External ITGC Audits – An Internal Auditor's ... - IIA Dallas Chapter
External ITGC Audits – An Internal Auditor's ... - IIA Dallas Chapter
External ITGC Audits – An Internal Auditor's ... - IIA Dallas Chapter
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>External</strong> <strong>ITGC</strong> <strong>Audits</strong> <strong>–</strong> <strong>An</strong> <strong>Internal</strong> Auditor’s Opportunity<strong>ITGC</strong>s - Access to Programs and Data<strong>–</strong> Areas for consideration:• Importance of restricted access to:<strong>–</strong> Segregation of duties objectives<strong>–</strong> Fraud risk<strong>–</strong> Risk of inadvertent errors• Company’s approach to application security and the securityinfrastructure• Access (user and administrative) at the application, operating systemand database levels<strong>–</strong> It is usually not necessary to test perimeter security and anti-hackingcontrols, such as firewalls and intrusion detection systems, unless materialfinancial reporting risks exist that are not adequately addressed byapplication-level security alone.The closer you get to financial data, the greater the risk tomaterial misstatement.PricewaterhouseCoopersPage 7