Internal Auditing Program, Risk Based Business Process Audit Seminar & Consulting

BUSINESS MANAGEMENT

Practical Gov/Risk Management

Internal Controls

Four STAR Certification

INTERNAL AUDIT

Risk Based Integrated Auditing

Audit Fundamentals

Audit Executive Development

Governance Auditing

Integrating IT Audit

Continuous Monitoring

Self-Directed Work Teams

IN-HOUSE TRAINING

PROF. ORGANIZATIONS

CANCELLATION POLICY

TRAVEL INFORMATION

NASBA CPE

BUSINESS MANAGEMENT

BOOKS

Practical Gov/Risk Management

Exec Overview Gov/Mgt/Perf

Quick Reference Cards

SOFTWARE

Business Case Manager

Risk Control Manager

CDs

Forms/Documentation

INTERNAL AUDIT

BOOKS

Is RBIA Right for Us?

Quick Reference Cards

SOFTWARE

Audit Team Mgt System

CDs

Forms/Documentation

Audit Fundamentals

RBIA Analyzer

BUSINESS MANAGEMENT

INTERNAL AUDIT

Support Center

Site Map

Links


	SUPPORT CENTER Q&A 1ST QTR 2005 Date: 3/31/05 QUESTION: Are there many community banks utilizing RBIA concepts and, if so, has there been any regulatory feedback (general, FDICIA, SOX)? ANSWER: We have had many community bank auditors attend our RBIA seminars as well as IIA sponsored seminars over the years. We really do not know how many community banks are utilizing RBIA or parts of its concepts as of this date. Most community banks, because of their small size, utilize an internal audit group to do nothing more than to "keep the regulators off their backs". In such cases, the internal audit groups do little more than fill forms out for the regulators. If the role of internal audit in your community bank is to actually add some value and help the bank be successful, RBIA has a widespread application. The feedback from the regulators, that we have been able to determine, varies from state to state and federal reserve office. DATE: 3/31/05 QUESTION: Can I use RBIA to do compliance audits? ANSWER: Risk Based Integrated Auditing (RBIA) audits *RISKS*. There are risks in non compliance with laws and regulations. Of all the audits that RBIA can handle, compliance is the easiest since the limits of risk are always defined as "zero" and the hypotheses are always worded in the positive, e.g., "we are in compliance with the ABC regulation". (This response assumes that you have attended one of our seminars and understand how the RBIA audit process works). DATE: 3/11/05 QUESTION: I attended the 4-day RBIA course and you mentioned that in order to ensure that you are comparing "apples to apples" when you receive responses from auditees, that you should formulate questions to ask prior to meeting with the auditees (if you are asking multiple people about the same process). If you have the questionnaire documented, would you recommend sending it to them electronically to fill out, then follow-up if you have questions on their responses? Or would you just recommend meeting with them personally to ask them? Thanks. ANSWER: No, I would not. I much prefer to ask auditees the questions directly because I want to see their body language - it will tell me a lot about their answer. I find that sending the questions in advance in electronic format tends to create two impressions. One is that the auditees feel that they are doing your work for them. Secondly, some auditees will send that list to their managers and start the "why do we need to answer this?" cycle. The RBIA focus is to build relationships focuses on helping people be successful. You can accomplish this better by talking with them directly. DATE: 3/9/05 QUESTION: We recently copied issues directly with the Audit Committee of our company and they ended up siding with the vice presidents involved. They have done this before. I know that our department is losing credibility. It is depressing since we followed our audit procedures and did everything we though that we needed to do including obtaining managers responses. Any suggestions? ANSWER: The Audit Committee will side with the Vice Presidents in your company simply because they need them to run the business on a day to day basis. If your facts are valid, I am assuming that your audit procedures that you referred to involve automatically copying the audit comittee on all findings. This is a dangerous practice since you are going over vice presidents' heads without giving them the common business courtesy of being involved in this process. You need to change your audit procedures and stop automatically copying the audit committee on all audits. You can give them a status summary. If the Audit Committee wants more details on any audit, make sure that the Vice President responsible for the area is standing next to the General Auditor for that discussion. If you happen to have a "dirty" vice president, an Audit Committee may "visibly" side with that vice president but begin a separate investigation behind the scenes. However, you have to assume that your vice presidents have ethics and integrity until you have evidence to the contrary.	The Best of the Best for 2006 RBIA Gold Medal Ms. Martha Mimica, Florida Power & Light RBIA Silver Medal Mr. Bill Egan, Scotts Company RBIA Bronze Medal Mr. Dan Ashley, Qwest Communications *Congratulations!* prior year winners SOX 404 RISK CONTROL MANAGER 2.1 SOFTWARE a cost effective way to document controls AUDIT TEAM MANAGEMENT SYSTEM (ATMS) SOFTWARE best value available for small audit groups

SITE MAP	RBIA™ and PGRM™ Osterio, Inc. All rights reserved worldwide.	Updated: February 2, 2007

The Best of the Best for 2006