ITGC Audit Process

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Why are IT General Controls important to the audit?

ITGCs help ensure that application and IT Dependent manual controls continue to function as designed -they are pervasive

Change Management

-Approve Change -Test Change -Ensure code modification/development is performed in a segregated, controlled environment (separate from production)

The best application control is a ____ control.

AUTO

ITGCs are what kind of control?

Internal and Prevent Controls

What will tell you if the report design has been changed?

Change Management

A Change Management Process weakness could lead to:

-Inaccurate data in the system -Increased audit testing

User Accounts

-Practice separation of duties -Should create audit trails -Each person has a unique User ID and login info

Configurable controls:

-Require more testing -Involves the issue of Separation of Duties of Change Management and Audit Logs -Can be turned on and off

Super User Account

-a role that can typically do everything in the system -generally someone in IT has this role, not someone on the business side -generally only one person in this role

Any time we have master data that feeds into automatic application controls...

...we often have ITD Controls set in place to monitor the accuracy of the master data

What is the sample size for Automated Application Controls Testing?

1

3 Environments of Change Management

1. Development - developers should never have access to production 2. Testing - separation of duties, documentation 3. Production - separation of duties - only change management staff have write access

Inherent Application Controls:

1. Have an initial audit sample size of 1 2. often require test data to be prepared to fully test the control

ITGCs are test by financial statement auditors to...

1. Help provide reasonable assurance that ITD-manual controls operated correctly during the entire audit period 2. Help determine if automated application controls can be relied upon to help produce accurate data in the financial statements

What are the different ITGCs?

1. Management system and application changes (Change Management) 2. Logical Access Controls 3. Operations Controls

ITGC: Change Management Process

1. Request Change 2. Development Environment 3. Testing 4. Promote Change 5. Back-Out Procedures 6. ITD Report Reconciliations

A company has the following control in place; all user account creation requests must be documented by the Business Process Owner; reviewed and implemented by the IT Systems Administrator. Your sample for testing this control should come from:

All accounts created from past year. -you are comparing all of the created accounts against proper documentation

CrUD

Create, Update, Delete -Falls under Separation of Duties (SOD) -Who has access to create, update, and delete data in the system at any step in the process

Separation of Duties

Dividing responsibilities between two or more people to limit fraud and promote accuracy of accounting records.

IT General Controls (ITGC)

IT processes and related controls that are generally applied to support the computer application level -they support automated application controls -they support the ITD controls

What determines who can run reports?

Logical Access Controls (LAC)

What determines who has access to the underlying data on a report?

Logical Access Controls (LAC)

ITD Control Test Sample Size

Many

Logical Access Controls (LAC)

Role-Based access control -only people that actually are Sales Reps should be assigned the Sales Rep role

Access Rights

The Sales Rep role should only be able to do things within the system on a Need-to-Know basis

ITD Control Validation and Testing Example:

To validate the design of the report: 1. Add a new Vendor in test/training environment 2. Run the VendorAdditionITD_Query_Report from the test/training environment and confirm that the Vendor entered is displayed on the report appropriately 3. Confirm that report can't be changed after it is created by the system 4. Confirm SQL


Ensembles d'études connexes

Chapter 5 - Separate and Together: Life in Groups

View Set

Chapter 8: Project Quality Management

View Set