OCEG One Minute Poll: Is Mandatory Audit Firm Rotation a Good Idea? December, 2011 resource OMP - One Minute Poll OCEG Reviewed
A short OCEG research poll on mandatory audit firm rotation
Government Auditing Standards: 2010 Exposure Draft (GAO) resource Agency Guidances OCEG Reviewed
Summary: This letter describes the process used by GAO for revising GAGAS, summarizes the proposed major changes, discusses proposed effective dates, and provides instructions for submitting comments on the proposed standards.
World Bank, Accounting and Auditing Reports on the Observance of Standards and Codes (A&A ROSC) resource Guides OCEG Reviewed
As part of the Accounting and Auditing Reports on the Observance of Standards and Codes (A&A ROSC) initiative, the World Bank has established a program to assist its member countries in implementing international accounting and auditing standards for strengthening the financial reporting regime.
SEC Proposes Ways to Strengthen Audits and Reporting of Broker-Dealers to Protect Customer Assets (June 2011) resource Articles OCEG Reviewed
SEC Press Release and Fact Sheet: The Securities and Exchange Commission unanimously proposed amendments to the broker-dealer financial reporting rule in order to strengthen the audits of broker-dealers as well as the SEC’s oversight of the way broker-dealers handle their customers’ securities and cash.
Treasury Board of Canada Secretariat Internal Audit Web Site resource Agency Web Sites OCEG Reviewed
Internal audit is a professional appraisal function that operates independently of line management, providing an objective assessment of practices and activities and contributing to accountability and transparency. Internal audit provides deputy heads with assurance as to the design and operation of the governance, risk management, and control processes in their organizations.
COSO, Guidance Documents resource Organizations & Associations OCEG Reviewed
COSO (Commitee on Sponsoring Organizations) guidance documents posted on the following topics: Enterprise Risk Management, Internal Controls and Fraud Deterrence.
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders. How SAS® Is Different Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.04 - Business Continuity Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- O1. Commitment
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- M2. Performance Monitoring
- O2. Roles
- P2. Codes Of Conduct
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- M3. Systemic Improvement
- O3. Accountability
- P3. Policies
- C4. Objectives
- M4. Assurance
- R5. Remediation
- P7. Risk Financing
Protiviti Governance Portal
The Protiviti Governance Portal is a comprehensive software platform that integrates content and commonly accepted frameworks with world-class consulting expertise that provides organizations with the visibility and insight needed to manage and mitigate critical risk and compliance issues today and in the future.
- IT.01 - Audit and Assurance Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A2. Analysis
- M4. Assurance
- R5. Remediation
- (A) Assess
- (M) Measure
AICPA, Recently Issued Technical Questions and Answers resource Organizations & Associations OCEG Reviewed
The questions and answers in this section are not sources of established authoritative principles. This material is based on selected practice matters identified by the staff of the AICPA's Technical Hotline and various other bodies within the AICPA.
AICPA, Technical Practice Aid 8700.03, “Auditor’s Responsibilities for Subsequent Events Relative to a Conduit Debt Obligor" (September 2010) resource Standards and Guidelines OCEG Reviewed
The TPA provides guidance on the effect of FASB Accounting Standards Update no. 2010-09 on ASC Topic 855, Subsequent Events, regarding the auditor’s responsibilities for subsequent events relative to a conduit debt obligor and the date of the auditor’s report.
