test conversion back to markdown

1 files changed, 0 insertions, 76 deletions

diff --git a/content/blog/2023-06-20-audit-review-template.org b/content/blog/2023-06-20-audit-review-template.org
deleted file mode 100644
index 135a845..0000000
--- a/content/blog/2023-06-20-audit-review-template.org
+++ /dev/null
@@ -1,76 +0,0 @@
-#+title: Audit Testing Review Template
-#+date: 2023-06-20
-#+description: A handy reference template for audit review.
-#+filetags: :audit:
-
-* Overview
-This post is a /very/ brief overview on the basic process to review
-audit test results, focusing on work done as part of a financial
-statement audit (FSA) or service organization controls (SOC) report.
-
-While there are numerous different things to review and look for - all
-varying wildly depending on the report, client, and tester - this list
-serves as a solid base foundation for a reviewer.
-
-I have used this throughout my career as a starting point to my reviews,
-and it has worked wonders for creating a consistent and objective
-template to my reviews. The goal is to keep this base high-level enough
-to be used on a wide variety of engagements, while still ensuring that
-all key areas are covered.
-
-* Review Template
-1. [ ] Check all documents for spelling and grammar.
-2. [ ] Ensure all acronyms are fully explained upon first use.
-3. [ ] For all people referenced, use their full names and job titles
-   upon first use.
-4. [ ] All supporting documents must cross-reference to the lead sheet
-   and vice-versa.
-5. [ ] Verify that the control has been adequately tested:
-   - [ ] *Test of Design*: Did the tester obtain information regarding
-     how the control should perform normally and abnormally (e.g.,
-     emergency scenarios)?
-   - [ ] *Test of Operating Effectiveness*: Did the tester inquire,
-     observe, inspect, or re-perform sufficient evidence to support
-     their conclusion over the control? Inquiry alone is not adequate!
-6. [ ] For any information used in the control, whether by the control
-   operator or by the tester, did the tester appropriately document the
-   source (system or person), extraction method, parameters, and
-   completeness and accuracy (C&A)?
-   - [ ] For any reports, queries, etc. used in the extraction, did the
-     tester include a copy and notate C&A considerations?
-7. [ ] Did the tester document the specific criteria that the control is
-   being tested against?
-8. [ ] Did the tester notate in the supporting documents where each
-   criterion was satisfied?
-9. [ ] If testing specific policies or procedures, are the documents
-   adequate?
-   - [ ] e.g., a test to validate that a review of policy XYZ occurs
-     periodically should also evaluate the sufficiency of the policy
-     itself, if meant to cover the risk that such a policy does not
-     exist and is not reviewed.
-10. [ ] Does the test cover the appropriate period under review?
-    - [ ] If the test is meant to cover only a portion of the audit
-      period, do other controls exist to mitigate the risks that exist
-      for the remainder of the period?
-11. [ ] For any computer-aided audit tools (CAATs) or other automation
-    techniques used in the test, is the use of such tools explained and
-    appropriately documented?
-12. [ ] If prior-period documentation exists, are there any missing
-    pieces of evidence that would further enhance the quality of the
-    test?
-13. [ ] Was any information discovered during the walkthrough or inquiry
-    phase that was not incorporated into the test?
-14. [ ] Are there new rules or expectations from your company's internal
-    guidance or your regulatory bodies that would affect the audit
-    approach for this control?
-15. [ ] Was an exception, finding, or deficiency identified as a result
-    of this test?
-    - [ ] Was the control deficient in design, operation, or both?
-    - [ ] What was the root cause of the finding?
-    - [ ] Does the finding indicate other findings or potential fraud?
-    - [ ] What's the severity and scope of the finding?
-    - [ ] Do other controls exist as a form of compensation against the
-      finding's severity, and do they mitigate the risk within the
-      control objective?
-    - [ ] Does the finding exist at the end of the period, or was it
-      resolved within the audit period?