![Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5931/TOC-Subject-Sample-2021-Economics-Finance-Business-Industry.jpg"})
Abstract
Notes
1. The author was the head of the internal audit function at Tosco for more than ten years, during which time his innovative approach was profiled by the American Institute of Certified Public Accountants (AICPA) and the Institute of Internal Auditors (IIA), and the internal audit department received the honor of being the first to be included on what is now Protiviti's best practices website.
2. The fraud schemes discovered at Tosco included:
Maintenance managers colluding with vendors and repairing the same ceilings in the stores several times in a single year | |||||
Vendors colluding with each other and with Tosco managers to take turns in being the lowest bidder, rigging the bids, and inflating final cost to the company | |||||
Vendors providing significant levels of entertainment to Tosco managers (hunting trips, etc.) and then being able to submit quotes that purported to be “cost plus” but were significantly inflated | |||||
A PC equipment vendor that would be called in to repair equipment in a store, only to determine that it needed to be replaced with a new PC. They would remove the “bad” unit (they charged for disposal) and replace it with a fully functioning unit. The trouble was that the unit they put in was not new: it was a unit removed from another of our stores as “bad,” repaired, and resold to us as new | |||||
3. Like many internal audit functions, the Tosco internal audit department used software from ACL Services Ltd.
4. Made famous by the work of Mark Nigrini, Benford's law can be a useful way of detecting fictitious transactions, where the reference number or invoice value has been set by a human rather than as the result of a calculation or position in a sequence.
5. For ease of reference, examples of the use of GRC products will be based on SAP's GRC product line.
6. Examples include SAP's GRC Process Control and Access Control products.
7. ArcSight software enables the review and analysis of events recorded in router and intrusion detection systems that may represent, for example, external attacks, inappropriate attempts by employees to access restricted areas, and the activities of data base administrators and other privileged users.
8. SAP's Process Control product and Tripwire's software are among those that enable the continuous auditing of IT general control processes.
9. Examples of business intelligence software include SAP's Business Objects products, the Cognos solutions from IBM, and Oracle's Hyperion software.
10. The Institute of Internal Auditors’ Standard 2010 on Planning states: “The chief audit executive should establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organization's goals.” (Emphasis added.)
11. SAP's GRC Process Control and Access Control test activities during business processing.
12. Most automated transaction auditing products, such as that from Oversight, use a data warehouse application. Data warehouse applications such as products from Cognos or SAP Business Objects are broader in use but generally more powerful.
![Supercharge Your Next Research Paper: Research and write your next paper with Jenni AI.]({"type":"image" , "src" : "/sda/112446/MPU-L1EB.png"})