External ITGC Audits – An Internal Auditor's ... - IIA Dallas Chapter

More documents

Recommendations

Info

External ITGC Audits – An Internal Auditor’s OpportunityITGCs - What’s Relevant for Testing– Access to programs and data– Program changesBoth of these domains are almost alwaysrelevant, but their complexity and the extentof audit evidence needed can vary greatlyby organization.– Program developmentRelevant only where new system implementations willimpact ICFR and the risk of material misstatement.Testing generally not required if no impact on currentyear financial statements and ICFR.– Computer operationsRelevant only if needed to directly address assertions oversignificant accounts (more common in high transactionvolume industries with complex systems, such as banking)or to address specific risks.External Auditors will generally consider risks in each ofthese areas, even if little or no testing is performed.PricewaterhouseCoopersPage 6
External ITGC Audits – An Internal Auditor’s OpportunityITGCs - Access to Programs and Data– Areas for consideration:• Importance of restricted access to:– Segregation of duties objectives– Fraud risk– Risk of inadvertent errors• Company’s approach to application security and the securityinfrastructure• Access (user and administrative) at the application, operating systemand database levels– It is usually not necessary to test perimeter security and anti-hackingcontrols, such as firewalls and intrusion detection systems, unless materialfinancial reporting risks exist that are not adequately addressed byapplication-level security alone.The closer you get to financial data, the greater the risk tomaterial misstatement.PricewaterhouseCoopersPage 7
Page 1 and 2: External ITGC Audits -An Internal A
Page 3 and 4: External ITGC Audits - An Internal
Page 5: External ITGC Audits - An Internal
Page 13 and 14: ITGC External Scoping ITGC Audits -
Page 17 and 18: Linkage to the Financial Audit
Page 21 and 22: Internal Audit Involvement in theIT
Page 29 and 30: Final Thoughts

External ITGC Audits – An Internal Auditor's ... - IIA Dallas Chapter

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?