Question

In: Computer Science

Write report on the application of an audit test in a specific system

Write report on the application of an audit test in a specific system

Solutions

Expert Solution

Introduction

Organizations are looking towards their internal or external audit dept. to reign in the challenges. In the current business climate , it is essential that IT professionals understand the process of information systems (IS) audit and the concepts of risk and control.

IS auditing involves providing independent evaluations of an organization's policies,procedures,standards,measures,and practices for safeguarding electronic information from loss , damage , unintended disclosure or denial of availability.

APPLICATION AUDIT

An Application audit is a specific audit of one application , for example an audit of an excel spreadsheet with embedde macros used to analyze data and generate reports could be considered an Application audit.It also pertains to business process that heavily relies on various information technology system.

An Application Auidt , should , at a minimum determine the existence of controls in following areas :

  1. Administration
  2. Inputs , Processing , outputs
  3. Logical Security
  4. Disaster Recovery plan
  5. Change Management
  6. User Support
  7. Third party services

Administration

  • Most important area of application audit review
  • Focuses on overall ownership and accountability of the business
  • An IT manager or business owner should ensure that roles and responsibilities are clearly defined and documented for each individual on their team.
  • Performance metrics should be defined and key processes around these metrics should be monitored.
  • Service level agreement should be required
  • SLA should be documented up to date
  • Auditor should review the SLA

INPUTS , PROCESSING & OUTPUTS

  • The Auditor will be looking for evidence of datda preparation procedure , handling requirements, etc
  • It is esential that manual inputs are complete and approximately authorized prior to being processed by the application.
  • The auditor could also request a sample of source document and ensure that they are appropriately secured and retained.
  • Using Computer Assisted Auditing Techniques , an auditor can recalculate and validate the accuracy and completeness of key system calculations which occur during processing.
  • The auditor may request a listing of all system generated reports to determine the owner and business use.

LOGICAL SECURITY

  • Applications audit usually involve in-depth evaluation of logical security for the application.
  • This review is done on top of the logical security review performed as part of infrastructure review which looks at the enterprise wide systems.
  • The auditors will need to have your application used ID administration process documented and evidence that is being followed.

DISASTER RECOVERY PLAN

  • The surest evaluation of the adequacy of the DRP is documentation of the recovery testing that is performed. The testing process must be defined and implemented for the plan. Subsequently, the DRP must be updated to reflect any
    deficiency determined in the test results. The auditor will form an opinion on whether the test process sufficiently determines whether the plan will work in an actual disaster, and how reliable the test plans assumptions are. From there, the
    auditor can then determine if the test results are sufficient to ensure that the DRP could bring back the application in a time and manner that would prevent any significant or unnecessary business interruptions.

USER SUPPORT

One of the most overlooked aspects, of any application, is whether there exists
adequate end user support in order to control risk. Auditors will be looking for
evidence that user documentation around the application, in the form of user
manuals, online help, etc., is readily available and up to date. If the application was developed within the organization or has aspects of it that were, there
should be a document update process that is documented and followed.

CHANGE MANAGEMENT

A page on Tripwire’s website states “Change management and operational
stability go hand in hand”. No IS auditor in today’s business climate could refute
that statement. IT professionals need to understand the basic concept that all
changes to an application must go through a formal, standardized process. The
auditor is first going to ensure that this process is documented and being
followed.All changes to the application should be logged, tracked and properly
documented in some centralized system. There are many change management
software products available on the market today. The auditor should have access to the system, and can provide an opinion on whether the system is effective in tracking the changes.

THIRD PARTY SERVICES

The auditor will look at the controls around any third party services that are
required to meet business objectives for the application or system. It is important that a relationship manager role is present for the third party and that this individual or group is in constant contact with the third party. Auditors will request the contract with the vendor and review to ensure that: it follows company procedures, was reviewed and signed off by legal.


Related Solutions

Part A - Discussion on the audit report The audit report is the key product of...
Part A - Discussion on the audit report The audit report is the key product of the auditing and assurance process. Using an essay format, discuss the values, issues, and future of the audit report. You are required to cite at least three readings, and two of them must be academic articles from the literature (use the Google Scholar or UoN’s library/database). The textbooks such as Moroney, et al. (2017) do not qualify as an article. APA 6th is required...
Question 6 Audit Report Before the audit report was signed, the audit team encountered the following...
Question 6 Audit Report Before the audit report was signed, the audit team encountered the following situation. Treat each situation independently and assume the remaining financial statements are fine. 1) A property owned by Cook’s Furniture Ltd was sold to Lidia Preston, the wife of Howard Cook in June 2020 (refer to case description in part A). The property has a market value of four million and was sold at 3.2 million. Management did not disclose this in the financial...
Java programming language Write a Java application that simulates a test. The test contains at least...
Java programming language Write a Java application that simulates a test. The test contains at least five questions. Each question should be a multiple-choice question with 4 options. Design a QuestionBank class. Use programmer-defined methods to implement your solution. For example: - create a method to simulate the questions – simulateQuestion - create a method to check the answer – checkAnswer - create a method to display a random message for the user – generateMessage - create a method to...
A) In phase IV of the audit, complete the audit and issue an audit report, there...
A) In phase IV of the audit, complete the audit and issue an audit report, there are five activities required. List below the activities. B) In accumulating final evidence upon which to base an audit opinion, the auditor should perform four activities. List the activities below. C) Discuss the major activities and procedures performed by the auditor in the plan and design of the audit approach. D) What types of inquiry techniques might an auditor use when making inquiries of...
In phase 4 of the audit, complete the audit and issue an audit report, there are...
In phase 4 of the audit, complete the audit and issue an audit report, there are five activities required, discuss what occurs in each activity. What ultimately determines the specific audit procedures necessary to provide an independent auditor with a reasonable basis for the expression of an opinion?
Your are given with the Audit report, Identify the type of Audit report, also comment in...
Your are given with the Audit report, Identify the type of Audit report, also comment in few words about the Auditor’s opinion. ? Audit Report We have audited the annexed balance sheet of PAKISTAN INTERNATIONAL AIRLINES CORPORATION (the Corporation) as at December 31, 2007 and the related profit and loss account, cash flow statement and statement of changes inequity together with the notes forming part thereof, for the year then ended and we state that we have obtained all the...
write a report discussing the auditor's use if analytical procedures in conducting an audit. what are...
write a report discussing the auditor's use if analytical procedures in conducting an audit. what are the primary analytical procedures that auditors use? why are analytical procedures necessary on an audit? how do they help an auditor be more efficient and effective? at what stage of an audit are analytical procedures applied?
New Audit Report & CAMs: 1. Are you in favor of the PCAOBs new audit report?...
New Audit Report & CAMs: 1. Are you in favor of the PCAOBs new audit report? 2. Do you see any issues with including CAMs in the audit report?
Write and test a user-defined class (requiring conditions). Write an application (client) program that uses an...
Write and test a user-defined class (requiring conditions). Write an application (client) program that uses an instance(s) of a user-defined class. The federal income tax that a person pays is a function of the person's taxable income. The following table contains formulas for computing a single person's tax. Bracket Taxable Income Tax Paid 1 $22,100 or less 15% 2 More than $22,100 but $53,500 or less $3,315 plus 28% of the taxable income over $22,100 3 More than $53,500 but...
Decide on either the nervous system or the endocrine system for your report. Write about some...
Decide on either the nervous system or the endocrine system for your report. Write about some disease or condition that is new to you and add some personal comments. 1. Submit your report 2. Participate in the Discussion
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT