Auditing Archive

John J. Peter asked:




Are professional resume writing services, and professional resume writers, worth the money?

The phrase “where’s the beef” was first introduced in a Wendy’s television commercial in early 1984. It referred to the amount of beef that was between the two sides of the competition’s hamburger bun, and it has become a universal phrase that questions the value of a product or service. And, professional resume writing services, most of which are now web-based, certainly fall in the category of services the value of which many people would question.

So, let’s spend a few minutes exploring the question of the value of professional resume writers and professional resume writing services. Let’s find out if there is any beef.

First, from my perspective as an Executive Recruiter, I can assure you that most people have no clue how to write an effective resume, much less an impact resume. Over the course of my career which includes several “C”-level accounting and finance roles, I would speculate that less than 10% of the resumes I saw were at least of a “B” quality. And, now that I have been in Executive Recruiting since 2005, the percentage of at least good resumes is even less than 10%. So, from that perspective alone, I conclude that people need help writing resumes. As a result, even a small amount of “beef” produced by a professional resume writer is better than just air between the two sides of the bun.

Second, no resume writer can write a resume that will overcome “fatal” candidate issues. What would constitute fatal candidate issues? Fatal in this context might be a person applying for a safety or security position that has a criminal theft record. Or, it may be a person applying for a driving position that has already had his license suspended for driving infractions. No matter how good the resume, even a minimum background check will highlight these fatal issues. So, do not expect your professional resume writer to overcome these issues.

As an aside, as a recruiter I do not, for the most part, consider age to be a fatal candidate issue. That does not mean that age is not relevant – but it does mean that the resume for that person absolutely has to be an impact resume. Look for an article from me on this in the near future.

Third, even the best professional resume writer cannot overcome what I call systemic candidate weaknesses. What would those be? Job-hopping is a systemic candidate weakness. Continued poor performance is a systemic candidate weakness. Work ethic and attitude issues are systemic candidate weaknesses. Keep in mind, especially for a professional resume service that is internet based, systemic candidate weaknesses often are not disclosed by the candidate. And it is not the responsibility of the resume service or the professional resume writer to work to uncover those issues. But, if you, as a candidate, know that your work history contains one or more systemic candidate weaknesses, do not expect a professionally-written resume to overcome those on your behalf.

Fourth, for what I describe as the “viable” candidate (i.e., no fatal issues or systemic candidate weaknesses) , I believe that a professional resume writer who is working within a set of consistently applied processes put in place by a professional resume writing service can absolutely “find the beef” for that candidate. Why? As I note above, most candidates simply cannot put together a good resume, much less an impact resume. Candidates are good – maybe great – at doing their jobs. But their jobs are not writing resumes. Most resume writers are good – maybe great – at doing their jobs. But their jobs are not being accountants, or analysts, or engineers, or craftsmen. Their job is to professionally write resumes. So, the clear expectation is that professional resume writers can “find the beef” for almost all viable candidates.

Fifth, there are exceptions to every rule. I have a candidate who has a highly specialized skill in the area of
federal taxation. In her high school and college years she wrote and scripted plays. She is a highly skilled
writer in addition to being a highly skilled tax professional and those are complementary skills to each other. And, she has written a powerful resume for herself. I gave her three tips for her resume to bulk up the “beef” and the result is an outstanding impact resume. When the time is right for her to move out of her current employment situation, she will be a great candidate to work with.

Likewise, there are exceptions on the side of resume writers. Most importantly in my opinion is that the best
professional resume writers should possess complementary skills. I believe strongly that the best professional resume writers are people who either have been involved in, or are currently involved in, executive recruiting activities. These are professionals who talk with hiring mangers every day. They know what hiring managers want to see in a resume. They are also skilled at learning how resumes presented to a hiring manger in one industry should perhaps be different than resumes presented to a hiring manger in another. And, every successful executive recruiter spends hours weekly to work with his or her candidates to clean up and “find the beef’ in those candidates’ resumes. So, in order to become successful recruiters, they must be successful resume writers as well. In my opinion, the combined skill of executive recruiting and resume writing is too powerful to ignore when it comes to selecting a professional resume writer.

Last, most resume writers have a “model” which they utilize. Personally, I believe that the use of KSAs and MSAs, when combined effectively in a resume, can create a compelling Candidate Value Proposition that will make it easy for a hiring manger to “find the beef” and ask for the interview. I think that what is most important, however, is that you feel comfortable with whatever model the resume writing service has developed. And, if the website is not clear on that – if you have to ask the question “where’s the beef” when you look at their website – then there is less chance that the service will create a resume for you that keeps hiring managers from asking “where’s the beef”.

So let’s now ask the question again. Are professional resume writing services and professional resume writers worth the money? If you, as a candidate, have fatal issues or systemic weaknesses, it is probably not worth the money. But if you are a viable candidate, and you do not possess exceptional writing skills, and especially if you cannot be passionate about your own career achievements and cannot commit that passion to writing, then a professional resume writing service may be your greatest ally in your job search, and may be quickest path to having an impact resume.

To learn more about impact resumes, click here: Impact Resume

Website content

Kathy Mercado asked:




As the importance of the human resource has increased to a great extent in today’s date, therefore the significance and necessity of the audit to be conducted also cannot be denied at any cost. It is essential on part of every company to see that all the details of the companies are kept updated. Since the management level is huge it is not so easy to keep everything regular and updated. Therefore one of the best ways of doing so is to conduct an audit. There are many functions that are done through the audit and it is only because of the auditing processes that the company continues to grow and develop prosperously.

The main function of the human resource audit is to conduct a thorough review of the several different HR policies and practices. At the same time, it also views the different strategies used by the company in the effective organization and the running of the organization. It dutifully reviews the different essential documents of the company. If necessary the various people involved in this particular department are interviewed to acquire necessary information that might prove to be effective for the company as a whole.

The audit can of course be performed in various different ways. The human resource audit can be either conducted through the auditor directly in the office. On the other hand, if the need arises, it can also be conducted by hiring an outside lawyer or attorney. The auditor hired to conduct the audit should also be effectively skilled so that all the discrepancies in the company are found out. In fact, it is on the basis of the reports from the auditors that the company would take the necessary action in favor or in against of any case. Naturally the department as a whole has to cooperate to a great extent in this context.

Caffeinated Content – Members-Only Content for WordPress

Chris A. Harmen asked:




The word ‘audit’ usually has a negative connotation that sends shivers down the spine. But a website audit is very different. The purpose of performing one is to help companies determine how well their site is working and what improvements may be needed.

For instance, it can detect a broken link; that is, a link that, when accessed, rather than connecting a user to a website, instead relays an error message to a user. Website audits can show how well links are working, and point out those which may need repairing.

Broken links revealed through these audits may often come as a surprise to a company. Upon discovering broken links, companies may be able to trace lost business directly to this problem. It may be too late to restore business relations with a company that went elsewhere simply because that website worked, but it can be prevented from happening again.

The Basics Of A Website Audit

Auditing can also look for other things besides broken links. These can include the ease of searching for a site, the information currently being displayed, and navigability. Website audits pinpoint these and other factors, and can result in web designers and others seeing where changes and/or improvements may need to be made. Web auditing also provides information on whether or not a site is utilizing every part of the Internet. It is very easy to simply forget or not take advantage of the different areas of the Internet; especially those that have only recently begin to see an increase in popularity, such as social networking sites.

A good audit will provide a lot of information including:

a. How visitors are arriving at a site, whether it’s from online paid advertising, blogs, search engines, backlinks from press releases or articles about the company.

b. What kind of information most visitors to the site are looking for.

c. How easy that information is to find on the site.

d. How effective the site’s section labels are.

e. What keywords are getting the highest rankings in search engines.

In companies where security may be a very important factor, auditing may be able to target weak points in firewalls and other security features. Some of the security weaknesses may have been so slight as to be virtually undetectable and may have never been noticed.

When To Perform A Website Audit

Web audits are effective tools for evaluating existing sites and for planning site redesign. Periodic audits can prove almost invaluable to a company. Things that might otherwise have gone unnoticed, or implementations that had been available for some time but never considered or adopted, can be found through an audit.

Those responsible for designing and maintaining company sites may initially resent even the suggestion of website auditing. They may see audits as attempts to undermine their abilities or their dedication to their work, when this is probably not the case at all. Rather it allows for someone else to approach the site with a fresh pair of eyes. For this reason, those who decide that website auditing is necessary should be forthcoming about the procedure, and, unless there is reason to suspect otherwise, assure those responsible for website design and maintenance that it is in the best interest of everyone in the company.

Caffeinated Content – Members-Only Content for WordPress

Marivic Malinao asked:




All major companies and many smaller ones have their accounting records reviewed by independent, outside public accountants. This process is called auditing, and independent accountants are called auditors.

Ordinarily, after making his examination the auditor makes three statements, as follows:

1. The auditors have followed generally accepted auditing standards.

2. The financial statements are fairly presented.

3. The financial statements conform to generally accepted accounting principles consistent with the principles followed in the preceding year.

Does any one of these statements say that the financial statements are accurate? No.

In the second statement, what phrase is used instead of the phrase are accurate? The phrase used is “fairly presented.”

Statement no. 3 states that “the financial statements conform to generally accepted accounting principles” and that in particular, the doctrine of consistency has been followed.

If any of the statements above cannot be made, the auditors explain the discrepancy in what is called an exception.

Auditing standards refer to the criteria by which the quality of performance of auditing engagements is measured.

They indicate levels of performance which must be attained for the completion of a satisfactory audit; they relate both to the auditor’s personal qualifications and to the exercise of his judgment in performing the examination and in rendering his report.

The application of auditing standards is influenced by the materiality or relative significance of the items or matters concerned as well as the degree of risk involved.

Thus items which are relatively more important or in which the possibilities of material error are greater require more attention than other items of less significance or in which the possibility of material error is remote.

An auditor would relatively give more attention to inventories of a merchandising or manufacturing concern as they are more significant than inventories of other types of business concerns that do not deal in merchandise or goods for sale.

The auditor must obtain direct confirmation for goods deposited in public warehouses, consignees or other outside custodians.

If a bed linens company made consignments of sheet sets, quilts, comforters and duvets to other small retailers or held for others, the auditor must see to it that these goods are properly excluded from the inventory or consider correspondence with entities customarily consigning goods to the company even if the records show no balance.

The auditor’s primary responsibility in the examinations of inventories relates to ascertain as far as practicable the physical existence of the goods represented as inventories and establish that the client has title to the goods and if subject to lien, such fact must be disclosed in the financial statements.

The auditor must satisfy himself that the client has taken a reasonably accurate count of quantities and has carefully reviewed the condition of the goods and make certain that the inventories are priced in accordance with generally accepted accounting principles consistently applied from year to year.

Similarly, a business entity with poor internal controls and therefore subject to a greater degree of risk of error will require a larger scope of examination than one with better internal controls.

As used in reporting standards, the term “accounting principles” refers not only to accounting principles and practices but also to the methods of applying them. Accounting principles are rules or guides for action developed for purposes of establishing reliable financial and operating information control for business enterprises.

The auditor must keep abreast of the developments and changes in accounting principles which are generally accepted with alternative accounting principles applicable to complex, critical or unusual situations.

The doctrine of consistency implies that no significant change has been made in the accounting principles employed between the current period and the preceding period.

The purpose of the consistency standard is to assure users of financial statements that the comparability of such statements as between periods has not materially affected by changes in accounting principles, practices, or methods of application.

If however, there is a material effect on the financial statements; compliance with the consistency standard requires that the nature of the change and their effects be disclosed.

Certain auditing steps are omitted because of a request or instruction from the client. When qualifying an opinion due to a restricted examination, the exception should refer to the specific items on the financial statements on which an opinion cannot be expressed because of the auditing procedure omitted, rather than to the limitation in the scope of examination.

The auditor’s report should disclaim an opinion on the financial statements taken as a whole if the items affected by the limited examination are sufficiently material as not to justify a qualified opinion.

auditing companies

Tony Jacowski asked:




Six Sigma techniques and methodologies are quite different from other quality improvement techniques because they are not self-sustaining in nature. Goals and objectives that can be derived through Six Sigma depend on a number of variable factors and inputs such as the quality of deployment and the existing organizational culture.

The Process

The Six Sigma audit process is similar to the assessment process employed during the deployment stage because only qualitative checks are conducted during the audit. The audit process involves the use of questionnaires and checklists that allow auditors to assess the existing status of business processes, which is then compared with predetermined standards or desired results. The standards are very specific and are clearly defined at the commencement of the deployment phase.

The Six Sigma audit process is also similar to the quality audit conducted by an ISO 9000 certified company. In the past, many companies have successfully developed and implemented Six Sigma audit procedures based on the audit platform provided by ISO 9000. Many companies have even gone beyond and included VOC factors (voice of customer) while carrying out the audit. It is now become quite commonplace to find Six Sigma companies employing ISO 9000 audit procedures developed by Malcolm Baldrige.

Checklists And Charts For Six Sigma Audits

By using descriptive charts prepared in the form of checklists, the auditors are able to ensure that proper checks are conducted on every aspect of the project. These checklists are prepared at the initial stages of the project deployment process. Each individual checklist is specifically prepared for assessing the status of a particular business process or activity. For example, a production checklist will cater to production processes whereas an inventory checklist will cater to inventory related processes.

The process checklists are based on SOP’s (standard operating procedures), which is determined at the beginning of the project implementations. These checklists contain questions that help auditors in determining whether a particular process is being followed or not. It also helps in assessing how well a particular process has been implemented. Depending on the answers, all the numerous processes are then rated on the fact sheet based a predetermined scale.

The actual answers are also summarized and recorded on the sheet itself. For example, while auditing business processes related to the dispatch system, the process variations that are recorded in the operator’s log are revealed during the audit. The variations are then compared to standard deviation for determining the full extent of the problem. The data representing the deviations can be utilized for finding out the exact causes that lead to the deviation.

Limited Scope

Although the Six Sigma audit is very effective in checking the progress of Six Sigma implementation projects, its scope is limited to existing business goals and objectives. This means that the audits cannot be utilized for improving upon the level of quality that has already been achieved by the organization.

All it can do is to gauge customer reactions and analyze them in the context of changes that have been effected during the implementations. If the customer reactions and the effected changes show a positive correlation, the existing processes are maintained whereas if there is negative correlation, the process is scraped or referred for further improvements.

The scope of Six Sigma audits may be limited but they do help in ensuring the success of implementation projects. Implementing Six Sigma projects without utilizing standard audit procedures could be a risky venture and should be avoided.

Create a video blog

Jonathon Hickstead asked:




The purpose of audit planning is to fully understand the business of the company being audited and the operating environment. Audit planning will also establish and notate the major audit risks within the company–essentially to give a heads up to the auditor so they can properly assess the company.

Another job responsibility for Audit Planners is internal controls testing which is done before and after the year end audit. This looks at the processes, controls and protocols within the company’s infrastructure–by checking the security of the computer systems and accounting reconciliation. The auditor may not perform internal control testing while doing their audit as they do not expect the internal controls to be reliable systematic approaches. The audit in this case follows a ‘substantive approach’, when no internal control testing is done before or during the audit.

For audit risks, the planner will outline the major risks for the auditor in case the auditor issues the wrong opinion. One example of these major risks are sales representatives who overstate their sales figures which leads to overstated revenue. This will allow the auditor to know in advance that they have to increase their procedure for checking the absolute sales figures for the company to get an accurate and unbiased audit.

Audits help companies find out where they stand at the end of the fiscal year in terms of finances. Other audit jobs done within the company also outline for the executive where any problems or major risks are–such as in information technology. If there are problems found in the IT audit, then the company executive can bring in auditors to find out how to fix them properly and install new procedures and processes to deal with the risks more effectively. One of the company’s main risk areas is in security of the computer systems and the information stored on them. The audit planner would take an in-depth look at the systems and protocols that are already in place and make note of the obvious risk areas for the IT auditor to review and make changes or presentations for change in the system.

Audits are integral for companies all over the world and are in some cases required by the local government to be done annually by an external (independent and unbiased) auditor. Internal audits and audit planning do not waylay external audits but merely help the external auditor assess the company and the risks better. If there is a problem within the company’s financial statements or information technology, the external auditor will find those problems–however by planning for the audits ahead of the external auditor, you can prove and show that you are already aware of the problems within the protocols or infrastructure of the company.

Audit planning jobs are plentiful in the United Kingdom as many companies want to know what is coming from the external auditor ahead of time and can plan to make changes if necessary before the external audit is done.

Caffeinated Content

James Wallace asked:




Your company has finally decided that it might be worthwhile to get a team of telecom experts in so they can save you some money. You’ve heard that they can often find errors on telecom expenses and recover money for their clients. You’ve also heard they can provide you with a communication system at a much lower price. Now, you’re just wondering where, when, and how to find a telecom auditor. This article will give you some advice on how to make the most out of your telecom audit experience.

Before you even pick up the phone to call a telecom consultant you need to take a look at your company’s strategic vision and goals. Figure out how communications fits into all of this and identify your organization’s needs. There are so many different areas of telecommunications that you’ll want to find an expert that specializes in what you want.

Areas of specialization with telecom include VOIP, traditional phone systems, video, social media, wireless, voice messaging, Internet (cable, DSL, T1, etc.), virtual private networks (VPNs), text messaging, and more. The truth is people are often confused and think that telecommunications simply consists of phone systems. This is probably due to the tele part of the word in telecom. Needless to say a consultant that specializes in DSL and T1s may know next to nothing about traditional phone systems. If you have an idea of what area you’ll be in before you call the telecom auditing company then you’ll be able to talk to someone who will understand your needs.

Next you’ll want to consider the size and scale of your telecom needs. Know whether or not you’ll need a team that can work in different locations or if everything is all in one place. Consider whether you’ll need work done internationally (it’s a different ballgame when it becomes international and you’ll want telecom experts that know how to work internationally).

Another item to consider is how important telecommunications are for your company. If your phone lines go down is it a simple annoyance or the end of the world? For a sales company not having the phone system working can be devastating. For a company with little contact with the outside world, it’s annoying, but it isn’t the end of the world. If your website goes down what is the impact?

Once you believe you have your needs down, you’ll need to decide on the telecom firm you want to work with. The best advice here is to ask around. Talk with other company’s management and see which companies they worked with and whether or not they saved money and would recommend this company. Finding a company with positive reviews is important because you will probably have to spend a good chunk of money to hire these people.

Finally, consider location. If you hire a local company you will save on travel expenses. You might be surprised at how much it costs to fly out a team, lodge them, feed them, and send them back. However, depending on the size of city you operate out of, you may not have a lot of local options. Don’t hire a telecom auditing firm that will do a bad job just to save a few bucks.

That sums up the discussion on tips for finding a telecom consultant or auditor. Remember to know your needs before you have first contact, find someone that specializes in what you need, consider reputation, and don’t forget location. Hope these tips have been helpful.

Kansieo.com

Ben Osbrach asked:




Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers

With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye than we live in today. From insider scandals to outside threats, the protection of corporate and personal information is the corner stone of information security compliance. Obtaining a current SAS 70 audit report can be a significant differentiator within your industry and provide value to new and current customers.

Statement of Auditing Standards No. 70 (SAS 70) audits have become the global de facto standard in third party information security assurance. The passage of laws like Sarbanes-Oxley (SOX) has sparked other countries to re-evaluate their own forms of SOX regulations; driving companies to enter a new realm of oversight and regulations related to third party assurance. The Public Company Accounting Oversight Board provided guidance with regards to companies that are required to comply with SOX and how to evaluate the risk of outsourcing services to third party vendors. Within this guidance they indicated that a company could utilize a SAS 70 Type 2 audit to evaluate their vendor’s control environments, igniting the SAS 70 era for service organizations.

The demand for convenient access to information has driven companies to plug anything and everything into the internet; additionally new technologies have provided organizations a level of comfort to open up their once closed networks to remote employees and third party vendors. Increased flexibility and access to information creates new risks that need to be taken into consideration; standard operating procedures are no longer good enough, organizations need to incorporate regulations and define authorizations to ensure they maintain the level of security that existed in the pre internet world. This change in the way companies’ data is accessed and transmitted has propelled the SAS 70 audit to the checklist of business proposals and contract renewal requirements, failure to have a current SAS 70 audit can significantly affect potential or current business relationships.

SAS 70 Compliance | Current and Future Trends

SAS 70 has not been the single solution for service organizations; with foreign countries forming their own compliance standards, service organizations operating internationally were required to adhere to different countries’ laws. Due to the varying forms of service organization reports the International Auditing and Assurance Standards Board (IAASB) felt there was a need for a common auditing standard to address the varying differences in each country’s audit requirements. As a result the IAASB created and issued the International Standard on Assurance Engagements (ISAE) 3402 ‘Assurance Report on Controls at a Service Organization’ on December 18, 2009. ISAE 3402 is not a means to replace country specific standards (i.e. SAS 70) but provides a reporting option to address current limitations. The American Institute of Certified Public Accountants has recently updated the SAS 70 audit to more closely align the standard with ISAE 3402; the new standard is Statement on Standards for Attestation Engagements No.16 (SSAE 16) ‘Reporting on Controls at a Service Organization’ and will become effective in June 2011. Visit our Blog for more information SSAE 16.

Even with all of the different changes to compliance standards that companies are facing today, as we move forward and align our clients with the appropriate rules and regulations whether it’s called SAS 70, ISAE 3402 or SSAE 16 these auditor reports are a marketable and accepted form of qualification for service organizations that will continue to play a vital role in obtaining and retaining customers today and for years to come.

SAS 70 Audit | What is it?

A SAS 70 audit is performed by an independent certified public accounting firm through examining the controls and processes involved in storing, handling, and transmitting data. The successful completion of an unqualified audit illustrates an organization’s ongoing commitment to create and maintain suitable controls for the protection and security of its customers’ confidential information. Customers of service organizations can easily incorporate the SAS 70 report in their SOX compliance programs as proof that appropriate controls are in place for outsourced services. The SAS 70 audit can also help organizations to comply with other regulations, including HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act of 1999), and ISO 27001/2.

SAS 70 Audit Services

SAS 70 Readiness Assessment – is a review designed for organizations preparing for their first SAS 70 audit. Organizations who have not formally evaluated their internal controls often start with a SAS 70 Readiness Assessment.
SAS 70 Type 1 – provides limited assurance and reports on the design of controls as of a point in time. Organizations that have policies and procedures in place but little or no history of the policies and procedures in operation start with a SAS 70 Type 1 audit prior to undergoing the SAS 70 Type 2 audit.
SAS 70 Type 2 – provides the highest level of assurance for SAS 70 audits and reports on the service organization’s controls and operating effectiveness over a period of time (generally at least six months).

SAS 70 audits cover the “information system” used by service organizations. The information systems are not limited to just computers and software, but any form of handling user organization’s information that could affect their financial reporting. The scope of a SAS 70 audit includes procedures that cover the IT General Computing Controls (GCC) supporting your primary information systems. These controls are used in delivering services and sustaining business procedures for organizations processing financial transactions like payroll companies or electronic payment processing organizations. Details of the IT GCCs and business process procedures are as follows:

1. An examination of IT GCCs is used to evaluate the integrity of data within information systems utilized in delivering services. This portion of the SAS 70 scope is relevant to all service providers and is the core of your SAS 70 audit. The IT GCCs review will cover the physical security, environmental security, computer operations, problem and change management, logical security and data communications.

2. An assessment of business process procedures is used to evaluate how organizations ensure the accuracy, timeliness and completeness for processing financial transactions. This assessment is relevant for organizations like payroll providers, receivable management companies, payment processors and third party administration services. This portion of the SAS 70 scope is not relevant for organizations like software as a service, application service providers or data centers. However business process controls may be integrated in the application software such as a payroll system, retail banking system, inventory system or billing system and require some manual processes like account reconciliations.

SAS 70 Compliance for Data Center Facilities

Data Center growth has definitely been a bull market the past few years and with increased regulations like Sarbanes Oxley, a need for better disaster recovery plans and new technologies like cloud computing data centers are a focal point for SAS 70 audits. Generally, Colocation and Managed Data Center services are the two major service offerings that are evaluated for Data Center facilities.

Colocation audits are designed to provide third party assurance on the company’s organizational controls, physical security over customer’s equipment, protection of computer systems from environmental threats, continuous power supplies and incident support handling.

Managed Data Center services normally includes the items in a Colocation audit but also requires a more in-depth look at how the service organization manages the security and infrastructure of their client’s environment. This would include the management and monitoring of information systems for system reliability, handling of logical security, infrastructure change management and security around protecting customers from network traffic.

The scope of the SAS 70 audit is determined by the service organization; however a well scoped audit can ensure sufficient information is provided to your user organization and communicates your stringent controls over physical security, environmental security, authorized access and continuous availability of services, which clearly demonstrates your organization’s quality of services.

Key Benefits

Obtaining SAS 70 compliance has enabled service organizations to instill confidence and integrity directly into the hands of their customers, ensuring the reliability of sound internal controls for increased third party assurance. Key benefits from SAS 70 audits are:
• Instant credibility with current and potential customers
• Third party perception
• Independent assessment of controls
• Potential to grow market share
• Reduction of third party self assessment questionnaires
• One audit report can satisfy multiple customers
• Confirmation that controls, procedures, and processes are in place as management intends

Key Costs

Key cost areas for SAS 70 audits include your company’s internal personnel time, training and your audit firm’s professional fees. Depending on level of defined policies and procedures internal personnel time and training can vary significantly. The professional fees cost of a SAS 70 audit varies from client to client because all SAS 70 audits are different. However some of the factors that should be considered in the price of a SAS 70 audit are the size of your organization, the complexity of the information systems under review, the type of services offered and possibly the location of your business.

Lessons Learned

We have found that having a clear plan and efficient execution strategies are the key ingredients to a successful SAS 70 audit. Key success factors for an efficient SAS 70 audit include but are not limited to the following:
• A project plan
• Designation of a SAS 70 project lead
• Scheduling of required resources (members of business units)
• Utilization of experience and educated auditors

Calculating the ROI
A SAS 70 audit provides organizations with tangible and non-tangible results. Let’s start with the non-tangibles. As a component of your SAS 70 audit, your audit firm provides a complete analysis on your operations writes up a report and delivers management best practice recommendations that could benefit an organization from increase efficiencies to a reduction of fraud risk. These benefits are difficult to quantify, but still valuable information. Tangible costs can be found by the number of new customers that selected your organizations because you were SAS 70 audited. Also operating on a higher level of compliance will provide your organization with more leverage with regards to pricing when renewing existing customers’ contracts.

SAS 70 – is an internationally recognized third party assurance audit designed for service organizations. It has become the most widely accepted compliance initiative that provides service organizations a benchmark to compare their internal controls and processes against industry best practices. Statement on Auditing Standards No. 70 was originally created in 1992 and over the past five to ten years become globally recognized as one of the highest forms of third party assurance. Organizations can benefit from obtaining a SAS 70 audit, from increasing third party confidence to growing market share.

Kansieo.com

Erik Leipoldt asked:




Starting your own energy audit business is a real option for anyone that wants to get involved in a secure, green career.

This is one industry that is expected to continue to grow, even in times of economic downturn, when people are more focused on saving money.

This gives you a virtual guarantee of job security, regardless of the overall financial outlook.

Working as an energy auditor has many significant advantages. You can be your own boss and the training can be relatively straight-forward and fast.

Start-up costs? Minimal.

You can also position yourself at the forefront of a developing energy-saving wave. It could be your energy audit business as a local leader in this emerging field.

A Range of New Business Ideas

Training to work as an energy auditor opens up a wide range of possible career opportunities. Some of these include:

Self-employed Home Energy Auditor – provides energy efficiency advice for residential properties. Self-employed Commercial Energy Auditor – provides energy efficiency advice for commercial properties.

Energy auditor employed by a Utility Company.

You would provide regular home energy auditing advice for customers of a utility company. Utility companies are now realizing the popularity of energy auditing and offering it as an additional service for their customers. This is a good reflection of the growth of the energy audit business.

Energy auditor specializing in Alternative Energy.

You would provide energy advice for people interested in installing an alternative energy system (such as solar, wind or geothermal power) on their property. Consumers often need help understanding how to make the best use of these systems and how to successfully integrate them with other energy sources.

Energy auditor specializing in building design and construction.

You would provide advice to architects and builders about how to make buildings more energy efficient. They may also conduct assessments of newly built properties in order to give them an energy rating to guide potential investors. This is one aspect of the energy audit business that is very important as investors are now very interested in learning the energy efficiency of a property before purchasing it.

Because conducting energy audits is such a new industry, you have a lot of freedom to determine the path that you want your career to take.

Carefully check the components offered by various training courses to find the one that best aligns with your interests.

When researching the best energy audit training courses, check whether they include units on the general principles involved in running your own business. You will need to learn about marketing, tax and public relations in order to successfully run your energy audit business.

You should also consider whether the course has been accredited by a reputable organization. Certification by the National Energy and Sustainability Institute (NEASI) for example. This means that once you complete the course you are eligible to sit the NEASI Home Energy Audit Certification Exam. Such certification provides additional credibility for your business.

Website content

David S Roberts asked:




Introduction

QuickBooks is by far the easiest program to use with the most complicated and diverse applications in it that never get used by most business owners. Fraud happens every day and as I have said before, small businesses lose more money every year due to fraud than some of the largest corporations. What a lot of Fraudsters, who happen to use QuickBooks don’t know is that every move they make, every step they take, is being ‘watched’ by the QuickBooks software.

Prevention

The key to preventing fraud of course is making sure that it is not the same person who handles more than one accounting function in a business. You don’t want the same person who is opening the mail, being the one who sends the checks. You don’t want the same person who can sign checks being the one determining the amounts to put on the checks.

Upon setup, QuickBooks allows the business owner to set up users. The owner should always be the Administrator, not the bookkeeper, not the CPA or accountant, but the Administrator. Anyone else using the program can be limited to the parts of the program that they can access by the Admin. Sales persons needing to enter sales can do so, but they don’t need access to the bank account information. Purchasers need to be able to create purchase orders and invoices, but not able to adjust inventory on hand or create checks to pay for invoices. Only the admin should be able to make these adjustments. Name the users of QuickBooks so you know who is doing what and when. This will give you an eagle eye on the security of the QuickBooks transactions.

Detection

There is a little known feature of QB that is called the Audit Trail. The Audit Trail records any changes made to original transactions, any deletions of invoices, checks, etc. You’ll want to do this when the place is closed or when you have plenty of time because this report can take a very long time to generate. Go to the Reports tab on the menu bar and click on it. Find the Accountant’s Reports and you will see the Audit Trail as one of the options. Click on it and apply the dates you wish to check, (the longer the period of time and more transactions, the longer the report will take) and wait.

In the audit trail, if an entry has been altered or deleted there will be two or sometimes three lines for one transaction. The one on the bottom is the original entry, the one(s) above it have been altered or deleted and the report will give what was changed, the payee, the amount, or an account and tell you which user entered the original, which user changed it and the day and time it was done.

So how do you tell if it’s fraud or just someone making changes? First, deleting an invoice should rarely be done, if there are a large number of deleted invoices then chances are, your company is not using the Estimates icon. The invoice should only be created when you know for sure a customer is going to go through with the arrangement, if you are using the invoice feature to send estimates, those estimates are posting to your accounts receivable account which should not be done.

So how would someone commit fraud by altering an invoice? If the same person that prints the invoices also sends the checks, it is very easy to print the invoice for your approval at $200 or more than what was actually invoiced for. Once you’ve approved what should be a $5000 invoice for $5200, the clerk will change the $5200 to $5000 and send the vendor the right amount, and at the same time issue themselves a check for $200 which would be written off to another account somewhere in the books. The bank reconciliations would always match and no one would be the wiser. This is one reason that you cannot print an invoice without saving it first.

Another common method of fraud is altering the payee of existing invoices to benefit the relatives, friends, etc of the crooked clerk. So an invoice may come in that has been created at home and submitted to you for payment by the person creating the invoice. Or, you may be cutting a check for a legitimate expense only to have the funds redirected to the crooked clerk.

You might also be on the lookout for checks being issued for identical amounts, during the same period every week, every month, etc. Sometimes the fraudster will send two checks to the same vendor and call up a day later and ask the vendor to return the check ‘mistakenly’ sent. If the fraudster is the same person who opens the mail, he will take the check and ‘wash it’ and make himself the payee. (If your bookkeeper seems to be continually doing her nails, you smell nail polish remover constantly, your company is at risk as that is what is used to remove ink off of checks) You can catch this by exporting the check detail to Excel and sorting it according to amounts, if you have one or two more checks a month for identical amounts, call your bank and ask for a copy of the cashed checks, front and back. The back of a check tells you which bank cashed it, and often, the name of the person who cashed it as well.

If you get your bank statements already opened by your bookkeeper, watch for checks that have cleared but that aren’t placed into the envelope with the statements. Compare your bank register to the images of the checks on the statements and confirm that the person or company you wrote the check to is the actual person or company that cashed the check.

Conclusion

If you take the basic precautions, it makes this kind of fraud much harder to commit. But you have to be vigilant and ready to take action should fraud be occurring in your business. Remember, however, that this is America, home of the Free Land of the Lawsuit. NEVER directly accuse your bookkeeper of stealing, especially in front of others. Find the services of a Certified Fraud Examiner in your area and they will be able to help you put a successful case together for prosecution, should you choose to go that route.

Caffeinated Content