1. Develop objectives for system development audits.
2. Justify priorities for system development audits.
3. Explain objectives and priorities convincingly to management.
4. Develop rationales for system development audits even when interest is scarce.

Explore the wages of inattention to installing ERP systems

1. Early experiences with ERP: What is the predominant development flaw?
   1. Doomed from the beginning: FoxMeyer ordeal and aftermath
   2. Even though FoxMeyer didn't have the transaction volume of Visa's VisaNet processing system, could FoxMeyer's development team have profited by knowing about how Visa does volume testing?
   3. Weak earnings associated with SAP implementations
      1. Grainger
      2. Hershey: Wall Street Journal; Computerworld; CIO
      3. Jo-Ann Stores
      4. Nestlé
      5. Nike
      6. Thomas & Betts
         
2. How can CAAT techniques and tools be applied to auditing ERP systems like SAP? (Kennametal example; extracting data)
   
3. More recent experiences with consolidating legacy systems onto a single platform:
   1. What did Cigna fail to do?
   2. How did Celanese manage the challanges of consolidating systems?
      
4. When ERPs enable more integrated views of company results, flaws in prior legacy systems may come to light: CP Ships Ltd.
   
5. If we are aware of good practices for system development, why are they so often ignored?
   
6. Where do you look first in system development audits?

1. Develop assurance objectives for risks of information systems.
2. Design assurance procedures.
3. Implement assurance procedures with software tools.
4. Communicate assurance results.
5. Collaborate with others to achieve these objectives.

Organofood case

1. How does Organofood differ from the companies whose ERP installations are chronicled in the articles linked above?
   
   
2. What puzzles you about the case?
   
   
3. What does your team need to plan and do to complete the case?
   
   
4. No BPD is required for the business situation. Would one have been helpful?
   
   

Assertion-based auditing standards:

1. Pre-SOX: AU326
2. Post-SOX:
   1. SAS 106
   2. AS 5

Analytical procedures:

1. Auditing Standard AU329
2. Applications

System development

1. Sequential: U.S. Dept. Justice
2. Iterative: Synch-and-stabilize
3. Configuration management
4. Testing
   1. Levels of testing
   2. Wages of inadequate testing
   3. Automated testing tools
5. Change management
   1. Hunton pp. 83-85
   2. Change control

1. Develop assurance objectives for risks of information systems.
2. Design assurance procedures.
3. Implement assurance procedures with software tools.
4. Communicate assurance results.
5. Collaborate with others to achieve these objectives.

Organofood case

Complete the Organofood audit and communicate your results in this report. In your GSU web space, publish the following files:

1. The audit program and results in a .htm file with the name:
   
   11-OrganofoodAudit.htm
   
   
2. .mdb files containing queries implementing the audit program with the names:
   
   11-OrganofoodTestdataQueries.mdb
   
   11-OrganofoodProgLibraryQueries.mdb
   
   Before publishing the database, compact it so that it takes less disk space: In Access with the database open, give the commands Tools | Database Utilities | Compact and Repair Database. A smaller file will download faster too!
   
   
3. Verify that your files can be viewed through your link on the learning progress page.
   

Assertion-based auditing standards:

1. Pre-SOX: AU326
2. Post-SOX: SAS 106

Analytical procedures:

1. Auditing Standard AU329
2. Applications

System development

1. Sequential: U.S. Dept. Justice
2. Iterative: Synch-and-stabilize
3. Configuration management
4. Testing
   1. Levels of testing
   2. Wages of inadequate testing
   3. Automated testing tools
5. Change management
   1. Hunton pp. 83-85
   2. Change control

1. Develop assurance objectives for risks of information systems.
2. Design assurance procedures.

Examine the potential roles of continuous auditing

1. What is continuous auditing? Nehmer; Vasarhelyi/Halper. What is required to make continuous monitoring and auditing feasible?
   1. Why are auditor-defined rules (heuristics) needed for continuous monitoring and auditing?
2. What would continuous monitoring look like? Consider this example of monitoring payables with Oversight Systems software at American Electric Power
3. What role might continuous assurance have with respect to the Sarbanes-Oxley Act of 2002 (SOX) Section 404? Are CPAs and IS auditors interpreting the role of continuous assurance the same way?
4. How can digital analysis be useful in auditing?
   1. Internal auditing
   2. Analytical procedures
5. What about continuous auditing accounts for interest in it with respect to SOX?
   1. Process improvement payoff related to Sarbanes Oxley compliance due to continuous auditing: Business Finance Magazine Nov. 2005
   2. Efficiencies required for Sarbanes Oxley and how continuous auditing will play a role
      1. Business Finance Magazine Dec. 2004
      2. eWeek Aug. 5, 2005
6. Would continuous auditing have helped Citigroup avoid unleashing a rogue trader?
7. What about real-time financial reporting prompts interest in continuous auditing?
8. Why do continuous monitoring and auditing require formalizability?

Continuous monitoring and auditing:

1. Vasarhelyi/Halper
2. Nehmer

Digital analysis:

1. Internal auditing
2. Analytical procedures

Uses for continuous monitoring:

1. Monitor payables with Oversight Systems software: American Electric Power
2. Improve processes: Nov. 2005
3. Avoid a rogue trader
4. Support real-time financial reporting
5. Monitor business processes

1. Develop assurance objectives for risks of information systems.
2. Design assurance procedures.
3. Communicate assurance results.
4. Collaborate with others to achieve these objectives.

Practice of IT auditing

Interview auditors from PriceWaterhouseCoopers on SOX compliance and the practice of IT audit: Chris Bowler, Jason Li, and Zenny Bowry

1. Some starting points:

   1. How has financial auditing and IT auditing changed due to SOX?
   2. Are companies getting value from SOX?
   3. Are SOX requirements likely to be changed?
   4. What skills does an auditor need for SOX work?

SOX experiences

1. Katz, D. M. 2006. A tough act to follow. CFO Magazine (March): 65-70.
2. Shaw, H. 2006. The trouble with COSO. CFO Magazine (March): 75-77.
3. Stuart, A. 2006. Serenity now! CFO Magazine (March): 79-83.
4. Wagner, S., and L. Dittmar. 2006. The unexpected benefits of Sarbanes-Oxley. Harvard Business Review (April): 133-140.
5. O'Sullivan, K. 2006. The case for clarity. CFO Magazine (September): 65-69.