If you have been involved with reporting or have some exposure around financial or business reports, you will note that there are always areas where a report will reflect an individual’s interpretation or understanding of the requirements. This can be a challenge for new auditors in determining what to consider and not to consider in the report. In order to address this common issue in Internal as well as IS audits, I have put together a sample question that encapsulates this.


Ransom’s Question on 15/09/2017 – Data Governance and reporting.


You have been assigned to perform an IS and Internal audit of the production and manufacturing department. You realise that the Overall Equipment Effectiveness (OEE) reported by the Manufacturing department is different from the OEE calculated and reported in the management report. You also noted that the definition of OEE used by the two departments was different. What should you recommend first?


Select an answer:


A  –  Review the User Acceptance Testing (UAT) of the equipment.


B  –  A company data definition policy should be implemented.


C  –  A SCADA software should be used to compute OEE.


D  –  Management should review and sign-off the management reports as well as the manufacturing reports.

Continue reading