Audit Program Licensing Terms

1. You accept that this product is intended for your use, and you will not duplicate in
any form or manner, electronic or otherwise, copies of this product nor distribute this
product to anyone else.

2. You recognize that the product and its content are the sole property of AuditNet®
(the Publisher), and that we have copyrighted the product.

3. You agree that the Publisher is not responsible for any interruption of service or
malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that
there is no guarantee that this product is totally error free. You further understand
and accept that the Publisher intends to provide reliable information but does not
guarantee the accuracy or completeness of any information, and is not responsible
for any results obtained from the use of such information.

4 This license is effective until terminated, when the license or subscription period
ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail
to comply with the conditions set forth in this agreement, and may pursue any other
legal recourse.
Document Source: Internet Search
1. This document was obtained from the Internet by AuditNet® using advanced search
techniques.

2. The document is from a site which has not identified restrictions on permitted use and are
sharing this information for the benefit of the audit community.

3. While we have attempted to provide accurate information no representation is made or

warranty given as to the completeness or accuracy of the document.

4. In particular, you should be aware that the document may be incomplete, may contain
errors, or may have become out of date.

5. While every reasonable precaution has been taken in the preparation of this document,
neither the author nor AuditNet® assumes responsibility for errors or omissions, or for
damages resulting from the use of the information contained herein.

6. The information contained in this document is believed to be accurate.

7. No guarantee is provided.

8 Use this information at your own risk.

 Business Continuity ~ Disaster Recovery
Emergency Management ~ Risk Management
Skills Summary

Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
Business Continuity Experience
Business Continuity Experience
Business Continuity Planning – Information Technology
Business Continuity Planning: Business Processes
Business Resumption
Positions in Business Continuity - Indicate which position(s) you would like to be considered for, by placing "X" in the
Business Continuity Consultant (external)
Business Continuity Coordinator/ Planner
Business Continuity Director
Business Continuity Global Coordinator/ Planner
Business Continuity Global Mgr (US & Int'l BCP Mgmt)
Business Continuity Manager
Disaster Recovery Experience
Disaster Recovery Experience
Capacity Planning
Data Back-up
Data Center Recovery
Data Center Reviews
Data Recovery
Database Recovery
ERP Recovery
High Availability
Network Recovery
Systems Recovery
Tape Replication
Positions in Disaster Recovery - Indicate which position(s) you would like to be considered for, by placing "X" in the c
Disaster Recovery Consultant (external)
Disaster Recovery Coordinator/ Planner
Disaster Recovery Director
Disaster Recovery Global Coordinator/ Planner
Disaster Recovery Global Mgr (US & Int'l DR Mgmt exp)
Disaster Recovery Manager
BC/DR Certifications
Business Continuity Institute - BCI
Student - BCI
Affiliate - BCI

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 3 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
ABCI (Associate Business Continuity Institute)
SBCI (Specialist of Business Continuity Institute)
MBCI (Member of Business Continuity Institute)
FBCI (Fellow of Business Continuity Institute)
Business Resilience Certification Consortium International
(BRCCI)
CBRS (Certified Business Resilience Specialist)
CBRP (Certified Business Resilience Professional)
CBRM (Certified Business Resilience Manager)
CBRA (Certified Business Resilience Auditor)
DRI International
CBCV (Certified Business Continuity Vendor)
ABCP (Associate Business Continuity Professional)
CFCP (Certified Functional Continuity Professional
CBCP (Certified Business Continuity Professional)
MBCP (Master Business Continuity Professional)
CDRP (Certified Disaster Recovery Professional) - now CBCP
BC/DR Skills
BC/DR Exercise
BC/DR Maintenance
BC/DR Plan Development
BC/DR Plan Evaluation
BC/DR Plan Implementation
BC/DR Testing
BC/DR Training
BIA (Business Impact Analysis)
Gap Analysis
LDRPS Administration
LDRPS Implementation
BC/DR Software
BIA Professional – Strohl Systems
Business Protector
CAPS BIA
CAPS Recovery Planner
DRS
eBRP
ePlanner - SunGard
E-TEAM
Incident Manager – Strohl Systems
LBL
LDRPS – Strohl Systems
Mitigator
myCOOP
OpsPlanner
Seagate Backup Executable
Softek – Fujitsu
Paragon - SunGard
Precovery - SunGard
RecoveryPAC

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 4 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
Sunrise Software
Non-BCP Focused Packages (Word, Excel, Share point)

BC/DR Notification Systems

AlarmPoint - Invoq Systems
AlertFind - Message One
Communicator - Dialogic
e.Notify - AMCOM
MIR3
NNN
NotiFind - Strohl Systems
Send Word Now
Varolli
Emergency/ Crisis Management Experience
Emergency/ Crisis Management Experience
Bio Terrorism
Building Evacuation
Crisis Communication
EM Technology
Emergency Operating Center
Emergency Procedures
FEMA (Federal Emergency Management Agency) Exp
Fire Fighter
Fire Safety
Infectious Diseases
Nuclear Radiation Emergency Planning
Nuclear Weapons Emergency Planning
Search & Rescue
WMD (Weapons of Mass Destruction)
Positions in Emergency/ Crisis Management - Indicate which position(s) you would like to be considered for, by pla
of it.
Emergency Director
Emergency Manager
Emergency Planning Coordinator/ Planner
Emergency/ Crisis Management Certifications
American College of Forensic Examiners International (ACFEI)
CHS (Certified in Homeland Security)
Emergency Management Institute
(EMI)
NIMS (National Incident Management System)
ICS (Incident Command System)
MEP (Master Exercise Practitioner)
PDS (Professional Development Series - Certification of Completion)
International Association of Emergency Managers
(IAEM)
AEM (Associate Emergency Manager)
CEM (Certified Emergency Manager)
United States Search & Rescue Task
Force
CERT (Community Emergency Response Team)
Risk Management Experience

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 5 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
Risk Management Experience
Risk Assessment
Risk Evaluation
Tracking & Analysis
Risk Guidelines/ Controls
Financial Risk
Operational Risk
Positions in Risk Management - Indicate which position(s) you would like to be considered for, by placing "X" in the c
Global Risk Manager (US & International Risk Mgmt)
Risk Analyst
Risk Manager
Operational Risk Manager
Risk Officer
Risk Management Certifications
American Institute for Chartered Property Casualty
Underwriter (CPCU)
ARM (Associate Risk Manager)
BAI Bankers Training & Certification
Center (BAI)
CRP (Certified Risk Professional)
British Computer Society (BCS)
Practitioner Certificate in Information Risk Management
Consulting -3rd Party Experience
Consulting (External) Experience
Big 5 Consulting Experience (E&Y, D&T, KPMG, etc.)
Client Interviewing
Full-Life Cycle Plan Development
Government Contracts
Presentation to Client Staff
Proposal Preparation
Proposal Review
Proposal Writing
Solution Preparation
Positions in Consulting - Indicate which position(s) you would like to be considered for, by placing "X" in the column to
Consultant
Director of Consulting/ Practice Manager/ Sr. Manager
Managing Consultant
Program Director
Senior Consultant
Service Delivery Director
SME (Subject Matter Expert)
Consulting (3rd Party Experience) Certifications
Institute of Management
Consultants (IMC)
CMC (Certified Management Consultant)
General Functions - Please use the Comment Field for Further Detailed Informa
American Red Cross Coordination
Audit Manager
Auditing Experience

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 6 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
Auditor
Big 5 CPA Firm Auditing Experience
BPR (Business Process Re-engineering)
Budgeting
Business Analyst
CIA (Central Intelligence Agency) Experience
CMM (Capability Maturity Model)
Compliance
Contract Negotiations
Data Processing
Data Warehousing
Direct Staff Management
Documentation Management
Employee Training Development
Employee Training Implementation
Facilities Planning
FBI (Federal Bureau of Investigation) Experience
Flowcharting
Geographic Information Systems (GIS)
GIS User
GIS Analysis
GIS Data Production and Editing
Geodatabase management and design
GIS Software - ESRI ArcGIS Desktop
GIS Software - ESRI Spatial Analyst
GIS Software - ESRI 3d Analyst
GIS Software - MapInfo
GIS Software - Other
Homeland Security
Independent Contractor
Internal Auditor
IS Auditing
Language: Bi-lingual (Specify in Comment Column)
Law Enforcement
Loss Prevention
Physical Security Compliance
Physical Security Experience
Presentation Experience
Presentation Experience to Executives
Project Management
Public Sector Coordination
Public Speaking Experience
Published (journals, books)
Quality Assurance
Records Management
Regulatory Affairs
Regulatory Reporting
Strategic Planning
Teaching

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 7 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
Technical Reviews
Technical Writing
Top Secret (TS) Sec Clearance -pls specify if active
US Government Security Clearance- pls specify if active
Vendor Management
Vendor Selection
Other Software - Please List Any Additional Software
Lotus Notes
MS Access
MS Excel
MS Outlook
MS Outlook Express
MS PowerPoint
MS Project
MS Visio
MS Word
Other Certifications - Please List Any Additional Certifications
American Society for Industrial Security
(ASIS)
CPP (Certified Protection Professional)
American Society for Quality (ASQ)
CMQ/ OE (Certified Manager of Quality/ Organizational Excellence)
CQA (Certified Quality Assessor)
Six Sigma Black Belt
Six Sigma Green Belt
Six Sigma Master Black Belt
The APM Group Limited (APMG)
PRINCE2
CPMQ (Competent Project Manager Qualification)
Information Systems Audit & Control Association
(ISACA)
CISA (Certified Information Systems Auditor)
CISM (Certified Information Security Manager)
Institute of Internal Auditors
CIA (Certified Internal Auditor)
CCSA (Certificate in Control Self Assessment)
CGAP (Certified Government Auditing Professional)
International Facility Management Association
(IFMA)
CFM (Certified Facility Manager)
International Information Systems Security Certification Consortium
((ISC)2)
CISSP (Certified Information Systems Security Professional)
ISSMP (Information Systems Security Management Professional)
SSCP (Systems Security Certified Practitioner)
CFSA (Certified Financial Services Auditor)
IT Infrastructure Library (ITIL)
Certifications
The Foundation Certificate - ITIL
The Practitioner Certificate - ITIL
The Manager's Certificate - ITIL
Project Management Institute (PMI)
PMP (Project Management Professional)

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 8 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
SOX Institute
CSOX (Certified in Sarbanes Oxley)
CSOXP (Certified SOX Professional)
Regulations/ Compliance Experience - Please List Any Additional Regulations/Comp
BASEL II
California SB 1386
COBIT
FFIEC
Gramm Leach Bliley Act (GLBA)
HIPPA
Interagency Whitepaper
ISO 1400
ISO 17799
ISO 9000
ISO 9001
NYSE 446 / NASD 3500
OSHA Compliance
PATRIOT ACT
Regulatory Affairs
Regulatory Reporting
Sarbanes Oxley
SEC Regulations
Industry Experience - Please check all that apply from the list below
Industry Experience - Indicate which industries you would like to be considered for, by placing "X" in the column to the
Aerospace
Agriculture
Architectural
Automotive
Brokerage/ Investment
Building & Maintenance
Chemical/Petro
Communications/Media
Computer Hardware
Computer Software
Computer Services
Construction / Trades
Education
Electronics
Energy
Engineering
Entertainment
Financial / Banking
Government / Federal
Government / County
Government / Military
Government / State
Government / International

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 9 of 36
Management
Ratings Key: 1 =Training or Education 2 =Light Exp. 3 =Solid Exp. 4 =Very Strong

Year Skill Self

Interested in position? Years Years Mgmt
Skill Sets Last Rating:
Use "X" to flag of Exp? Exp?
Used? 1-5
Grocery
Healthcare / Medical
Hotels / Gaming
Insurance
Internet / E-Business
IT / Data Services
Legal / Judicial
Food Services
Logistics / Shipping
Manufacturing / Industrial
Manufacturing / Products
Manufacturing / Other
Marketing
Mortgage
Nuclear / Power Plant
Oil & Gas
Paper & Pulp
Pharmaceutical
Professional Services / Consulting
Publishing
Real Estate
Retail / Wholesale
Sales
Service Bureaus
Sports / Recreation
Telecommunications
Textile
Tourism
Travel
Transportation
Utilities

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 10 of 36
Management
 5 =Expert

Comments

he column to the right of it.

e column to the right of it.

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 11 of 36
Management
 5 =Expert

Comments

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 12 of 36
Management
 5 =Expert

Comments

placing "X" in the column to the right

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 13 of 36
Management
 5 =Expert

Comments

e column to the right of it.

to the right of it.

mation

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 14 of 36
Management
 5 =Expert

Comments

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 15 of 36
Management
 5 =Expert

Comments

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 16 of 36
Management
 5 =Expert

Comments

pliance Exp

he right of it.

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 17 of 36
Management
 5 =Expert

Comments

BC Management Candidate Skills Summary - Business Continuity/Disaster Recovery/Emergency Management/Risk

Page 18 of 36
Management
Purpose: To document key controls around the < >Cycle:

Location: Date:
Assertions

Presentation and Disclosure

Existence or Occurrence

Valuation or Allocation
Rights and obligations
Completeness

Accuracy

Cutoff
Control Objective: Risk: Action/Control Activity: Evaluation/Conclusion:
1

4
5
6
7
8
9
10
11
12
13

14
15
16
17
18
19
20
Purpose: To document key controls around the < >Cycle:

Location: Date:
Assertions

Presentation and Disclosure

Existence or Occurrence

Valuation or Allocation
Rights and obligations
Completeness

Accuracy

Cutoff
Control Objective: Risk: Action/Control Activity: Evaluation/Conclusion:
21

22
23
24

25
26
27

28
29
30
31
Introduction: The table below presents an example internal control review template with related control points that may be
in place within the respective control cycle. This is not intended to prescribe a “cookie-cutter” approach to internal control
reviews; instead it is intended to represent a number of control points, of which management should identify the most
significant in maintaining its control over business cycle information.

Significant control points identified during process mapping should be tested during an internal control review. Other, less
significant points should be included in the process flow narrative describing the Control cycle. An example narrative is
presented below, in the right-hand column. It is the management’s option to include the narrative below, or to present it as
a separate document (such as internal process overviews or agency-based procedures). For that reason, the example
narrative below is “grayed out.” If this template is utilized but alternative documentation describes the process in the
internal control program work papers, please feel free to remove the column.

The Control objectives below are broken down into the following sub-cycles: General/Control Environment, (list additional
cycles for the area under review).

For the purpose of this generic document, the following terms are used: Define terms for example in the area of fixed asset
- Assets that are capitalized and depreciated over a period longer than one year are referred to as “fixed assets,” or as
“capital assets”- the terms are used interchangeably; and the person responsible for managing fixed assets at the
department level is termed the “Property Control Coordinator,” with the understanding that at one branch, it may be
Facilities Management, while at another it may be an official from the Business Office. Management are encouraged to
substitute below the terms that are in widespread use among their staff.

Notes:

(1) Each broad area is divided into subcycles. A subcycle is a sequence of related processes for which one set of
objectives and risks can be determined. Audit Assertions are the implicit or explicit claims and representations made by the
management responsible for the preparation of financial statements regarding the appropriateness of the various elements
of financial statements and disclosures - See more at: http://accounting-simplified.com/audit/introduction/audit-assertions.
(2) Management must designate which of the control points that it deems to be significant or key, for testing as part of the
internal controls (IC) review. Only the significant control points are required to be tested.
(3) In addition to noting a weakness and means of remediation, the control in place and the test performed should also be
noted in this column. (This will help management enact and/or maintain the proper monitoring to identify control
weaknesses in the future.)
 POTENTIAL CONTROL
PROCESS AREA OBJECTIVES/ASSERTIONS (1)
POINT(S)(2)
Cash Receipts
Cash Disbursements
Procurement
Human Resources
Payroll
Accounts Receivable
Investments
Grants
Inventory
Financial Reporting
Fixed Assets
IT
RISK SUGGESTED CONTROL TEST
 IC REVIEW CONCLUSION (3)
/IDENTIFIED /WEAKNESSES/ACTION
TAKEN PROCESS NARRATIVE (SAMPLE WORDING)
Audit Program Area:

A fundamental element of internal control is the segregation of certain key duties. The basic idea
underlying segregation of duties is that no employee or group should be in a position both to
perpetrate and to conceal errors or fraud in the normal course of their duties. In general, the
principal incompatible duties to be segregated include:

- Custody of assets
- Authorization or approval of related transactions affecting those assets
- Recording or reporting of related transactions
- Execution of the transaction or transaction activity

An essential feature of segregation of duties/responsibilities within an organization is that no one

employee or group of employees has exclusive control over any transaction or group of
transactions.

Based on the above criteria, this worksheet has been designed to highlight conflicting duties
performed by one individual or group of individuals (potential lack of proper segregation of duties).
Audit teams are encouraged to use this form to help identify potentially commingled duties within
accounting processes that may constitute a control weakness.

Instructions

1) The Tester should inquire to determine which individuals are responsible for certain duties within
the company/location.

2) The matrix should be used to determine if there is potential for a segregation of duties conflict.
Use the following key to identify the potential financial risk and segregation of duties conflicts:

X - Segregation of duties conflict

H - High financial risk
M - Medium financial risk
L - Low financial risk

3) The potential issues should be investigated to ensure a mitigating control prevents the
individuals from performing both tasks.

4) If a control is not present, a conflict of duties may be present.

The concept of Segregation of Duties is to separate the major
responsibilities of authorizing transactions, custody of assets, recording of
transactions and reconciliation/verification of transactions for each
business process. From a separation of duties perspective, the completion
of more than one of these functions would be considered performing
"incompatible duties". In other words, no one employee should have
responsibility to complete two or more of these major responsibilities.
However, staff limitations may make this impractical and that is when
Compensating controls must be considered.

Instructions
We should always strive for the optimum degree of segregation of duties.
However, due to limited staff sizes at some organizations, optimum
separation of duties cannot be achieved. In those circumstances you
should at least strive for an acceptable(minimal) level of segregation of
duties which when combined with compensating controls will minimize the
impact of control deficiencies and exposure to errors or irregularities. A
minimal level of segregation of duties could possibly be achieved by
verifying that no one employee performs more than two of the
"incompatible duties". For example, an employee might perform the
authorization and verification/reconciliation functions but they should not
record the transaction or maintain custody of assets. A compensating
control would be managerial review.
 AP Voucher Entry

AP Payments

Vendor (add/delete/change)

Bank Reconciliation AP

Supplier Master Maintenance

Bank Reconciliation AR

AR Cash Application

AR Clear Customer Account

Task Group Description Grp 1 2 3 4 5 6 7 8

AP Voucher Entry 1
AP Payments 2
Vendor (add/delete/change) 3
Bank Reconciliation AP 4
Supplier Master Maintenance 5
Bank Reconciliation AR 6
AR Cash Application 7
AR Clear Customer Account 8
Item Master Maintenance 9
Service Master Maintenance 10
Purchase Requisitioning 11
Release Purchase Requisition 12
Process Purchase Requisition 13
Purchase Order Entry 14
Purchasing Agreements 15
Goods Receipt on PO 16
Service Receipts Entry 17
Physical Inventory 18
Inventory Adjustments 19
Sales Agreement/Contracts 20
Ship Product 21
Customer Master Maintenance 22
Customer Master (Credit) 23
Sales Invoicing 24
Sales Invoice Release 25
Sales Order Entry 26
Sales Order Release 27
Sales Pricing Maintenance 28
Sales Rebates 29
Open/Close General Ledger 30
Post Journal Entries 31
Approve Journal Entries 32
Reconciliation of Sub-Ledgers
to General Ledger 33
Initiate Wire Transfers 34
Approve Wire Transfers 35
Approve Asset Acquisitions 36
Record Fixed Assets into Fixed
Asset System 37
Fixed Asset Reconciliation 38
Employee Master File (add/delete 39
Process Payroll 40
Issue Payroll Checks (Manual or
Electronic) 41
Payroll Bank Reconciliations 42
Maintain Security 43
Ship Product
21

Sales Agreement/Contracts
20

Inventory Adjustments
19

Physical Inventory
18
17

Service Receipts Entry

Goods Receipt on PO
16
Purchasing Agreements
15
Purchase Order Entry

14
Process Purchase Requisition

13
Release Purchase Requisition

12
Purchase Requisitioning

11
Service Master Maintenance

10
Item Master Maintenance

9
Initiate Wire Transfers
34

Reconciliation of Sub-Ledgers
33

to General Ledger
Approve Journal Entries
32

Post Journal Entries

31
30

Open/Close General Ledger

Sales Rebates
29
Sales Pricing Maintenance
28
Sales Order Release

27
Sales Order Entry

26
Sales Invoice Release

25
Sales Invoicing

24
Customer Master (Credit)

23
Customer Master Maintenance

22
Compensating Control
43

Maintain Security
Payroll Bank Reconciliations
Issue Payroll Checks (Manual 42
41
or Electronic)
Process Payroll

40
Employee Master File

39
(add/delete)
Fixed Asset Reconciliation

38
Record Fixed Assets into Fixed

37
Asset System
Approve Asset Acquisitions

36
Approve Wire Transfers

35