This electronic publication is intended to streamline the amount of time required for an organization to perform an effective Risk Management by illustration some of the Best Practices in performing this essential task.
We hope that you find this information very beneficial and decide to join this effort by submitting a case study or similar information that would benefit others.
If you like the quality of this CD check the Latest News web page
on the http://www.pleier.com web site for announcements of our plans
for
the following electronic publications:
Contributing Authors and organizations include the following:
Jeffrey J. Barrett, Bay View
Capital Corporation
- www.bayviewcapital.com
Jeff J. Barrett is the Vice President of Consulting Audit Services at Bay View Capital Corporation where developed a consulting and IT risk audit function; organized Y2K Project, MIS Department SDLC, Security, Project/Test Standards; managed IT OTS/OCC Regulatory Examinations, Y2K Compliance FFIEC requirements; performed firm-wide System Conversion & Integration; business requirements, internal control need assessments; performed IT merger due diligence, Contingency Planning, and technology strategy reviews.
Prior to joining Bay View Capital Corporation Mr. Barrett served
as Manager - (MMC) Middle Market Management Consulting with Ernst &
Young LLP, Business System Consulting Group - Project Manager for
Philip Morris Companies,
and Senior Business System Consulting for Arthur Andersen & Co.
Mr. Barrett's resume can be obtained by double-clicking the following: Jeff J. Barrett
Mr. Barrett, serving as the project manager, implemented Bay View Capital corporation's first Quarter Risked Based Audit Plan using ADM PLUS Audit Management systems. He describes of developing the enhanced process through utilization of standard application tools. Mr. Barrett also shares with us Bay View's Key Success Factors of Planning, Leverage Knowledge, Develop Standards, Document, Continuous Enhancements, and User Conference Information.
As many of ADM PLUS users do, Capital Bay View Corporation
implemented ADM PLUS more quickly by using the documentation and case
studies of previous users.
Audit Productivity Trends Newsletter Describing the Accomplishments
Presentation to The Board of Directors
Recommended Management Reporting
Internal Audit Administration Application Implementation
Peter Barton-Hanson, Hambros Bank - www.socgen.com
Peter Barton-Hanson uses ADM PLUS at SG Hambros Bank & Trust Limited (SGHB&T), a subsidiary of Societe Generale an international French bank with its HQ in Paris. SGHB&T offers private banking services to high net worth individuals and has offices in London, the Channel Islands, Gibraltar and the Bahamas. Our own web site is currently being developed but SG Paris has a site at www.socgen.com
SGHB&T's audit department is currently staffed by 2 persons,
one person with banking experience and the other primarily in computer
audit. We work to a specific annual Audit Schedule approved by the
Audit
Committee covering our
operations in the above locations. We report directly to the
joint-CEO's of SGHB&T.
We have identified 30 risk factors common across all business units/locations. These factors were then weighted based on our knowledge of their importance at or to these business units. Audits/projects were then identified and the risk assessment values calculated. The higher risk ranked audits were then included in the list of potential audits, which is then added to with further audits as identified by executive management including the Head of Risk. If any unallocated audit time is available, then lower risk ranked audits will be added to the list of audits.
Double click the following to review an Excel spreadsheet containing the risk factors used and an example of assigned values and the risk ratings scores for each potential audit.
Risk Factor, Weights, and Risk Ranking Examples
Dick Beecroft, CIA, Toronto Transit Commission (TTC)
* The following is a reprint of a presentation delivered at a recent ADM PLUS User Conference.
Dick Beecroft, Chief Internal Auditor at Toronto Transit Commission introduced the comprehensive audit approach and the management of that approach in 1989. In developing strategies to implement that approach, it became obvious that a powerful software tool was needed to effectively manage the process.
Prior to joining TTC, Mr. Beecroft was Regional Audit Manager with Ontario Ministry of Transportation.
Learn how ADM PLUS was used to support the comprehensive mode of auditing at TTC. Review ADM PLUS' flexibility and effectiveness in the management of comprehensive audit.
Double click the following to review this information. Pages 14 through 33 address Risk Management specifically with page 25 listing the specific risk factors and weights used during Risk Management.
Managing Change
Bruno Bellissimo, MBA, CGA, Ontario Power Generation
Bruno Bellissimo is the Manager of Audit Systems and Reporting at Ontario Power Generation, a generating utility that produces 85 % of the electricity used by the Province of Ontario. Ontarion Power has 15,000 employees and is one of the largest employers in Canada.
The Audit Department at Ontario Power Generation consists of 28 auditors that address a wide range of audit issues including environment and health, financial, operations, information systems, and compliance.
Mr. Bellissimo describes the Risk Based Audit Programming his organization uses including background, objectives, methodology, and quality assurance requirements.
Double click the following to review detailed descriptions of the Risk Based Audit Programming and the Risk Factors Used.
Risk Based Audit Program
Excel Spreadsheet of Specific Risk Factors Used
David McNamee -
www.mc2consulting.com
David McNamee, CIA, CISA, CFE, CGFM, is a world-class expert in the area of Risk Management as it related to the Internal Auditing profession. He is the President of Management Control Concepts, a successful consulting firm he founded in 1991 to specialize in improving corporate governance through consulting projects, training, and auditing services in business risk and management control. Management Control Concepts serves a worldwide client list from all segments of public and private enterprise. Mr. McNamee's resume can be obtained by double-clicking the following: David McNamee his email address is: email: dmcnamee@aol.com
"What is Risk?" (excerpt from his book on Risk-Based Auditing)
"Risk-Based Auditing" (excerpt from his book on Risk-Based Auditing for
Government Auditors)
"A Glossary of Risk Management Terms"
"Using the Internet to Assess Risk"
"Dealing with Fraud Risk"
"The New Risk Management A Corporate Governance: A Model of
Integration"
Joseph R. Pleier, MBA, CDP,
Pleier & Associates
Joseph R. Pleier, MBA, CDP, is the president of Pleier &
Associates, the company that publishes ADM PLUS Audit mangement Systems
used world-wide since 1986.
Mr. Pleier's prior experience includes I.S. audit manager of a major retail corporation, I.S. auditor at one of the largest utilities in the United States, and systems analyst at a major oil Company.
Mr. Pleier's resume can be obtained by double-clicking the following:obtained by double-clicking the following: Joseph R. Pleier his email address is: email: jpleier@pleier.com.
In his position Mr. Pleier has assisted 100's of audit department to further automate their management process using ADM PLUS software, training, and consulting.
The following describes a process to implement using the ADM PLUS software many of the risk managment models, risk factors, risk factor weights, and management overrides describe in other section of this CD and a review of the risk mangement portion of ADM PLUS that appeared in the Internal Auditor magazine.
How To Implement a Risk Management Model using ADM PLUS
Review of ADM PLUS for Risk Management
Mike Stolarczyk, Kmart
Corporation - www.kmart.com
* The following is a reprint of a presentation delivered at a recent
ADM PLUS User Conference.
Mike Stolarczyk, CISA, was the IT Audit Supervisor at Kmart when he delivered this presentation. He is currently working for AuditForce, a co-sourcing organization. Mr. Stolarczyk has more than 19 years information systems and audit experience. Prior to his experience at Kmart he worked for Ford Motor Company in the Audit Department and various systems areas.
Mr. Stolarczyk played a key role in the reengineering of the audit process at Kmart, a major retailer. He implemented new and improved Long Range Planning and Recommendation Tracking processes using ADM PLUS Audit Management System to support the Audit Management Methodology that he designed.
The following describe details of the Audit Management Methodology that he designed at Kmart:
Overview
Powerpoint Presentation
Audit
Productivity Trends Newsletter Describing the Accomplishments
Definition of
Various Data Field Definitions
Recommendation
Tracking Status Codes Definitions
Average Risk
Ranking by Division Report
Risk Factors
& Weights for Corporate Entities
Audit Plan
Descriptions
Risk assessment
- Executive Interview Form
Risk Factors
& Weights for Information Technology Entities
Risk Assessment
Rating Sheet
Internal Audit
Department Survey
John Tongren, Ph.D., CCP,
CISA, CMA, CSP
- coactiveconnection.com
John D. Tongren is a specialist in management control processes and the
impact of technology on their effectiveness. He has earned
international
recognition for his expertise in the audit and control aspects of
information systems as well as his visionary perspective on
contemporary internal audit issues. Dr. Tongren originated The
CoActive Management Model, The CoActive Control Principles and The
CoActive Audit Principles. He is active in the total quality
movement as well as the development and audit of quality systems.
He is an academic as well as a practitioner. Dr. Tongren is a
Faculty Member of the University of Phoenix Online Campus and teaches
accounting, information systems and management topics in the UOP MBA/TM
(Technology Management) program. Dr. Tongren's resume can be obtained
by
double-clicking the following:
John Tongren his email address is: email:
jtongren@coactiveconnection.com
This Powerpoint presentation provides an overview of issues for internal auditors to consider as they become more involved in adding aspects of risk management expertise to the internal auditing function.
"Risk Management versus the Internal Auditor"
Click
Here to Order Online