IS Auditing: 今天收到CISA Result，我通过了！

ccj5124

恭喜。能人啊。

qqyang

不要这样讲，我会骄傲的。

careycat

恭喜，恭喜

kitty_cat

congrats!! good luck with CA

patrickzhu

原帖由 qqyang 于 2008-2-6 15:06 发表
我们公司因为标榜environment friendly，标榜Quality，标榜OH&S好，所以有一个专职的Quality Manager，下面还有一个Officer.

嗯，还是大公司牛！
我来澳洲的第一年，就做了很多OH&S的外部auditing，全是文件，统统是废话，为了auditing而auditing。
加上被我们auditing都是不大的公司，quality manger都是兼职，基本上一问三不知。
很多时候是我们问什么，他们回答的东东牛头不对马嘴。
然后又有很多回答包含了技术的成分，我们其实不懂还要装懂。
所以这个OH&S也是和什么ISO9001,14000。。。差不多，把简单的东西复杂化。
不过如果可以进WorkCover这样的机构做officer就爽了。

qqyang

原帖由 patrickzhu 于 2008-2-6 16:00 发表

嗯，还是大公司牛！
我来澳洲的第一年，就做了很多OH&S的外部auditing，全是文件，统统是废话，为了auditing而auditing。
加上被我们auditing都是不大的公司，quality manger都是兼职，基本上一问三不知。
很多 ...

这个是european的传统，他们很愿意代代传的.....

西门吹哨

What is SOX404 in scope?

qqyang

原帖由 西门吹哨 于 2008-2-6 22:01 发表
What is SOX404 in scope?

SOX404 is the initial of SarbaneOxley Act 404, which took effect after Enron scandal.  It requires listed company CEO and CFO to take personal responsibility on avoiding any material misstatement on financial figures, and promised to build up a good corporate governance in the company.  All US listed copmany need to compliance with SOX404, and their external auditor need issue opinion on whether the company has complied with it.

SOX404占了我一半的饭碗。

西门吹哨

原帖由 qqyang 于 2008-2-6 22:30 发表


SOX404 is the initial of SarbaneOxley Act 404, which took effect after Enron scandal.  It requires listed company CEO and CFO to take personal responsibility on avoiding any material misstatement  ...

Thanks!

How to make things sox compliant? In other words,how to prepare for sox audit?

moth

IT审计具体做什么？对会计软件系统作穿行测试？

highnoon

IT auditing is to assess and validate the company's IT controls and risks surrounding the key information flows/businesss cycles/key systems by following some tailored auditing proceadures.  It normally includes 2 parts--IT general control (ITGC)and IT application controls(ITAC). ITGC is more pervasive and general, it will include IT control enviroment/Program development/Program change/Access security/Operation. ITAC normally involves with manual controls as key application controls, it's a kind of process level controls, ITAC audit may include walkthrough and sampling test accroding to it's frequency.

flinders16

虽然看的是云里雾里，恭喜是一定要的。。。

highnoon

对了，怎么都忘记恭喜楼主啦，恭喜恭喜，应该还会有喜事的，俗话说好事成双聂，哈哈

luweiyan

LZ可喜可贺。
可惜俺的CIA只过了一门，今年还要努力，估计CA只能延后了。
你们security manager啥时候离职，我来应聘好啦。这两天被Q死了，那个Hyperion的东东比较难搞。

qqyang

原帖由 西门吹哨 于 2008-2-6 22:46 发表


Thanks!

How to make things sox compliant? In other words,how to prepare for sox audit?

First of all, company need to identify the key business processes, and then identify the key risks under under key processes, after that, address the key controls to mitigate the key risks, finally, to prove the design of control is effective, and the controls are running well.

Once the company are ready for the stuffs mentions above, the company internal auditors will assess the control effectiveness, and report to board, then CEO and CFO will sign their name on the report talking about they will take personal responsibility to ensure the internal controls in the company is fairly good, and no material mistatement would be made due to lack of internal control or control failure.

After that, the company external auditor will assess the internal controls independently, and will review company internal auditor's work on testing controls, finally form their opinion on whether they believe the internal control in the company is going well, or any deficiencies found during their audit.  That's the normal SOX compliance process.

If anything happend as Enron, WorldCom, HIH, OneTel，the SEC would go to sue the external auditors, company top managements, and possible directors about their breach duty of care on their endorsement on the internal control statement.  Then the shareholders and other victims could have target to throw the shits on, and won't go to blame the watch dogs.

qqyang

原帖由 luweiyan 于 2008-2-7 16:21 发表
LZ可喜可贺。
可惜俺的CIA只过了一门，今年还要努力，估计CA只能延后了。
你们security manager啥时候离职，我来应聘好啦。这两天被Q死了，那个Hyperion的东东比较难搞。

那个老头子是个硬骨头，但他家很可怜，孩子身患绝症，所以，大多数人都抱着同情心不会赶他走人的。而且，他是个杠杆司令。

今天在准备资料challenge E&Y的managment letter points，他们闯祸了，没有看看清楚我们的response就贸然报上去，总部追问下来，我们也只好把他们卖了。弄不好，他们要withdraw points and say apology。大家其实都是为两餐，我们老板也不想做那么绝，但TMD大年初一给总部追问我，我就是恨一个字。

[ 本帖最后由 qqyang 于 2008-2-7 16:32 编辑 ]

西门吹哨

原帖由 qqyang 于 2008-2-7 16:24 发表


First of all, company need to identify the key business processes, and then identify the key risks under under key processes, after that, address the key controls to mitigate the key risks, finall ...

Make sense. Thanks for the input.

Which approach is better and duable?
Accountant --> IT Auditor
IT Professional --> IT Auditor

What's the market value for IT Auditor in OZ?

IT Auditor must have a lot of travel involved, which is good for young person

丫丫ma

以前来我们公司做IT audit的auditor一般都是IT出身的, 而且都是四五十岁的年纪, 似乎不太象楼上说的年轻人的职业啊....

qqyang

原帖由 西门吹哨 于 2008-2-7 19:41 发表
More IT auditor got IT academic background rather than than accounting.  Normally, firms provide IT audit service also provide IT advisory/consulting and risk assessment service.  IT auditor with 4-6 year experience would possible get a 100K salary position.  Most of high salary IT auditor positions are in Finance & service industry, i.e. Bank, Insurance co., etc.

For me, CISA expands my career path, not just for short term benefit.

Make sense. Thanks for the input.

Which approach is better and duable?
Accountant --> IT Auditor
IT Professional --> IT Auditor

What's the market value for IT Auditor in OZ?

IT Auditor  ...

阿宝

恭喜qqyang, CISA好牛的。

我学IT risk management的时候，所有的journal都是有CISA头衔的人写的。这课很难，我差点fail.

再次恭喜！严重恭喜！

qqyang

原帖由 阿宝 于 2008-2-8 15:55 发表
恭喜qqyang, CISA好牛的。

我学IT risk management的时候，所有的journal都是有CISA头衔的人写的。这课很难，我差点fail.

再次恭喜！严重恭喜！

不要以为我是牛人，混口饭吃，挣两餐啦~~~

Yingking

恭喜lz

easy.moving

虽不同行  恭喜先上

qqyang

盗墓挖坟的，这都4年半前的帖子了。

Yingking

qqyang 发表于 2013-2-12 19:44
盗墓挖坟的，这都4年半前的帖子了。

仔细看，08的，我

yanyangtian

Yingking 发表于 2013-2-12 19:48
仔细看，08的，我

楼上三个真的很能挖。

Tigerpie

恭喜楼主，小伙子前途无量。

qqyang

Tigerpie 发表于 2013-2-12 18:51
恭喜楼主，小伙子前途无量。

当时确实还是小伙子。。。

loushenghong

原来是老帖，还是要恭喜。我老公在做consultant的时候也考了这个，貌似是75分通过。不容易。

tttkoo

看来澳村CISA不多。