the topic 1 of the conference outline on IT, Cybersecurity, Fraud management
Outline of presentation – real life practical examples of how a relatively small legislative audit office of 35 people is able to tackle performance audits related to I/T areas, fraud risk management, and financial management and controls.
All of our audits are public reports and therefore it makes using them as examples very simple. My focus would be on a number of examples of audits that have helped bring these matters a high degree of interest both in Nova Scotia and at times nationally. For example, in December 2018 one of these audits received national attention related to controls and our fraud related work has received national attention including such papers as the national post.
I would focus on how we use a risk lens to pick the audits we do and then get them done quickly and with great impact. This will provide take always as to what listeners can do when they return to their audit shops. Likely examples to share would include:
- January 2019 audit of a privacy breach involving a key government website
- December 2018 audit of governance of IT matters in the health sector
- December 2018 audit of governance and financial management and controls at a key government organization
- October 2018 report on financial audit work that included a summary of the status of over 50 government organizations and their progress on fraud risk assessments, fraud policy and fraud hotlines
The presentation will be based on real audits and cases and audit approaches that are transferable to any size or type of organization and show the ability to do this work in a smaller audit shop.