Topic: IT Audit: Don’t Skip the Foundational Basics
Objectives: During a recent engagement to test IT controls for an organization that communicated they had contracted with auditors for years for the services, it was stated more than once that the client had never been asked for certain requests, which we felt were very basic. During this session, I hope to elaborate on the experience and tie it to opportunities to ensure we aren’t forgetting and/or skipping the opportunities to adequately consider and focus on the foundational IT controls when completing audits.
Jude Viator
Associate Director
P&N Consulting Services Group
About Jude Viator
Jude Viator, CIA, CISA, CRISC, is an Associate Director in the P&N Consulting Services Group. He joined the firm in 2007. Jude has extensive experience in conducting and managing internal controls based projects, as well as Information Technology (IT) and Information Systems (IS) security assessments for a variety of organizations, including publicly traded organizations. He has experience conducting and managing outsourced and co-sourced internal audit engagements, BSA/AML compliance assessments, operational and compliance audits, IT general controls assessments, internal control assessments, SOC 1 and SOC 2 exams, agreed-upon procedures (AUP) engagements, risk analyses, best practice assessments, and reengineering of processes/functions. Additionally, he has experience in identifying and testing Sarbanes Oxley 404 IT relevant controls. He has experience in all aspects of internal audit engagements, including review of internal controls, interviewing client personnel, assessing the possibility of fraudulent activity, developing test procedures, scripting the report, and presenting the report and other matters to client management and oversight committees.