MIOLATA, CYRUS DANN L.

ACT 175P - MT

1.
a. The Institute of Internal Auditors offers a comprehensive certification portfolio for
internal auditors that can serve as the key to unlocking their next opportunity within the
profession; enhancing the credibility and adding clout to their resume.

The certifications that are supported by IAAP are Certified Internal Auditor
(CIA), Certified Government Auditing Professional (CGAP), Certified Financial
Services Auditor (CFSA), Certification in Control Self-Assessment (CCSA), and
Certification in Risk Management Assurance (CRMA) certification.

In a certain certification, like Certified Financial Services Auditor, it could cost for
about 495 US dollars or Php 24,000.00+ .

b. For any organizational certifications, the following general requirements for

Certified Financial Services Auditor must be met:

1. Completely filled-out Application Form

2. 2 pcs. 22 ID picture w/ name tag

3. Certified True Copy of NSO-issued Marriage Contract (for married female)

4. Original and photocopy of government-issued I.D. card with name, picture

and signature of the applicant

5. Certified True Copy of Transcript of Record (photocopy only is not

allowed)

6. Character Reference
 7. Work Experience (Certified Financial Services Auditor)

o CFSA (Certified Financial Services Auditor) 24 months of audit

experience in a financial services environment.

c. They actually have a certain certification for those who would like to attain as
Certified in the Governance of Enterprise IT (CGEIT). They listed advantages of having
this kind of certifications like, why are they much preferred by employers, how it affects
the skills positively and how will it help you to earn higher salary ahead of the others,
paralleled to career growth.

d. The IAAP provides publications for Information Technology Risk Management in

Enterprise Environments. This publication gives information about provides an overview

of industry practices and a practical guide to IT risk management frameworks,

methodologies and techniques. The proliferation of cyberattacks; compromises of IT

systems; and the increasing incidence of security breaches in volume, size, value and

number have been a cause of concern in corporate and government circles alike. The

book provides a management perspective and a practical approach to implementing a

risk assessment and a risk mitigation process using a team approach. It provides a

survey of industry practices, and it is a good guide for developing a framework for IT risk

assessment and mitigation in the enterprise.

e. One of the services they provide for its members is the CIA Certification
Seminars which is a milestone program of the Institute of Internal Auditors Philippines.
Count on this premiere designed to:

Invigorate and reinforce your understanding of Internal Auditing.

Mould you into valuable adviser of management and.

Provide you long-term value and credibility as an Internal Auditor.

And be among the 1,900 Filipinos enjoying the CIA designation and CIAs in the
Philippines who made it to the ranks of CIA exam awardees worldwide!

The IIA-P offers public run seminars that will cater to the audit professionals needs for
continuing professional development. IIA-Ps public seminars meet the training needs
for Junior Internal Auditors, Audit Supervisor, Audit Manager, and Chief Audit Executive.

Other Services includes:

Trainings for the Junior Internal Auditors

This will help new auditors grasp and execute the basic principles in internal
auditing. It will equip them of the basic knowledge that they need to successfully deliver
their engagements.

Trainings for the Audit Supervisors

IIA-Ps trainings will guide the Audit Supervisors in leading their audit
engagement and assist them on their transition from being a staff to a leader. This also
includes developing skills in audit planning, risk assessment, report writing, and
presentation skills.
Training for Audit Managers

These trainings focus on audit planning, managing the IA activity, and client
relationship that also includes marketing the value of IA to other parts of the business
organization. This module includes the training of new Managers transition to their new
role.

Seminars and forum for the Chief Audit Executives

IIA-P with its able and well-experienced facilitators will share tips and techniques
on how to resolve issues and challenges faced by the IA. These also cover promoting
the internal audit function to the board of directors and management. IIA-P offers quality
trainings with the aid of our highly competent speakers that are equipped of their
experience and real-life knowledge that will help you learn the necessary skills and
proficiency that an audit professional should have.

f. Their closest chapter is located in Valero St, Salcedo Village, Makati City.

g. The IIAP offers student membership as well and it could cost them at least Php
1,500.00 plus they could also avail the Internal Auditor Member Subscription for a
separated fee costing Php 1,700.00

2.

a. Provisions strengthening the audit committee

The Sarbanes-Oxley Act, or SOA, requires audit committees to be directly responsible

for the appointment (subject to shareholder approval), compensation and oversight of
the registered public accounting firm, including the resolution of disagreements between
management and the auditor regarding financial reporting. The auditors are now
required to report directly to the audit committee. Members of the audit committee must
be truly independent, subject to an exemption, if granted, by the SEC. If the audit
committee does not include a financial expert, this fact must be disclosed. Audit
committees are now required to adopt written procedures to receive and address
complaints regarding accounting, internal controls and auditing issues, including
procedures to maintain the confidentiality of the whistle blower.

Certain relationships between audit firms and the companies they audit are not
permitted. These include:

Employment relationships. A one-year cooling off period is required before a

company can hire certain individuals formerly employed by its auditor in a
financial reporting oversight role. The audit committee should also consider
whether the hiring of personnel that are or were formerly employed by the audit
firm might affect the audit firm's independence.

Contingent Fees. Audit committees should not approve engagements that

remunerate an independent auditor on a contingent fee or a commission basis.
Such remuneration is considered to impair the auditor's independence.

Direct or material indirect business relationships. Audit firms may not have any
direct or material indirect business relationships with the company, its officers,
directors or significant shareholders. Thus, audit committees should consider
whether the company has implemented processes that identify such prohibited
relationships.

Certain Financial Relationships. Audit committees should be aware that certain

financial relationships between the company and the independent auditor are
prohibited. These include creditor/ debtor relationships, banking, broker-dealer,
futures commission merchant accounts, insurance products and interests in
investment companies.
b. Under the final rules, management's annual internal control report will have to
contain:

a statement of management's responsibility for establishing and maintaining

adequate internal control over financial reporting for the company;

a statement identifying the framework used by management to evaluate the

effectiveness of this internal control;

management's assessment of the effectiveness of this internal control as of the

end of the company's most recent fiscal year; and

a statement that its auditor has issued an attestation report on management's

assessment.

c. Sarbanes-Oxley regulations require IT Auditors to review audit trail of log files

and all pertinent documentation must be retained for five years. SOX defines which
records are to be stored and for how long, focusing specifically on retention of audit and
accounting records that relate to the generation of financial statement that will be
submitted to shareholders and the SEC. Both paper and electronic versions of this
documentation must be retained. SOX does not, however, specify how they are to be
stored -- best practices for data protection, disaster recovery and storage management
pertain. That means the impact of Sarbanes-Oxley can be felt by nearly every
component of IT operations, including messaging, storage, virtualization and even
networking, so long as financial data or activity occurs on them. In turn, IT must be able
to produce electronic records of these audit trails for compliance audits.

d. With Sarbanes-Oxley, internal audit will require even more resources, including
those specifically attuned to financial reporting disclosures. Fortunately, this time
internal audit is likely to encounter strong commitment by management in ensuring
appropriate resources are allocated to evaluating the internal controls process. Thus,
internal audit will need to determine the additional effort required by Sarbanes-Oxley
responsibility and agree on these resource needs with management and the Audit
Committee. However, coverage of the non-financial reporting related reviews
should not be sacrificed. Furthermore, internal audit should consider accessing
specialized skill sets in Sarbanes-Oxley externally. Although most organizations
are just beginning to get a handle on Sarbanes-Oxley, others might be more
ahead of the curve and can offer tremendous insight.

e. To enhance audit efficiency and effectiveness, financial auditors have in the past
used a variety of methods that will no longer be acceptable for integrated audits of
public companies. In some financial statement audits, auditors chose to perform only
substantive procedures rather than testing controls, or a mixture of the two. In non-
authoritative guidance the AICPA specifically sanctioned cycle rotation as a way to test
controls. This involved testing controls in several of an entitys transaction cycles while
doing a transaction walk-through to confirm the absence of control changes in the
remaining cycles. Since auditors now must report comprehensively on the effectiveness
of managements internal control over financial reporting on an annual basis, cycle
rotation is no longer acceptable in public company audits.

Another popular approach, minimizing testing of preventative controls, also generally

will not be advisable in these audits. Preventative controls are transaction-level controls,
frequently automated and principally focused on ensuring transactions are properly
authorized and recorded (such as check disbursement controls).