Two Factors That Will Change Auditing in 201512, August 2015
The corporate audit landscape is changing in a big way – specifically when it comes to managing access controls in ERP systems like SAP®.
Managing access controls properly and efficiently is no easy feat for any professional. However, 2015 ushered in two big factors that will increase pressure on organizations to totally rethink and revamp their access controls management.
To provide more insight on this, Jody Paterson, Founder and CEO of ERP Maestro, and Blake Elder, Director of IT GRC (SAP) at KPMG, hosted a webinar to discuss what those factors are and how organizations can adapt (watch the full webinar here).
Here’s a brief overview of what’s changing the corporate audit landscape:
The Implications of COSO 2013
The latest update to the widely-implemented COSO framework has a modified requirement for Big 4 and CPA firms to follow. The actual modification is a higher reliance on IT to ensure completeness and accuracy of controls. As part of the IT General Control environment, there should be effective management of access controls, which includes segregation of duties (SoD). This aims to increase relevance and dependence on IT in order to effectively implement access controls.
Increased Scrutiny from PCAOB
The Public Company Accounting Oversight Board (PCAOB) oversees how external auditing firms conduct their audits on organizations. In the case of IT audits, PCAOB is looking closer at manual field tools used to audit segregation of duties. They’re challenging the current manual processes for their completeness and accuracy. At the same time, automated tools have become more prevalent, meaning using manual tools will no longer be considered a reliable way to audit segregation of duties.
What does this mean for organizations? It leads to two outcomes:
1. Tougher Audits
Get ready because auditing will become much tougher. There will be higher expectations for controls over the processes and technology used to monitor access controls. Organizations will have to be aware of this. The ‘do nothing’ option is no longer acceptable.
2. No More Manual
Say goodbye to homegrown databases and spreadsheets. Organizations will have to start leveraging technology that automates key processes and controls. External auditing firms will put the pressure on organizations to use automated tools for increased transparency and accuracy.
Organizations that are still managing their access controls manually should consider these factors and prepare to comply with current frameworks and expectations from external auditors. Not all external audit firms will have this sense of urgency, however, this will be a growing trend in the coming years. How can organizations adapt quickly enough in 2015? To learn more about how organizations can prepare for 2015 audits, watch the full webinar here.