case study for audit

Case Studies

Login to favorite

A collaborative effort of the Anti-Fraud Collaboration, these case studies are educational tools for all members of the financial reporting supply chain, as well as students. Participants in case study teachings start with a hypothetical scenario about a fictional company dealing with a fraud. Guided by an instructor, they then discuss what could have been done to address the situation.

Browse Resources

Comment Letter

Meeting Highlights

Publications

More Collections

Access to audit personnel grant program, audit committee, audit committee insights, audit committees, audit quality, audit quality indicators, auditor reporting.

Auditors & ESG Information

Audits of Brokers and Dealers

Caq symposium, classroom and training resources, collective action in the fight against fraud, connecting auditors and academics, cybersecurity, diversity and inclusion.

Effective Disclosure

Emerging Technologies

Ensuring reliability, quality, and independence in public company audits, fair value accounting, future talent, independent standard setting, international practices task force inflation discussion documents, international practices task force meeting highlights, mandatory firm rotation, policymakers, public policy & technical alert, research advisory board grant program, risk assessment panel discussion, role of the auditor, sarbanes-oxley, sec regulations committee highlights, snapshot alert, the caq at aaa, the future of corporate reporting, the value of auditor independence, transparency of audits, video vignettes.

The CAQ, in connection with the Auditing Section of the AAA, established a program designed to facilitate accounting and auditing academics’ ability to obtain access to audit firm personnel to participate in their research projects.

EXPLORE MORE

Publications 04.05.21

Fraud and Emerging Tech: Artificial Intelligence and Machine Learning

Comment Letter 02.01.21

IAASB: Discussion Paper, Fraud and Going Concern in an Audit of Financial Statements

Publications 01.12.21

Mitigating the Risk of Common Fraud Schemes

Policymakers across the globe increasingly recognize the vital role of audit committees and their importance to audit quality. In close collaboration with partner organizations, the CAQ is actively engaged in policy developments related to audit committees.

Newsletter 03.24.23

Audit Committee Insights | March 2023

Publications 03.22.23

Audit Quality Reports Analysis: A Year in Review

Video 02.28.23

Audit Committee Effectiveness: A Webinar Series

Audit Committee members are an essential component to the health of our financial reporting ecosystem and capital markets. While our economy is constantly evolving, so is the role of audit committee members. Policymakers, investors, and other leaders across the globe increasingly recognize the vital role of audit committees and their importance to audit quality. In close collaboration with partner organizations, the CAQ is actively engaged in developments that impact audit committees and provides valuable resources, current policy information, and tools to support audit committees with their responsibilities.

Auditors are highly skilled at adapting and problem solving, without sacrificing the audit quality on which our capital markets and investors depend. It is no surprise that under unprecedented circumstances, long-term investments in training and technology enabled the profession to quickly transition to remote work. Many factors lead to a quality audit, but a combination of auditor expertise and independence coupled with constant innovation and technology bolsters the level of trust and confidence in company financial statements and forms the basis of audit quality—and, therefore, value to capital markets.

2021 Audit Committee Transparency Barometer

Auditor Independence: A Cornerstone of Audit Quality

How Audits Support Capital Markets

The CAQ has been at the forefront of the movement to develop quantitative and qualitative metrics regarding the audit—commonly referred to as audit quality indicators (AQIs)—that could be used to better inform audit committees about key matters that may contribute to the quality of an audit.

Publications 11.30.22

2022 Audit Committee Transparency Barometer

Engaging constructively with policymakers and key stakeholders, the CAQ and its members have made substantial and practical contributions to ongoing efforts to enhance information presented in the auditor’s report to investors and other users.

Newsletter 01.07.21

Public Policy and Technical Alert, December 2020

Alert 12.07.20

Public Policy and Technical Alert, November 2020

Auditors play a key role as independent gatekeepers in the financial reporting ecosystem that underpins confidence in capital markets. Auditors build trust and confidence in information through the assurance services they provide. The auditing profession has steadily developed, systemized, and strengthened this trust and confidence-building role in providing assurance related to company financial statements and internal control over financial reporting. While auditors will continue the essential work of auditing historical financial statements, they can also bring their ability to enhance trust and confidence in other types of data and information issued by companies.

The Role of Auditors in Company-Prepared ESG Information: A Deeper Dive on Assurance

The Role of Auditors in Company-Prepared Cybersecurity Information: Present and Future

The Role of Auditors in Non-GAAP Financial Measures and Key Performance Indicators: Present and Future

Lending trust and credibility to ESG information.

Comment Letter 06.17.22

SEC Proposed Rule: The Enhancement and Standardization of Climate-Related Disclosures for Investors

Video 03.07.22

ESG Reporting 101: What is ESG assurance and why does it matter?

CAQ Commentary on SEC Climate-Related Disclosure Proposal

Alert 12.07.21

Audit Planning Alert for Auditors of Brokers and Dealers

Alert 08.27.19

CAQ ALERT #2019-01 – PCAOB REPORT ON 2018 INSPECTIONS OF BROKERS AND DEALERS

Alert 08.22.18

CAQ Alert #2018-04 – Broker’s and Dealer’s Use of a Service Organization

The Annual CAQ Symposium brings together practice leaders and audit research scholars for a discussion of important issues and an exploration of how research can inform those issues. On the pages for each event, find videos, summaries, and panel participants.

CAQ Symposium 2022

Video 10.28.21

What’s happening in ESG reporting & assurance today? Top 5 Takeaways from CAQ Symposium 2021

CAQ Symposium 2021

The CAQ creates educational videos that can be used in the classroom or as training resources. Available videos include a “Video Vignettes” series that provides a view into the types of conversations that take place during an audit. Videos also include classroom-ready excerpts derived from an expert panel at a CAQ event.

Publications 01.17.23

2023 Profession Outlook

Publications 03.07.22

Demonstrating the Value of Public Company Auditors

Statement 11.03.21

Statement of Support for the International Sustainability Standards Board (ISSB)

Strong fraud deterrence and detection requires all participants in the financial reporting ecosystem to exercise extreme vigilance. In a heightened risk environment regulators, internal and external auditors, audit committees, and public company management must work together to effectively detect and deter fraud.

Since its inception, the CAQ has sought to improve audit quality by increasing engagement between auditors and the academic community by fostering independent research related to the public company auditing profession.

Audit firms, standard-setters, regulators and the CAQ are developing a growing number of resources to help auditors, investors, management and audit committees understand the impact of the COVID-19 pandemic on financial reporting and oversight, and the CAQ is working to curate and distill that information for you.

COVID-19 11.09.20

Anti-Fraud Resources

COVID-19 10.06.20

Auditing Profession Resources

COVID-19 06.19.20

Audit Committee Resources

Cybersecurity threats are complex and an evolving issue with serious implications for public companies, their boards, investors, and other stakeholders, making it critical that the public company auditing profession does their part to support companies, boards, and others in addressing such threats.

Publications 06.27.22

Audit Partner Pulse Survey, Q2 2022

Comment Letter 05.09.22

SEC: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Bold Ambition

Accounting+

Video 10.19.21

Profession in Focus: Diversity in Focus with Elena Richards

The CAQ is a prominent voice in the discussion about effective financial disclosures. Convening key investor and financial groups, the CAQ has developed concrete recommendations on ways to facilitate investors’ access to meaningful information.

Comment Letter 11.25.19

SEC: Update of Statistical Disclosures for Bank and Savings and Loan Registrants

Comment Letter 07.29.19

SEC: Amendments to Financial Disclosures about Acquired and Disposed Businesses

Video 11.20.18

Audit Committee Reporting – Leslie Murphy

Emerging technologies are altering the financial reporting environment substantially, and this change is accelerating. For auditors and others in financial reporting, the CAQ provides insights on the benefits and risks of technology developments.

Publications 05.16.19

Emerging Technologies, Risk, and the Auditor’s Focus: A Resource for Auditors, Audit Committees, and Management

Publications 01.12.20

Fraud and Emerging Tech: Robotic Process Automation

Video 04.09.19

Evolution in Auditing

The CAQ is dedicated to enhancing investor confidence by supporting the public company auditing profession every day to improve audit quality and enhance auditor independence, creating a solid foundation of financial reporting that benefits investors in the United States.

2020 Audit Committee Transparency Barometer

Audit In Action

The CAQ has engaged on the issue of fair value (or mark-to-market) accounting, regarding both its usage broadly in the markets and in the context of auditing fair value measurements.

Alert 03.02.18

Public Policy and Technical Alert, February 2018

Publications 03.12.09

CAQ Testimony: “Mark-to-Market Accounting: Practices and Implications”

Meeting Highlights 06.12.97

June 1997 IPTF Joint Meeting Highlights

Are you purpose-driven? Are you a natural problem solver with an unquenchable curiosity? Are you fascinated by the inner workings of companies and financial markets? Then a career in audit may be right for you.

Video 10.05.20

Profession in Focus: A Conversation with EY’s Ken Bouyer on Inclusiveness Recruiting

Making It Balance

Robust internal control over financial reporting (ICFR) is a keystone of investor confidence. The CAQ has advanced the discussion around ICFR and produced a range of resources on the issue.

Perspectives on Management Review Controls: Challenges and Solutions

Alert 05.01.20

Public Policy and Technical Alert, April 2020

Alert 02.07.20

PUBLIC POLICY AND TECHNICAL ALERT, JANUARY 2020

In an increasingly interconnected global economy, market participants are considering whether it is possible or desirable to move toward a more uniform global “language” for financial reporting. As the discussion has taken place around International Financial Reporting Standards (IFRS), the CAQ has been an active voice.

The CAQ has been outspoken against policy provisions that would interfere with the independence of the accounting and auditing standard-setting processes.

The CAQ works to increase investor trust in the capital markets by promoting and developing high-quality performance from the public company auditing profession. A cornerstone of our strong U.S. capital markets is the trust investors place on audited financial statements when making critical decisions. Our resources provide information for investors on developments in the auditing profession, oversight and governance of public companies, and leading practices in the field of audit.

Publications 12.08.21

Value of the Audit

The CAQ has been a leading voice on the issue of mandatory audit firm rotation, which has significant implications for investors, audit committees, public company auditors, and the markets.

Comment Letter 12.14.11

PCAOB: Concept Release on Auditor Independence and Audit Firm Rotation

Comment Letter 02.14.14

ISS: Consultation Document on Auditor Ratification

Keeping CAQ members and stakeholders informed on significant public policy and accounting matters.

The CAQ and the public company auditing profession are dedicated to supporting valuable independent academic research that can have important, real-world impact on audit quality and the future of auditing.

The panel discussion videos are short excerpts from a CAQ event where practitioners and a leading academic provide perspectives on various issues related to the auditors’ risk assessment of a company. Included are the panelist bios and free short descriptions of each video excerpt.

Video 01.09.18

How Auditors Approach Risk Assessments

Video 01.08.18

How Materiality Impacts the Auditor’s Risk Assessment

Video 01.07.18

Consideration of Risks in Multilocation Audits

The CAQ has been at the forefront of the discussion around the role of the public company auditor and whether it should evolve to meet the changing information needs of investors.

Publications 03.09.23

The Role of the Auditor in Climate-Related Information

Publications 11.16.22

Audit Partner Pulse Survey, Fall 2022

The enactment of the Sarbanes-Oxley Act (SOX) of 2002, a law aimed at fostering more reliable financial reporting and enhancing audit quality, was a watershed moment for investors, public company auditors, and the markets. The CAQ has worked to create understanding of the impact of this important law. It has opposed efforts to weaken SOX section 404(b), which provides investors with important assurance by the independent auditor regarding management’s representations about the effectiveness of their company’s internal control over financial reporting (ICFR).

Video 08.01.19

Profession in Focus: Accelerated Filers, ICFR Audits, and Investor Protection

SEC: Amendments to the Accelerated Filer and Large Accelerated Filer Definitions

Publications 05.09.19

Guide to Internal Control Over Financial Reporting

Stay updated on the latest CAQ news.

Since 2008, the CAQ has organized and participated in panel discussions at the Annual Meeting of the American Accounting Association (AAA).

Video 10.09.20

CAQ at the AAA – August 2020

CAQ Panel at the 2020 AAA Auditing Section Midyear Meeting: Leveraging New and Old Media to Promote Degrees in Accounting

Video 08.12.19

CAQ Panel at The 2019 AAA Annual Meeting: Sustaining a Strong System of Quality Control to Enhance Audit Quality

The Sarbanes-Oxley Act of 2002 (SOX) was a watershed moment for investors, public company auditors, and capital markets. It established more reliable corporate reporting and auditor independence rules that enable stakeholders to trust the information provided by public companies. Two decades later, the U.S. is now widely recognized as the gold standard for auditor independence and thousands of high-quality audits are completed each year.

Video 08.08.22

Pop-Up Conversation with Rep. Brad Sherman (D-Calif.) and Mark Baer of Crowe

Video 07.27.22

SOX: The Evolution of Corporate Reporting

Our capital markets are an important engine for driving and maintaining our economic and societal well-being. These markets operate on information, and audited financial statements have long been a critical element of this information dynamic for their accuracy, transparency, and reliability. As investors make decisions, they depend on the information they receive from public company management. As a result, investors need—and in fact have long sought—an independent third party to provide assurance on the information provided by company management. Independence underpins the very credibility of the audit and, ultimately, its value to capital markets. It is also one reason why audit quality in the US has never been higher.

Publications 10.20.22

Auditor Independence

How Do Auditors Maintain Independence?

Audit in Action: The Role of the Audit Committee

The CAQ has engaged on the issue of effectively enhancing transparency in the audit, endeavoring to facilitate access to meaningful information for financial statement users and other constituencies.

Video 02.05.19

Critical Audit Matters: Audit Committee Perspectives

Video 02.13.18

Key Updates on Audit Committee Transparency and Investor Confidence

Alert 10.11.17

CAQ Alert #2017-04 – Select Auditing Considerations for the 2017 Audit Cycle

The vignettes provide insights into the types of conversations that occur between audit team members, as well as between auditors and preparers. The discussions captured in the videos can also be used in other teaching situations, as they highlight communications and interviewing techniques, professional skepticism, and how to navigate conversations on difficult and sensitive issues.

Video 04.13.17

Vignette 3: Auditing Is a People Business

Video 02.17.17

Vignette 2: Evaluating Root Cause and Severity of a Control Deficiency

Video 08.16.16

Vignette 1: Evaluating Management Review Controls over a Goodwill Impairment Estimate

The latest news and resources from the CAQ.

Stay Connected.

• Browse All Articles
• Newsletter Sign-Up

AccountingAudits →

No results found in working knowledge.

• Were any results found in one of the other content buckets on the left?
• Try removing some search filters.
• Use different search filters.

Case Studies: IT Audits, IT Security Audits, and Network Security Audits

It security audit company with certified auditors provides it audit and compliance audit services., selected case studies and industry experience, every engagement is unique. we are happy to customize our audit services to your specific needs.

Network Security Audit

A mid-size telephone company with many entities was concerned about network security risks., client situation.

A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.

Altius IT Solution

Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:

• Risk assessment, risk analysis, and risk treatment
• Policies, procedures, plans, and related documents
• Use of service providers
• Security of servers, firewalls, and network infrastructure
• Protection against malicious software (viruses, spyware, etc.)
• Security mechanisms and practices
• Controls over removable media and USB devices
• Incident response and business continuity

Altius IT's analysis included a comparison of the organization with security best practices to identify gaps. Altius IT provided a report of findings as well as recommendations, costs, and a prioritized risk response executive summary Action Plan.

Client Benefit

Altius IT’s network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets

Cyber Security Audit

A large county needed assurance that its sensitive information was protected against hackers and other threats..

A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.

Altius IT provided an External Network Security Audit. Our services included a variety of hacker type tools and techniques that identified and evaluated the county’s external risks:

• Firewall – reviewed and analyzed configuration
• External penetration – evaluated vulnerabilities
• Social engineering – determined employee risks
• Phishing – used fake e-mails and USB devices
• False web sites – determined risks
• Policies – evaluated security related policies

Altius IT compared the county with industry benchmarks and determined the type of security infrastructure in place. We tailored our attacks to take advantage of gaps.

Altius IT’s provided an External Network Security Audit Report, a Risk Assessment Report, and a prioritized Action Plan Report of security related recommendations.

Altius IT’s external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security while increasing protection of its information assets.

Web Application Security

A software developer was notified it's application was not secure. a client of the software developer requested a web application security audit..

A software developer provided on-line marketing solutions including web design, content management, and e-commerce solutions. The software developer was notified by a third party that it’s software was not secure. When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The software developer’s President wanted assurance that its code, with interfaces to internal database systems, was secure and protected from threats.

Emulating the approach used by hackers, Altius IT used a variety of manual and automated tools to perform a controlled real-life attack on the organization's web application and web server for vulnerabilities. Altius IT evaluated the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, JavaScript, and many others. Altius IT provided a Web Application Security Audit Report with our findings, an analysis of vulnerabilities, and solutions to enhance security.

Altius IT’s web application security audit identified several areas that placed the organization at risk to hackers and other external threats. With Altius IT’s report, the organization eliminated software bugs and enhanced security by implementing changes to their code and procedures. As a Certified Information Systems Auditor, Altius IT provided a follow-up web application security audit and verified that the security issues identified in the first audit had been addressed. Altius IT provided the software developer with our Auditor Opinion Letter that the client distributed to their prospects and clients. The organization’s enhanced image and reputation helped it increase revenue both by retaining current customers and by converting new prospects into clients.

Compliance Audit

A large regional hospital needed assurance that health information was protected against unauthorized access. meet hipaa and hitech compliance requirements..

A large regional hospital needed assurance that health information was protected against unauthorized access. The hospital needed to meet HIPAA and HITECH compliance requirements.

Altius IT provided a HIPAA / HITECH Compliance and Security Audit. Altius IT evaluated the hospital's security controls including:

• Administrative Safeguards - policies, procedures, plans, forms, security training, incident response, business continuity
• Physical Safeguards - controls over access to data centers, cameras, EPHI
• Technical Safeguards - firewalls, server configurations, network segmentation, anti-malware, logging, backups

Altius IT’s reports documented several areas that placed the organization at risk to compliance and network related threats. Altius IT's Action Plan Report provided a prioritized risk response plan for the hospital with ways to enhance security, ensure protection of its information assets, and meet compliance requirements.

Altius IT's compliance audit enhanced the hospital's security controls. Management has assurance that systems and data are secure. EPHI is protected from unauthorized access and alteration.

Risk Assessment

A mid-size medical product manufacturer was concerned about the security of a new device. a risk assessment was needed to address concerns about patient confidentiality and the integrity of the product..

A mid-size medical product manufacturer was concerned about the security of a new device. The organization was concerned about patient confidentiality and the integrity of the product.

Altius IT's Risk Assessment inventoried relevant assets and organized the assets into asset categories. We identified specific threats and threat categories and documented vulnerabilities that existed as a result of the threats. Our Risk Analysis evaluated risks and the likelihood of various threat exploits. We identified security gaps that could be exploited by insider and outsider attacks. Altius IT’s Risk Treatment Plan analyzed and documented risk reduction and risk treatment safeguards and controls for each vulnerability. Altius IT's Risk Task List identified preventive, detective, and corrective controls that eliminated or reduced risks to acceptable levels. Residual risks, risks that existed after controls were implemented, were identified, and prioritized so they could be monitored.

Altius IT’s risk assessment documented several product related threats that placed the organization at risk to both internal and external threats. The medical device manufacturer achieved the following benefits:

• Security – security assurance knowing that the product had effective security safeguards and controls.
• Continuity – ability to continue functioning even if the product had been compromised.
• Alerts – remote notifications to appropriate personnel so they could take appropriate actions if the product was compromised.
• Redundancy – ability of the product to continue operating in the event of normal failures.
• Sociability – ability of the product to not interfere with existing systems and devices.

Mobile application security audit

A marketing company needed assurance that a newly developed mobile application was secure. a mobile application security audit was needed to address concerns about the security of the software application..

A marketing company developed a mobile software application for a large international client. Management at the marketing company was concerned about the security of the mobile application.

Altius IT provided a "hand on" security audit of the mobile application. We evaluated security risks related to:

• User use of the device
• Mobile software coding issues
• Interfaces to servers and databases
• Configurations of servers, firewalls, and network segmentation
• Authentication issues
• Backups and recovery

Altius IT's Mobile Application Security Audit Report documented security risks and provided recommendations to enhance security.

Altius IT's mobile application security audit documented recommended changes to enhance security of the mobile application and server environment. The marketing company and the large international client had the peace of mind knowing that the mobile application kept information secure from intruders.

Social Engineering Audit

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

Altius IT provided a social engineering security assessment. Emulating the approach used by hackers, we manually perform a controlled real-life attack on the bank's staff and measured their response and actions to fake e-mail messages and false web sites. We benchmarked the bank against industry averages and provided the bank with ten recommendations to reduce their risks to social engineering attacks. Altius IT’s social engineering security assessment documented weaknesses in the bank's security education training and awareness programs.

Altius IT's social engineering security assessment helped the bank formalized its security education and awareness training program and supplemented it with frequent reminders to employees, temporary staff, and contractors. Customer satisfaction was increased as a result of the increase in security awareness.

Case Studies

It audits, it security audits, and network security audits.

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

• Fortify your information systems, applications, and network infrastructure
• Comply with regulatory requirements
• Protect your valuable assets
• In the news
• Success Stories
• (714) 794-5210
• [email protected]

Altius IT's services are provided throughout the United States and in selected international countries. Our corporate HQ is located in Orange County California between Los Angeles and San Diego. Contact us and we will help you choose the right audit for your organization.