Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
486 views

Access To Programs and Data Audit Work Program

The document outlines the procedures to test IT general controls related to access to programs and data. It lists reviewing management's testing of controls, documenting procedures to test the operating effectiveness of identified controls, and considering how to roll-forward any interim testing to the period end. It also describes documenting an evaluation of management's operating effectiveness tests and concluding on the overall operating effectiveness of controls for this audit objective.

Uploaded by

Vic Villano
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
486 views

Access To Programs and Data Audit Work Program

The document outlines the procedures to test IT general controls related to access to programs and data. It lists reviewing management's testing of controls, documenting procedures to test the operating effectiveness of identified controls, and considering how to roll-forward any interim testing to the period end. It also describes documenting an evaluation of management's operating effectiveness tests and concluding on the overall operating effectiveness of controls for this audit objective.

Uploaded by

Vic Villano
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

ACCESS TO PROGRAMS AND DATA AUDIT WORK

PROGRAM

PROJECT TEAM (LIST MEMBERS)

Project Timing Date Comments

Planning

Fieldwork

Report Issuance (Local)

Report Issuance (Worldwide)

AUDIT OBJECTIVES
The purpose of this work program – focused on access to programs and data – is to outline the IT general
controls to be tested, review the results of management’s testing, and document the procedures to test each
control.

Document the procedures to be performed to conclude on the operating effectiveness of the controls identified,
including a specific description of the nature, timing and extent of procedures to be performed. For all controls that
are tested at an interim date, list the procedures performed to roll-forward the interim testing to period end.

Time Project Work Step Initial Index

Audit Procedures

Determine that information security is managed to guide consistent


implementation of security practices and that users are aware of the
organization's position with regard to information security, as it pertains to
financial reporting data.

Determine that logical and physical access to IT computing resources is


appropriately restricted by the implementation of identification, authentication and
authorization mechanisms to reduce the risk of unauthorized/inappropriate
access to the organization’s relevant financial reporting applications or data.

Determine that procedures have been established so that user accounts are
added, modified and deleted in a timely manner to reduce the risk of
unauthorized/inappropriate access to the organization's relevant financial
reporting applications or data.

Determine that an effective control process is in place to periodically review the


appropriateness of access rights in order to reduce the risk of
unauthorized/inappropriate access to the organization’s relevant financial
reporting applications or data.

Determine that controls used to provide appropriate segregation of duties within


key processes exist and are followed.

1 Source: www.knowledgeleader.com
Time Project Work Step Initial Index

Document the procedures to be performed to conclude on the operating


effectiveness of the controls identified, including a specific description of the
nature, timing and extent of procedures to be performed. Consider the
application of relevant PCAOB Auditing Standards and AICPA Audit and
Accounting Guides.

Conclusion on Operating Effectiveness of Internal Controls

To support the overall assessment of management’s evaluation process,


document internal audit’s evaluation of management’s tests of operating
effectiveness for the related audit objective. Specifically, address the following
key considerations:
• Were procedures sufficient to assess design and operating effectiveness?
− Consider the nature, timing and extent of management’s procedures.
• Were findings supported based on the testing performed?
• Were exceptions/deficiencies adequately documented and followed up?

Conclude on the operating effectiveness of the controls over this audit objective
and document any deficiencies noted. Weaknesses in pervasive controls should
cause the internal auditor to alter the nature, timing or extent of tests of operating
effectiveness that otherwise would have been performed.

Document the impact of any deficiencies on the planned testing of operating


effectiveness of other controls.

2 Source: www.knowledgeleader.com

You might also like