Does anyone have any experience with performing an audit review of an active project? More specifically I’m completing a review over the implementation of a new Risk Framework. I’m struggling to develop my own audit framework to build out the Test of Design before we start working on Test of Implementation. Can anyone help me??

like
Posting as :
works at
You are currently posting as works at

Unfortunately, there is no last year files. It’s a new project and nothing to go by as a guide.

like

Risk Framework implementation should be assessed against a standardized risk management framework. The most common one is usually COSO framework, ideally COSO 2017 but if you don’t have the material, COSO 2013 is still acceptable. Understand the main components/principals of the standard, and assess the risk framework against those principals. And also ask for help, ask your project manager and other team members- you shouldn’t be alone in this if you get stuck.

like

For test of design do you have last year client files? You can try mimicking those

Shoot , I have not come across and engagement like that. Do you have any superiors like a manager to ask for help?

Use a similar-ish underlying business/project.

If it is one of it's kind, unique process than you can only test the assumptions and the people.

From a project related to the implementation of a new risk framework I would first start by understand what framework/s the company is leveraging to build their own. Once you figure that out, along with applying some of your skills/expertise to use, you can come up with some design tests.

And to EY1 - my goodness why is EY so NOTORIOUS for this “just follow last year working paper”. Not everything can follow last year work paper - you need to understand the objective of the task and find the right solution, not just cutting corners by reciting and update last year wp. You’re probably just another victim of an EY manager who told you to do so - that’s why I wholeheartedly believe EY IS THE WORST OF ALL BIG 4, and I envision one of these days there will only the big 3. ✌️

ISACA's website offers standard work programs test steps for free to it's members. I'm pretty sure they've a few for RM framework.

ISACA is geared more towards IT risk. COSO is for general risk framework. Depends on the project on topic

Have you figured it out? I'm struggling with the same

Related Posts

Hi,
I have an offer with Citi, initially it was hybrid model and looks like they are moving back to wfo.. they told only now and I dont have any other offer in hand. due to personal constraints I need wfh or some flexibility types, but they seem a bit rigid as its not in their policy..
Is it good to join and then try pushing them for wfh.. or search for another offer..? 16 yoe, PM...

Does IHS or S&P Global HR revise up the offer, if we go back to them with a counter offer?

like

Heads or Tails?

Post Photo
likefunny

Anyone an EA at Citadel? Do you like it?

like

Can EHR be used for unbranded comms? Wanted to get a sense of it you guys are recommending and using ehr ads for unbranded or pre-launch comms.

like

How do I apply to the TCS NYC Marathon? It says the only way to gain entry is with an invitation code? Can people not register without joining a charity/sponsor this year?

like

Waiting on offer from Deloitte for Cyber Digital Identity Manager - Microsoft Azure Active Directory
7 YOE
Present TC- 130k
What is the ideal salary ask for this position and joining bonus at Deloitte ?#it

like

Anyone prepping over holidays? MBB interview here

like

Looking for senior Salesforce developers/architects in the US! Joined my previous mentor in starting a new Salesforce practice. Company is based in SF but we’re ok with folks working remotely. Might require some travel once it’s safe again but not anytime soon. Good opportunity to be actively involved in building something from nothing

like

What is the salary package for Technology Analyst for 3.2 YOE in Infosys?? Is it a good role ? Kindly suggest

Best bars to drink alone at in Seattle? Still trying to make friends here, but in the meantime what’s a friendly place to pull up a stool when you’re alone?

like

Hi All
Is their anyone else whose FNF is still pending having LWD before 4th Nov?

like

I got offer from HSBC HDPI , gurgaon for Gurgaon location. Offer is 13.50 lacs for manager Role....
Please help me to understand how much hike I should expect and bonus.
My joining is in end of Oct hence am I eligible for anything..

like

Anyone want to swap some Hyatt points for my Marriott points?

like

Do the BB's ask for SAR reports for lateral moves ?

like

Not legal-related but: thoughts on A Jazzman’s Blues? I loved it. Been a while since a movie has stayed on my mind long after it ended, like this one has. Shocking Tyler Perry wrote it. “Paper Airplanes” is a hauntingly beautiful song.

like

Is it safe to join Paytm? I am afraid for the job security because we can see the stock price is plummeting and the payments Bank license is also on hold, etc. Please guide. I have 1 offer from other good company but pay is less compared to paytm (4-5 lakh difference)

like

Will there be any career growth if we are into a product specific Business analyst?

like

Hello folks, I have work experience of 14 years in Javascript, vue.js, python, AWS with Devops, working as a Senior technology manager currently in Finance domain. How much salary should I target in a remote only setup? Any suggestions are appreciated!

like

Additional Posts in Risk Assurance

Identifying a common process, what does this even mean 😩 please help.

like

If anyone (non EY) wants some referral money, I am looking for a job. Have 1yo in EYs Technology Risk Advisory practice and Gold Standard reviews. Also speak 3 languages but I don't think it matters.

like

If anyone is looking for a referral as an experienced hire to the PwC DAT (Digital Assurance & Transparency - formerly Risk Assurance) practice let me know and would be happy to refer you. We are actively looking to hire.

like

I’m getting put up for manager a year early. I have PPMD ,SM, and M support. Pretty much support from all the key individuals on my team and in my service line. Since it is a year early if i don’t get promoted this round I know it’ll come mid year but I do expect a good salary increase still without the promo. If I don’t get the promo nor a salary increase that I’m okay with, how do I let my partner know that I will begin to entertain outside offers? some of which have offered the manager role.

like

Does business Process Internal Audit or IT Internal Audit make more?

like

How do you apply design factors to IT Audits. Just overheard someone explain 'level of aggregation' for IT Security policies by describing how many people have access to it. Why is this a thing???

like

Currently in Risk Assurance but have the opportunity to transfer into Deals & Strategy. Which one is better for a career long term?

like

Crowe is hiring for quite a few positions across the US (Internal Audit, IT controls and cyber/digital security, Compliance,etc)… I’m a manager and would think some of these niche areas have great opportunity for new folks to excel rather quickly. Great flexibility and mobility policies. I’d be happy to chat if interested and get you directly in touch with the right people internally.

likefunny

Has an tested roles for SAP through productive test simulation within production? Is there any risk doing this as the test is in production?

like

Im looking at new job opportunities out side of PA but struggle to confidently answer how much I’m looking to be paid. I’m so worried of over asking or leaving money in the table.
I’m in a SoCal HCOL and have been asking for 100k for Senior Internal Audit Roles (2 years) and working on my CiSa.
Is that too optimistic?

like

What aspects would you look at when interviewing a person for a Manager position?

like

How do you all keep up with trends in risk and internal audit?

like

Does anyone have any good resources for auditing ESG?

How do you tell your boss you're quitting without burning bridges? Please note we're in busy season for the engagements I've been staffed on, which is what makes me nervous and guilty. TIA

like

Tried to jump to a big 4 as a senior 2 in risk assurance . SF market - offered 93k base and 15k bonus. Is this worth?

Any idea on what I industry senior risk analysts are making?

like

I have an interview coming up for internal audit manager. Currently in external audit. When asked about my experience in ERM - what would you say Is transferable skills that I can leverage in my answer?

like

Mid year promotions, I found out you need to make your own case for it rather than the firm coming to you. If you think you’re ready make sure you speak up!

Anyone hiring for entry level risk compliance roles?

like

Does Deloitte and PWC has a dedicated app sec pen-test team? What percent of the time do you travel? Do you guys work from home or need relocation to any place in US?

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal