- Edition: 3rd Edition
- Available in: Paperback
- ISBN: 978-0965466585
- Published: January 1, 2016
Value Added Auditing: Standard Manual of Risk Based, Process Auditing
by Greg Hutchins
The objectives of the manual are to enhance
- Risk-based problem solving and
- Risk-based decision making.
Value Added Auditing can be used as a ‘how to’ primer or reference for the following assessments:
- ISO 9001, ISO 14001, and other ISO management system assessments that focus on continual improvement and achieving business objectives. The book is harmonized to ISO 19011:2011.
- Internal 9001:2015 process and risk audits (first – party).
- Second party 9001:2015 audits of suppliers.
- Standard manual for third party 9001:2015 audits.
- Internal auditing (Yellow Book/Red Book/Quality) providing independent and objective assurance that an organization can accomplish its business objective
- Business assurance assessments including compliance, maturity, capability, and benchmarking.
- Supplier auditing that may involve forensics, assurance, and analytics.
- Risk based Information Technology (IT) audits including ISO 27001, COBIT, ITIL, HIPAA, PCI, FISMA, and SOX assessments.
- Assurance and opinion audits based on international standards.
- Risk assurance assessments ensuring an organization can meet its governance, risk, and compliance (GRC) objectives.
- Critical Infrastructure Protection (CIP) assessments including risk assessments, vulnerability, NERC CIP compliance, cyber security, resilience and CIP assessments addressing Presidential Policy Directive (PPD-21) – Critical Infrastructure Security and Resilience.
- Agreed Upon Procedure (AUP) engagements including reporting findings based on reviewing specific procedures.
Value Added Auditing is the primary text for the Risk Assurance element of the Certified Enterprise Risk Manager® certificate program. Visit www.CERMAcademy.com.
US Department of Homeland Security (DHS) certified Value Added Auditing as a ‘Qualified Anti-Terrorist Technology’ under the Safety Act as a critical elements of Critical Infrastructure Protection: Forensics, Assurance, Analytics®.
Part I: Value Added Auditing Fundamentals
Chapter 1 – Today’s Competitive Marketplace
Chapter 2 – Governance and Auditing
Chapter 3 – Value Added Auditing 101
Chapter 4 – Enterprise Risk Management 101
Chapter 5 – Process Management 101
Part II: Managing Value Added Auditing
Chapter 6 – Managing the Value Added Audit
Part III: Planning the Value Added Audit
Chapter 7 – Step 1: Understand Audit and Business Objectives
Chapter 8 – Step 2: Notify/Visit Auditee
Chapter 9 – Step 3: Understand Auditee’s System, Process and Product Documentation
Chapter 10 – Step 4: Develop Audit Plan
Chapter 11 – Step 5: Develop Audit Survey
Part IV: Conducting the Value Added Audits
Chapter 12 – Step 1: Assess Organizational Maturity
Chapter 13 – Step 2: Assess Process Capabilities
Chapter 14 – Step 3: Assess System/Process Risks
Chapter 15 – Step 4: Evaluate Control Effectiveness
Chapter 16 – Step 5: Assess Evidence
Chapter 17 – Step 6: Issue Opinion
Chapter 18 – Step 7: Conduct Exit Meeting
Part V: Reporting Value Added Audit Results
Chapter 19 – Step 1: Communicate Audit Results
Chapter 20 – Step 2: Decide Audit Report Format
Chapter 21 – Step 3: Correct – Prevent – Predict – Preempt
Chapter 22 – Step 4: Maintain Audit File